Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/FKO09amZcbl_3vsTWH9Yh2_lskE.roa
File:                     FKO09amZcbl_3vsTWH9Yh2_lskE.roa (raw, json)
Hash identifier:          MwdG8gSqCOzCG0gPDVY/qr68nFdfr9wuGX1EZhd8vuU=
Subject key identifier:   14:A3:B4:F5:A9:99:71:B9:7F:DE:FB:13:58:7F:58:87:6F:E5:B2:41
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018BDD7D5A2ECC0A18971611341B87E67A7E
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/FKO09amZcbl_3vsTWH9Yh2_lskE.roa
Signing time:             Fri 17 Nov 2023 13:34:21 +0000
ROA not before:           Fri 17 Nov 2023 13:34:21 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     207279
IP address blocks:        94.156.8.0/24 maxlen: 24
                          194.169.172.0/24 maxlen: 24
                          185.226.172.0/24 maxlen: 24
                          2.59.253.0/24 maxlen: 24
                          194.31.205.0/24 maxlen: 24
                          92.249.50.0/24 maxlen: 24
                          194.180.38.0/24 maxlen: 24
                          94.154.162.0/24 maxlen: 24
                          109.206.239.0/24 maxlen: 24
                          178.215.225.0/24 maxlen: 24
                          194.55.225.0/24 maxlen: 24
                          185.222.160.0/24 maxlen: 24
                          178.215.227.0/24 maxlen: 24
                          185.222.162.0/24 maxlen: 24
                          185.222.161.0/24 maxlen: 24
                          178.215.236.0/24 maxlen: 24
                          193.222.97.0/24 maxlen: 24
                          193.222.99.0/24 maxlen: 24
                          193.37.42.0/24 maxlen: 24
                          193.37.44.0/24 maxlen: 24
                          193.37.40.0/24 maxlen: 24
                          194.48.248.0/24 maxlen: 24
                          45.84.91.0/24 maxlen: 24
                          194.55.187.0/24 maxlen: 24
                          92.119.198.0/24 maxlen: 24
                          45.88.64.0/24 maxlen: 24
                          45.88.91.0/24 maxlen: 24
                          193.25.217.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:dd:7d:5a:2e:cc:0a:18:97:16:11:34:1b:87:e6:7a:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Nov 17 13:34:21 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=14a3b4f5a99971b97fdefb13587f58876fe5b241
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:19:87:25:0f:a2:93:ad:ba:5a:5a:ea:3e:fd:
                    96:08:ae:d0:c5:56:20:92:37:c8:9b:01:b7:52:c3:
                    d7:b2:e9:5d:ca:5a:00:06:ca:42:25:4c:7b:c3:c3:
                    72:3f:e1:2b:ee:e3:65:66:97:0d:83:08:08:c3:64:
                    bb:97:e7:0a:de:73:83:35:80:5b:86:9c:1d:0f:b4:
                    0f:27:7b:b3:52:2c:b4:41:f7:a9:d0:b1:c2:0e:a9:
                    b6:64:7e:37:2a:4a:ac:27:62:f4:aa:5c:fb:ea:af:
                    4e:3e:f7:d7:57:a9:d6:da:ca:43:cc:dd:df:3d:72:
                    1b:b6:84:ac:36:d1:01:0b:ca:c7:2a:33:97:f8:fc:
                    80:e3:ec:00:0f:40:da:60:6b:f7:a0:94:e7:cf:1b:
                    6d:3f:78:86:ea:f6:05:92:31:3d:b6:62:1a:d1:4c:
                    29:fa:ce:65:9a:51:4a:cf:f5:23:8a:33:d5:48:0c:
                    76:cc:ce:ce:dc:da:64:75:a7:54:03:be:37:71:33:
                    7d:4c:f0:bf:56:7b:17:a7:78:cf:51:96:40:ba:79:
                    23:01:06:94:31:27:48:72:31:d8:90:91:09:3a:d3:
                    71:56:aa:e4:7e:fc:55:78:d9:a0:26:c3:d8:74:e1:
                    0b:c5:a0:77:b0:15:3d:ae:4b:2c:81:d3:52:58:d4:
                    45:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:A3:B4:F5:A9:99:71:B9:7F:DE:FB:13:58:7F:58:87:6F:E5:B2:41
