Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/GYC3PzCg5F3q61DHSshgxhAR3Jk.roa
File:                     GYC3PzCg5F3q61DHSshgxhAR3Jk.roa (raw, json)
Hash identifier:          QLwNIHAwD98j0RPzzu4WoswBhsJI4sigvtg6dUWdXLU=
Subject key identifier:   19:80:B7:3F:30:A0:E4:5D:EA:EB:50:C7:4A:C8:60:C6:10:11:DC:99
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018E611B56AC8EF74EAE74A60C1B95EE5169
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/GYC3PzCg5F3q61DHSshgxhAR3Jk.roa
Signing time:             Thu 21 Mar 2024 13:02:45 +0000
ROA not before:           Thu 21 Mar 2024 13:02:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        2.59.255.0/24 maxlen: 24
                          45.129.86.0/23 maxlen: 24
                          45.151.89.0/24 maxlen: 24
                          87.120.87.0/24 maxlen: 24
                          87.121.45.0/24 maxlen: 24
                          87.121.221.0/24 maxlen: 24
                          92.119.196.0/23 maxlen: 24
                          94.154.160.0/23 maxlen: 24
                          94.154.162.0/23 maxlen: 24
                          94.156.72.0/23 maxlen: 24
                          94.156.239.0/24 maxlen: 24
                          147.78.102.0/24 maxlen: 24
                          171.22.72.0/22 maxlen: 24
                          178.215.224.0/24 maxlen: 24
                          178.215.236.0/24 maxlen: 24
                          185.216.84.0/22 maxlen: 24
                          185.218.84.0/22 maxlen: 24
                          185.246.223.0/24 maxlen: 24
                          185.252.176.0/24 maxlen: 24
                          185.254.37.0/24 maxlen: 24
                          193.35.19.0/24 maxlen: 24
                          193.37.41.0/24 maxlen: 24
                          194.48.250.0/24 maxlen: 24
                          194.55.186.0/24 maxlen: 24
                          194.55.224.0/24 maxlen: 24
                          194.169.172.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:61:1b:56:ac:8e:f7:4e:ae:74:a6:0c:1b:95:ee:51:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Mar 21 13:02:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1980b73f30a0e45deaeb50c74ac860c61011dc99
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:0e:84:1f:2c:b1:ce:36:7f:f1:6f:a8:c4:da:
                    51:f4:72:b5:3f:48:26:a5:6e:17:54:82:0b:b2:f5:
                    b9:c0:4c:58:56:f5:da:b5:13:53:aa:d2:e2:9a:d4:
                    ab:d4:1f:ae:74:08:7e:0a:70:a0:ea:70:77:5a:32:
                    5a:a2:9f:4b:67:a0:1b:48:b3:23:af:6c:5d:14:0f:
                    46:f8:aa:e6:96:4e:97:af:fb:2f:fe:80:3f:4b:09:
                    d3:c6:8c:10:41:2b:85:74:19:aa:af:5f:89:6e:ef:
                    90:1c:46:31:f3:73:26:4d:d5:de:fb:a7:43:0e:e6:
                    f6:a5:30:52:6a:89:49:e9:9e:fd:a0:17:ad:d7:2f:
                    a0:7d:c5:87:d6:c7:67:38:1c:ef:3d:2b:c1:65:87:
                    4d:ae:75:44:b8:fa:83:be:63:ef:c6:19:2f:3f:40:
                    5e:57:b5:b3:17:fb:04:3c:3f:bb:59:0e:a8:f4:c7:
                    75:4e:85:e6:60:6c:60:4b:55:06:f5:1a:67:af:64:
                    bc:46:0b:bc:4a:2d:39:9e:a4:b2:21:78:4f:81:35:
                    39:61:ee:2c:39:62:67:9c:10:69:75:02:07:2b:c9:
                    0b:aa:42:98:db:84:88:68:59:e0:7d:78:6d:3a:18:
                    2b:8f:d8:ef:3c:bb:7d:9b:0a:36:12:a1:22:a6:5c:
                    d2:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:80:B7:3F:30:A0:E4:5D:EA:EB:50:C7:4A:C8:60:C6:10:11:DC:99
