Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/60tNaRT8MS0JKSh80UdDM9NU5tc.roa
File:                     60tNaRT8MS0JKSh80UdDM9NU5tc.roa (raw, json)
Hash identifier:          X45hHAAfY5XjCsvjmSn6q4gY33eifdHtWQDiGrNPzhE=
Subject key identifier:   EB:4B:4D:69:14:FC:31:2D:09:29:28:7C:D1:47:43:33:D3:54:E6:D7
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       0185C38D142B80200D7E7A64A9E505CE2BF3
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/60tNaRT8MS0JKSh80UdDM9NU5tc.roa
Signing time:             Wed 18 Jan 2023 06:24:40 +0000
ROA not before:           Wed 18 Jan 2023 06:24:40 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     50225
IP address blocks:        194.55.224.0/24 maxlen: 24
                          178.215.226.0/24 maxlen: 24
                          194.55.225.0/24 maxlen: 24
                          185.222.160.0/24 maxlen: 24
                          185.222.161.0/24 maxlen: 24
                          45.9.156.0/24 maxlen: 24
                          45.12.255.0/24 maxlen: 24
                          94.156.160.0/24 maxlen: 24
                          193.42.34.0/24 maxlen: 24
                          193.47.63.0/24 maxlen: 24
                          193.47.60.0/24 maxlen: 24
                          45.84.91.0/24 maxlen: 24
                          45.88.64.0/24 maxlen: 24
                          194.180.39.0/24 maxlen: 24
                          45.129.84.0/24 maxlen: 24
                          94.154.162.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:c3:8d:14:2b:80:20:0d:7e:7a:64:a9:e5:05:ce:2b:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan 18 06:24:40 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=eb4b4d6914fc312d0929287cd1474333d354e6d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:b9:b9:38:73:86:22:f8:fd:28:ac:db:dd:10:
                    ac:4f:37:e6:e1:3b:e8:30:69:70:c9:41:e2:f2:aa:
                    40:a0:90:73:f4:6c:ac:5c:d4:15:a0:c7:f5:f4:e0:
                    ac:a3:c0:2a:b9:71:51:d0:ad:64:65:44:53:f0:ee:
                    fb:d1:6a:3a:46:33:f3:12:1d:e2:ee:10:13:b8:32:
                    36:fc:1c:c8:f1:99:06:30:a1:44:96:06:3f:9f:23:
                    d6:42:34:87:05:94:cd:5f:b0:2f:3f:43:70:d9:9c:
                    22:f0:46:56:a5:a3:01:44:c7:30:7d:c4:95:93:62:
                    47:38:21:73:46:45:5c:66:13:7a:b1:b6:b7:08:b9:
                    0d:a2:0d:e6:d6:cd:d7:ef:65:b5:95:d5:5e:82:47:
                    0d:fd:a5:d0:5d:c0:43:76:32:26:0b:f8:3f:59:f2:
                    99:74:03:d2:8f:be:dc:9f:fa:6b:94:54:dd:52:aa:
                    b2:4c:ae:45:f3:4d:64:3f:39:08:7d:e1:ba:34:dd:
                    70:c0:ae:d3:5b:0c:15:9d:d1:bb:01:4d:e0:6d:f0:
                    5e:c2:e3:c4:18:ad:a3:41:5b:4b:c2:66:7e:56:9b:
                    f2:11:89:34:a9:e9:03:42:c9:85:ef:56:e9:a1:ee:
                    ca:16:f7:56:fc:a1:e6:59:15:a1:63:26:ee:d3:84:
                    ab:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:4B:4D:69:14:FC:31:2D:09:29:28:7C:D1:47:43:33:D3:54:E6:D7