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/FKO09amZcbl_3vsTWH9Yh2_lskE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.59.253.0/24
                  45.84.91.0/24
                  45.88.64.0/24
                  45.88.91.0/24
                  92.119.198.0/24
                  92.249.50.0/24
                  94.154.162.0/24
                  94.156.8.0/24
                  109.206.239.0/24
                  178.215.225.0/24
                  178.215.227.0/24
                  178.215.236.0/24
                  185.222.160.0-185.222.162.255
                  185.226.172.0/24
                  193.25.217.0/24
                  193.37.40.0/24
                  193.37.42.0/24
                  193.37.44.0/24
                  193.222.97.0/24
                  193.222.99.0/24
                  194.31.205.0/24
                  194.48.248.0/24
                  194.55.187.0/24
                  194.55.225.0/24
                  194.169.172.0/24
                  194.180.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:f0:03:99:32:ef:1c:b3:97:0a:3a:d9:57:e7:6f:e0:fd:ea:
         3b:ff:2b:d1:e3:c6:65:36:2e:5b:15:e7:c3:b1:c6:3c:42:39:
         ae:c6:c4:45:b1:e1:9e:c2:0e:e1:c4:bb:ff:3b:0e:4f:5d:7b:
         c7:4c:21:5d:db:a6:37:44:63:64:e3:86:0b:23:c4:6f:9b:ca:
         9d:29:3c:17:ba:df:f4:7b:a7:3c:a2:b8:2e:39:28:e8:fa:fb:
         04:e7:44:45:b0:5b:3c:73:aa:7a:ce:b8:d0:e9:7a:f8:c6:01:
         4b:c2:6b:15:91:7b:8f:ae:15:b0:73:6b:1d:45:74:a1:a5:19:
         7d:7c:88:3d:c2:cb:c3:5a:cb:83:e2:1c:86:39:ce:4c:fc:75:
         22:d4:7c:1f:74:e0:9f:5e:3d:35:70:49:40:af:f3:6b:c2:33:
         10:f1:77:1e:dc:20:ce:62:f0:fa:ad:bf:29:84:ba:a0:eb:76:
         cb:4b:03:d1:72:2f:0c:e8:68:cb:5f:f9:ea:01:61:47:f3:61:
         ac:07:c7:dd:87:a0:44:57:2f:86:9d:95:37:a9:81:21:dc:07:
         cf:b7:65:e7:80:14:ba:e1:64:31:a8:51:63:4f:cc:97:8a:54:
         c9:f0:50:56:9e:17:ba:3e:c5:35:bc:2a:1a:43:5f:6f:30:05:
         82:14:5a:f9
-----BEGIN CERTIFICATE-----
MIIFoDCCBIigAwIBAgISAYvdfVouzAoYlxYRNBuH5np+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMxMTE3MTMzNDIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNGEzYjRmNWE5OTk3MWI5N2ZkZWZiMTM1ODdmNTg4NzZmZTViMjQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlhmHJQ+ik626WlrqPv2WCK7QxVYg
kjfImwG3UsPXsuldyloABspCJUx7w8NyP+Er7uNlZpcNgwgIw2S7l+cK3nODNYBb
hpwdD7QPJ3uzUiy0Qfep0LHCDqm2ZH43KkqsJ2L0qlz76q9OPvfXV6nW2spDzN3f
PXIbtoSsNtEBC8rHKjOX+PyA4+wAD0DaYGv3oJTnzxttP3iG6vYFkjE9tmIa0Uwp
+s5lmlFKz/UjijPVSAx2zM7O3NpkdadUA743cTN9TPC/VnsXp3jPUZZAunkjAQaU
MSdIcjHYkJEJOtNxVqrkfvxVeNmgJsPYdOELxaB3sBU9rkssgdNSWNRFtQIDAQAB
o4ICrDCCAqgwHQYDVR0OBBYEFBSjtPWpmXG5f977E1h/WIdv5bJBMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvRktPMDlhbVpjYmxfM3ZzVFdIOVloMl9sc2tFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHBBggrBgEFBQcBBwEB/wSBsTCBrjCBqwQCAAEwgaQDBAAC
O/0DBAAtVFsDBAAtWEADBAAtWFsDBABcd8YDBABc+TIDBABemqIDBABenAgDBABt
zu8DBACy1+EDBACy1+MDBACy1+wwDAMEBbneoAMEALneogMEALnirAMEAMEZ2QME
AMElKAMEAMElKgMEAMElLAMEAMHeYQMEAMHeYwMEAMIfzQMEAMIw+AMEAMI3uwME
AMI34QMEAMKprAMEAMK0JjANBgkqhkiG9w0BAQsFAAOCAQEAMfADmTLvHLOXCjrZ
V+dv4P3qO/8r0ePGZTYuWxXnw7HGPEI5rsbERbHhnsIO4cS7/zsOT117x0whXdum
N0RjZOOGCyPEb5vKnSk8F7rf9HunPKK4Ljko6Pr7BOdERbBbPHOqes640Ol6+MYB
S8JrFZF7j64VsHNrHUV0oaUZfXyIPcLLw1rLg+IchjnOTPx1ItR8H3Tgn149NXBJ
QK/za8IzEPF3HtwgzmLw+q2/KYS6oOt2y0sD0XIvDOhoy1/56gFhR/NhrAfH3Yeg
RFcvhp2VN6mBIdwHz7dl54AUuuFkMahRY0/Ml4pUyfBQVp4Xuj7FNbwqGkNfbzAF
ghRa+Q==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:17:02 2024 by rpki-client on console-fra.rpki-client.org