Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Ch55dbjK2K3TxKQIus90OIXuF24.roa
File:                     Ch55dbjK2K3TxKQIus90OIXuF24.roa (raw, json)
Hash identifier:          2oVtHSffaC7J1pdIfccBWITEvtRpnoZMzs9wzDP6gXQ=
Subject key identifier:   0A:1E:79:75:B8:CA:D8:AD:D3:C4:A4:08:BA:CF:74:38:85:EE:17:6E
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       1D5B1AE4
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Ch55dbjK2K3TxKQIus90OIXuF24.roa
Signing time:             Fri 04 Mar 2022 11:13:49 +0000
ROA not before:           Fri 04 Mar 2022 11:13:49 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     397423
IP address blocks:        84.54.48.0/22 maxlen: 24
                          194.180.51.0/24 maxlen: 24
                          194.169.172.0/22 maxlen: 24
                          194.180.48.0/23 maxlen: 24
                          185.252.178.0/23 maxlen: 24
                          176.125.252.0/22 maxlen: 24
                          94.154.172.0/22 maxlen: 24
                          193.25.216.0/22 maxlen: 24
                          87.121.220.0/23 maxlen: 24
                          109.206.240.0/22 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 492509924 (0x1d5b1ae4)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Mar  4 11:13:49 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=0a1e7975b8cad8add3c4a408bacf743885ee176e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:96:8f:23:cd:80:47:3a:72:14:3f:7c:c5:8f:
                    31:6d:cc:cb:70:c7:72:60:1a:74:63:bf:ef:ea:98:
                    de:c8:ea:e4:e8:96:c5:bf:9c:ff:4b:ea:98:63:48:
                    dd:b6:0a:1f:6b:e6:10:73:03:7c:20:2a:36:58:56:
                    06:ad:a4:78:1d:87:ad:94:08:5c:57:9e:f6:b1:fc:
                    16:54:00:78:f3:76:f8:75:e5:c0:ab:6c:ef:3f:42:
                    24:81:11:cb:3f:69:08:5e:b9:1d:4f:fb:3f:0d:5e:
                    ef:5a:3c:6b:e5:45:49:e9:1f:25:fe:49:5e:c7:57:
                    39:bf:5c:b1:87:d1:7c:a0:7e:7e:1d:e1:22:09:35:
                    cd:01:8c:e0:df:78:75:e7:fd:e2:9a:e6:4c:d6:03:
                    50:3d:47:26:12:b6:7e:c4:74:95:af:62:5c:92:72:
                    bb:51:5c:3f:86:5a:15:a8:4a:a7:93:7d:2b:c6:f9:
                    ae:ed:fe:85:57:28:10:b5:ec:43:43:b0:de:2b:c8:
                    2f:26:1e:a8:9c:07:59:48:af:e9:78:8f:be:80:1e:
                    fd:42:d4:12:4a:d2:77:4d:99:58:1a:c3:ff:d0:37:
                    7c:3f:8b:47:f1:10:33:a0:d8:25:f4:2d:61:8b:5c:
                    6d:a4:e6:97:43:3b:03:61:19:25:20:fc:0c:2a:d4:
                    90:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:1E:79:75:B8:CA:D8:AD:D3:C4:A4:08:BA:CF:74:38:85:EE:17:6E
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Ch55dbjK2K3TxKQIus90OIXuF24.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.54.48.0/22
                  87.121.220.0/23
                  94.154.172.0/22
                  109.206.240.0/22
                  176.125.252.0/22
