Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/E9vciydRxNJzpe5R1ri9IrKRymk.roa
File:                     E9vciydRxNJzpe5R1ri9IrKRymk.roa (raw, json)
Hash identifier:          raZ/bmy1Uf/nRmz25GUd7CiO/ObKON2FO0Ba0mv7zBU=
Subject key identifier:   13:DB:DC:8B:27:51:C4:D2:73:A5:EE:51:D6:B8:BD:22:B2:91:CA:69
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018DC1D6E4E7636F7742E5F9BD0369862E75
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/E9vciydRxNJzpe5R1ri9IrKRymk.roa
Signing time:             Mon 19 Feb 2024 14:48:22 +0000
ROA not before:           Mon 19 Feb 2024 14:48:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207279
IP address blocks:        2.59.253.0/24 maxlen: 24
                          45.84.91.0/24 maxlen: 24
                          45.88.64.0/24 maxlen: 24
                          45.88.91.0/24 maxlen: 24
                          79.110.51.0/24 maxlen: 24
                          83.219.97.0/24 maxlen: 24
                          92.119.198.0/24 maxlen: 24
                          92.249.50.0/24 maxlen: 24
                          94.154.162.0/24 maxlen: 24
                          94.156.75.0/24 maxlen: 24
                          109.206.239.0/24 maxlen: 24
                          178.215.225.0/24 maxlen: 24
                          178.215.227.0/24 maxlen: 24
                          178.215.236.0/24 maxlen: 24
                          185.222.160.0/24 maxlen: 24
                          185.222.161.0/24 maxlen: 24
                          185.222.162.0/24 maxlen: 24
                          193.25.217.0/24 maxlen: 24
                          193.37.40.0/24 maxlen: 24
                          193.37.42.0/24 maxlen: 24
                          193.37.44.0/24 maxlen: 24
                          193.222.97.0/24 maxlen: 24
                          193.222.99.0/24 maxlen: 24
                          194.55.187.0/24 maxlen: 24
                          194.55.225.0/24 maxlen: 24
                          194.59.31.0/24 maxlen: 24
                          194.169.172.0/24 maxlen: 24
                          194.180.38.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:c1:d6:e4:e7:63:6f:77:42:e5:f9:bd:03:69:86:2e:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Feb 19 14:48:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=13dbdc8b2751c4d273a5ee51d6b8bd22b291ca69
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:f7:fa:e8:17:55:46:da:95:c0:33:8d:52:4e:
                    6e:fc:72:0f:64:67:10:7c:ca:4e:b0:7a:fc:72:32:
                    dd:ca:8e:42:ee:ea:46:60:d6:98:86:c9:fb:9e:5e:
                    3f:29:d2:d0:fe:29:2b:0d:68:80:59:e9:93:7a:48:
                    18:9b:9e:23:e6:b4:f6:5f:8f:01:9d:d5:af:89:60:
                    01:b6:33:dc:74:36:d3:40:b4:2f:2b:b6:ed:7d:0d:
                    3a:3b:35:45:72:08:25:f0:2a:53:4c:c6:15:56:9b:
                    28:3e:e7:c3:2d:2a:0c:23:e2:32:52:6d:23:d0:6f:
                    84:ed:2f:e3:46:aa:7a:67:e2:d0:d2:ee:a1:cc:27:
                    13:30:9f:28:fc:34:9d:28:e3:6a:16:ab:a6:14:db:
                    4c:c5:44:8e:9f:f5:e1:b6:6f:92:e5:5f:cb:1d:3a:
                    1d:59:7f:37:d1:bd:08:3c:25:b0:99:c5:3e:c5:f6:
                    7c:71:28:f0:bd:c4:84:ca:1c:01:88:f4:ee:a8:3f:
                    8d:33:2d:ff:2d:33:52:11:6a:73:9d:08:dd:c7:83:
                    9b:3b:f4:d7:7c:e7:86:b7:62:20:29:f4:43:01:83:
                    f2:41:3f:fd:a3:38:5e:24:35:17:36:a8:1d:60:6f:
                    a7:63:d7:b2:95:18:4f:d1:94:a0:b3:43:ee:1a:17:
                    5a:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:DB:DC:8B:27:51:C4:D2:73:A5:EE:51:D6:B8:BD:22:B2:91:CA:69
