Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Hkq-YCmp3oKZuTmGeEA5Nk4cTrU.roa
File:                     Hkq-YCmp3oKZuTmGeEA5Nk4cTrU.roa (raw, json)
Hash identifier:          pWg+QcDx1IyTAmlG3nTzv1F9LnFDFd6qMeZmCbnuzmQ=
Subject key identifier:   1E:4A:BE:60:29:A9:DE:82:99:B9:39:86:78:40:39:36:4E:1C:4E:B5
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       0184A870CB97FED9A81D975B52717A2168E4
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Hkq-YCmp3oKZuTmGeEA5Nk4cTrU.roa
Signing time:             Thu 24 Nov 2022 07:01:15 +0000
ROA not before:           Thu 24 Nov 2022 07:01:15 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     0
IP address blocks:        87.121.124.0/23 maxlen: 24
                          164.40.185.0/24 maxlen: 24
                          178.215.226.0/24 maxlen: 24
                          80.76.49.0/24 maxlen: 24
                          185.218.139.0/24 maxlen: 24
                          185.218.137.0/24 maxlen: 24
                          193.222.98.0/24 maxlen: 24
                          193.47.63.0/24 maxlen: 24
                          94.154.161.0/24 maxlen: 24
                          94.154.162.0/23 maxlen: 24
                          194.48.248.0/24 maxlen: 24
                          185.219.126.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:a8:70:cb:97:fe:d9:a8:1d:97:5b:52:71:7a:21:68:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Nov 24 07:01:15 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=1e4abe6029a9de8299b93986784039364e1c4eb5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:ef:f2:ad:9a:6b:66:e3:33:2d:c0:80:58:0f:
                    e4:8a:58:f4:3b:44:03:9b:89:6a:53:4a:d1:65:8b:
                    cd:77:f1:db:91:cf:d3:5a:a1:58:4a:a7:40:d4:67:
                    59:25:5b:f4:32:46:83:57:f1:76:df:03:be:23:97:
                    2a:b3:3b:5e:70:25:59:21:78:ab:a0:48:ff:fc:da:
                    d4:93:e9:5e:84:0a:34:17:5d:45:db:b0:ec:11:34:
                    c3:e2:65:12:22:e1:a6:e0:dd:02:a0:38:d1:26:70:
                    62:25:d2:a6:2f:d9:11:31:8c:c3:54:83:6f:e8:f8:
                    aa:77:0b:f6:0b:e3:1d:2b:4a:6c:39:dc:f9:bc:88:
                    14:87:93:95:11:35:64:db:bd:39:4f:6f:65:ee:38:
                    21:d3:4c:ce:13:72:83:52:f2:34:48:ae:45:fd:b1:
                    e0:5c:6b:3c:9b:f9:d2:88:06:7c:63:e6:95:fb:43:
                    c7:4d:c1:75:fc:59:b4:8b:a1:e9:7d:64:60:10:72:
                    0c:97:71:af:a5:8f:91:c2:a6:48:dc:52:26:bf:39:
                    e3:7f:24:61:6c:d9:1e:ef:16:2e:b4:d1:6f:63:da:
                    bd:b3:4f:a0:c7:54:0a:0a:a0:0a:df:15:a0:6d:67:
                    0c:81:ca:ad:66:42:bd:c1:f0:94:dc:13:ca:7f:d9:
                    0f:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:4A:BE:60:29:A9:DE:82:99:B9:39:86:78:40:39:36:4E:1C:4E:B5