                  185.252.178.0/23
                  193.25.216.0/22
                  194.169.172.0/22
                  194.180.48.0/23
                  194.180.51.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:ec:f5:10:17:99:fa:00:fc:87:0f:fa:83:a3:68:0b:38:2d:
         9c:48:45:38:98:6c:5a:f9:8e:1c:cb:91:0e:7a:48:78:e0:10:
         33:1a:a4:80:24:80:fa:14:b9:7b:71:df:bd:6c:fa:53:65:5d:
         74:c2:76:72:07:31:66:ab:f8:77:0a:3d:1a:c6:1f:ae:b6:e3:
         7c:c8:f1:01:b6:00:52:25:38:89:06:1a:58:9b:f8:30:ef:75:
         a2:e1:b3:4e:ac:cd:6e:2c:55:01:a1:fc:0f:96:bf:69:23:d5:
         88:55:7a:86:e3:3a:c0:74:80:e2:59:18:1f:a3:78:5f:5f:22:
         8f:65:f5:dc:9c:bb:a7:be:da:35:ed:09:e5:42:87:d8:1f:73:
         c3:b8:a8:49:e6:89:4b:37:80:fa:5b:15:3b:57:26:22:2d:ff:
         d0:92:73:9e:01:69:b5:91:93:ea:d4:26:e9:4c:d8:b3:4a:28:
         8a:72:12:25:65:a5:ed:dc:e5:d2:2b:8b:0c:df:95:38:33:06:
         38:da:b7:4d:1f:ef:67:ed:41:44:1b:52:82:0e:af:81:f4:56:
         bb:74:cd:be:56:37:c8:d2:b0:7e:c1:89:d5:90:9b:d2:bf:d2:
         32:98:b7:2d:f9:9a:ba:a1:cb:f9:5f:a6:fe:95:c8:f7:62:9d:
         34:c7:e5:8c
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgIEHVsa5DANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygy
MmM0YWMzZTNjNDNkNzBkMDUzNDljODE1YmFhZGQzOGFkNzc1ZTlkMB4XDTIyMDMw
NDExMTM0OVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMGExZTc5NzViOGNh
ZDhhZGQzYzRhNDA4YmFjZjc0Mzg4NWVlMTc2ZTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANCWjyPNgEc6chQ/fMWPMW3My3DHcmAadGO/7+qY3sjq5OiW
xb+c/0vqmGNI3bYKH2vmEHMDfCAqNlhWBq2keB2HrZQIXFee9rH8FlQAePN2+HXl
wKts7z9CJIERyz9pCF65HU/7Pw1e71o8a+VFSekfJf5JXsdXOb9csYfRfKB+fh3h
Igk1zQGM4N94def94prmTNYDUD1HJhK2fsR0la9iXJJyu1FcP4ZaFahKp5N9K8b5
ru3+hVcoELXsQ0Ow3ivILyYeqJwHWUiv6XiPvoAe/ULUEkrSd02ZWBrD/9A3fD+L
R/EQM6DYJfQtYYtcbaTml0M7A2EZJSD8DCrUkEkCAwEAAaOCAj8wggI7MB0GA1Ud
DgQWBBQKHnl1uMrYrdPEpAi6z3Q4he4XbjAfBgNVHSMEGDAWgBQixKw+PEPXDQU0
nIFbqt04rXdenTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0lzU3NQanhEMXcwRk5KeUJXNnJkT0sxM1hwMC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMDMvOTEzYTNhLWY1NTAtNDZmMC1hY2M3LWNkM2NhNTk3NTcxMi8x
L0NoNTVkYmpLMkszVHhLUUl1czkwT0lYdUYyNC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDMv
OTEzYTNhLWY1NTAtNDZmMC1hY2M3LWNkM2NhNTk3NTcxMi8xL0lzU3NQanhEMXcw
Rk5KeUJXNnJkT0sxM1hwMC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBV
BggrBgEFBQcBBwEB/wRGMEQwQgQCAAEwPAMEAlQ2MAMEAVd53AMEAl6arAMEAm3O
8AMEArB9/AMEAbn8sgMEAsEZ2AMEAsKprAMEAcK0MAMEAMK0MzANBgkqhkiG9w0B
AQsFAAOCAQEAbuz1EBeZ+gD8hw/6g6NoCzgtnEhFOJhsWvmOHMuRDnpIeOAQMxqk
gCSA+hS5e3HfvWz6U2VddMJ2cgcxZqv4dwo9GsYfrrbjfMjxAbYAUiU4iQYaWJv4
MO91ouGzTqzNbixVAaH8D5a/aSPViFV6huM6wHSA4lkYH6N4X18ij2X13Jy7p77a
Ne0J5UKH2B9zw7ioSeaJSzeA+lsVO1cmIi3/0JJzngFptZGT6tQm6UzYs0ooinIS
JWWl7dzl0iuLDN+VODMGONq3TR/vZ+1BRBtSgg6vgfRWu3TNvlY3yNKwfsGJ1ZCb
0r/SMpi3LfmauqHL+V+m/pXI92KdNMfljA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:27 2024 by rpki-client on console-ams.rpki-client.org