Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/DgJT4pbdPPEivC3BARTMRlEDo-M.roa
File:                     DgJT4pbdPPEivC3BARTMRlEDo-M.roa (raw, json)
Hash identifier:          oY53Jo0r3UKc19sYfutBJ3XbNHKk4jQCsYBn5kA8ic8=
Subject key identifier:   0E:02:53:E2:96:DD:3C:F1:22:BC:2D:C1:01:14:CC:46:51:03:A3:E3
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       1E6F5360
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/DgJT4pbdPPEivC3BARTMRlEDo-M.roa
Signing time:             Fri 13 May 2022 08:58:02 +0000
ROA not before:           Fri 13 May 2022 08:58:02 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     43561
IP address blocks:        87.120.192.0/23 maxlen: 23
                          87.120.192.0/24 maxlen: 24
                          87.120.193.0/24 maxlen: 24
                          87.121.38.0/24 maxlen: 24
                          87.121.36.0/24 maxlen: 24
                          87.121.36.0/23 maxlen: 24
                          87.121.37.0/24 maxlen: 24
                          87.121.44.0/22 maxlen: 24
                          87.121.57.0/24 maxlen: 24
                          87.121.56.0/23 maxlen: 24
                          87.121.56.0/24 maxlen: 24
                          87.121.60.0/22 maxlen: 24
                          87.121.63.0/24 maxlen: 24
                          87.121.62.0/24 maxlen: 24
                          87.121.61.0/24 maxlen: 24
                          87.121.60.0/24 maxlen: 24
                          87.120.218.0/23 maxlen: 24
                          87.120.220.0/23 maxlen: 24
                          87.120.64.0/24 maxlen: 24
                          87.120.64.0/23 maxlen: 24
                          87.120.68.0/24 maxlen: 24
                          87.120.68.0/23 maxlen: 24
                          87.120.69.0/24 maxlen: 24
                          87.120.65.0/24 maxlen: 24
                          87.120.72.0/21 maxlen: 21
                          87.120.77.0/24 maxlen: 24
                          87.120.73.0/24 maxlen: 24
                          87.120.76.0/24 maxlen: 24
                          87.120.72.0/24 maxlen: 24
                          87.120.75.0/24 maxlen: 24
                          87.120.78.0/24 maxlen: 24
                          87.120.74.0/24 maxlen: 24
                          87.120.79.0/24 maxlen: 24
                          87.120.89.0/24 maxlen: 24
                          87.120.88.0/23 maxlen: 24
                          87.120.88.0/24 maxlen: 24
                          87.120.97.0/24 maxlen: 24
                          87.120.96.0/23 maxlen: 24
                          87.120.96.0/24 maxlen: 24
                          87.120.100.0/22 maxlen: 24
                          87.120.32.0/24 maxlen: 24
                          87.120.33.0/24 maxlen: 24
                          87.120.34.0/24 maxlen: 24
                          87.120.35.0/24 maxlen: 24
                          87.120.32.0/22 maxlen: 24
                          87.120.46.0/24 maxlen: 24
                          87.120.46.0/23 maxlen: 24
                          87.120.47.0/24 maxlen: 24
                          91.92.8.0/21 maxlen: 24
                          91.92.6.0/24 maxlen: 24
                          91.92.16.0/24 maxlen: 24
                          91.92.21.0/24 maxlen: 24
                          91.92.24.0/22 maxlen: 24
                          91.92.67.0/24 maxlen: 24