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Hkq-YCmp3oKZuTmGeEA5Nk4cTrU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.76.49.0/24
                  87.121.124.0/23
                  94.154.161.0-94.154.163.255
                  164.40.185.0/24
                  178.215.226.0/24
                  185.218.137.0/24
                  185.218.139.0/24
                  185.219.126.0/24
                  193.47.63.0/24
                  193.222.98.0/24
                  194.48.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b2:e3:ff:56:42:ab:30:d2:dd:79:98:f0:d0:5b:55:b2:41:bb:
         bf:fa:24:1b:0d:e5:ff:0f:f7:be:32:77:b4:ed:99:90:c8:72:
         fb:25:53:c2:c2:45:da:00:87:24:5d:70:10:2b:68:14:70:fa:
         d4:81:89:31:4b:b4:ca:59:f8:aa:31:49:ca:06:94:51:d4:d4:
         4c:63:65:a2:31:4d:0e:e0:70:ee:e4:46:d8:6b:44:b0:27:74:
         e1:b4:c6:a2:1b:0a:da:3d:38:ce:4f:7c:ff:6f:92:e1:f2:57:
         ef:af:58:85:e6:75:ba:bf:69:02:9c:2d:1f:2d:25:c7:c7:8d:
         e4:8e:b8:56:f5:e6:7a:7f:8b:a7:f9:57:3e:f4:18:64:95:41:
         16:2f:dc:76:53:bb:fd:cd:ba:24:b7:40:75:a5:99:d0:19:50:
         29:56:88:f9:61:29:73:5f:5b:70:9a:56:c6:45:c0:a7:4c:8d:
         43:78:d0:b3:2e:5a:8e:b5:68:c1:e0:bd:34:5d:98:e0:ae:aa:
         f1:0f:72:e3:62:b4:08:d5:19:d4:4c:e3:e7:96:f2:21:b2:b2:
         0b:34:d0:fc:e1:88:dd:22:ba:53:27:09:0c:43:fa:9b:a0:2a:
         37:62:68:b4:55:4b:70:b5:2f:82:7a:77:e7:35:aa:83:13:4b:
         99:95:65:74
-----BEGIN CERTIFICATE-----
MIIFQTCCBCmgAwIBAgISAYSocMuX/tmoHZdbUnF6IWjkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjIxMTI0MDcwMTE1WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTRhYmU2MDI5YTlkZTgyOTliOTM5ODY3ODQwMzkzNjRlMWM0ZWI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArO/yrZprZuMzLcCAWA/kilj0O0QD
m4lqU0rRZYvNd/Hbkc/TWqFYSqdA1GdZJVv0MkaDV/F23wO+I5cqsztecCVZIXir
oEj//NrUk+lehAo0F11F27DsETTD4mUSIuGm4N0CoDjRJnBiJdKmL9kRMYzDVINv
6Piqdwv2C+MdK0psOdz5vIgUh5OVETVk2705T29l7jgh00zOE3KDUvI0SK5F/bHg
XGs8m/nSiAZ8Y+aV+0PHTcF1/Fm0i6HpfWRgEHIMl3GvpY+RwqZI3FImvznjfyRh
bNke7xYutNFvY9q9s0+gx1QKCqAK3xWgbWcMgcqtZkK9wfCU3BPKf9kPFQIDAQAB
o4ICTTCCAkkwHQYDVR0OBBYEFB5KvmApqd6Cmbk5hnhAOTZOHE61MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvSGtxLVlDbXAzb0tadVRtR2VFQTVOazRjVHJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGMGCCsGAQUFBwEHAQH/BFQwUjBQBAIAATBKAwQAUEwxAwQB
V3l8MAwDBABemqEDBAJemqADBACkKLkDBACy1+IDBAC52okDBAC52osDBAC5234D
BADBLz8DBADB3mIDBADCMPgwDQYJKoZIhvcNAQELBQADggEBALLj/1ZCqzDS3XmY
8NBbVbJBu7/6JBsN5f8P974yd7TtmZDIcvslU8LCRdoAhyRdcBAraBRw+tSBiTFL
tMpZ+KoxScoGlFHU1ExjZaIxTQ7gcO7kRthrRLAndOG0xqIbCto9OM5PfP9vkuHy
V++vWIXmdbq/aQKcLR8tJcfHjeSOuFb15np/i6f5Vz70GGSVQRYv3HZTu/3NuiS3
QHWlmdAZUClWiPlhKXNfW3CaVsZFwKdMjUN40LMuWo61aMHgvTRdmOCuqvEPcuNi
tAjVGdRM4+eW8iGysgs00PzhiN0iulMnCQxD+pugKjdiaLRVS3C1L4J6d+c1qoMT
S5mVZXQ=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:17:03 2024 by rpki-client on console-fra.rpki-client.org