Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/CD2RrUASOsnmm9Q5pFD66NA92Pc.roa
File:                     CD2RrUASOsnmm9Q5pFD66NA92Pc.roa (raw, json)
Hash identifier:          KZltxwUkKOJKXAx+9dNWaVzvWxcioWnW715Q+khsGlM=
Subject key identifier:   08:3D:91:AD:40:12:3A:C9:E6:9B:D4:39:A4:50:FA:E8:D0:3D:D8:F7
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       0187795760301F4842795474B5277134BEF4
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/CD2RrUASOsnmm9Q5pFD66NA92Pc.roa
Signing time:             Thu 13 Apr 2023 06:39:41 +0000
ROA not before:           Thu 13 Apr 2023 06:39:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     50225
IP address blocks:        81.161.230.0/24 maxlen: 24
                          94.156.234.0/24 maxlen: 24
                          178.215.226.0/24 maxlen: 24
                          45.9.156.0/24 maxlen: 24
                          45.12.255.0/24 maxlen: 24
                          94.156.160.0/24 maxlen: 24
                          193.42.34.0/24 maxlen: 24
                          193.47.63.0/24 maxlen: 24
                          193.47.60.0/24 maxlen: 24
                          45.129.84.0/24 maxlen: 24
                          176.125.253.0/24 maxlen: 24
                          45.129.86.0/24 maxlen: 24
                          176.125.252.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:79:57:60:30:1f:48:42:79:54:74:b5:27:71:34:be:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Apr 13 06:39:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=083d91ad40123ac9e69bd439a450fae8d03dd8f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:d3:2b:19:62:1b:00:be:34:dd:c2:64:d0:03:
                    5b:f8:b8:0c:4b:81:d6:5e:e8:78:67:0c:c9:a7:3b:
                    27:d3:44:e8:34:1a:c3:60:d3:8d:eb:19:ca:92:f5:
                    2f:f0:00:04:36:b4:b6:88:29:d2:ff:d5:46:eb:27:
                    3c:89:2f:b7:f7:1b:1a:58:87:36:78:a3:30:4f:13:
                    38:79:c2:e2:c2:da:18:77:7e:45:17:2e:3c:b9:30:
                    fe:14:4c:e0:d2:e9:ea:8a:7c:b7:b5:41:98:57:27:
                    e5:c6:09:c9:5a:fe:2f:2a:c9:5d:b1:39:37:39:5d:
                    6f:d0:ca:79:42:59:05:4e:8b:3d:0b:27:8a:8a:ef:
                    76:0c:72:c7:33:d1:e6:ca:c3:40:bc:92:be:3a:fb:
                    57:b1:80:f0:2c:49:d0:9b:f9:fd:34:34:a5:7c:5c:
                    cb:5f:36:e5:70:43:60:7a:57:c7:c8:0e:9e:62:0b:
                    15:ae:69:63:93:d9:30:bf:0d:a3:d1:a9:0f:e7:af:
                    33:a6:7f:f9:a2:7b:ce:34:6e:e8:0d:ff:09:19:39:
                    a0:eb:37:22:c3:d8:d0:d5:4a:93:28:e8:c6:35:61:
                    2a:43:f7:03:56:31:5c:55:ff:27:75:93:c0:b4:02:
                    aa:41:a0:f4:ac:06:5e:85:2e:2e:db:82:27:7b:04:
                    91:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:3D:91:AD:40:12:3A:C9:E6:9B:D4:39:A4:50:FA:E8:D0:3D:D8:F7