                          93.123.81.5/32 maxlen: 32
                          93.123.39.0/24 maxlen: 24
                          94.156.232.0/21 maxlen: 24
                          93.123.69.0/24 maxlen: 24
                          93.123.68.0/24 maxlen: 24
                          93.123.71.0/24 maxlen: 24
                          93.123.68.0/22 maxlen: 22
                          93.123.70.0/24 maxlen: 24
                          93.123.77.0/24 maxlen: 24
                          93.123.76.0/24 maxlen: 24
                          93.123.76.0/22 maxlen: 24
                          93.123.78.0/24 maxlen: 24
                          93.123.84.0/22 maxlen: 24
                          93.123.80.0/23 maxlen: 23
                          93.123.79.0/24 maxlen: 24
                          93.123.84.0/24 maxlen: 24
                          93.123.85.0/24 maxlen: 24
                          93.123.86.0/24 maxlen: 24
                          93.123.87.0/24 maxlen: 24
                          93.123.88.0/21 maxlen: 24
                          94.156.160.0/23 maxlen: 24
                          94.156.169.0/24 maxlen: 24
                          94.156.168.0/24 maxlen: 24
                          94.156.168.0/23 maxlen: 24
                          94.156.176.0/21 maxlen: 24
                          93.123.24.0/24 maxlen: 24
                          93.123.22.0/24 maxlen: 24
                          93.123.31.0/24 maxlen: 24
                          93.123.27.0/24 maxlen: 24
                          93.123.30.0/24 maxlen: 24
                          93.123.30.0/23 maxlen: 24
                          93.123.26.0/23 maxlen: 24
                          93.123.26.0/24 maxlen: 24
                          93.123.112.0/24 maxlen: 24
                          93.123.118.0/24 maxlen: 24
                          93.123.114.0/24 maxlen: 24
                          93.123.115.0/24 maxlen: 24
                          93.123.116.0/24 maxlen: 24
                          93.123.112.0/21 maxlen: 24
                          93.123.117.0/24 maxlen: 24
                          93.123.113.0/24 maxlen: 24
                          93.123.119.0/24 maxlen: 24
                          94.156.2.0/24 maxlen: 24
                          94.156.6.0/24 maxlen: 24
                          94.156.8.0/24 maxlen: 24
                          94.156.131.0/24 maxlen: 24
                          94.156.136.0/21 maxlen: 24
                          94.156.152.0/24 maxlen: 24
                          94.156.154.0/23 maxlen: 24
                          94.156.157.0/24 maxlen: 24
                          94.156.156.0/24 maxlen: 24
                          94.156.156.0/23 maxlen: 24
                          94.156.78.0/24 maxlen: 24
                          94.156.78.0/23 maxlen: 24
                          94.156.79.0/24 maxlen: 24
                          87.121.147.0/24 maxlen: 24
                          87.121.146.0/24 maxlen: 24
                          87.121.146.0/23 maxlen: 24
                          87.121.162.0/23 maxlen: 24
                          87.121.69.0/24 maxlen: 24
                          87.121.103.0/24 maxlen: 24
                          87.121.105.0/24 maxlen: 24
                          87.121.101.0/24 maxlen: 24
                          87.121.104.0/24 maxlen: 24
                          87.121.100.0/24 maxlen: 24
                          87.121.104.0/23 maxlen: 24
