Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/ITE0wkCMKIDSAKY5mGEMHWYRSJk.roa
File:                     ITE0wkCMKIDSAKY5mGEMHWYRSJk.roa (raw, json)
Hash identifier:          zisTB4qoU9KI1kWPBDLxxpDwyoM4zLQr179DguB9AWU=
Subject key identifier:   21:31:34:C2:40:8C:28:80:D2:00:A6:39:98:61:0C:1D:66:11:48:99
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       0183A255863A7B32DA4A9E63D4CCB011DEBB
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/ITE0wkCMKIDSAKY5mGEMHWYRSJk.roa
Signing time:             Tue 04 Oct 2022 09:30:57 +0000
ROA not before:           Tue 04 Oct 2022 09:30:57 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     397423
IP address blocks:        185.246.223.0/24 maxlen: 24
                          92.249.51.0/24 maxlen: 24
                          92.249.48.0/24 maxlen: 24
                          176.125.252.0/22 maxlen: 24
                          94.154.160.0/24 maxlen: 24
                          94.154.173.0/24 maxlen: 24
                          109.206.238.0/24 maxlen: 24
                          212.87.206.0/24 maxlen: 24
                          212.87.205.0/24 maxlen: 24
                          178.215.224.0/24 maxlen: 24
                          85.217.144.0/24 maxlen: 24
                          80.76.50.0/24 maxlen: 24
                          185.252.177.0/24 maxlen: 24
                          185.252.179.0/24 maxlen: 24
                          193.47.60.0/24 maxlen: 24
                          193.37.44.0/24 maxlen: 24
                          194.55.184.0/24 maxlen: 24
                          194.48.250.0/24 maxlen: 24
                          193.37.47.0/24 maxlen: 24
                          194.55.187.0/24 maxlen: 24
                          94.103.124.0/24 maxlen: 24
                          79.110.61.0/24 maxlen: 24
                          94.103.127.0/24 maxlen: 24
                          79.110.63.0/24 maxlen: 24
                          83.219.97.0/24 maxlen: 24
                          193.25.216.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:a2:55:86:3a:7b:32:da:4a:9e:63:d4:cc:b0:11:de:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Oct  4 09:30:57 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=213134c2408c2880d200a63998610c1d66114899
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:64:2b:7b:da:8c:31:92:09:1f:b0:18:f0:de:
                    f0:f4:5d:d2:02:29:f1:41:45:34:19:03:b3:d9:e1:
                    82:0d:c6:5b:f2:71:ea:31:dd:40:e5:5f:2f:be:e5:
                    a8:ba:b8:ee:22:1a:0e:07:b7:65:5b:80:08:d1:fd:
                    81:d5:7e:64:0b:21:2c:4f:27:d6:70:62:f4:8c:77:
                    58:1d:e5:f1:74:1e:a8:bd:13:49:c9:f5:07:94:ef:
                    2a:e6:f3:c4:65:10:8c:3f:1b:e0:da:bb:48:54:8d:
                    20:64:24:0a:35:1d:e4:98:12:1b:93:cb:76:8b:c8:
                    99:ab:c1:32:76:57:6d:8e:11:c8:c5:fc:cc:7f:f6:
                    a5:2c:4e:1f:6d:88:43:92:63:ca:99:8c:c9:5b:42:
                    7b:58:e0:b2:b8:88:6e:8f:34:9e:69:bc:dc:6f:4f:
                    cc:a2:dd:9f:7f:c6:70:5c:20:fd:aa:78:da:9a:e8:
                    fd:74:55:e1:de:e3:6e:47:03:8e:d0:66:50:95:5b:
                    46:50:51:0e:3b:f9:5f:4a:04:69:b2:19:64:47:0e:
                    d5:75:fb:97:9f:c8:af:55:94:84:3e:1d:8d:c4:21:
                    28:72:73:f7:43:25:9b:11:f7:a5:96:ba:98:2e:bf:
                    e3:41:c7:b7:f3:bf:33:26:f5:5d:74:60:ab:fb:e0:
                    e7:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:31:34:C2:40:8C:28:80:D2:00:A6:39:98:61:0C:1D:66:11:48:99