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/GYC3PzCg5F3q61DHSshgxhAR3Jk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.59.255.0/24
                  45.129.86.0/23
                  45.151.89.0/24
                  87.120.87.0/24
                  87.121.45.0/24
                  87.121.221.0/24
                  92.119.196.0/23
                  94.154.160.0/22
                  94.156.72.0/23
                  94.156.239.0/24
                  147.78.102.0/24
                  171.22.72.0/22
                  178.215.224.0/24
                  178.215.236.0/24
                  185.216.84.0/22
                  185.218.84.0/22
                  185.246.223.0/24
                  185.252.176.0/24
                  185.254.37.0/24
                  193.35.19.0/24
                  193.37.41.0/24
                  194.48.250.0/24
                  194.55.186.0/24
                  194.55.224.0/24
                  194.169.172.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:ac:54:05:c3:85:d8:e5:24:bc:4e:da:44:11:92:95:31:4b:
         ac:a3:3a:e2:8b:53:08:e9:f5:cf:db:54:c7:a6:7e:dc:2b:88:
         2b:04:71:6f:6f:73:5a:7c:57:50:07:d1:fd:8c:fe:b6:4d:6a:
         4e:99:be:d4:e9:0f:04:00:85:f5:6f:26:4b:47:c9:67:c3:c7:
         51:d2:5e:4a:c6:a3:3a:9a:51:45:90:74:f8:21:cf:ca:a0:52:
         70:10:57:7b:90:7e:99:1b:50:24:c1:fc:64:5e:8b:8d:86:cd:
         9f:a6:a0:63:44:30:c5:19:ab:51:9d:36:5d:0e:e3:5e:30:af:
         8a:5a:4f:63:fe:11:8f:d5:d8:c7:5d:3e:83:1d:bc:2b:cc:33:
         13:a2:c2:5f:c0:80:e2:2e:5d:d8:de:b3:35:08:5d:48:66:86:
         99:02:70:98:51:7a:fc:19:8a:44:8e:3c:94:94:52:41:cb:2f:
         12:5c:a1:d5:db:0f:63:04:9f:54:40:cf:24:cb:66:bd:8f:23:
         d9:71:b9:76:0e:58:70:49:79:df:86:d6:bf:61:88:59:b8:8d:
         6c:4e:e3:47:e7:a2:01:e8:0d:85:34:88:8d:da:43:be:b5:fb:
         97:fd:8f:f8:06:e3:79:e2:41:3c:90:c3:ff:8f:34:04:9d:14:
         d5:f6:ac:77
-----BEGIN CERTIFICATE-----
MIIFkjCCBHqgAwIBAgISAY5hG1asjvdOrnSmDBuV7lFpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMzIxMTMwMjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTgwYjczZjMwYTBlNDVkZWFlYjUwYzc0YWM4NjBjNjEwMTFkYzk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0g6EHyyxzjZ/8W+oxNpR9HK1P0gm
pW4XVIILsvW5wExYVvXatRNTqtLimtSr1B+udAh+CnCg6nB3WjJaop9LZ6AbSLMj
r2xdFA9G+Krmlk6Xr/sv/oA/SwnTxowQQSuFdBmqr1+Jbu+QHEYx83MmTdXe+6dD
Dub2pTBSaolJ6Z79oBet1y+gfcWH1sdnOBzvPSvBZYdNrnVEuPqDvmPvxhkvP0Be
V7WzF/sEPD+7WQ6o9Md1ToXmYGxgS1UG9Rpnr2S8Rgu8Si05nqSyIXhPgTU5Ye4s
OWJnnBBpdQIHK8kLqkKY24SIaFngfXhtOhgrj9jvPLt9mwo2EqEiplzSzQIDAQAB
o4ICnjCCApowHQYDVR0OBBYEFBmAtz8woORd6utQx0rIYMYQEdyZMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvR1lDM1B6Q2c1RjNxNjFESFNzaGd4aEFSM0prLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGzBggrBgEFBQcBBwEB/wSBozCBoDCBnQQCAAEwgZYDBAAC
O/8DBAEtgVYDBAAtl1kDBABXeFcDBABXeS0DBABXed0DBAFcd8QDBAJemqADBAFe
nEgDBABenO8DBACTTmYDBAKrFkgDBACy1+ADBACy1+wDBAK52FQDBAK52lQDBAC5
9t8DBAC5/LADBAC5/iUDBADBIxMDBADBJSkDBADCMPoDBADCN7oDBADCN+ADBADC
qawwDQYJKoZIhvcNAQELBQADggEBAAWsVAXDhdjlJLxO2kQRkpUxS6yjOuKLUwjp
9c/bVMemftwriCsEcW9vc1p8V1AH0f2M/rZNak6ZvtTpDwQAhfVvJktHyWfDx1HS
XkrGozqaUUWQdPghz8qgUnAQV3uQfpkbUCTB/GRei42GzZ+moGNEMMUZq1GdNl0O
414wr4paT2P+EY/V2MddPoMdvCvMMxOiwl/AgOIuXdjeszUIXUhmhpkCcJhRevwZ
ikSOPJSUUkHLLxJcodXbD2MEn1RAzyTLZr2PI9lxuXYOWHBJed+G1r9hiFm4jWxO
40fnogHoDYU0iI3aQ761+5f9j/gG43niQTyQw/+PNASdFNX2rHc=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:17:03 2024 by rpki-client on console-fra.rpki-client.org