Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/FUZNF9Rjtu9gSoCv7VmMJulUty0.roa
File:                     FUZNF9Rjtu9gSoCv7VmMJulUty0.roa (raw, json)
Hash identifier:          YKHY8h1lVNQfS8LJcA1ZHf6G90Re90EeKgTKqlxJGQ0=
Subject key identifier:   15:46:4D:17:D4:63:B6:EF:60:4A:80:AF:ED:59:8C:26:E9:54:B7:2D
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018D7881EBAF471E8108DC4B45DF08F71EAC
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/FUZNF9Rjtu9gSoCv7VmMJulUty0.roa
Signing time:             Mon 05 Feb 2024 09:03:16 +0000
ROA not before:           Mon 05 Feb 2024 09:03:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207279
IP address blocks:        2.59.253.0/24 maxlen: 24
                          45.9.156.0/24 maxlen: 24
                          45.84.89.0/24 maxlen: 24
                          45.84.91.0/24 maxlen: 24
                          45.88.64.0/24 maxlen: 24
                          45.88.91.0/24 maxlen: 24
                          79.110.51.0/24 maxlen: 24
                          82.115.208.0/24 maxlen: 24
                          83.219.97.0/24 maxlen: 24
                          92.119.198.0/24 maxlen: 24
                          92.249.50.0/24 maxlen: 24
                          94.154.162.0/24 maxlen: 24
                          94.156.75.0/24 maxlen: 24
                          109.206.239.0/24 maxlen: 24
                          178.215.225.0/24 maxlen: 24
                          178.215.227.0/24 maxlen: 24
                          178.215.236.0/24 maxlen: 24
                          185.222.160.0/24 maxlen: 24
                          185.222.161.0/24 maxlen: 24
                          185.222.162.0/24 maxlen: 24
                          185.246.223.0/24 maxlen: 24
                          193.25.217.0/24 maxlen: 24
                          193.35.19.0/24 maxlen: 24
                          193.37.40.0/24 maxlen: 24
                          193.37.42.0/24 maxlen: 24
                          193.37.44.0/24 maxlen: 24
                          193.222.97.0/24 maxlen: 24
                          193.222.99.0/24 maxlen: 24
                          194.31.205.0/24 maxlen: 24
                          194.48.248.0/24 maxlen: 24
                          194.55.187.0/24 maxlen: 24
                          194.55.225.0/24 maxlen: 24
                          194.59.31.0/24 maxlen: 24
                          194.169.172.0/24 maxlen: 24
                          194.180.38.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:78:81:eb:af:47:1e:81:08:dc:4b:45:df:08:f7:1e:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Feb  5 09:03:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=15464d17d463b6ef604a80afed598c26e954b72d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:23:61:2c:00:3c:ec:aa:bc:11:f5:5c:d3:16:
                    91:e3:d9:1f:6f:40:11:d6:f2:cf:89:f4:2b:95:0c:
                    f0:25:51:ac:f4:bc:f0:db:d0:bf:48:27:87:72:98:
                    c3:ed:4f:3f:7a:a6:7e:52:b3:cc:f9:c1:85:20:3e:
                    b6:2a:98:25:ab:8d:f9:ca:15:a4:24:9b:21:6a:8f:
                    9a:64:cf:fe:92:8b:a2:82:64:77:b2:78:94:d5:50:
                    a2:8a:f9:5d:0a:2e:15:3a:00:2c:75:72:b7:4c:a2:
                    0e:9c:b2:98:4b:e4:5d:ef:de:cf:b2:0b:41:f7:97:
                    02:8c:91:ef:8b:f9:5b:27:ec:68:ef:b8:a4:32:75:
                    3a:59:03:17:c5:60:8a:57:13:13:7d:00:be:27:e2:
                    34:54:4e:ed:be:35:56:f8:73:6b:16:68:c4:40:1b:
                    d8:c3:f0:7c:e4:69:b7:ad:9e:48:bc:f0:f7:07:54:
                    ca:d0:e2:ce:d7:95:e1:9f:9a:99:13:6e:0e:a2:e9:
                    d1:80:33:d7:1d:a9:4a:32:d5:3d:eb:f9:05:81:6d:
                    8c:66:47:fe:97:66:93:54:6f:6c:d7:4e:9a:38:bd:
                    2c:b6:6f:f5:66:68:85:17:ce:05:c3:20:b1:0a:32:
                    8b:de:38:4a:a9:c6:51:48:ab:d0:95:a3:f4:c0:ae:
                    ec:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:46:4D:17:D4:63:B6:EF:60:4A:80:AF:ED:59:8C:26:E9:54:B7:2D
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/FUZNF9Rjtu9gSoCv7VmMJulUty0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.59.253.0/24
                  45.9.156.0/24
                  45.84.89.0/24
                  45.84.91.0/24
                  45.88.64.0/24
                  45.88.91.0/24
                  79.110.51.0/24
                  82.115.208.0/24
                  83.219.97.0/24
                  92.119.198.0/24
                  92.249.50.0/24
                  94.154.162.0/24
                  94.156.75.0/24
                  109.206.239.0/24
                  178.215.225.0/24
                  178.215.227.0/24
                  178.215.236.0/24
                  185.222.160.0-185.222.162.255
                  185.246.223.0/24
                  193.25.217.0/24
                  193.35.19.0/24
                  193.37.40.0/24
                  193.37.42.0/24
                  193.37.44.0/24
                  193.222.97.0/24
                  193.222.99.0/24
                  194.31.205.0/24
                  194.48.248.0/24
                  194.55.187.0/24
                  194.55.225.0/24
                  194.59.31.0/24
                  194.169.172.0/24
                  194.180.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:af:14:91:5f:82:69:fd:39:4a:b7:a4:ff:0a:f6:a2:2d:27:
         65:2e:b3:f0:b2:ef:d8:0c:a3:d7:45:8c:1b:f5:43:62:5c:7c:
         c2:44:68:d5:d7:cf:9e:38:ae:af:b2:a8:c1:66:ce:e3:7e:30:
         77:f0:e0:6e:c6:bf:3d:2a:a5:01:92:e4:2d:58:d6:20:c1:bc:
         32:2c:35:76:44:47:8d:46:87:7c:a5:46:f2:08:da:4b:4b:42:
         b8:6e:b5:a3:94:9d:af:11:b7:74:d9:70:b8:4e:d6:fc:3c:35:
         8d:7c:4c:ba:72:9b:4b:67:c5:10:ea:63:83:8d:f0:d8:de:e8:
         cd:a9:9a:9d:d6:69:c7:fb:43:04:cc:06:7a:14:fb:09:f5:15:
         b6:b8:86:d0:7c:99:da:5d:0b:48:7a:a2:3a:4f:b6:f6:a5:44:
         c9:93:b8:2a:cd:d2:a4:9f:3a:49:b9:68:05:05:3f:a1:f4:0d:
         7f:cd:28:ee:ef:91:75:02:6d:3d:a1:10:0c:f8:47:e9:80:d9:
         60:b1:41:b9:67:04:90:ee:52:cd:03:bf:3e:43:77:9c:40:65:
         49:18:4a:ae:4a:46:33:48:fa:f7:b5:23:2e:a3:0e:93:44:31:
         b6:f1:c4:db:21:f0:6f:a5:ee:43:b6:96:08:a8:f2:12:8b:63:
         53:51:94:b4
-----BEGIN CERTIFICATE-----
MIIFyjCCBLKgAwIBAgISAY14geuvRx6BCNxLRd8I9x6sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMjA1MDkwMzE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTQ2NGQxN2Q0NjNiNmVmNjA0YTgwYWZlZDU5OGMyNmU5NTRiNzJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmyNhLAA87Kq8EfVc0xaR49kfb0AR
1vLPifQrlQzwJVGs9Lzw29C/SCeHcpjD7U8/eqZ+UrPM+cGFID62Kpglq435yhWk
JJshao+aZM/+kouigmR3sniU1VCiivldCi4VOgAsdXK3TKIOnLKYS+Rd797PsgtB
95cCjJHvi/lbJ+xo77ikMnU6WQMXxWCKVxMTfQC+J+I0VE7tvjVW+HNrFmjEQBvY
w/B85Gm3rZ5IvPD3B1TK0OLO15Xhn5qZE24OounRgDPXHalKMtU96/kFgW2MZkf+
l2aTVG9s106aOL0stm/1ZmiFF84FwyCxCjKL3jhKqcZRSKvQlaP0wK7sDwIDAQAB
o4IC1jCCAtIwHQYDVR0OBBYEFBVGTRfUY7bvYEqAr+1ZjCbpVLctMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvRlVaTkY5Ump0dTlnU29DdjdWbU1KdWxVdHkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHrBggrBgEFBQcBBwEB/wSB2zCB2DCB1QQCAAEwgc4DBAAC
O/0DBAAtCZwDBAAtVFkDBAAtVFsDBAAtWEADBAAtWFsDBABPbjMDBABSc9ADBABT
22EDBABcd8YDBABc+TIDBABemqIDBABenEsDBABtzu8DBACy1+EDBACy1+MDBACy
1+wwDAMEBbneoAMEALneogMEALn23wMEAMEZ2QMEAMEjEwMEAMElKAMEAMElKgME
AMElLAMEAMHeYQMEAMHeYwMEAMIfzQMEAMIw+AMEAMI3uwMEAMI34QMEAMI7HwME
AMKprAMEAMK0JjANBgkqhkiG9w0BAQsFAAOCAQEAMq8UkV+Caf05Srek/wr2oi0n
ZS6z8LLv2Ayj10WMG/VDYlx8wkRo1dfPnjiur7KowWbO434wd/Dgbsa/PSqlAZLk
LVjWIMG8Miw1dkRHjUaHfKVG8gjaS0tCuG61o5SdrxG3dNlwuE7W/Dw1jXxMunKb
S2fFEOpjg43w2N7ozamandZpx/tDBMwGehT7CfUVtriG0HyZ2l0LSHqiOk+29qVE
yZO4Ks3SpJ86SbloBQU/ofQNf80o7u+RdQJtPaEQDPhH6YDZYLFBuWcEkO5SzQO/
PkN3nEBlSRhKrkpGM0j697UjLqMOk0QxtvHE2yHwb6XuQ7aWCKjyEotjU1GUtA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:28 2024 by rpki-client on console-ams.rpki-client.org