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/ITE0wkCMKIDSAKY5mGEMHWYRSJk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.110.61.0/24
                  79.110.63.0/24
                  80.76.50.0/24
                  83.219.97.0/24
                  85.217.144.0/24
                  92.249.48.0/24
                  92.249.51.0/24
                  94.103.124.0/24
                  94.103.127.0/24
                  94.154.160.0/24
                  94.154.173.0/24
                  109.206.238.0/24
                  176.125.252.0/22
                  178.215.224.0/24
                  185.246.223.0/24
                  185.252.177.0/24
                  185.252.179.0/24
                  193.25.216.0/24
                  193.37.44.0/24
                  193.37.47.0/24
                  193.47.60.0/24
                  194.48.250.0/24
                  194.55.184.0/24
                  194.55.187.0/24
                  212.87.205.0-212.87.206.255

    Signature Algorithm: sha256WithRSAEncryption
         05:ae:21:a9:55:be:5c:64:eb:c0:6b:97:79:35:43:6e:80:c1:
         d8:15:6a:39:ee:52:34:54:01:12:45:1c:fe:06:dd:be:9e:f5:
         91:13:4a:a9:9c:29:8a:7b:99:db:e2:5f:09:96:6d:a3:41:02:
         b6:69:16:b1:b7:30:5d:9b:ba:07:c1:76:ca:c4:be:20:2d:54:
         22:27:04:e8:a1:ab:19:f2:4d:e9:dd:02:34:b3:97:49:c8:4b:
         f0:bd:b3:3b:6d:31:03:c8:47:16:93:f4:5b:b3:59:f8:95:79:
         32:7a:c2:7b:06:80:e2:17:c9:8d:8c:ff:72:c2:2a:55:ac:b3:
         fb:51:35:32:ad:b9:30:d5:03:bb:04:75:0e:ad:44:f5:14:1f:
         3f:63:df:2c:6c:8c:62:76:77:a7:99:2c:45:85:58:ae:f5:3b:
         88:36:3a:ca:ec:70:92:c2:85:99:36:c7:c9:85:98:20:24:6b:
         2d:93:9c:b0:da:45:da:d1:ef:27:0d:ba:5d:f1:9c:3f:6d:b6:
         fe:32:97:fa:6a:1d:70:e6:3d:8f:f3:8e:a8:0d:0f:11:20:4f:
         6c:87:3b:e4:31:59:f3:16:0d:52:ec:55:b0:5c:8a:21:00:9f:
         9a:8f:51:ea:32:65:06:5c:68:97:dc:48:d5:c5:04:0a:92:92:
         12:7b:88:d3
-----BEGIN CERTIFICATE-----
MIIFmjCCBIKgAwIBAgISAYOiVYY6ezLaSp5j1MywEd67MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjIxMDA0MDkzMDU3WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTMxMzRjMjQwOGMyODgwZDIwMGE2Mzk5ODYxMGMxZDY2MTE0ODk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArWQre9qMMZIJH7AY8N7w9F3SAinx
QUU0GQOz2eGCDcZb8nHqMd1A5V8vvuWourjuIhoOB7dlW4AI0f2B1X5kCyEsTyfW
cGL0jHdYHeXxdB6ovRNJyfUHlO8q5vPEZRCMPxvg2rtIVI0gZCQKNR3kmBIbk8t2
i8iZq8EydldtjhHIxfzMf/alLE4fbYhDkmPKmYzJW0J7WOCyuIhujzSeabzcb0/M
ot2ff8ZwXCD9qnjamuj9dFXh3uNuRwOO0GZQlVtGUFEOO/lfSgRpshlkRw7VdfuX
n8ivVZSEPh2NxCEocnP3QyWbEfellrqYLr/jQce3878zJvVddGCr++DnLQIDAQAB
o4ICpjCCAqIwHQYDVR0OBBYEFCExNMJAjCiA0gCmOZhhDB1mEUiZMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvSVRFMHdrQ01LSURTQUtZNW1HRU1IV1lSU0prLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIG7BggrBgEFBQcBBwEB/wSBqzCBqDCBpQQCAAEwgZ4DBABP
bj0DBABPbj8DBABQTDIDBABT22EDBABV2ZADBABc+TADBABc+TMDBABeZ3wDBABe
Z38DBABemqADBABemq0DBABtzu4DBAKwffwDBACy1+ADBAC59t8DBAC5/LEDBAC5
/LMDBADBGdgDBADBJSwDBADBJS8DBADBLzwDBADCMPoDBADCN7gDBADCN7swDAME
ANRXzQMEANRXzjANBgkqhkiG9w0BAQsFAAOCAQEABa4hqVW+XGTrwGuXeTVDboDB
2BVqOe5SNFQBEkUc/gbdvp71kRNKqZwpinuZ2+JfCZZto0ECtmkWsbcwXZu6B8F2
ysS+IC1UIicE6KGrGfJN6d0CNLOXSchL8L2zO20xA8hHFpP0W7NZ+JV5MnrCewaA
4hfJjYz/csIqVayz+1E1Mq25MNUDuwR1Dq1E9RQfP2PfLGyMYnZ3p5ksRYVYrvU7
iDY6yuxwksKFmTbHyYWYICRrLZOcsNpF2tHvJw26XfGcP222/jKX+modcOY9j/OO
qA0PESBPbIc75DFZ8xYNUuxVsFyKIQCfmo9R6jJlBlxol9xI1cUECpKSEnuI0w==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:17:04 2024 by rpki-client on console-fra.rpki-client.org