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/E9vciydRxNJzpe5R1ri9IrKRymk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.59.253.0/24
                  45.84.91.0/24
                  45.88.64.0/24
                  45.88.91.0/24
                  79.110.51.0/24
                  83.219.97.0/24
                  92.119.198.0/24
                  92.249.50.0/24
                  94.154.162.0/24
                  94.156.75.0/24
                  109.206.239.0/24
                  178.215.225.0/24
                  178.215.227.0/24
                  178.215.236.0/24
                  185.222.160.0-185.222.162.255
                  193.25.217.0/24
                  193.37.40.0/24
                  193.37.42.0/24
                  193.37.44.0/24
                  193.222.97.0/24
                  193.222.99.0/24
                  194.55.187.0/24
                  194.55.225.0/24
                  194.59.31.0/24
                  194.169.172.0/24
                  194.180.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:7c:a4:37:e3:b1:2a:c9:dd:8a:16:65:34:aa:20:09:f0:3c:
         fe:51:83:83:55:d0:c6:72:0d:5c:26:e8:17:2e:fd:87:72:13:
         48:4e:07:b4:e3:fe:85:77:70:90:c9:8b:91:e6:fd:62:56:19:
         e5:dc:12:01:c1:df:69:98:ee:ab:3a:1a:af:c8:34:d0:7e:15:
         27:62:90:a6:37:4e:5d:c7:b3:c4:9b:fc:b2:f5:77:9d:71:5a:
         8a:ba:1d:d9:8f:8f:c6:c6:f5:33:3c:1f:9c:dd:33:ec:18:d3:
         d4:b5:d4:d4:af:a1:d6:f3:94:b0:ab:c1:8d:4d:c8:1e:8c:a6:
         14:b2:c3:0a:18:13:f4:bc:c7:c8:fc:06:29:31:6f:cd:05:7c:
         75:1a:27:e3:cd:7f:ab:d2:ae:88:17:40:c7:5b:da:a5:cb:2c:
         0c:8e:b5:7f:fc:39:e7:0f:95:6c:fb:3e:03:46:67:7d:c6:ff:
         70:ed:68:81:59:8b:3e:1e:05:62:24:8f:12:9d:60:cb:d3:e0:
         0f:18:0b:11:7f:31:90:f8:03:18:df:10:af:fe:7b:5c:69:c1:
         04:6b:6b:d8:9f:81:d7:8f:a3:a3:39:4d:ac:1e:60:6d:a9:fe:
         06:d8:03:9e:e0:86:08:db:16:b4:8b:89:22:f2:9f:23:11:2e:
         fb:d0:77:eb
-----BEGIN CERTIFICATE-----
MIIFoDCCBIigAwIBAgISAY3B1uTnY293QuX5vQNphi51MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMjE5MTQ0ODIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxM2RiZGM4YjI3NTFjNGQyNzNhNWVlNTFkNmI4YmQyMmIyOTFjYTY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1ff66BdVRtqVwDONUk5u/HIPZGcQ
fMpOsHr8cjLdyo5C7upGYNaYhsn7nl4/KdLQ/ikrDWiAWemTekgYm54j5rT2X48B
ndWviWABtjPcdDbTQLQvK7btfQ06OzVFcggl8CpTTMYVVpsoPufDLSoMI+IyUm0j
0G+E7S/jRqp6Z+LQ0u6hzCcTMJ8o/DSdKONqFqumFNtMxUSOn/Xhtm+S5V/LHTod
WX830b0IPCWwmcU+xfZ8cSjwvcSEyhwBiPTuqD+NMy3/LTNSEWpznQjdx4ObO/TX
fOeGt2IgKfRDAYPyQT/9ozheJDUXNqgdYG+nY9eylRhP0ZSgs0PuGhdazQIDAQAB
o4ICrDCCAqgwHQYDVR0OBBYEFBPb3IsnUcTSc6XuUda4vSKykcppMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvRTl2Y2l5ZFJ4Tkp6cGU1UjFyaTlJcktSeW1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHBBggrBgEFBQcBBwEB/wSBsTCBrjCBqwQCAAEwgaQDBAAC
O/0DBAAtVFsDBAAtWEADBAAtWFsDBABPbjMDBABT22EDBABcd8YDBABc+TIDBABe
mqIDBABenEsDBABtzu8DBACy1+EDBACy1+MDBACy1+wwDAMEBbneoAMEALneogME
AMEZ2QMEAMElKAMEAMElKgMEAMElLAMEAMHeYQMEAMHeYwMEAMI3uwMEAMI34QME
AMI7HwMEAMKprAMEAMK0JjANBgkqhkiG9w0BAQsFAAOCAQEAAXykN+OxKsndihZl
NKogCfA8/lGDg1XQxnINXCboFy79h3ITSE4HtOP+hXdwkMmLkeb9YlYZ5dwSAcHf
aZjuqzoar8g00H4VJ2KQpjdOXcezxJv8svV3nXFairod2Y+Pxsb1MzwfnN0z7BjT
1LXU1K+h1vOUsKvBjU3IHoymFLLDChgT9LzHyPwGKTFvzQV8dRon481/q9KuiBdA
x1vapcssDI61f/w55w+VbPs+A0Znfcb/cO1ogVmLPh4FYiSPEp1gy9PgDxgLEX8x
kPgDGN8Qr/57XGnBBGtr2J+B14+jozlNrB5gban+BtgDnuCGCNsWtIuJIvKfIxEu
+9B36w==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:27 2024 by rpki-client on console-ams.rpki-client.org