Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/HpGKjy1TD8fnfjKijXggTHczTyc.roa
File:                     HpGKjy1TD8fnfjKijXggTHczTyc.roa (raw, json)
Hash identifier:          Bo8dgNN9cWuY4ZzS37LeZK1DHIVQVxqKtoAeKNb7uIc=
Subject key identifier:   1E:91:8A:8F:2D:53:0F:C7:E7:7E:32:A2:8D:78:20:4C:77:33:4F:27
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       0187284A984A96A3667D66CA2590D43423EF
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/HpGKjy1TD8fnfjKijXggTHczTyc.roa
Signing time:             Tue 28 Mar 2023 12:56:29 +0000
ROA not before:           Tue 28 Mar 2023 12:56:29 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     0
IP address blocks:        185.218.84.0/22 maxlen: 24
                          45.128.233.0/24 maxlen: 24
                          147.78.101.0/24 maxlen: 24
                          147.78.100.0/24 maxlen: 24
                          185.218.137.0/24 maxlen: 24
                          82.115.209.0/24 maxlen: 24
                          94.154.162.0/23 maxlen: 24
                          94.154.161.0/24 maxlen: 24
                          94.154.172.0/24 maxlen: 24
                          45.151.89.0/24 maxlen: 24
                          87.121.124.0/23 maxlen: 24
                          84.54.49.0/24 maxlen: 24
                          178.215.236.0/24 maxlen: 24
                          178.215.237.0/24 maxlen: 24
                          141.98.7.0/24 maxlen: 24
                          171.22.72.0/22 maxlen: 24
                          45.149.233.0/24 maxlen: 24
                          171.22.19.0/24 maxlen: 24
                          92.119.196.0/23 maxlen: 24
                          87.120.64.0/23 maxlen: 24
                          94.103.125.0/24 maxlen: 24
                          185.216.84.0/22 maxlen: 24
                          194.49.87.0/24 maxlen: 24
                          185.219.126.0/24 maxlen: 24
                          185.221.64.0/24 maxlen: 24
                          87.121.220.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:28:4a:98:4a:96:a3:66:7d:66:ca:25:90:d4:34:23:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Mar 28 12:56:29 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=1e918a8f2d530fc7e77e32a28d78204c77334f27
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:e5:78:b0:45:5c:45:ee:36:3c:1a:38:18:e8:
                    c1:c5:74:e6:d5:ac:35:b9:13:c9:be:40:35:04:2b:
                    29:74:c8:5f:c3:83:4e:cf:88:c2:40:a3:42:6b:27:
                    4b:ac:6d:7c:69:ae:a3:66:b1:98:fb:a4:b4:75:ab:
                    63:c7:22:fb:03:7b:08:bb:f9:07:f6:91:e3:74:35:
                    f3:d9:a0:ce:79:32:39:0b:fb:39:3a:16:95:00:bc:
                    de:02:83:65:39:ef:85:63:24:e7:f4:ba:c7:36:2c:
                    90:c2:dc:b6:b7:47:af:e7:56:20:df:3d:5c:74:7a:
                    c6:d3:fe:ef:0e:28:b7:7a:cb:4a:79:11:e4:3a:3c:
                    9d:36:5e:30:6c:30:ab:5c:74:64:b3:72:7d:20:63:
                    d6:04:88:b8:cf:d5:5a:a7:c7:ce:43:c6:d8:ab:85:
                    6d:ac:83:de:32:32:b0:ec:b7:08:52:f5:43:4f:df:
                    dc:47:c1:8d:6b:11:fe:18:1e:8b:21:f3:48:79:23:
                    29:a1:03:d8:b3:83:21:3f:9a:8a:05:e1:20:eb:6d:
                    2e:13:f8:48:58:30:0b:22:59:fe:e2:cd:d3:ec:cc:
                    2c:7f:f3:04:12:e6:f8:ed:c8:fc:3e:0a:24:82:68:
                    dd:d6:57:1d:03:6a:a7:97:10:4d:c2:d4:bc:4c:a9:
                    0c:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:91:8A:8F:2D:53:0F:C7:E7:7E:32:A2:8D:78:20:4C:77:33:4F:27
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/HpGKjy1TD8fnfjKijXggTHczTyc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.128.233.0/24
                  45.149.233.0/24
                  45.151.89.0/24
                  82.115.209.0/24
                  84.54.49.0/24
                  87.120.64.0/23
                  87.121.124.0/23
                  87.121.220.0/24
                  92.119.196.0/23
                  94.103.125.0/24
                  94.154.161.0-94.154.163.255
                  94.154.172.0/24
                  141.98.7.0/24
                  147.78.100.0/23
                  171.22.19.0/24
                  171.22.72.0/22
                  178.215.236.0/23
                  185.216.84.0/22
                  185.218.84.0/22
                  185.218.137.0/24
                  185.219.126.0/24
                  185.221.64.0/24
                  194.49.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:b4:77:0f:47:ea:b9:e4:f4:39:8b:bd:15:8b:49:34:d8:39:
         34:96:38:0e:f7:d8:ca:51:0e:5c:60:f4:64:f0:7d:ed:7a:a3:
         f2:13:32:66:eb:d8:74:b7:2a:67:09:80:10:ed:6a:65:45:92:
         79:61:e8:79:c3:5f:c8:39:84:d3:35:07:c0:21:8d:37:da:cd:
         89:e1:5a:4c:a2:a2:43:61:48:4a:3d:95:b0:98:ff:be:ef:f9:
         53:e7:60:bc:6f:dc:fc:bb:23:9f:57:7c:2c:11:69:44:c9:60:
         3f:0f:b3:84:eb:53:23:cf:43:b3:db:1d:1d:dd:23:b5:08:53:
         a5:ed:95:bf:05:11:19:a3:86:85:be:d0:1e:09:99:cc:72:6e:
         4b:f9:a6:f5:62:67:e2:14:7e:a4:89:9f:9e:b0:5b:44:24:49:
         c7:45:63:e2:2f:48:7c:69:fb:ad:62:5b:66:b4:3b:20:7f:24:
         79:1e:5f:b5:2b:6d:a8:15:5c:74:5d:a8:a0:c2:54:81:3e:dc:
         09:03:dd:94:a8:9e:5d:ea:e7:30:0e:c5:35:11:78:73:bd:4f:
         a5:42:47:44:7f:86:68:7c:45:96:25:cc:43:f6:8e:5c:e5:6b:
         62:15:37:c6:73:c8:42:f5:ae:0c:c2:95:64:05:49:c9:0b:f2:
         31:1c:f3:36
-----BEGIN CERTIFICATE-----
MIIFjjCCBHagAwIBAgISAYcoSphKlqNmfWbKJZDUNCPvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwMzI4MTI1NjI5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTkxOGE4ZjJkNTMwZmM3ZTc3ZTMyYTI4ZDc4MjA0Yzc3MzM0ZjI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs+V4sEVcRe42PBo4GOjBxXTm1aw1
uRPJvkA1BCspdMhfw4NOz4jCQKNCaydLrG18aa6jZrGY+6S0datjxyL7A3sIu/kH
9pHjdDXz2aDOeTI5C/s5OhaVALzeAoNlOe+FYyTn9LrHNiyQwty2t0ev51Yg3z1c
dHrG0/7vDii3estKeRHkOjydNl4wbDCrXHRks3J9IGPWBIi4z9Vap8fOQ8bYq4Vt
rIPeMjKw7LcIUvVDT9/cR8GNaxH+GB6LIfNIeSMpoQPYs4MhP5qKBeEg620uE/hI
WDALIln+4s3T7Mwsf/MEEub47cj8Pgokgmjd1lcdA2qnlxBNwtS8TKkMJwIDAQAB
o4ICmjCCApYwHQYDVR0OBBYEFB6Rio8tUw/H534yoo14IEx3M08nMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvSHBHS2p5MVREOGZuZmpLaWpYZ2dUSGN6VHljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGvBggrBgEFBQcBBwEB/wSBnzCBnDCBmQQCAAEwgZIDBAAt
gOkDBAAtlekDBAAtl1kDBABSc9EDBABUNjEDBAFXeEADBAFXeXwDBABXedwDBAFc
d8QDBABeZ30wDAMEAF6aoQMEAl6aoAMEAF6arAMEAI1iBwMEAZNOZAMEAKsWEwME
AqsWSAMEAbLX7AMEArnYVAMEArnaVAMEALnaiQMEALnbfgMEALndQAMEAMIxVzAN
BgkqhkiG9w0BAQsFAAOCAQEAlbR3D0fqueT0OYu9FYtJNNg5NJY4DvfYylEOXGD0
ZPB97Xqj8hMyZuvYdLcqZwmAEO1qZUWSeWHoecNfyDmE0zUHwCGNN9rNieFaTKKi
Q2FISj2VsJj/vu/5U+dgvG/c/Lsjn1d8LBFpRMlgPw+zhOtTI89Ds9sdHd0jtQhT
pe2VvwURGaOGhb7QHgmZzHJuS/mm9WJn4hR+pImfnrBbRCRJx0Vj4i9IfGn7rWJb
ZrQ7IH8keR5ftSttqBVcdF2ooMJUgT7cCQPdlKieXernMA7FNRF4c71PpUJHRH+G
aHxFliXMQ/aOXOVrYhU3xnPIQvWuDMKVZAVJyQvyMRzzNg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:29 2024 by rpki-client on console-ams.rpki-client.org