Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/5roeCRMyln3EGXwmnZmNwyB2QdA.roa
File:                     5roeCRMyln3EGXwmnZmNwyB2QdA.roa (raw, json)
Hash identifier:          fozU5+00dFLxkWY47LAmyywzg0vkyRkJCc31dgFlO3k=
Subject key identifier:   E6:BA:1E:09:13:32:96:7D:C4:19:7C:26:9D:99:8D:C3:20:76:41:D0
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018BA4AB881FB7AF767611F03E6F0C24914E
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/5roeCRMyln3EGXwmnZmNwyB2QdA.roa
Signing time:             Mon 06 Nov 2023 12:46:26 +0000
ROA not before:           Mon 06 Nov 2023 12:46:26 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     0
IP address blocks:        185.218.84.0/22 maxlen: 24
                          91.92.24.0/23 maxlen: 24
                          147.78.101.0/24 maxlen: 24
                          147.78.100.0/24 maxlen: 24
                          147.78.102.0/24 maxlen: 24
                          185.246.223.0/24 maxlen: 24
                          185.226.175.0/24 maxlen: 24
                          87.121.45.0/24 maxlen: 24
                          87.121.59.0/24 maxlen: 24
                          194.180.50.0/24 maxlen: 24
                          194.169.174.0/24 maxlen: 24
                          94.156.78.0/24 maxlen: 24
                          176.125.255.0/24 maxlen: 24
                          94.154.162.0/23 maxlen: 24
                          94.154.161.0/24 maxlen: 24
                          45.151.89.0/24 maxlen: 24
                          93.123.39.0/24 maxlen: 24
                          178.215.224.0/24 maxlen: 24
                          94.156.239.0/24 maxlen: 24
                          178.215.236.0/24 maxlen: 24
                          171.22.72.0/22 maxlen: 24
                          185.252.176.0/24 maxlen: 24
                          92.119.196.0/23 maxlen: 24
                          185.216.84.0/22 maxlen: 24
                          87.120.87.0/24 maxlen: 24
                          93.123.116.0/24 maxlen: 24
                          87.121.221.0/24 maxlen: 24
                          87.121.220.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:a4:ab:88:1f:b7:af:76:76:11:f0:3e:6f:0c:24:91:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Nov  6 12:46:26 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=e6ba1e091332967dc4197c269d998dc3207641d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:55:cb:04:9d:a5:dd:f9:d5:2e:a9:22:de:ca:
                    2e:77:a2:9a:0c:7d:b9:dd:1c:9a:e9:18:74:e7:4b:
                    27:f3:a9:76:c7:7a:4a:22:f4:74:3c:78:bd:2c:01:
                    70:f5:6f:a7:cb:05:db:55:e4:70:b8:d1:8a:d5:59:
                    ab:ca:d7:15:b3:fc:a3:2d:16:fe:42:c3:29:6a:23:
                    fb:40:c4:55:11:0e:7d:45:7b:a1:4c:b9:29:ab:1d:
                    41:d6:f2:9a:d6:9b:52:38:78:d9:00:33:1a:44:bc:
                    9e:48:fa:4d:05:b6:3a:2f:65:c8:60:89:66:d4:5c:
                    01:66:2e:f2:ec:f2:f0:8d:db:30:3d:cf:bf:44:aa:
                    38:80:fe:e3:b8:9d:c4:7b:90:d4:6c:90:a2:69:ab:
                    aa:3c:d3:5c:ef:61:c3:f8:39:2c:c6:70:ae:be:50:
                    96:08:65:47:3c:fc:15:ab:d7:b8:80:af:12:63:d6:
                    1d:bf:46:b4:4d:31:38:fa:dc:86:ae:31:10:1b:1f:
                    19:ca:66:94:16:4d:3d:f0:ae:05:79:c3:70:05:5e:
                    de:67:a5:fc:4f:ce:25:3c:51:56:cd:78:a0:bf:a5:
                    76:9e:ae:67:13:d4:03:25:1d:4c:bd:3e:fe:47:3b:
                    f2:f8:76:c4:61:e5:95:d1:65:fe:ee:54:82:37:33:
                    67:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:BA:1E:09:13:32:96:7D:C4:19:7C:26:9D:99:8D:C3:20:76:41:D0
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/5roeCRMyln3EGXwmnZmNwyB2QdA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.151.89.0/24
                  87.120.87.0/24
                  87.121.45.0/24
                  87.121.59.0/24
                  87.121.220.0/23
                  91.92.24.0/23
                  92.119.196.0/23
                  93.123.39.0/24
                  93.123.116.0/24
                  94.154.161.0-94.154.163.255
                  94.156.78.0/24
                  94.156.239.0/24
                  147.78.100.0-147.78.102.255
                  171.22.72.0/22
                  176.125.255.0/24
                  178.215.224.0/24
                  178.215.236.0/24
                  185.216.84.0/22
                  185.218.84.0/22
                  185.226.175.0/24
                  185.246.223.0/24
                  185.252.176.0/24
                  194.169.174.0/24
                  194.180.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:45:47:34:cd:04:87:a3:35:53:47:4d:13:13:b8:a7:a9:09:
         f1:42:1a:c5:bb:57:c0:9b:2c:72:9f:a0:46:ba:0f:13:63:8a:
         31:9b:52:6b:92:2c:9e:19:a8:a9:c2:b8:b3:35:c9:bf:45:3c:
         0d:8e:21:59:d0:8f:26:c7:c4:7f:b3:48:13:24:61:ea:e8:b2:
         8d:e4:28:40:6d:10:bb:96:a4:8a:8e:c7:21:45:80:26:8d:a2:
         c8:06:74:bf:85:fa:33:ab:46:95:13:69:17:0c:90:0b:e2:53:
         3e:f1:58:57:18:35:06:d6:50:84:33:6d:28:16:be:b4:ac:f4:
         27:a7:0c:56:15:1e:ab:0e:d6:13:bf:49:5d:ef:22:29:57:2b:
         27:62:d3:85:cf:b6:88:8e:19:11:dd:4c:91:28:1c:b8:2a:19:
         97:4c:63:96:46:0f:cc:47:e8:d9:e1:af:d8:0e:eb:7b:d5:b2:
         22:88:d3:7f:f5:41:e5:f8:b3:6b:cc:05:d2:ba:f2:c1:9f:17:
         ab:99:02:7e:d2:d9:4b:56:09:40:fb:0b:04:d8:79:5b:44:3c:
         bc:c4:e6:bb:4d:ad:51:5b:e5:1b:0d:96:75:11:ce:8f:e6:8e:
         dd:f7:e8:7f:52:51:88:37:9d:0b:51:f1:8a:19:dc:cb:31:da:
         48:c5:ac:6c
-----BEGIN CERTIFICATE-----
MIIFnDCCBISgAwIBAgISAYukq4gft692dhHwPm8MJJFOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMxMTA2MTI0NjI2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNmJhMWUwOTEzMzI5NjdkYzQxOTdjMjY5ZDk5OGRjMzIwNzY0MWQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnFXLBJ2l3fnVLqki3soud6KaDH25
3Rya6Rh050sn86l2x3pKIvR0PHi9LAFw9W+nywXbVeRwuNGK1VmrytcVs/yjLRb+
QsMpaiP7QMRVEQ59RXuhTLkpqx1B1vKa1ptSOHjZADMaRLyeSPpNBbY6L2XIYIlm
1FwBZi7y7PLwjdswPc+/RKo4gP7juJ3Ee5DUbJCiaauqPNNc72HD+DksxnCuvlCW
CGVHPPwVq9e4gK8SY9Ydv0a0TTE4+tyGrjEQGx8ZymaUFk098K4FecNwBV7eZ6X8
T84lPFFWzXigv6V2nq5nE9QDJR1MvT7+Rzvy+HbEYeWV0WX+7lSCNzNnNwIDAQAB
o4ICqDCCAqQwHQYDVR0OBBYEFOa6HgkTMpZ9xBl8Jp2ZjcMgdkHQMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvNXJvZUNSTXlsbjNFR1h3bW5abU53eUIyUWRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIG9BggrBgEFBQcBBwEB/wSBrTCBqjCBpwQCAAEwgaADBAAt
l1kDBABXeFcDBABXeS0DBABXeTsDBAFXedwDBAFbXBgDBAFcd8QDBABdeycDBABd
e3QwDAMEAF6aoQMEAl6aoAMEAF6cTgMEAF6c7zAMAwQCk05kAwQAk05mAwQCqxZI
AwQAsH3/AwQAstfgAwQAstfsAwQCudhUAwQCudpUAwQAueKvAwQAufbfAwQAufyw
AwQAwqmuAwQAwrQyMA0GCSqGSIb3DQEBCwUAA4IBAQA3RUc0zQSHozVTR00TE7in
qQnxQhrFu1fAmyxyn6BGug8TY4oxm1JrkiyeGaipwrizNcm/RTwNjiFZ0I8mx8R/
s0gTJGHq6LKN5ChAbRC7lqSKjschRYAmjaLIBnS/hfozq0aVE2kXDJAL4lM+8VhX
GDUG1lCEM20oFr60rPQnpwxWFR6rDtYTv0ld7yIpVysnYtOFz7aIjhkR3UyRKBy4
KhmXTGOWRg/MR+jZ4a/YDut71bIiiNN/9UHl+LNrzAXSuvLBnxermQJ+0tlLVglA
+wsE2HlbRDy8xOa7Ta1RW+UbDZZ1Ec6P5o7d9+h/UlGIN50LUfGKGdzLMdpIxaxs
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:24 2024 by rpki-client on console-ams.rpki-client.org