Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IWB-iys_IoUzMZbCyZ6neDChRWs.roa
File:                     IWB-iys_IoUzMZbCyZ6neDChRWs.roa (raw, json)
Hash identifier:          NsTdwR5z683dXw1cf7t6E5J2tAGJqqiNIgVnDGMMzBU=
Subject key identifier:   21:60:7E:8B:2B:3F:22:85:33:31:96:C2:C9:9E:A7:78:30:A1:45:6B
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       01852F82E8B955CD63390CA3884AAADA8A67
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IWB-iys_IoUzMZbCyZ6neDChRWs.roa
Signing time:             Tue 20 Dec 2022 12:29:46 +0000
ROA not before:           Tue 20 Dec 2022 12:29:46 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     20454
IP address blocks:        81.161.237.0/24 maxlen: 24
                          84.54.48.0/24 maxlen: 24
                          94.156.234.0/23 maxlen: 24
                          185.222.160.0/22 maxlen: 24
                          93.123.81.0/24 maxlen: 24
                          94.156.160.0/23 maxlen: 24
                          94.156.182.0/23 maxlen: 24
                          193.37.40.0/23 maxlen: 24
                          194.48.250.0/23 maxlen: 24
                          194.55.184.0/24 maxlen: 24
                          194.59.30.0/23 maxlen: 24
                          87.120.84.0/24 maxlen: 24
                          94.103.124.0/23 maxlen: 24
                          194.180.36.0/24 maxlen: 24
                          87.121.58.0/24 maxlen: 24
                          83.219.98.0/23 maxlen: 24
                          82.115.210.0/23 maxlen: 24
                          87.120.5.0/24 maxlen: 24
                          176.125.252.0/22 maxlen: 24
                          94.154.174.0/23 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:2f:82:e8:b9:55:cd:63:39:0c:a3:88:4a:aa:da:8a:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Dec 20 12:29:46 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=21607e8b2b3f2285333196c2c99ea77830a1456b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:36:e2:3d:72:a3:fc:18:a5:98:2f:e7:a2:b8:
                    ae:6b:e6:d6:9a:2d:ef:73:47:ff:11:04:cb:60:1e:
                    47:40:06:99:c9:a7:31:87:d1:cc:94:70:e3:49:9b:
                    09:66:41:d0:8d:bb:4e:b8:d5:8e:eb:f8:73:07:f0:
                    a5:ca:3d:ec:49:ea:50:73:ad:79:17:37:2a:45:1f:
                    63:f8:b9:39:6b:e3:52:b8:4e:27:91:5b:48:90:16:
                    98:36:62:bb:54:9e:0e:67:aa:c2:43:ec:41:c8:9e:
                    c0:55:45:aa:ef:46:e2:cb:55:f2:26:3f:45:51:5b:
                    9a:5e:db:ae:5d:04:23:bf:7e:ac:97:7b:02:73:88:
                    e1:eb:6e:e8:9d:c5:a7:45:dc:28:d0:bf:be:2c:09:
                    b6:a6:e4:e2:87:a0:bd:ba:d0:ff:6e:2d:03:b3:b3:
                    d7:b0:1b:0a:1c:87:ff:ae:f0:d9:8e:c4:3e:c1:be:
                    ef:85:d8:81:e9:48:e3:10:af:83:02:5e:6f:ae:37:
                    79:49:c8:f5:f8:61:af:e0:8e:11:64:88:10:3e:da:
                    14:fc:04:0e:d4:82:2c:ba:6c:18:01:40:76:9c:41:
                    02:18:19:08:ea:37:c2:5b:5d:6f:0d:70:0a:ad:8d:
                    a4:c6:93:4d:f1:fc:46:64:44:ad:40:28:1e:d6:55:
                    94:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:60:7E:8B:2B:3F:22:85:33:31:96:C2:C9:9E:A7:78:30:A1:45:6B
