Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/4aVAEJYxpJn4W9XD7u-DtO0tL2M.roa
File:                     4aVAEJYxpJn4W9XD7u-DtO0tL2M.roa (raw, json)
Hash identifier:          kFQCxZTRY6bYg/Xhm9rY13up4/+Icv+QhKVYuqJNJo0=
Subject key identifier:   E1:A5:40:10:96:31:A4:99:F8:5B:D5:C3:EE:EF:83:B4:ED:2D:2F:63
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       0188532BE5092DA2AF11E042C51407AB3CDF
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/4aVAEJYxpJn4W9XD7u-DtO0tL2M.roa
Signing time:             Thu 25 May 2023 13:49:25 +0000
ROA not before:           Thu 25 May 2023 13:49:25 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     8100
IP address blocks:        87.120.166.0/24 maxlen: 24
                          87.120.192.0/23 maxlen: 24
                          185.147.100.0/22 maxlen: 24
                          87.121.36.0/23 maxlen: 24
                          87.121.38.0/24 maxlen: 24
                          87.121.44.0/24 maxlen: 24
                          87.121.60.0/22 maxlen: 24
                          87.120.219.0/24 maxlen: 24
                          94.154.160.0/23 maxlen: 24
                          45.9.208.0/22 maxlen: 24
                          94.154.173.0/24 maxlen: 24
                          45.143.100.0/22 maxlen: 24
                          94.156.237.0/24 maxlen: 24
                          193.8.184.0/23 maxlen: 24
                          85.217.145.0/24 maxlen: 24
                          193.8.186.0/23 maxlen: 24
                          194.55.226.0/24 maxlen: 24
                          94.156.238.0/24 maxlen: 24
                          93.123.68.0/22 maxlen: 24
                          93.123.76.0/22 maxlen: 24
                          93.123.74.0/24 maxlen: 24
                          93.123.75.0/24 maxlen: 24
                          93.123.80.0/24 maxlen: 24
                          45.149.235.0/24 maxlen: 24
                          94.156.176.0/22 maxlen: 24
                          94.156.180.0/23 maxlen: 24
                          194.48.249.0/24 maxlen: 24
                          93.123.24.0/24 maxlen: 24
                          93.123.30.0/23 maxlen: 24
                          93.123.26.0/23 maxlen: 24
                          93.123.112.0/22 maxlen: 24
                          93.123.117.0/24 maxlen: 24
                          93.123.119.0/24 maxlen: 24
                          193.25.219.0/24 maxlen: 24
                          94.156.2.0/24 maxlen: 24
                          91.92.16.0/24 maxlen: 24
                          91.92.26.0/23 maxlen: 24
                          193.58.121.0/24 maxlen: 24
                          193.58.123.0/24 maxlen: 24
                          185.207.14.0/23 maxlen: 24
                          94.156.152.0/24 maxlen: 24
                          45.8.92.0/24 maxlen: 24
                          94.156.154.0/23 maxlen: 24
                          91.92.67.0/24 maxlen: 24
                          45.139.123.0/24 maxlen: 24
                          37.139.131.0/24 maxlen: 24
                          212.87.205.0/24 maxlen: 24
                          84.54.51.0/24 maxlen: 24
                          87.121.146.0/23 maxlen: 24
                          87.121.163.0/24 maxlen: 24
                          185.252.177.0/24 maxlen: 24
