Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/JMzdU7CJDtshDbDBuFKrViqkFl8.roa
File:                     JMzdU7CJDtshDbDBuFKrViqkFl8.roa (raw, json)
Hash identifier:          XkLmPdlhz+45qkSHceJk8+HtY386a6MXYXYARph2wVQ=
Subject key identifier:   24:CC:DD:53:B0:89:0E:DB:21:0D:B0:C1:B8:52:AB:56:2A:A4:16:5F
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       0183B2A0AC9AD7B7AD6DAE15B139FA414AC4
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/JMzdU7CJDtshDbDBuFKrViqkFl8.roa
Signing time:             Fri 07 Oct 2022 13:26:57 +0000
ROA not before:           Fri 07 Oct 2022 13:26:57 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     50225
IP address blocks:        84.21.173.0/24 maxlen: 24
                          194.55.224.0/24 maxlen: 24
                          194.55.225.0/24 maxlen: 24
                          194.55.226.0/24 maxlen: 24
                          84.54.48.0/24 maxlen: 24
                          194.55.227.0/24 maxlen: 24
                          194.169.173.0/24 maxlen: 24
                          83.219.96.0/24 maxlen: 24
                          194.169.174.0/24 maxlen: 24
                          193.37.43.0/24 maxlen: 24
                          94.154.162.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:b2:a0:ac:9a:d7:b7:ad:6d:ae:15:b1:39:fa:41:4a:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Oct  7 13:26:57 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=24ccdd53b0890edb210db0c1b852ab562aa4165f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:a9:20:6e:ea:e6:1a:23:40:47:41:b4:53:4a:
                    fa:1a:e6:e2:2b:48:71:2e:19:2a:4d:02:58:c8:4d:
                    19:5d:9a:24:f1:5d:db:6a:8d:f0:a8:e5:b9:9e:da:
                    fe:87:3e:e8:ab:5a:de:9b:8e:01:20:07:e9:4b:ac:
                    28:20:fc:96:31:3e:c1:35:47:9d:88:69:1f:54:aa:
                    bc:da:24:4c:44:0e:a6:9e:5d:58:47:2d:ef:28:f7:
                    8e:cc:fa:e9:09:44:97:d1:f3:1a:e0:d7:37:5b:65:
                    5a:be:63:ba:8b:4e:fc:47:c8:c6:63:9f:a8:93:88:
                    ba:cd:2b:3e:01:c5:c7:a7:da:ad:8f:21:cf:0a:db:
                    2a:f8:a0:bd:32:04:d9:b4:71:e7:88:c8:f9:9a:9f:
                    a5:d7:7f:65:41:96:41:3e:ea:66:87:07:fb:f9:65:
                    37:a6:f9:6c:27:49:18:90:ff:bb:96:b5:8c:24:a0:
                    1e:90:f3:24:ec:f7:86:92:ec:98:ba:c3:34:70:87:
                    1c:cf:81:ee:37:25:68:a3:f6:26:78:fd:e5:2a:9f:
                    31:6c:80:35:b7:27:8a:55:05:2d:23:77:9a:9b:87:
                    92:47:79:32:49:21:07:ac:d2:75:71:a8:95:20:64:
                    7c:a5:2b:10:11:c6:5d:fa:f4:89:e6:35:4b:36:d8:
                    15:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:CC:DD:53:B0:89:0E:DB:21:0D:B0:C1:B8:52:AB:56:2A:A4:16:5F
