Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Gq5lieE9uBeyuK8NQoobO9eLA0w.roa
File:                     Gq5lieE9uBeyuK8NQoobO9eLA0w.roa (raw, json)
Hash identifier:          oPk3EPhwm1SswHnYb0gAYrPbjlAuBpwF5pue8TahJhI=
Subject key identifier:   1A:AE:65:89:E1:3D:B8:17:B2:B8:AF:0D:42:8A:1B:3B:D7:8B:03:4C
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018BA49E8DA13C942129F8C390FC76F56D07
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Gq5lieE9uBeyuK8NQoobO9eLA0w.roa
Signing time:             Mon 06 Nov 2023 12:32:16 +0000
ROA not before:           Mon 06 Nov 2023 12:32:16 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     207459
IP address blocks:        84.54.49.0/24 maxlen: 24
                          193.149.29.0/24 maxlen: 24
                          193.149.30.0/24 maxlen: 24
                          94.156.176.0/24 maxlen: 24
                          193.149.28.0/22 maxlen: 22
                          193.149.31.0/24 maxlen: 24
                          193.149.28.0/24 maxlen: 24
                          45.84.90.0/24 maxlen: 24
                          185.226.175.0/24 maxlen: 24
                          212.115.41.0/24 maxlen: 24
                          79.110.50.0/24 maxlen: 24
                          79.110.51.0/24 maxlen: 24
                          45.8.93.0/24 maxlen: 24
                          194.49.86.0/24 maxlen: 24
                          45.151.90.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:a4:9e:8d:a1:3c:94:21:29:f8:c3:90:fc:76:f5:6d:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Nov  6 12:32:16 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=1aae6589e13db817b2b8af0d428a1b3bd78b034c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:fc:ce:81:29:44:52:8b:e3:08:11:85:b4:18:
                    b0:fe:9e:df:fa:73:4f:84:56:4f:73:4b:d9:d5:a9:
                    72:37:1f:28:45:7f:1b:29:4c:05:a0:c2:5d:bc:44:
                    c4:68:b1:84:8b:35:18:63:5e:23:67:8d:92:9b:71:
                    bd:d6:48:c6:60:ea:98:81:17:41:29:16:2d:01:b3:
                    2a:67:11:59:99:63:db:a1:a2:8e:4a:ca:80:25:d6:
                    c4:2e:62:1f:33:c0:9c:c0:28:a6:f4:41:ac:23:69:
                    34:d1:1e:0b:6c:f5:e7:77:2e:aa:19:c0:aa:b0:24:
                    b4:be:4f:85:95:1d:a6:f8:96:cb:08:f1:2a:97:e6:
                    1d:8b:ce:8d:4d:ac:f0:7f:fd:c7:14:c4:e9:25:f6:
                    65:5e:0a:75:09:9c:3c:57:f5:cf:44:fd:c0:64:c2:
                    2d:a0:5d:ef:97:04:c8:6e:9d:3c:5b:ee:39:a2:06:
                    22:97:43:5a:39:ac:83:bb:02:01:9f:d1:43:a6:55:
                    08:b3:7d:fa:b5:4b:f2:41:0a:af:21:61:51:b1:80:
                    ba:bf:9a:23:46:87:af:8f:ce:38:b0:8c:ad:78:6c:
                    00:5e:93:c3:55:aa:bf:7a:db:bc:8c:c3:89:54:43:
                    6d:e3:1d:2a:f0:25:3e:8b:69:aa:37:6f:22:0f:d9:
                    41:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:AE:65:89:E1:3D:B8:17:B2:B8:AF:0D:42:8A:1B:3B:D7:8B:03:4C
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Gq5lieE9uBeyuK8NQoobO9eLA0w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.93.0/24
                  45.84.90.0/24
                  45.151.90.0/24
                  79.110.50.0/23
                  84.54.49.0/24
                  94.156.176.0/24
                  185.226.175.0/24
                  193.149.28.0/22
                  194.49.86.0/24
                  212.115.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:f3:60:32:a7:3b:bc:ca:71:e5:6c:65:4f:4e:18:96:ee:56:
         75:78:83:77:12:89:b7:9a:89:4e:ea:25:31:8b:d2:83:21:50:
         a4:2f:9a:ff:3a:da:38:13:7c:eb:41:3b:c5:16:ab:74:c0:17:
         18:a9:36:19:a9:a7:4b:99:39:b4:09:4d:fc:0c:2b:5f:25:93:
         cd:3c:d0:41:d0:f1:e2:33:19:ec:3c:8a:bb:93:1f:99:a4:1f:
         cf:73:30:6b:b0:e2:aa:6d:3b:50:7a:51:63:ff:1f:d2:5f:1b:
         0c:e6:f9:2b:0f:58:90:93:d2:ad:4b:ab:e7:f4:df:ed:3b:fa:
         ac:33:63:31:1f:0c:72:61:93:59:55:72:94:c7:3b:e8:e3:6e:
         90:4c:ae:23:69:7d:ea:1d:a6:a3:86:75:9b:80:a6:15:67:e2:
         d5:bb:7e:62:b2:37:96:ce:d9:61:c0:a0:2a:b4:5a:a2:05:5a:
         42:41:fd:68:2d:69:ec:0b:e5:d0:c5:46:29:36:18:86:0f:4e:
         9e:ef:c4:0b:c0:f4:58:62:8b:dd:32:a1:8f:8f:08:45:19:c2:
         ec:e7:7a:4c:59:9c:2c:6a:c5:03:6b:92:02:95:b8:33:7d:41:
         30:38:eb:f4:14:c4:e9:c2:0a:0c:69:8e:56:60:61:18:e9:b3:
         bb:8a:5b:51
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYukno2hPJQhKfjDkPx29W0HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMxMTA2MTIzMjE2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYWFlNjU4OWUxM2RiODE3YjJiOGFmMGQ0MjhhMWIzYmQ3OGIwMzRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkfzOgSlEUovjCBGFtBiw/p7f+nNP
hFZPc0vZ1alyNx8oRX8bKUwFoMJdvETEaLGEizUYY14jZ42Sm3G91kjGYOqYgRdB
KRYtAbMqZxFZmWPboaKOSsqAJdbELmIfM8CcwCim9EGsI2k00R4LbPXndy6qGcCq
sCS0vk+FlR2m+JbLCPEql+Ydi86NTazwf/3HFMTpJfZlXgp1CZw8V/XPRP3AZMIt
oF3vlwTIbp08W+45ogYil0NaOayDuwIBn9FDplUIs336tUvyQQqvIWFRsYC6v5oj
Roevj844sIyteGwAXpPDVaq/etu8jMOJVENt4x0q8CU+i2mqN28iD9lBdQIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFBquZYnhPbgXsrivDUKKGzvXiwNMMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvR3E1bGllRTl1QmV5dUs4TlFvb2JPOWVMQTB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQALQhdAwQA
LVRaAwQALZdaAwQBT24yAwQAVDYxAwQAXpywAwQAueKvAwQCwZUcAwQAwjFWAwQA
1HMpMA0GCSqGSIb3DQEBCwUAA4IBAQAu82Aypzu8ynHlbGVPThiW7lZ1eIN3Eom3
molO6iUxi9KDIVCkL5r/Oto4E3zrQTvFFqt0wBcYqTYZqadLmTm0CU38DCtfJZPN
PNBB0PHiMxnsPIq7kx+ZpB/PczBrsOKqbTtQelFj/x/SXxsM5vkrD1iQk9KtS6vn
9N/tO/qsM2MxHwxyYZNZVXKUxzvo426QTK4jaX3qHaajhnWbgKYVZ+LVu35isjeW
ztlhwKAqtFqiBVpCQf1oLWnsC+XQxUYpNhiGD06e78QLwPRYYovdMqGPjwhFGcLs
53pMWZwsasUDa5IClbgzfUEwOOv0FMTpwgoMaY5WYGEY6bO7iltR
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:29 2024 by rpki-client on console-ams.rpki-client.org