Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/I5iBeyNaiCfoADX-uneBb9IIJl4.roa
File:                     I5iBeyNaiCfoADX-uneBb9IIJl4.roa (raw, json)
Hash identifier:          KQ0AvCzLD8GYJ4DP6vDzFCXyLo25QASGkBl+EwMPlic=
Subject key identifier:   23:98:81:7B:23:5A:88:27:E8:00:35:FE:BA:77:81:6F:D2:08:26:5E
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018B4BEC675DA019FF77C2E2300CAEC87301
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/I5iBeyNaiCfoADX-uneBb9IIJl4.roa
Signing time:             Fri 20 Oct 2023 07:11:06 +0000
ROA not before:           Fri 20 Oct 2023 07:11:06 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     207459
IP address blocks:        84.54.49.0/24 maxlen: 24
                          85.217.145.0/24 maxlen: 24
                          193.149.29.0/24 maxlen: 24
                          193.149.30.0/24 maxlen: 24
                          193.149.28.0/22 maxlen: 22
                          193.149.31.0/24 maxlen: 24
                          193.149.28.0/24 maxlen: 24
                          45.84.90.0/24 maxlen: 24
                          87.120.87.0/24 maxlen: 24
                          194.49.86.0/24 maxlen: 24
                          94.154.163.0/24 maxlen: 24
                          176.125.255.0/24 maxlen: 24
                          45.151.90.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:4b:ec:67:5d:a0:19:ff:77:c2:e2:30:0c:ae:c8:73:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Oct 20 07:11:06 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=2398817b235a8827e80035feba77816fd208265e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:b2:01:fe:0c:ce:b3:29:4a:54:86:bc:10:2f:
                    2e:00:de:1a:05:4c:6e:43:80:09:c6:41:b9:09:b5:
                    36:34:50:e7:47:2d:67:61:24:25:8a:13:89:f7:10:
                    1c:dc:6b:6f:34:1d:b6:20:7b:f8:45:7c:1e:83:a7:
                    ca:0e:b9:9f:a3:96:a1:a4:89:67:ba:a3:76:7e:a3:
                    c6:6b:57:f5:db:dc:0d:60:d3:aa:25:82:07:67:cb:
                    94:43:a9:10:79:8b:41:c0:d2:ff:f9:d2:6c:24:c9:
                    f4:12:a4:88:3f:38:3c:8b:23:1e:90:94:4c:c9:83:
                    dc:a1:a7:6e:b7:6d:96:0a:37:7d:b8:38:5b:66:4e:
                    f4:07:1d:61:93:35:57:c9:67:68:c1:c6:a2:20:33:
                    07:20:0b:54:4f:a9:3a:ff:b9:bf:ec:9b:44:92:d2:
                    ea:2b:b9:4f:74:e3:a5:e8:e1:57:96:2c:3e:82:1a:
                    66:ec:4b:ba:02:a7:67:ba:f2:ca:90:b3:1c:c4:17:
                    db:4f:a0:a8:5f:60:03:ef:a8:7d:ff:83:a1:58:85:
                    71:83:18:ab:7a:5b:92:84:c9:60:da:6b:0b:0c:c8:
                    41:b5:f7:72:92:ae:c1:37:ae:9a:d5:13:c1:3d:2a:
                    ea:a6:70:f5:c0:0e:a9:d2:7c:cb:14:02:d7:92:53:
                    9c:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:98:81:7B:23:5A:88:27:E8:00:35:FE:BA:77:81:6F:D2:08:26:5E