                          87.121.100.0/23 maxlen: 24
                          87.121.115.0/24 maxlen: 24
                          87.121.114.0/24 maxlen: 24
                          87.121.114.0/23 maxlen: 24
                          31.13.252.0/24 maxlen: 24
                          31.13.253.0/24 maxlen: 24
                          31.13.252.0/22 maxlen: 22
                          31.13.254.0/24 maxlen: 24
                          31.13.255.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 510612320 (0x1e6f5360)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: May 13 08:58:02 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=0e0253e296dd3cf122bc2dc10114cc465103a3e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:3c:f5:d5:15:a5:47:04:08:f4:8d:1e:96:c4:
                    c9:95:ed:77:19:b8:91:f1:60:a0:39:02:1a:18:c9:
                    52:ec:1d:8a:b0:3a:f2:b7:be:ab:53:2b:a0:04:2d:
                    43:56:bc:1a:d4:a5:2e:0b:fa:de:b6:b7:e2:ba:65:
                    41:4c:7a:96:ef:72:fd:99:f3:10:fe:c4:13:c9:0e:
                    c2:54:12:6e:0c:77:ce:cf:66:6f:7d:29:b8:8f:3e:
                    c8:55:f3:77:95:9f:c5:66:66:5e:6e:5a:37:d8:b4:
                    2d:1a:b2:42:ce:4a:e3:28:49:8a:4a:87:4f:28:1e:
                    12:d0:09:73:9a:b8:0b:8f:a6:5a:0b:ca:2b:7f:f7:
                    58:54:9b:b3:cc:96:7c:18:98:3d:93:46:c0:11:9e:
                    a1:1f:e9:b1:e7:4a:e0:e4:e8:81:6c:84:c0:34:1b:
                    38:3e:67:62:38:16:ab:87:f6:4a:dd:2b:8c:06:7d:
                    0d:66:6e:39:2d:33:be:46:94:ce:2c:ca:b6:41:36:
                    81:50:dd:22:f2:70:56:5a:45:ba:99:8d:b5:94:e8:
                    9b:4e:1b:cb:d5:a1:b8:c8:37:9a:fa:2d:35:36:b4:
                    70:37:6d:e2:7a:9f:df:60:1c:97:f7:b7:b2:b5:10:
                    3c:4b:3e:6a:bf:f0:9b:ee:53:a7:a3:7b:93:e5:d5:
                    fd:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:02:53:E2:96:DD:3C:F1:22:BC:2D:C1:01:14:CC:46:51:03:A3:E3
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/DgJT4pbdPPEivC3BARTMRlEDo-M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.13.252.0/22
                  87.120.32.0/22
                  87.120.46.0/23
                  87.120.64.0/23
                  87.120.68.0/23
                  87.120.72.0/21
                  87.120.88.0/23
                  87.120.96.0/23
                  87.120.100.0/22
                  87.120.192.0/23
                  87.120.218.0-87.120.221.255
                  87.121.36.0-87.121.38.255
                  87.121.44.0/22
                  87.121.56.0/23
                  87.121.60.0/22
                  87.121.69.0/24
                  87.121.100.0/23
                  87.121.103.0-87.121.105.255
                  87.121.114.0/23
                  87.121.146.0/23
                  87.121.162.0/23
                  91.92.6.0/24
                  91.92.8.0-91.92.16.255
                  91.92.21.0/24
                  91.92.24.0/22
                  91.92.67.0/24
                  93.123.22.0/24
                  93.123.24.0/24
                  93.123.26.0/23
                  93.123.30.0/23
                  93.123.39.0/24
                  93.123.68.0/22
                  93.123.76.0-93.123.81.255
                  93.123.84.0-93.123.95.255
                  93.123.112.0/21
                  94.156.2.0/24
                  94.156.6.0/24
                  94.156.8.0/24
                  94.156.78.0/23
