Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/4y5Lzfd4BTSmmgOxW17OxjXWmmQ.roa
File:                     4y5Lzfd4BTSmmgOxW17OxjXWmmQ.roa (raw, json)
Hash identifier:          dumOR0Zu14WixGmctsRTQ5aVZ1yRIBKZ/Fuy72Qn0PY=
Subject key identifier:   E3:2E:4B:CD:F7:78:05:34:A6:9A:03:B1:5B:5E:CE:C6:35:D6:9A:64
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018B19EB582D9D6CBB8B7D4CED94DA16CF4E
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/4y5Lzfd4BTSmmgOxW17OxjXWmmQ.roa
Signing time:             Tue 10 Oct 2023 14:08:55 +0000
ROA not before:           Tue 10 Oct 2023 14:08:55 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     0
IP address blocks:        185.218.84.0/22 maxlen: 24
                          178.215.224.0/24 maxlen: 24
                          91.92.24.0/23 maxlen: 24
                          94.156.239.0/24 maxlen: 24
                          178.215.236.0/24 maxlen: 24
                          171.22.72.0/22 maxlen: 24
                          185.252.176.0/24 maxlen: 24
                          147.78.101.0/24 maxlen: 24
                          147.78.100.0/24 maxlen: 24
                          147.78.102.0/24 maxlen: 24
                          92.119.196.0/23 maxlen: 24
                          195.178.110.0/24 maxlen: 24
                          185.216.84.0/22 maxlen: 24
                          87.121.45.0/24 maxlen: 24
                          87.121.59.0/24 maxlen: 24
                          194.180.50.0/24 maxlen: 24
                          194.169.174.0/24 maxlen: 24
                          94.156.78.0/24 maxlen: 24
                          93.123.116.0/24 maxlen: 24
                          94.154.162.0/23 maxlen: 24
                          94.154.161.0/24 maxlen: 24
                          45.151.89.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:19:eb:58:2d:9d:6c:bb:8b:7d:4c:ed:94:da:16:cf:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Oct 10 14:08:55 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=e32e4bcdf7780534a69a03b15b5ecec635d69a64
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:83:15:3a:6c:1c:2b:bc:95:20:6f:2f:da:85:
                    2d:99:5a:f3:d0:ba:91:87:68:e4:4b:67:d2:50:e7:
                    88:22:fb:14:cb:f3:43:72:8a:4c:66:a4:3f:ac:be:
                    94:56:5d:27:80:25:27:ed:21:c1:ea:6c:1d:99:2f:
                    68:da:16:60:55:cf:b6:36:27:53:26:ba:23:00:60:
                    12:93:14:f8:7f:9f:de:a2:3f:ee:af:30:89:14:56:
                    cd:65:36:ca:bc:bc:64:22:5d:14:58:8b:3d:14:42:
                    b4:8e:6d:42:0d:61:8c:de:3c:82:5c:59:0a:79:88:
                    ff:fd:65:61:78:ce:c1:42:e9:87:98:d3:6a:a1:b6:
                    33:46:3d:38:e3:2a:3e:0c:b8:bf:ea:74:91:4d:2e:
                    80:f9:d0:f5:f9:9d:76:64:c5:5b:cb:35:72:d7:e5:
                    d7:a0:c7:fb:90:98:fd:8b:33:f7:13:eb:af:c2:ff:
                    81:a2:dd:f3:35:c5:c0:95:a2:dd:1e:38:9b:7d:aa:
                    93:6a:10:63:75:2d:ea:63:cb:60:f7:39:65:d7:76:
                    d7:19:58:eb:48:b5:c7:33:f1:2d:46:6e:bc:bf:69:
                    b0:fa:24:f6:f8:83:b9:d3:21:c7:7d:e5:78:6e:f3:
                    94:7e:70:45:ab:d3:21:00:d0:5f:77:b3:2f:c7:1a:
                    05:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:2E:4B:CD:F7:78:05:34:A6:9A:03:B1:5B:5E:CE:C6:35:D6:9A:64
