Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/C1HR1yvLzfc0RckMWCpA5CvKQnM.roa
File:                     C1HR1yvLzfc0RckMWCpA5CvKQnM.roa (raw, json)
Hash identifier:          Lu0AmxHS2I0IQ5FKAJLMfuR9yukC5TeEvFjbBAHDItA=
Subject key identifier:   0B:51:D1:D7:2B:CB:CD:F7:34:45:C9:0C:58:2A:40:E4:2B:CA:42:73
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       1DE458AD
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/C1HR1yvLzfc0RckMWCpA5CvKQnM.roa
Signing time:             Tue 12 Apr 2022 05:53:34 +0000
ROA not before:           Tue 12 Apr 2022 05:53:34 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     22653
IP address blocks:        31.169.124.0/24 maxlen: 24
                          31.169.125.0/24 maxlen: 24
                          31.169.126.0/24 maxlen: 24
                          31.169.127.0/24 maxlen: 24
                          194.55.226.0/24 maxlen: 24
                          194.55.224.0/24 maxlen: 24
                          194.55.225.0/24 maxlen: 24
                          194.55.227.0/24 maxlen: 24
                          178.215.236.0/24 maxlen: 24
                          178.215.238.0/24 maxlen: 24
                          178.215.239.0/24 maxlen: 24
                          178.215.237.0/24 maxlen: 24
                          85.31.44.0/24 maxlen: 24
                          85.31.46.0/24 maxlen: 24
                          85.31.45.0/24 maxlen: 24
                          85.31.47.0/24 maxlen: 24
                          79.110.60.0/24 maxlen: 24
                          79.110.62.0/24 maxlen: 24
                          79.110.61.0/24 maxlen: 24
                          79.110.63.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 501504173 (0x1de458ad)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Apr 12 05:53:34 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=0b51d1d72bcbcdf73445c90c582a40e42bca4273
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:b5:66:83:6a:8e:7b:2d:c7:72:59:43:4c:38:
                    6e:31:ba:ad:8b:19:b8:00:ca:2a:24:9f:fd:ed:23:
                    89:ec:2a:99:02:40:5e:7e:4c:22:2f:8b:99:c5:be:
                    99:e4:2a:68:6f:76:54:ce:1e:3b:28:d3:e4:01:7a:
                    0b:c5:7b:68:1c:be:b0:37:bf:48:e9:9e:e5:7b:85:
                    a2:e5:43:5f:f8:90:e5:45:df:10:f2:4f:7d:fb:15:
                    c1:db:35:62:f0:a1:2f:1c:5d:e0:05:96:03:8c:a3:
                    7e:19:be:86:22:91:f6:37:19:b0:82:c7:98:27:60:
                    05:f8:1b:40:92:c3:71:b6:19:bb:8f:4a:2d:9b:ed:
                    01:64:0b:28:e2:67:83:84:83:76:0c:51:71:ef:66:
                    48:da:3d:13:c0:32:db:87:95:34:75:85:b9:54:37:
                    06:e2:74:e2:7f:d2:6a:9e:c5:d3:56:81:e3:d8:c2:
                    93:1b:60:4b:47:ad:a7:85:0a:1d:81:ae:8d:16:08:
                    78:86:73:7f:67:8e:c4:b6:e8:df:34:de:17:9b:06:
                    02:9b:db:40:d2:0a:ba:31:59:1f:ad:8e:62:b8:73:
                    e1:5a:ac:dc:1c:c5:42:aa:8a:64:70:1c:b1:98:c7:
                    80:9e:39:54:1f:2a:19:8a:3e:e2:61:db:c1:1a:85:
                    6f:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:51:D1:D7:2B:CB:CD:F7:34:45:C9:0C:58:2A:40:E4:2B:CA:42:73
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/C1HR1yvLzfc0RckMWCpA5CvKQnM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.169.124.0/22
                  79.110.60.0/22
                  85.31.44.0/22
                  178.215.236.0/22
                  194.55.224.0/22

    Signature Algorithm: sha256WithRSAEncryption
         17:d6:c6:e4:6c:92:91:9f:3c:8d:f1:3f:bf:71:d5:78:28:3c:
         04:74:96:85:ef:af:b8:af:cf:6a:a3:3f:a9:f9:e8:26:9c:24:
         74:11:88:79:83:2b:d6:6d:df:44:b7:2d:ee:24:70:fc:35:df:
         08:6b:52:cc:e0:e7:51:2c:04:03:0b:b9:7f:b4:f0:0c:41:91:
         58:db:67:d8:65:36:17:98:38:73:f9:5f:b7:19:36:86:18:d9:
         4a:50:a0:6e:ac:d0:dd:f2:e5:23:65:4f:74:c8:e4:b1:cb:8f:
         67:cd:2d:b0:fa:26:15:45:a2:01:1a:9f:dc:2c:5b:f1:8f:64:
         17:27:20:fa:51:2e:65:df:f6:7c:88:2b:60:53:18:0a:42:d1:
         66:27:f1:ca:92:ed:37:fc:d4:9a:60:36:99:bb:00:ff:ad:39:
         53:83:76:70:ed:e0:81:de:aa:b2:93:05:38:43:b6:b6:51:22:
         e8:55:3b:54:49:65:f0:86:6d:62:a1:90:a8:f8:c7:cf:d0:8e:
         f7:0b:b4:ad:ac:9e:0f:a6:04:7e:5d:98:5d:c5:d2:c1:10:50:
         3b:df:79:a5:19:65:b1:f7:f6:47:7d:e7:37:e3:99:10:83:a2:
         83:93:64:1f:a1:a1:d7:0e:a6:71:e8:ee:d9:40:46:32:f4:74:
         3c:7f:b0:4f
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgIEHeRYrTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygy
MmM0YWMzZTNjNDNkNzBkMDUzNDljODE1YmFhZGQzOGFkNzc1ZTlkMB4XDTIyMDQx
MjA1NTMzNFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMGI1MWQxZDcyYmNi
Y2RmNzM0NDVjOTBjNTgyYTQwZTQyYmNhNDI3MzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKS1ZoNqjnstx3JZQ0w4bjG6rYsZuADKKiSf/e0jiewqmQJA
Xn5MIi+LmcW+meQqaG92VM4eOyjT5AF6C8V7aBy+sDe/SOme5XuFouVDX/iQ5UXf
EPJPffsVwds1YvChLxxd4AWWA4yjfhm+hiKR9jcZsILHmCdgBfgbQJLDcbYZu49K
LZvtAWQLKOJng4SDdgxRce9mSNo9E8Ay24eVNHWFuVQ3BuJ04n/Sap7F01aB49jC
kxtgS0etp4UKHYGujRYIeIZzf2eOxLbo3zTeF5sGApvbQNIKujFZH62OYrhz4Vqs
3BzFQqqKZHAcsZjHgJ45VB8qGYo+4mHbwRqFb0ECAwEAAaOCAiEwggIdMB0GA1Ud
DgQWBBQLUdHXK8vN9zRFyQxYKkDkK8pCczAfBgNVHSMEGDAWgBQixKw+PEPXDQU0
nIFbqt04rXdenTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0lzU3NQanhEMXcwRk5KeUJXNnJkT0sxM1hwMC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMDMvOTEzYTNhLWY1NTAtNDZmMC1hY2M3LWNkM2NhNTk3NTcxMi8x
L0MxSFIxeXZMemZjMFJja01XQ3BBNUN2S1FuTS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDMv
OTEzYTNhLWY1NTAtNDZmMC1hY2M3LWNkM2NhNTk3NTcxMi8xL0lzU3NQanhEMXcw
Rk5KeUJXNnJkT0sxM1hwMC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA3
BggrBgEFBQcBBwEB/wQoMCYwJAQCAAEwHgMEAh+pfAMEAk9uPAMEAlUfLAMEArLX
7AMEAsI34DANBgkqhkiG9w0BAQsFAAOCAQEAF9bG5GySkZ88jfE/v3HVeCg8BHSW
he+vuK/PaqM/qfnoJpwkdBGIeYMr1m3fRLct7iRw/DXfCGtSzODnUSwEAwu5f7Tw
DEGRWNtn2GU2F5g4c/lftxk2hhjZSlCgbqzQ3fLlI2VPdMjkscuPZ80tsPomFUWi
ARqf3Cxb8Y9kFycg+lEuZd/2fIgrYFMYCkLRZifxypLtN/zUmmA2mbsA/605U4N2
cO3ggd6qspMFOEO2tlEi6FU7VEll8IZtYqGQqPjHz9CO9wu0rayeD6YEfl2YXcXS
wRBQO995pRllsff2R33nN+OZEIOig5NkH6Gh1w6mceju2UBGMvR0PH+wTw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:27 2024 by rpki-client on console-ams.rpki-client.org