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/CD2RrUASOsnmm9Q5pFD66NA92Pc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.9.156.0/24
                  45.12.255.0/24
                  45.129.84.0/24
                  45.129.86.0/24
                  81.161.230.0/24
                  94.156.160.0/24
                  94.156.234.0/24
                  176.125.252.0/23
                  178.215.226.0/24
                  193.42.34.0/24
                  193.47.60.0/24
                  193.47.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:4f:ac:9d:d1:fa:a0:71:cb:9e:aa:b8:07:54:4c:32:6c:56:
         7e:c8:4b:4f:1e:30:38:80:1b:c8:d9:68:19:43:9d:df:51:28:
         b8:bd:b4:ec:bb:b0:97:51:5d:ff:69:c1:b1:41:90:b3:f3:20:
         99:6a:14:88:1c:8d:15:71:2b:de:d9:86:8b:12:6f:13:2c:01:
         02:f1:19:3c:45:d3:dc:90:af:42:91:20:80:e3:0a:10:5e:50:
         5f:59:5e:36:72:9b:04:ce:a7:5c:56:1d:89:eb:42:21:83:91:
         81:1d:db:5e:fa:8c:de:b2:1f:5e:da:c6:d6:ef:50:62:44:f3:
         63:ea:e6:5d:72:4e:6f:98:18:9d:72:eb:84:08:76:e2:dd:bf:
         ea:d3:f0:fd:b7:57:f1:1a:f8:86:e6:0b:c0:b4:0b:29:d2:88:
         5e:f7:f4:4c:18:2f:c6:04:39:a9:e6:83:41:3d:c2:79:54:c2:
         54:84:3d:c0:36:1e:33:55:0e:01:4d:aa:9e:b9:2a:76:fd:bb:
         42:df:89:91:22:e3:56:09:76:94:92:8b:b2:52:f2:1b:35:94:
         0c:ed:1b:a1:9b:1a:6b:00:24:ac:4d:ee:d4:7d:85:82:43:8d:
         39:d4:a9:5b:d8:c0:ed:8e:15:84:4c:da:41:fa:4c:b6:9a:a8:
         e2:2f:19:4b
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAYd5V2AwH0hCeVR0tSdxNL70MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwNDEzMDYzOTQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODNkOTFhZDQwMTIzYWM5ZTY5YmQ0MzlhNDUwZmFlOGQwM2RkOGY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAidMrGWIbAL403cJk0ANb+LgMS4HW
Xuh4ZwzJpzsn00ToNBrDYNON6xnKkvUv8AAENrS2iCnS/9VG6yc8iS+39xsaWIc2
eKMwTxM4ecLiwtoYd35FFy48uTD+FEzg0unqiny3tUGYVyflxgnJWv4vKsldsTk3
OV1v0Mp5QlkFTos9CyeKiu92DHLHM9HmysNAvJK+OvtXsYDwLEnQm/n9NDSlfFzL
XzblcENgelfHyA6eYgsVrmljk9kwvw2j0akP568zpn/5onvONG7oDf8JGTmg6zci
w9jQ1UqTKOjGNWEqQ/cDVjFcVf8ndZPAtAKqQaD0rAZehS4u24InewSRowIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFAg9ka1AEjrJ5pvUOaRQ+ujQPdj3MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvQ0QyUnJVQVNPc25tbTlRNXBGRDY2TkE5MlBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDBOBAIAATBIAwQALQmcAwQA
LQz/AwQALYFUAwQALYFWAwQAUaHmAwQAXpygAwQAXpzqAwQBsH38AwQAstfiAwQA
wSoiAwQAwS88AwQAwS8/MA0GCSqGSIb3DQEBCwUAA4IBAQB4T6yd0fqgccueqrgH
VEwybFZ+yEtPHjA4gBvI2WgZQ53fUSi4vbTsu7CXUV3/acGxQZCz8yCZahSIHI0V
cSve2YaLEm8TLAEC8Rk8RdPckK9CkSCA4woQXlBfWV42cpsEzqdcVh2J60Ihg5GB
Hdte+ozesh9e2sbW71BiRPNj6uZdck5vmBidcuuECHbi3b/q0/D9t1fxGviG5gvA
tAsp0ohe9/RMGC/GBDmp5oNBPcJ5VMJUhD3ANh4zVQ4BTaqeuSp2/btC34mRIuNW
CXaUkouyUvIbNZQM7RuhmxprACSsTe7UfYWCQ4051Klb2MDtjhWETNpB+ky2mqji
LxlL
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:17:01 2024 by rpki-client on console-fra.rpki-client.org