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/JMzdU7CJDtshDbDBuFKrViqkFl8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.219.96.0/24
                  84.21.173.0/24
                  84.54.48.0/24
                  94.154.162.0/24
                  193.37.43.0/24
                  194.55.224.0/22
                  194.169.173.0-194.169.174.255

    Signature Algorithm: sha256WithRSAEncryption
         62:e7:bd:11:25:37:59:83:0d:bf:fa:7b:f4:7c:5c:ff:a6:18:
         4c:03:a8:fe:9e:32:6e:89:33:c1:5b:59:c3:8c:14:02:ec:29:
         36:81:6a:76:5b:9b:2d:5d:c2:18:3a:63:49:6f:3b:b5:a8:60:
         62:24:9e:74:4b:50:1e:7a:f4:25:57:bf:72:f0:90:b9:9d:78:
         0c:0f:0b:71:07:a9:98:b1:b5:cd:61:25:40:b6:8a:a1:3c:c9:
         77:77:4d:72:97:a2:8c:3e:ea:89:10:03:13:0e:1a:8f:25:5a:
         f5:33:b5:f1:62:dd:39:c8:83:20:bb:b2:bd:54:b3:8c:1a:8f:
         49:c6:65:a0:84:1c:31:95:f9:1f:e4:06:40:81:c0:2f:17:40:
         8d:62:41:95:9c:b9:21:6d:8c:cf:77:f2:39:77:4a:0d:52:23:
         d4:b5:e4:91:78:b4:e7:e1:15:90:62:b9:08:d4:f8:28:1f:77:
         c6:8a:e2:82:a9:5a:3e:d2:c8:5d:52:ae:4f:fb:76:5b:26:3f:
         38:47:29:f6:6e:f4:b3:21:82:37:53:9e:d7:a6:f6:3e:63:7d:
         d4:16:18:b4:8a:75:1a:1a:8d:d1:e7:2b:76:7a:24:25:46:b3:
         2e:10:5d:d4:40:0e:8e:c8:e1:b2:d0:c9:77:bb:10:75:2d:eb:
         94:f8:cb:2b
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAYOyoKya17etba4VsTn6QUrEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjIxMDA3MTMyNjU3WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNGNjZGQ1M2IwODkwZWRiMjEwZGIwYzFiODUyYWI1NjJhYTQxNjVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvKkgburmGiNAR0G0U0r6GubiK0hx
LhkqTQJYyE0ZXZok8V3bao3wqOW5ntr+hz7oq1rem44BIAfpS6woIPyWMT7BNUed
iGkfVKq82iRMRA6mnl1YRy3vKPeOzPrpCUSX0fMa4Nc3W2VavmO6i078R8jGY5+o
k4i6zSs+AcXHp9qtjyHPCtsq+KC9MgTZtHHniMj5mp+l139lQZZBPupmhwf7+WU3
pvlsJ0kYkP+7lrWMJKAekPMk7PeGkuyYusM0cIccz4HuNyVoo/YmeP3lKp8xbIA1
tyeKVQUtI3eam4eSR3kySSEHrNJ1caiVIGR8pSsQEcZd+vSJ5jVLNtgViQIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFCTM3VOwiQ7bIQ2wwbhSq1YqpBZfMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvSk16ZFU3Q0pEdHNoRGJEQnVGS3JWaXFrRmw4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAATAyAwQAU9tgAwQA
VBWtAwQAVDYwAwQAXpqiAwQAwSUrAwQCwjfgMAwDBADCqa0DBADCqa4wDQYJKoZI
hvcNAQELBQADggEBAGLnvRElN1mDDb/6e/R8XP+mGEwDqP6eMm6JM8FbWcOMFALs
KTaBanZbmy1dwhg6Y0lvO7WoYGIknnRLUB569CVXv3LwkLmdeAwPC3EHqZixtc1h
JUC2iqE8yXd3TXKXoow+6okQAxMOGo8lWvUztfFi3TnIgyC7sr1Us4waj0nGZaCE
HDGV+R/kBkCBwC8XQI1iQZWcuSFtjM938jl3Sg1SI9S15JF4tOfhFZBiuQjU+Cgf
d8aK4oKpWj7SyF1Srk/7dlsmPzhHKfZu9LMhgjdTntem9j5jfdQWGLSKdRoajdHn
K3Z6JCVGsy4QXdRADo7I4bLQyXe7EHUt65T4yys=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:17:04 2024 by rpki-client on console-fra.rpki-client.org