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IWB-iys_IoUzMZbCyZ6neDChRWs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.161.237.0/24
                  82.115.210.0/23
                  83.219.98.0/23
                  84.54.48.0/24
                  87.120.5.0/24
                  87.120.84.0/24
                  87.121.58.0/24
                  93.123.81.0/24
                  94.103.124.0/23
                  94.154.174.0/23
                  94.156.160.0/23
                  94.156.182.0/23
                  94.156.234.0/23
                  176.125.252.0/22
                  185.222.160.0/22
                  193.37.40.0/23
                  194.48.250.0/23
                  194.55.184.0/24
                  194.59.30.0/23
                  194.180.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:1e:4c:2a:4d:3a:1b:e5:81:cc:be:73:0f:eb:bb:3c:6b:cf:
         0a:f8:56:4d:46:6e:1e:1b:22:20:82:f0:51:f9:6a:a7:c2:ca:
         03:d5:fe:cc:de:9c:89:a0:89:e9:ae:fd:ce:fd:49:db:fa:31:
         fd:bd:cf:d8:d6:9a:55:0a:30:c5:dc:b7:29:00:ac:ed:3e:74:
         0c:16:b6:1d:5e:20:a5:8c:25:e1:b3:6e:7e:45:5c:9d:14:21:
         a5:90:c4:6d:85:d4:05:70:b3:5f:46:4d:d2:8f:21:40:7e:81:
         d8:32:76:db:fc:ea:b3:c4:f9:e0:53:33:3c:b0:f1:0b:b3:08:
         e6:5c:38:5b:49:f6:ff:b5:74:f0:5d:0f:92:c8:17:28:b8:ff:
         72:2c:6b:9c:dc:bd:8a:69:ad:48:8b:16:7d:1a:f3:5a:db:37:
         12:17:90:0a:a8:dc:3b:7c:2d:40:a3:04:f0:45:0d:87:b7:0c:
         91:f7:df:ab:99:c0:26:c9:8f:19:9c:71:7b:a1:fc:b3:06:53:
         16:e3:a7:07:e4:47:0a:3d:45:d3:c5:c4:75:95:ee:da:9f:1c:
         ab:68:18:12:a5:36:29:99:ca:55:af:48:cc:8d:82:33:33:37:
         c5:50:71:f3:4e:e7:52:4e:7a:87:3a:6a:a6:a1:3e:88:17:f7:
         2d:d5:38:54
-----BEGIN CERTIFICATE-----
MIIFcjCCBFqgAwIBAgISAYUvgui5Vc1jOQyjiEqq2opnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjIxMjIwMTIyOTQ2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTYwN2U4YjJiM2YyMjg1MzMzMTk2YzJjOTllYTc3ODMwYTE0NTZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwzbiPXKj/BilmC/noriua+bWmi3v
c0f/EQTLYB5HQAaZyacxh9HMlHDjSZsJZkHQjbtOuNWO6/hzB/Clyj3sSepQc615
FzcqRR9j+Lk5a+NSuE4nkVtIkBaYNmK7VJ4OZ6rCQ+xByJ7AVUWq70biy1XyJj9F
UVuaXtuuXQQjv36sl3sCc4jh627oncWnRdwo0L++LAm2puTih6C9utD/bi0Ds7PX
sBsKHIf/rvDZjsQ+wb7vhdiB6UjjEK+DAl5vrjd5Scj1+GGv4I4RZIgQPtoU/AQO
1IIsumwYAUB2nEECGBkI6jfCW11vDXAKrY2kxpNN8fxGZEStQCge1lWU7QIDAQAB
o4ICfjCCAnowHQYDVR0OBBYEFCFgfosrPyKFMzGWwsmep3gwoUVrMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvSVdCLWl5c19Jb1V6TVpiQ3laNm5lRENoUldzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGTBggrBgEFBQcBBwEB/wSBgzCBgDB+BAIAATB4AwQAUaHt
AwQBUnPSAwQBU9tiAwQAVDYwAwQAV3gFAwQAV3hUAwQAV3k6AwQAXXtRAwQBXmd8
AwQBXpquAwQBXpygAwQBXpy2AwQBXpzqAwQCsH38AwQCud6gAwQBwSUoAwQBwjD6
AwQAwje4AwQBwjseAwQAwrQkMA0GCSqGSIb3DQEBCwUAA4IBAQAvHkwqTTob5YHM
vnMP67s8a88K+FZNRm4eGyIggvBR+WqnwsoD1f7M3pyJoInprv3O/Unb+jH9vc/Y
1ppVCjDF3LcpAKztPnQMFrYdXiCljCXhs25+RVydFCGlkMRthdQFcLNfRk3SjyFA
foHYMnbb/OqzxPngUzM8sPELswjmXDhbSfb/tXTwXQ+SyBcouP9yLGuc3L2Kaa1I
ixZ9GvNa2zcSF5AKqNw7fC1AowTwRQ2HtwyR99+rmcAmyY8ZnHF7ofyzBlMW46cH
5EcKPUXTxcR1le7anxyraBgSpTYpmcpVr0jMjYIzMzfFUHHzTudSTnqHOmqmoT6I
F/ct1ThU
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:29 2024 by rpki-client on console-ams.rpki-client.org