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/4y5Lzfd4BTSmmgOxW17OxjXWmmQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.151.89.0/24
                  87.121.45.0/24
                  87.121.59.0/24
                  91.92.24.0/23
                  92.119.196.0/23
                  93.123.116.0/24
                  94.154.161.0-94.154.163.255
                  94.156.78.0/24
                  94.156.239.0/24
                  147.78.100.0-147.78.102.255
                  171.22.72.0/22
                  178.215.224.0/24
                  178.215.236.0/24
                  185.216.84.0/22
                  185.218.84.0/22
                  185.252.176.0/24
                  194.169.174.0/24
                  194.180.50.0/24
                  195.178.110.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:d1:6f:34:eb:25:59:44:29:1e:72:28:1d:ab:d0:b9:c2:6f:
         51:11:31:5e:2b:d0:6c:d1:ff:73:a1:aa:54:9a:f4:1f:69:a7:
         0f:55:57:6a:f2:9c:0c:84:32:11:d6:af:34:57:32:18:a5:46:
         9e:e9:10:39:35:75:24:e4:9d:04:be:cd:9a:ae:2e:91:93:e2:
         08:8b:69:f7:cc:17:50:f2:23:9c:0a:60:d1:01:72:d0:a7:2b:
         68:a8:f9:2b:02:5f:98:ec:57:17:a7:f4:59:bb:77:21:cf:1e:
         c5:e6:b0:20:2e:8d:cc:65:5d:ad:b8:52:12:18:5e:16:bc:5f:
         5c:b1:ac:37:df:9d:21:ee:18:84:96:d9:e5:8d:01:ca:5d:5c:
         a2:6e:02:eb:27:26:4c:dd:9e:98:91:9d:b1:79:5a:3d:42:51:
         88:c0:cf:a5:3f:56:7c:16:8d:d0:bd:23:16:35:68:80:40:73:
         5c:39:33:a5:15:3d:77:38:a0:16:e7:72:39:e6:10:ca:95:c3:
         c4:f2:d7:66:42:c6:4c:da:41:ad:a1:23:79:bf:af:7d:83:b7:
         90:55:67:89:40:34:90:3a:c7:08:cd:6f:43:1c:9d:b7:a5:42:
         7d:8d:85:64:5e:f0:ea:09:b1:0f:05:e5:d0:d7:19:22:3f:de:
         5f:eb:2c:92
-----BEGIN CERTIFICATE-----
MIIFfjCCBGagAwIBAgISAYsZ61gtnWy7i31M7ZTaFs9OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMxMDEwMTQwODU1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzJlNGJjZGY3NzgwNTM0YTY5YTAzYjE1YjVlY2VjNjM1ZDY5YTY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhIMVOmwcK7yVIG8v2oUtmVrz0LqR
h2jkS2fSUOeIIvsUy/NDcopMZqQ/rL6UVl0ngCUn7SHB6mwdmS9o2hZgVc+2NidT
JrojAGASkxT4f5/eoj/urzCJFFbNZTbKvLxkIl0UWIs9FEK0jm1CDWGM3jyCXFkK
eYj//WVheM7BQumHmNNqobYzRj044yo+DLi/6nSRTS6A+dD1+Z12ZMVbyzVy1+XX
oMf7kJj9izP3E+uvwv+Bot3zNcXAlaLdHjibfaqTahBjdS3qY8tg9zll13bXGVjr
SLXHM/EtRm68v2mw+iT2+IO50yHHfeV4bvOUfnBFq9MhANBfd7MvxxoFDwIDAQAB
o4ICijCCAoYwHQYDVR0OBBYEFOMuS833eAU0ppoDsVtezsY11ppkMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvNHk1THpmZDRCVFNtbWdPeFcxN094alhXbW1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGfBggrBgEFBQcBBwEB/wSBjzCBjDCBiQQCAAEwgYIDBAAt
l1kDBABXeS0DBABXeTsDBAFbXBgDBAFcd8QDBABde3QwDAMEAF6aoQMEAl6aoAME
AF6cTgMEAF6c7zAMAwQCk05kAwQAk05mAwQCqxZIAwQAstfgAwQAstfsAwQCudhU
AwQCudpUAwQAufywAwQAwqmuAwQAwrQyAwQAw7JuMA0GCSqGSIb3DQEBCwUAA4IB
AQBZ0W806yVZRCkecigdq9C5wm9RETFeK9Bs0f9zoapUmvQfaacPVVdq8pwMhDIR
1q80VzIYpUae6RA5NXUk5J0Evs2ari6Rk+IIi2n3zBdQ8iOcCmDRAXLQpytoqPkr
Al+Y7FcXp/RZu3chzx7F5rAgLo3MZV2tuFISGF4WvF9csaw3350h7hiEltnljQHK
XVyibgLrJyZM3Z6YkZ2xeVo9QlGIwM+lP1Z8Fo3QvSMWNWiAQHNcOTOlFT13OKAW
53I55hDKlcPE8tdmQsZM2kGtoSN5v699g7eQVWeJQDSQOscIzW9DHJ23pUJ9jYVk
XvDqCbEPBeXQ1xkiP95f6yyS
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:24 2024 by rpki-client on console-ams.rpki-client.org