Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/CrmZYOli--LqUzC7zM_qOjSb-xo.roa
File:                     CrmZYOli--LqUzC7zM_qOjSb-xo.roa (raw, json)
Hash identifier:          F9LzOU65MkOg88ymMSLiYiGW+/8Cj5TQBj01rLqgsqo=
Subject key identifier:   0A:B9:99:60:E9:62:FB:E2:EA:53:30:BB:CC:CF:EA:3A:34:9B:FB:1A
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       1C5A3C11
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/CrmZYOli--LqUzC7zM_qOjSb-xo.roa
Signing time:             Sat 01 Jan 2022 01:02:24 +0000
ROA not before:           Sat 01 Jan 2022 01:02:24 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     31420
IP address blocks:        94.156.48.0/24 maxlen: 24
                          94.156.50.0/24 maxlen: 24
                          94.156.51.0/24 maxlen: 24
                          94.156.49.0/24 maxlen: 24
                          94.156.52.0/24 maxlen: 24
                          94.156.64.0/24 maxlen: 24
                          94.156.68.0/24 maxlen: 24
                          94.156.66.0/24 maxlen: 24
                          94.156.70.0/24 maxlen: 24
                          94.156.65.0/24 maxlen: 24
                          94.156.69.0/24 maxlen: 24
                          94.156.67.0/24 maxlen: 24
                          94.156.71.0/24 maxlen: 24
                          94.156.74.0/24 maxlen: 24
                          94.156.72.0/24 maxlen: 24
                          94.156.75.0/24 maxlen: 24
                          94.156.73.0/24 maxlen: 24
                          87.121.169.0/24 maxlen: 24
                          87.121.171.0/24 maxlen: 24
                          87.121.168.0/22 maxlen: 22
                          87.121.172.0/22 maxlen: 22
                          87.121.172.0/24 maxlen: 24
                          87.121.170.0/24 maxlen: 24
                          87.121.175.0/24 maxlen: 24
                          87.121.173.0/24 maxlen: 24
                          87.121.174.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 475675665 (0x1c5a3c11)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan  1 01:02:24 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=0ab99960e962fbe2ea5330bbcccfea3a349bfb1a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:1b:42:99:67:6d:26:4a:28:50:44:26:a0:19:
                    a3:c0:01:cd:23:57:27:ee:10:1c:de:be:03:b4:37:
                    43:f7:e5:bd:bd:3b:04:6b:89:f4:d4:09:29:e8:4e:
                    fa:24:d9:a3:ac:f0:ee:46:27:50:cd:6f:1d:12:3e:
                    3b:78:1c:6b:d9:a3:5c:88:7b:a6:a9:a1:d2:f6:80:
                    e7:4e:09:08:b5:05:4f:11:72:47:8f:ff:ff:fe:a3:
                    04:f6:54:a5:c2:7e:7e:08:bf:86:a3:d3:12:eb:6e:
                    01:7f:b6:50:81:fd:7e:2c:89:d2:68:a7:78:b2:b4:
                    ce:94:af:9e:be:75:a6:7e:e8:b9:a7:7b:c7:56:56:
                    f3:aa:62:77:08:f9:95:da:ea:e1:6f:aa:5d:3f:b1:
                    5d:3e:e2:0e:77:bb:4b:1e:a3:68:5b:d1:8e:45:81:
                    90:de:5b:56:d3:45:2a:06:e0:88:69:4f:98:8f:86:
                    bc:53:a9:fe:e7:35:c5:8f:95:8c:3c:7e:af:3f:26:
                    fa:7e:df:6a:b2:95:48:a9:03:3c:3d:a9:16:7d:ba:
                    07:15:ee:6e:10:86:3e:c4:ae:7f:b0:a6:89:c1:bc:
                    c4:5a:ef:22:72:22:01:c5:69:a8:fc:4c:66:aa:63:
                    c6:97:85:b6:0d:26:a3:99:66:0a:3c:e2:00:06:ba:
                    e7:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:B9:99:60:E9:62:FB:E2:EA:53:30:BB:CC:CF:EA:3A:34:9B:FB:1A
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/CrmZYOli--LqUzC7zM_qOjSb-xo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.121.168.0/21
                  94.156.48.0-94.156.52.255
                  94.156.64.0-94.156.75.255

    Signature Algorithm: sha256WithRSAEncryption
         3a:10:65:11:26:34:90:d3:8c:7e:84:7a:37:da:c9:83:d3:4c:
         b2:e6:b1:dc:9a:df:60:f2:99:c0:9b:ae:db:77:3f:19:0e:d1:
         2f:41:76:5b:55:50:01:93:91:74:77:87:86:23:f4:61:23:5e:
         54:df:2b:eb:ad:e4:06:07:85:0c:e3:1c:2e:c1:a1:1b:50:a9:
         0d:64:3b:76:82:63:48:54:0b:af:7b:28:f3:e2:4f:ab:8e:d3:
         89:ab:e2:0c:22:ff:52:6e:cc:90:5c:bb:dc:0c:76:e7:21:3e:
         21:5e:cd:9a:53:9a:03:3f:fd:0a:f9:52:6d:70:72:b1:4b:ff:
         da:32:d4:21:31:e9:78:5c:c8:1e:ee:e8:d8:46:a1:78:0d:1e:
         59:34:90:39:8b:ff:29:fa:fa:e9:82:aa:e7:a7:34:da:00:26:
         e1:af:94:cc:77:4a:2c:de:92:97:21:68:df:d5:3f:fc:a9:1d:
         e5:01:4f:9b:f3:6b:94:b7:b7:55:58:90:06:0d:02:1e:07:7a:
         43:33:74:a8:d7:fc:b0:e0:00:70:58:9f:e9:67:42:86:93:a8:
         4d:ba:4b:47:79:46:28:72:0a:00:b9:79:7b:01:cb:39:a0:31:
         c2:0b:41:5f:b2:1f:8e:d7:94:80:1c:87:2a:07:3c:77:90:8b:
         ae:4b:f1:63
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIEHFo8ETANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygy
MmM0YWMzZTNjNDNkNzBkMDUzNDljODE1YmFhZGQzOGFkNzc1ZTlkMB4XDTIyMDEw
MTAxMDIyNFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMGFiOTk5NjBlOTYy
ZmJlMmVhNTMzMGJiY2NjZmVhM2EzNDliZmIxYTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALkbQplnbSZKKFBEJqAZo8ABzSNXJ+4QHN6+A7Q3Q/flvb07
BGuJ9NQJKehO+iTZo6zw7kYnUM1vHRI+O3gca9mjXIh7pqmh0vaA504JCLUFTxFy
R4////6jBPZUpcJ+fgi/hqPTEutuAX+2UIH9fiyJ0mineLK0zpSvnr51pn7ouad7
x1ZW86pidwj5ldrq4W+qXT+xXT7iDne7Sx6jaFvRjkWBkN5bVtNFKgbgiGlPmI+G
vFOp/uc1xY+VjDx+rz8m+n7farKVSKkDPD2pFn26BxXubhCGPsSuf7CmicG8xFrv
InIiAcVpqPxMZqpjxpeFtg0mo5lmCjziAAa65/0CAwEAAaOCAiUwggIhMB0GA1Ud
DgQWBBQKuZlg6WL74upTMLvMz+o6NJv7GjAfBgNVHSMEGDAWgBQixKw+PEPXDQU0
nIFbqt04rXdenTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0lzU3NQanhEMXcwRk5KeUJXNnJkT0sxM1hwMC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMDMvOTEzYTNhLWY1NTAtNDZmMC1hY2M3LWNkM2NhNTk3NTcxMi8x
L0NybVpZT2xpLS1McVV6Qzd6TV9xT2pTYi14by5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDMv
OTEzYTNhLWY1NTAtNDZmMC1hY2M3LWNkM2NhNTk3NTcxMi8xL0lzU3NQanhEMXcw
Rk5KeUJXNnJkT0sxM1hwMC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA7
BggrBgEFBQcBBwEB/wQsMCowKAQCAAEwIgMEA1d5qDAMAwQEXpwwAwQAXpw0MAwD
BAZenEADBAJenEgwDQYJKoZIhvcNAQELBQADggEBADoQZREmNJDTjH6EejfayYPT
TLLmsdya32DymcCbrtt3PxkO0S9BdltVUAGTkXR3h4Yj9GEjXlTfK+ut5AYHhQzj
HC7BoRtQqQ1kO3aCY0hUC697KPPiT6uO04mr4gwi/1JuzJBcu9wMduchPiFezZpT
mgM//Qr5Um1wcrFL/9oy1CEx6XhcyB7u6NhGoXgNHlk0kDmL/yn6+umCquenNNoA
JuGvlMx3SizekpchaN/VP/ypHeUBT5vza5S3t1VYkAYNAh4HekMzdKjX/LDgAHBY
n+lnQoaTqE26S0d5RihyCgC5eXsByzmgMcILQV+yH47XlIAchyoHPHeQi65L8WM=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:27 2024 by rpki-client on console-ams.rpki-client.org