                          193.47.62.0/24 maxlen: 24
                          87.121.104.0/24 maxlen: 24
                          87.121.103.0/24 maxlen: 24
                          87.121.114.0/23 maxlen: 24
                          45.95.2.0/23 maxlen: 24
                          45.95.0.0/23 maxlen: 24
                          45.88.90.0/24 maxlen: 24
                          5.253.58.0/23 maxlen: 24
                          5.253.56.0/23 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:53:2b:e5:09:2d:a2:af:11:e0:42:c5:14:07:ab:3c:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: May 25 13:49:25 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=e1a540109631a499f85bd5c3eeef83b4ed2d2f63
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:39:d5:d1:7f:c2:c2:b0:84:53:f5:71:6b:2d:
                    eb:de:16:f1:d1:ab:d5:40:8d:86:3f:74:62:82:b7:
                    e4:c3:c9:ce:1e:24:87:ba:d8:e1:ac:40:c4:f1:79:
                    ba:f3:de:62:b2:b0:e5:87:f3:4a:b8:40:ba:ac:40:
                    46:8b:15:45:33:47:33:81:cd:e9:c4:3c:6b:82:d4:
                    6e:ab:95:26:73:4a:ae:92:b5:d9:29:75:4a:50:0b:
                    3c:29:96:5a:89:80:fb:53:4c:29:83:c2:90:10:4b:
                    4b:bc:22:0b:74:4a:26:49:32:a6:2a:64:fd:07:e5:
                    4b:9d:76:e4:13:48:5e:4d:84:f5:ae:60:fd:82:1c:
                    98:2e:4b:1c:3d:2d:3e:1c:7b:72:5f:c2:f0:b5:97:
                    85:49:55:92:0c:f4:9d:7e:68:9b:56:91:a5:0e:76:
                    2d:ee:17:c6:ac:85:12:af:5f:16:e2:dc:f0:df:d2:
                    c4:ff:eb:8e:c7:22:70:85:53:5d:4d:0e:7b:4b:de:
                    98:83:63:93:64:3d:ff:02:d7:bb:07:93:d6:f0:45:
                    20:a3:7d:e3:44:68:21:c5:ab:ff:e2:0a:ea:2c:90:
                    7f:53:ee:f2:13:75:b2:b8:21:8e:fd:a1:6d:c6:8a:
                    77:3c:7c:21:77:d8:2d:7c:68:4c:19:06:16:c7:94:
                    66:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:A5:40:10:96:31:A4:99:F8:5B:D5:C3:EE:EF:83:B4:ED:2D:2F:63
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/4aVAEJYxpJn4W9XD7u-DtO0tL2M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.253.56.0/22
                  37.139.131.0/24
                  45.8.92.0/24
                  45.9.208.0/22
                  45.88.90.0/24
                  45.95.0.0/22
                  45.139.123.0/24
                  45.143.100.0/22
                  45.149.235.0/24
                  84.54.51.0/24
                  85.217.145.0/24
                  87.120.166.0/24
                  87.120.192.0/23
                  87.120.219.0/24
                  87.121.36.0-87.121.38.255
                  87.121.44.0/24
                  87.121.60.0/22
                  87.121.103.0-87.121.104.255
                  87.121.114.0/23
                  87.121.146.0/23
                  87.121.163.0/24
                  91.92.16.0/24
                  91.92.26.0/23
                  91.92.67.0/24
                  93.123.24.0/24
                  93.123.26.0/23
                  93.123.30.0/23
                  93.123.68.0/22
                  93.123.74.0-93.123.80.255
                  93.123.112.0/22
                  93.123.117.0/24
                  93.123.119.0/24
                  94.154.160.0/23
                  94.154.173.0/24
                  94.156.2.0/24