                  94.156.131.0/24
                  94.156.136.0/21
                  94.156.152.0/24
                  94.156.154.0-94.156.157.255
                  94.156.160.0/23
                  94.156.168.0/23
                  94.156.176.0/21
                  94.156.232.0/21

    Signature Algorithm: sha256WithRSAEncryption
         4a:65:9a:8d:c7:72:c8:70:5a:be:c6:eb:92:b7:81:3f:f4:26:
         18:ba:99:5e:f2:06:a1:ea:7a:4e:f1:42:ff:b6:d0:99:5d:63:
         98:30:7f:e3:62:57:83:5d:ba:30:64:a1:62:d3:a4:91:f5:81:
         c7:96:55:ed:29:7f:ef:4f:23:0f:17:4f:5c:14:7c:a8:83:a2:
         c0:7f:ef:e5:4e:6c:ed:b7:44:69:fd:2a:f3:8c:90:9a:4f:4b:
         3b:e0:92:74:80:6d:dd:8f:ff:3f:ab:4f:5c:07:44:5d:ed:55:
         f3:ae:6c:d5:2c:3f:ff:56:fd:a5:48:29:0d:35:4b:a1:ed:f6:
         aa:01:38:98:c0:28:ec:c9:d8:75:8a:a8:3b:4f:42:50:ee:f7:
         22:6f:0f:28:1e:dd:1d:a3:1c:37:98:e9:f0:48:8e:dd:90:e3:
         f4:67:bb:40:a2:b7:e5:d7:d5:51:de:22:3d:d6:6c:89:ba:03:
         af:47:58:9c:2a:3a:f9:cb:4e:ba:dc:0f:0c:b5:e0:a2:60:fb:
         2f:c4:3f:0c:3e:ac:1b:7f:99:d8:d8:ab:46:96:94:55:d3:9e:
         5e:b7:3d:4d:5f:2f:6a:52:01:34:cd:78:1e:b8:cc:d3:47:34:
         6d:20:bc:4d:3d:ef:f1:b8:b4:f4:f0:84:28:cd:c9:fd:38:ea:
         f1:89:f6:a5
-----BEGIN CERTIFICATE-----
MIIGRTCCBS2gAwIBAgIEHm9TYDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygy
MmM0YWMzZTNjNDNkNzBkMDUzNDljODE1YmFhZGQzOGFkNzc1ZTlkMB4XDTIyMDUx
MzA4NTgwMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMGUwMjUzZTI5NmRk
M2NmMTIyYmMyZGMxMDExNGNjNDY1MTAzYTNlMzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALY89dUVpUcECPSNHpbEyZXtdxm4kfFgoDkCGhjJUuwdirA6
8re+q1MroAQtQ1a8GtSlLgv63ra34rplQUx6lu9y/ZnzEP7EE8kOwlQSbgx3zs9m
b30puI8+yFXzd5WfxWZmXm5aN9i0LRqyQs5K4yhJikqHTygeEtAJc5q4C4+mWgvK
K3/3WFSbs8yWfBiYPZNGwBGeoR/psedK4OTogWyEwDQbOD5nYjgWq4f2St0rjAZ9
DWZuOS0zvkaUzizKtkE2gVDdIvJwVlpFupmNtZTom04by9WhuMg3mvotNTa0cDdt
4nqf32Acl/e3srUQPEs+ar/wm+5Tp6N7k+XV/asCAwEAAaOCA18wggNbMB0GA1Ud
DgQWBBQOAlPilt088SK8LcEBFMxGUQOj4zAfBgNVHSMEGDAWgBQixKw+PEPXDQU0
nIFbqt04rXdenTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0lzU3NQanhEMXcwRk5KeUJXNnJkT0sxM1hwMC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMDMvOTEzYTNhLWY1NTAtNDZmMC1hY2M3LWNkM2NhNTk3NTcxMi8x
L0RnSlQ0cGJkUFBFaXZDM0JBUlRNUmxFRG8tTS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDMv
OTEzYTNhLWY1NTAtNDZmMC1hY2M3LWNkM2NhNTk3NTcxMi8xL0lzU3NQanhEMXcw
Rk5KeUJXNnJkT0sxM1hwMC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjCC
AXMGCCsGAQUFBwEHAQH/BIIBYjCCAV4wggFaBAIAATCCAVIDBAIfDfwDBAJXeCAD
BAFXeC4DBAFXeEADBAFXeEQDBANXeEgDBAFXeFgDBAFXeGADBAJXeGQDBAFXeMAw
DAMEAVd42gMEAVd43DAMAwQCV3kkAwQAV3kmAwQCV3ksAwQBV3k4AwQCV3k8AwQA
V3lFAwQBV3lkMAwDBABXeWcDBAFXeWgDBAFXeXIDBAFXeZIDBAFXeaIDBABbXAYw
DAMEA1tcCAMEAFtcEAMEAFtcFQMEAltcGAMEAFtcQwMEAF17FgMEAF17GAMEAV17
GgMEAV17HgMEAF17JwMEAl17RDAMAwQCXXtMAwQBXXtQMAwDBAJde1QDBAVde0AD
BANde3ADBABenAIDBABenAYDBABenAgDBAFenE4DBABenIMDBANenIgDBABenJgw
DAMEAV6cmgMEAV6cnAMEAV6coAMEAV6cqAMEA16csAMEA16c6DANBgkqhkiG9w0B
AQsFAAOCAQEASmWajcdyyHBavsbrkreBP/QmGLqZXvIGoep6TvFC/7bQmV1jmDB/
42JXg126MGShYtOkkfWBx5ZV7Sl/708jDxdPXBR8qIOiwH/v5U5s7bdEaf0q84yQ
mk9LO+CSdIBt3Y//P6tPXAdEXe1V865s1Sw//1b9pUgpDTVLoe32qgE4mMAo7MnY
dYqoO09CUO73Im8PKB7dHaMcN5jp8EiO3ZDj9Ge7QKK35dfVUd4iPdZsiboDr0dY
nCo6+ctOutwPDLXgomD7L8Q/DD6sG3+Z2NirRpaUVdOeXrc9TV8valIBNM14HrjM
00c0bSC8TT3v8bi09PCEKM3J/Tjq8Yn2pQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:17:01 2024 by rpki-client on console-fra.rpki-client.org