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/60tNaRT8MS0JKSh80UdDM9NU5tc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.9.156.0/24
                  45.12.255.0/24
                  45.84.91.0/24
                  45.88.64.0/24
                  45.129.84.0/24
                  94.154.162.0/24
                  94.156.160.0/24
                  178.215.226.0/24
                  185.222.160.0/23
                  193.42.34.0/24
                  193.47.60.0/24
                  193.47.63.0/24
                  194.55.224.0/23
                  194.180.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:2f:36:92:2c:c5:cf:cb:0c:fa:f2:e0:e3:3e:2b:fc:f3:3d:
         40:28:33:be:42:e4:fc:c9:32:07:c4:d7:49:b6:37:c4:7f:71:
         30:b9:09:84:33:cc:3e:46:58:95:c6:fb:9b:0f:d2:73:a4:ed:
         c4:4a:8b:86:7d:29:58:b0:24:1e:60:ac:b3:34:0a:bc:27:d8:
         58:a1:9b:1a:18:f3:26:a0:39:ad:71:ea:f2:fe:dc:23:ee:0a:
         4c:68:a2:d5:6a:82:c6:e0:84:4c:63:e7:7a:79:43:95:25:be:
         c5:f1:7e:9b:37:a8:32:da:f8:87:93:8d:58:51:d0:86:35:45:
         3c:b0:a5:a7:5a:b5:7c:87:bc:4d:ad:e9:12:bc:ed:35:cd:54:
         9b:a9:13:55:68:f9:95:12:36:3e:b9:7f:c1:1c:5b:2d:98:a0:
         75:64:d2:60:cc:64:7a:e0:57:1d:5c:5c:0f:cc:b1:58:5d:36:
         91:e7:28:39:44:1e:e0:e4:37:17:2b:24:b8:34:b8:9f:a2:bb:
         c6:00:2a:ea:4d:3f:81:b3:2f:de:8c:a5:b5:8a:61:09:eb:0a:
         61:4e:02:32:de:72:39:4b:9b:46:db:96:49:dd:fa:76:02:62:
         53:b6:f4:62:72:d8:78:3b:eb:66:ad:21:3f:d6:24:d3:ef:94:
         2a:1d:25:4b
-----BEGIN CERTIFICATE-----
MIIFSzCCBDOgAwIBAgISAYXDjRQrgCANfnpkqeUFzivzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwMTE4MDYyNDQwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYjRiNGQ2OTE0ZmMzMTJkMDkyOTI4N2NkMTQ3NDMzM2QzNTRlNmQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzLm5OHOGIvj9KKzb3RCsTzfm4Tvo
MGlwyUHi8qpAoJBz9GysXNQVoMf19OCso8AquXFR0K1kZURT8O770Wo6RjPzEh3i
7hATuDI2/BzI8ZkGMKFElgY/nyPWQjSHBZTNX7AvP0Nw2Zwi8EZWpaMBRMcwfcSV
k2JHOCFzRkVcZhN6sba3CLkNog3m1s3X72W1ldVegkcN/aXQXcBDdjImC/g/WfKZ
dAPSj77cn/prlFTdUqqyTK5F801kPzkIfeG6NN1wwK7TWwwVndG7AU3gbfBewuPE
GK2jQVtLwmZ+VpvyEYk0qekDQsmF71bpoe7KFvdW/KHmWRWhYybu04SrZQIDAQAB
o4ICVzCCAlMwHQYDVR0OBBYEFOtLTWkU/DEtCSkofNFHQzPTVObXMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvNjB0TmFSVDhNUzBKS1NoODBVZERNOU5VNXRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG0GCCsGAQUFBwEHAQH/BF4wXDBaBAIAATBUAwQALQmcAwQA
LQz/AwQALVRbAwQALVhAAwQALYFUAwQAXpqiAwQAXpygAwQAstfiAwQBud6gAwQA
wSoiAwQAwS88AwQAwS8/AwQBwjfgAwQAwrQnMA0GCSqGSIb3DQEBCwUAA4IBAQCi
LzaSLMXPywz68uDjPiv88z1AKDO+QuT8yTIHxNdJtjfEf3EwuQmEM8w+RliVxvub
D9JzpO3ESouGfSlYsCQeYKyzNAq8J9hYoZsaGPMmoDmtcery/twj7gpMaKLVaoLG
4IRMY+d6eUOVJb7F8X6bN6gy2viHk41YUdCGNUU8sKWnWrV8h7xNrekSvO01zVSb
qRNVaPmVEjY+uX/BHFstmKB1ZNJgzGR64FcdXFwPzLFYXTaR5yg5RB7g5DcXKyS4
NLiforvGACrqTT+Bsy/ejKW1imEJ6wphTgIy3nI5S5tG25ZJ3fp2AmJTtvRicth4
O+tmrSE/1iTT75QqHSVL
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:24 2024 by rpki-client on console-ams.rpki-client.org