Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/GOESJUW_yeeApf73infOnrI_wPM.roa
File:                     GOESJUW_yeeApf73infOnrI_wPM.roa (raw, json)
Hash identifier:          V6pNGtgSTMPuAJ7ufk3EJWFV0+catELUbZQ27Y09b34=
Subject key identifier:   18:E1:12:25:45:BF:C9:E7:80:A5:FE:F7:8A:77:CE:9E:B2:3F:C0:F3
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       01877C27E4D201995B8C1B5F1B0BFB87DFAF
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/GOESJUW_yeeApf73infOnrI_wPM.roa
Signing time:             Thu 13 Apr 2023 19:46:41 +0000
ROA not before:           Thu 13 Apr 2023 19:46:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     207279
IP address blocks:        194.169.172.0/24 maxlen: 24
                          2.59.253.0/24 maxlen: 24
                          194.31.205.0/24 maxlen: 24
                          92.249.50.0/24 maxlen: 24
                          194.180.38.0/24 maxlen: 24
                          94.154.162.0/24 maxlen: 24
                          109.206.239.0/24 maxlen: 24
                          178.215.225.0/24 maxlen: 24
                          194.55.225.0/24 maxlen: 24
                          185.222.160.0/24 maxlen: 24
                          178.215.227.0/24 maxlen: 24
                          185.222.162.0/24 maxlen: 24
                          185.222.161.0/24 maxlen: 24
                          178.215.236.0/24 maxlen: 24
                          193.222.97.0/24 maxlen: 24
                          193.222.99.0/24 maxlen: 24
                          193.37.42.0/24 maxlen: 24
                          193.37.44.0/24 maxlen: 24
                          193.37.40.0/24 maxlen: 24
                          194.48.248.0/24 maxlen: 24
                          45.84.91.0/24 maxlen: 24
                          194.55.187.0/24 maxlen: 24
                          92.119.198.0/24 maxlen: 24
                          45.88.64.0/24 maxlen: 24
                          45.88.91.0/24 maxlen: 24
                          193.25.217.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:7c:27:e4:d2:01:99:5b:8c:1b:5f:1b:0b:fb:87:df:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Apr 13 19:46:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=18e1122545bfc9e780a5fef78a77ce9eb23fc0f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:9a:62:bf:b8:01:49:27:f1:9f:cd:b8:f0:82:
                    ba:6f:aa:ad:ab:a5:36:c8:ae:55:1c:17:30:36:d8:
                    56:69:5b:52:49:34:ef:58:09:38:9a:9e:a1:1d:90:
                    9d:eb:93:cb:b2:1c:99:86:ff:db:c6:76:39:69:ad:
                    77:95:5b:d4:6a:14:10:9c:44:5f:ea:8a:f9:36:4d:
                    44:a7:2a:c8:27:54:ac:b7:6b:e7:96:b1:82:3a:97:
                    f5:f5:54:e8:41:a0:97:50:a0:da:03:74:00:6d:e1:
                    4b:75:7b:e9:5b:04:92:51:b3:f6:02:41:11:6d:a3:
                    19:7b:e0:37:be:8e:5d:4c:81:71:32:95:62:f5:5f:
                    c4:83:71:45:d1:63:3b:9b:3c:34:d2:e8:d6:05:c0:
                    77:55:e1:5a:43:3e:68:8f:2c:b7:36:21:ac:bb:9e:
                    c5:3c:5b:8f:e4:74:9c:bf:87:d0:a5:6f:79:46:ca:
                    b8:42:44:3a:79:7f:3e:1c:74:ad:ad:cd:ab:ab:6e:
                    fa:af:29:e4:c0:d3:8f:2c:f9:4c:5a:7b:06:d8:2e:
                    be:7c:10:95:c8:71:3e:b1:e7:b3:fd:fa:0d:2d:64:
                    79:4a:52:b4:0c:9a:f6:12:f9:a7:cb:3c:8c:d6:01:
                    7d:6f:6e:c0:02:10:3a:09:b7:31:ca:06:62:96:aa:
                    ae:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:E1:12:25:45:BF:C9:E7:80:A5:FE:F7:8A:77:CE:9E:B2:3F:C0:F3