                  94.156.152.0/24
                  94.156.154.0/23
                  94.156.176.0-94.156.181.255
                  94.156.237.0-94.156.238.255
                  185.147.100.0/22
                  185.207.14.0/23
                  185.252.177.0/24
                  193.8.184.0/22
                  193.25.219.0/24
                  193.47.62.0/24
                  193.58.121.0/24
                  193.58.123.0/24
                  194.48.249.0/24
                  194.55.226.0/24
                  212.87.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:2d:08:3c:09:12:73:05:b8:d7:10:cd:be:e7:af:14:f7:56:
         7e:fa:72:78:d4:ec:99:15:bc:b1:d1:de:fd:38:a4:b6:26:39:
         c9:2a:12:10:bc:af:06:4b:d2:b4:0b:19:a2:2b:7f:66:13:f1:
         4f:86:d2:c2:64:b2:c4:2b:fb:eb:01:f0:8f:55:f8:46:fc:96:
         d3:3a:1e:97:bd:0b:4c:05:de:6d:1a:1f:50:01:8c:de:41:cd:
         24:83:39:09:d7:c2:d1:b1:76:67:58:6f:d0:4f:5b:cf:e4:eb:
         f5:db:86:a8:3e:b5:80:ac:5e:92:6c:44:e1:98:ce:54:3e:ae:
         5a:30:ca:18:e3:9f:da:ca:15:2d:74:01:63:56:67:b0:65:ea:
         5c:8b:ae:6e:33:d6:e9:a6:53:04:f4:77:6f:a3:46:1d:07:2c:
         dd:3d:82:b7:a4:d6:24:11:cd:fc:da:ec:39:41:09:f2:8e:eb:
         6a:72:76:1b:6c:11:bc:0e:39:fe:32:d8:93:5b:33:ac:57:54:
         6d:d6:fd:2a:13:1a:8e:bd:58:58:b0:44:42:2c:5e:01:3e:2f:
         30:71:6b:63:9d:bb:04:61:42:13:65:f3:bc:86:fc:ac:90:5b:
         91:68:3a:63:6e:cd:69:00:fd:1a:9f:0a:54:b5:89:2b:d1:3d:
         f4:90:ba:6b
-----BEGIN CERTIFICATE-----
MIIGVTCCBT2gAwIBAgISAYhTK+UJLaKvEeBCxRQHqzzfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwNTI1MTM0OTI1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMWE1NDAxMDk2MzFhNDk5Zjg1YmQ1YzNlZWVmODNiNGVkMmQyZjYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlznV0X/CwrCEU/Vxay3r3hbx0avV
QI2GP3Rigrfkw8nOHiSHutjhrEDE8Xm6895isrDlh/NKuEC6rEBGixVFM0czgc3p
xDxrgtRuq5Umc0qukrXZKXVKUAs8KZZaiYD7U0wpg8KQEEtLvCILdEomSTKmKmT9
B+VLnXbkE0heTYT1rmD9ghyYLkscPS0+HHtyX8LwtZeFSVWSDPSdfmibVpGlDnYt
7hfGrIUSr18W4tzw39LE/+uOxyJwhVNdTQ57S96Yg2OTZD3/Ate7B5PW8EUgo33j
RGghxav/4grqLJB/U+7yE3WyuCGO/aFtxop3PHwhd9gtfGhMGQYWx5Rm8wIDAQAB
o4IDYTCCA10wHQYDVR0OBBYEFOGlQBCWMaSZ+FvVw+7vg7TtLS9jMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvNGFWQUVKWXhwSm40VzlYRDd1LUR0TzB0TDJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBdQYIKwYBBQUHAQcBAf8EggFkMIIBYDCCAVwEAgABMIIB
VAMEAgX9OAMEACWLgwMEAC0IXAMEAi0J0AMEAC1YWgMEAi1fAAMEAC2LewMEAi2P
ZAMEAC2V6wMEAFQ2MwMEAFXZkQMEAFd4pgMEAVd4wAMEAFd42zAMAwQCV3kkAwQA
V3kmAwQAV3ksAwQCV3k8MAwDBABXeWcDBABXeWgDBAFXeXIDBAFXeZIDBABXeaMD
BABbXBADBAFbXBoDBABbXEMDBABdexgDBAFdexoDBAFdex4DBAJde0QwDAMEAV17
SgMEAF17UAMEAl17cAMEAF17dQMEAF17dwMEAV6aoAMEAF6arQMEAF6cAgMEAF6c
mAMEAV6cmjAMAwQEXpywAwQBXpy0MAwDBABenO0DBABenO4DBAK5k2QDBAG5zw4D
BAC5/LEDBALBCLgDBADBGdsDBADBLz4DBADBOnkDBADBOnsDBADCMPkDBADCN+ID
BADUV80wDQYJKoZIhvcNAQELBQADggEBAFUtCDwJEnMFuNcQzb7nrxT3Vn76cnjU
7JkVvLHR3v04pLYmOckqEhC8rwZL0rQLGaIrf2YT8U+G0sJkssQr++sB8I9V+Eb8
ltM6Hpe9C0wF3m0aH1ABjN5BzSSDOQnXwtGxdmdYb9BPW8/k6/Xbhqg+tYCsXpJs
ROGYzlQ+rlowyhjjn9rKFS10AWNWZ7Bl6lyLrm4z1ummUwT0d2+jRh0HLN09grek
1iQRzfza7DlBCfKO62pydhtsEbwOOf4y2JNbM6xXVG3W/SoTGo69WFiwREIsXgE+
LzBxa2OduwRhQhNl87yG/KyQW5FoOmNuzWkA/RqfClS1iSvRPfSQums=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:16:58 2024 by rpki-client on console-fra.rpki-client.org