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/I5iBeyNaiCfoADX-uneBb9IIJl4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.84.90.0/24
                  45.151.90.0/24
                  84.54.49.0/24
                  85.217.145.0/24
                  87.120.87.0/24
                  94.154.163.0/24
                  176.125.255.0/24
                  193.149.28.0/22
                  194.49.86.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:36:1d:3b:44:9f:cc:6f:44:81:a2:9a:68:16:17:8e:f9:ae:
         74:b6:d1:4a:11:fa:c9:e8:04:82:38:03:d3:7a:55:b2:45:76:
         72:91:4b:84:9e:8b:80:3b:e3:07:7f:12:c9:83:9a:37:10:b4:
         21:70:b2:9f:aa:be:9c:4c:f0:ec:d5:75:4d:f6:a1:b7:fb:ec:
         90:b5:eb:b0:47:29:b3:58:8c:d6:f2:4a:d2:8c:74:49:71:15:
         ee:f4:b7:ae:ea:03:1d:db:7b:78:69:43:e8:a6:ab:ef:b3:79:
         76:57:2b:63:4f:c3:ad:9d:17:0e:19:c7:ac:5e:14:c5:97:c6:
         79:b9:62:7f:bd:14:be:8c:5f:79:db:65:da:99:62:1d:66:1f:
         29:4b:da:86:de:61:bd:73:53:0c:d1:f5:32:8c:99:85:ee:20:
         bc:4c:57:19:5b:a0:67:31:60:9d:64:62:9e:55:1b:0a:3b:3b:
         da:42:37:59:69:dd:0f:07:82:f0:91:67:99:94:19:11:21:59:
         9a:bd:3d:93:ab:5a:2a:24:e1:49:6e:2f:aa:5f:0a:20:18:1a:
         b9:29:ad:35:a5:d1:31:52:06:bb:03:f7:df:4f:75:14:69:86:
         5d:00:3f:e7:ed:7a:7c:c6:45:1c:6e:df:33:ab:22:54:1b:89:
         df:b9:88:f8
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYtL7GddoBn/d8LiMAyuyHMBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMxMDIwMDcxMTA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzk4ODE3YjIzNWE4ODI3ZTgwMDM1ZmViYTc3ODE2ZmQyMDgyNjVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwLIB/gzOsylKVIa8EC8uAN4aBUxu
Q4AJxkG5CbU2NFDnRy1nYSQlihOJ9xAc3GtvNB22IHv4RXweg6fKDrmfo5ahpIln
uqN2fqPGa1f129wNYNOqJYIHZ8uUQ6kQeYtBwNL/+dJsJMn0EqSIPzg8iyMekJRM
yYPcoadut22WCjd9uDhbZk70Bx1hkzVXyWdowcaiIDMHIAtUT6k6/7m/7JtEktLq
K7lPdOOl6OFXliw+ghpm7Eu6AqdnuvLKkLMcxBfbT6CoX2AD76h9/4OhWIVxgxir
eluShMlg2msLDMhBtfdykq7BN66a1RPBPSrqpnD1wA6p0nzLFALXklOcKwIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFCOYgXsjWogn6AA1/rp3gW/SCCZeMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvSTVpQmV5TmFpQ2ZvQURYLXVuZUJiOUlJSmw0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQALVRaAwQA
LZdaAwQAVDYxAwQAVdmRAwQAV3hXAwQAXpqjAwQAsH3/AwQCwZUcAwQAwjFWMA0G
CSqGSIb3DQEBCwUAA4IBAQAhNh07RJ/Mb0SBoppoFheO+a50ttFKEfrJ6ASCOAPT
elWyRXZykUuEnouAO+MHfxLJg5o3ELQhcLKfqr6cTPDs1XVN9qG3++yQteuwRymz
WIzW8krSjHRJcRXu9Leu6gMd23t4aUPopqvvs3l2VytjT8OtnRcOGcesXhTFl8Z5
uWJ/vRS+jF9522XamWIdZh8pS9qG3mG9c1MM0fUyjJmF7iC8TFcZW6BnMWCdZGKe
VRsKOzvaQjdZad0PB4LwkWeZlBkRIVmavT2Tq1oqJOFJbi+qXwogGBq5Ka01pdEx
Uga7A/ffT3UUaYZdAD/n7Xp8xkUcbt8zqyJUG4nfuYj4
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:29 2024 by rpki-client on console-ams.rpki-client.org