Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/H-2TPWn1Phv89Ns3BvNgIB-vQ4o.roa
File:                     H-2TPWn1Phv89Ns3BvNgIB-vQ4o.roa (raw, json)
Hash identifier:          AU8JMuRTtXWfGi9S+iuN7DCEO/50dXyUqpNz33mYsdo=
Subject key identifier:   1F:ED:93:3D:69:F5:3E:1B:FC:F4:DB:37:06:F3:60:20:1F:AF:43:8A
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018A60039FE620A56AF1C5068B2CAD2794F8
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/H-2TPWn1Phv89Ns3BvNgIB-vQ4o.roa
Signing time:             Mon 04 Sep 2023 11:46:04 +0000
ROA not before:           Mon 04 Sep 2023 11:46:04 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     22653
IP address blocks:        185.221.66.0/24 maxlen: 24
                          85.217.128.0/24 maxlen: 24
                          164.40.186.0/23 maxlen: 24
                          164.40.184.0/24 maxlen: 24
                          185.252.160.0/22 maxlen: 24
                          185.225.72.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:60:03:9f:e6:20:a5:6a:f1:c5:06:8b:2c:ad:27:94:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Sep  4 11:46:04 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=1fed933d69f53e1bfcf4db3706f360201faf438a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:97:c1:65:56:cc:e0:88:ed:99:35:4b:89:c1:
                    00:3a:0d:98:99:d7:98:d0:91:d1:78:01:af:71:94:
                    91:07:80:22:d0:9c:86:9c:e0:a1:14:47:51:c1:c3:
                    4d:9e:e6:d0:f9:a7:7c:4b:c9:b8:b9:65:36:ee:46:
                    34:76:b2:34:24:ec:bb:79:88:5f:c7:e4:08:98:4a:
                    19:66:b5:34:66:c4:84:02:dc:3d:82:8b:c6:fe:2f:
                    3c:91:68:61:f1:f0:87:58:b2:d3:74:60:2d:f9:30:
                    85:99:59:02:29:cb:aa:6c:6f:ba:3d:58:dc:11:0d:
                    76:af:a4:49:93:a6:48:98:ad:6e:4e:41:98:36:ea:
                    13:32:b9:ff:ea:31:39:bb:b9:5d:3f:ca:ee:f7:6c:
                    ca:fa:d3:48:2b:11:de:14:2d:6e:09:4e:4b:f6:33:
                    62:6b:5f:54:a4:54:11:22:97:92:3d:98:e0:0b:46:
                    00:0a:b5:27:a1:2f:fa:ff:5c:ad:7c:e9:6d:38:ae:
                    58:dc:60:0f:c6:9d:7a:bb:1d:a0:02:5d:20:af:38:
                    94:24:24:40:de:0a:ed:7a:ae:31:9d:d7:d6:52:03:
                    58:f7:f2:11:06:00:fe:37:e2:fa:73:18:6d:64:6b:
                    52:40:b9:2d:5e:b9:9d:e5:2c:7b:ed:ee:ea:c6:a3:
                    79:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:ED:93:3D:69:F5:3E:1B:FC:F4:DB:37:06:F3:60:20:1F:AF:43:8A
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/H-2TPWn1Phv89Ns3BvNgIB-vQ4o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.217.128.0/24
                  164.40.184.0/24
                  164.40.186.0/23
                  185.221.66.0/24
                  185.225.72.0/24
                  185.252.160.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b2:ec:0f:b7:c7:2e:ce:a4:15:0b:b8:0a:1f:15:eb:17:b2:82:
         cd:36:b9:61:97:1d:37:2f:25:39:a6:f0:65:9d:7b:73:49:ad:
         c4:36:ff:70:82:5b:90:37:ac:a3:5e:cb:ba:5e:49:73:26:23:
         ce:e2:a1:8a:bc:24:e2:32:ac:34:f2:39:25:29:d7:64:0c:e5:
         c4:18:9f:95:dd:50:e1:64:d6:3a:02:9a:76:67:c7:5e:d8:8b:
         99:1c:21:de:71:70:1b:03:45:30:96:db:94:ba:ab:c8:7d:98:
         68:06:de:01:3b:0c:bb:be:32:77:7c:59:2f:e6:8d:77:9d:0e:
         ac:7c:d4:0f:70:f1:18:bc:60:d7:8a:86:25:75:18:30:9a:a8:
         95:6c:2d:bb:72:c0:1e:0d:aa:d4:69:8b:d8:e2:bc:69:df:82:
         3b:bf:55:9e:04:ed:a5:cc:65:2e:64:af:2a:e7:0d:26:e7:6a:
         49:a7:76:81:70:e2:f4:ca:68:4f:66:58:29:6a:26:97:fe:f9:
         50:9f:6b:8f:d6:1f:ad:1c:92:70:c8:9b:0b:47:89:7a:5d:ba:
         a2:8e:c2:6a:32:d6:35:8d:a1:2d:ed:cf:3a:71:1d:7b:1a:f3:
         a7:17:7d:67:cb:52:5e:38:bb:62:a5:48:b8:d9:f6:93:a4:0f:
         93:6d:4a:62
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYpgA5/mIKVq8cUGiyytJ5T4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwOTA0MTE0NjA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZmVkOTMzZDY5ZjUzZTFiZmNmNGRiMzcwNmYzNjAyMDFmYWY0MzhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn5fBZVbM4IjtmTVLicEAOg2YmdeY
0JHReAGvcZSRB4Ai0JyGnOChFEdRwcNNnubQ+ad8S8m4uWU27kY0drI0JOy7eYhf
x+QImEoZZrU0ZsSEAtw9govG/i88kWhh8fCHWLLTdGAt+TCFmVkCKcuqbG+6PVjc
EQ12r6RJk6ZImK1uTkGYNuoTMrn/6jE5u7ldP8ru92zK+tNIKxHeFC1uCU5L9jNi
a19UpFQRIpeSPZjgC0YACrUnoS/6/1ytfOltOK5Y3GAPxp16ux2gAl0grziUJCRA
3grteq4xndfWUgNY9/IRBgD+N+L6cxhtZGtSQLktXrmd5Sx77e7qxqN5awIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFB/tkz1p9T4b/PTbNwbzYCAfr0OKMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvSC0yVFBXbjFQaHY4OU5zM0J2TmdJQi12UTRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQAVdmAAwQA
pCi4AwQBpCi6AwQAud1CAwQAueFIAwQCufygMA0GCSqGSIb3DQEBCwUAA4IBAQCy
7A+3xy7OpBULuAofFesXsoLNNrlhlx03LyU5pvBlnXtzSa3ENv9wgluQN6yjXsu6
XklzJiPO4qGKvCTiMqw08jklKddkDOXEGJ+V3VDhZNY6App2Z8de2IuZHCHecXAb
A0UwltuUuqvIfZhoBt4BOwy7vjJ3fFkv5o13nQ6sfNQPcPEYvGDXioYldRgwmqiV
bC27csAeDarUaYvY4rxp34I7v1WeBO2lzGUuZK8q5w0m52pJp3aBcOL0ymhPZlgp
aiaX/vlQn2uP1h+tHJJwyJsLR4l6XbqijsJqMtY1jaEt7c86cR17GvOnF31ny1Je
OLtipUi42faTpA+TbUpi
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:17:03 2024 by rpki-client on console-fra.rpki-client.org