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/GOESJUW_yeeApf73infOnrI_wPM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.59.253.0/24
                  45.84.91.0/24
                  45.88.64.0/24
                  45.88.91.0/24
                  92.119.198.0/24
                  92.249.50.0/24
                  94.154.162.0/24
                  109.206.239.0/24
                  178.215.225.0/24
                  178.215.227.0/24
                  178.215.236.0/24
                  185.222.160.0-185.222.162.255
                  193.25.217.0/24
                  193.37.40.0/24
                  193.37.42.0/24
                  193.37.44.0/24
                  193.222.97.0/24
                  193.222.99.0/24
                  194.31.205.0/24
                  194.48.248.0/24
                  194.55.187.0/24
                  194.55.225.0/24
                  194.169.172.0/24
                  194.180.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:49:1f:e4:16:f8:b8:3e:79:16:32:3a:4f:40:0a:77:e0:f8:
         e9:81:68:bd:70:66:4e:35:c8:5b:f5:1d:ad:68:a4:d3:33:f1:
         46:f6:04:cb:e9:20:49:ee:59:08:49:ec:ac:30:43:9f:2a:31:
         4d:f4:4f:93:6d:1a:18:ed:b9:47:14:95:fe:c2:a2:bb:88:e9:
         a5:78:14:eb:63:38:ca:89:1f:d0:0e:eb:bd:23:e3:ce:7b:62:
         23:93:78:a1:d0:63:aa:1b:48:18:0b:e3:41:fa:f5:0d:74:87:
         cf:88:62:3f:dc:18:7b:e7:8b:f8:27:4e:e7:08:bd:cc:70:28:
         35:03:a5:47:ed:cc:b8:31:3a:a9:9d:e9:58:f4:06:d5:ed:0c:
         b0:6a:96:40:5b:ce:28:94:74:88:2a:ac:5a:89:e9:0f:e4:1e:
         3d:51:ea:8c:ae:cd:a4:63:cb:e1:17:64:40:bd:bb:63:70:3e:
         f2:45:05:5d:ad:d6:e9:de:da:fb:7b:d4:66:d5:4e:65:fe:16:
         82:ec:17:a8:de:9e:5a:19:9e:3c:d0:e5:27:56:01:29:50:1d:
         ae:bc:4f:15:29:42:22:38:a0:7e:ae:12:62:9e:64:66:69:f2:
         76:20:a3:3b:5a:48:97:38:a8:45:e1:45:0b:1a:7a:9b:19:b7:
         c3:f6:8e:31
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAYd8J+TSAZlbjBtfGwv7h9+vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwNDEzMTk0NjQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOGUxMTIyNTQ1YmZjOWU3ODBhNWZlZjc4YTc3Y2U5ZWIyM2ZjMGYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg5piv7gBSSfxn8248IK6b6qtq6U2
yK5VHBcwNthWaVtSSTTvWAk4mp6hHZCd65PLshyZhv/bxnY5aa13lVvUahQQnERf
6or5Nk1EpyrIJ1Sst2vnlrGCOpf19VToQaCXUKDaA3QAbeFLdXvpWwSSUbP2AkER
baMZe+A3vo5dTIFxMpVi9V/Eg3FF0WM7mzw00ujWBcB3VeFaQz5ojyy3NiGsu57F
PFuP5HScv4fQpW95Rsq4QkQ6eX8+HHStrc2rq276rynkwNOPLPlMWnsG2C6+fBCV
yHE+seez/foNLWR5SlK0DJr2EvmnyzyM1gF9b27AAhA6CbcxygZilqquFwIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFBjhEiVFv8nngKX+94p3zp6yP8DzMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvR09FU0pVV195ZWVBcGY3M2luZk9ucklfd1BNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIG1BggrBgEFBQcBBwEB/wSBpTCBojCBnwQCAAEwgZgDBAAC
O/0DBAAtVFsDBAAtWEADBAAtWFsDBABcd8YDBABc+TIDBABemqIDBABtzu8DBACy
1+EDBACy1+MDBACy1+wwDAMEBbneoAMEALneogMEAMEZ2QMEAMElKAMEAMElKgME
AMElLAMEAMHeYQMEAMHeYwMEAMIfzQMEAMIw+AMEAMI3uwMEAMI34QMEAMKprAME
AMK0JjANBgkqhkiG9w0BAQsFAAOCAQEAOkkf5Bb4uD55FjI6T0AKd+D46YFovXBm
TjXIW/UdrWik0zPxRvYEy+kgSe5ZCEnsrDBDnyoxTfRPk20aGO25RxSV/sKiu4jp
pXgU62M4yokf0A7rvSPjzntiI5N4odBjqhtIGAvjQfr1DXSHz4hiP9wYe+eL+CdO
5wi9zHAoNQOlR+3MuDE6qZ3pWPQG1e0MsGqWQFvOKJR0iCqsWonpD+QePVHqjK7N
pGPL4RdkQL27Y3A+8kUFXa3W6d7a+3vUZtVOZf4WguwXqN6eWhmePNDlJ1YBKVAd
rrxPFSlCIjigfq4SYp5kZmnydiCjO1pIlzioReFFCxp6mxm3w/aOMQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:28 2024 by rpki-client on console-ams.rpki-client.org