Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/MDuDwHgm-PFCQUiddwH4b1k9seY.roa
File:                     MDuDwHgm-PFCQUiddwH4b1k9seY.roa (raw, json)
Hash identifier:          2h7o4MQvqCzlKnMJOn6kVrOjs/KOCWCi11hHCIkjk6c=
Subject key identifier:   30:3B:83:C0:78:26:F8:F1:42:41:48:9D:77:01:F8:6F:59:3D:B1:E6
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018698280A9B1C0DF3B66F064364EA15F8DE
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/MDuDwHgm-PFCQUiddwH4b1k9seY.roa
Signing time:             Tue 28 Feb 2023 13:13:26 +0000
ROA not before:           Tue 28 Feb 2023 13:13:26 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     8100
IP address blocks:        87.120.192.0/23 maxlen: 24
                          87.121.36.0/23 maxlen: 24
                          87.121.38.0/24 maxlen: 24
                          87.121.60.0/22 maxlen: 24
                          87.120.219.0/24 maxlen: 24
                          94.154.160.0/23 maxlen: 24
                          94.154.173.0/24 maxlen: 24
                          93.123.39.0/24 maxlen: 24
                          94.156.237.0/24 maxlen: 24
                          194.55.226.0/24 maxlen: 24
                          94.156.238.0/24 maxlen: 24
                          93.123.68.0/22 maxlen: 24
                          93.123.76.0/22 maxlen: 24
                          93.123.80.0/24 maxlen: 24
                          93.123.86.0/23 maxlen: 24
                          94.156.168.0/23 maxlen: 24
                          94.156.176.0/22 maxlen: 24
                          94.156.180.0/23 maxlen: 24
                          93.123.24.0/24 maxlen: 24
                          194.48.249.0/24 maxlen: 24
                          93.123.30.0/23 maxlen: 24
                          93.123.26.0/23 maxlen: 24
                          87.120.64.0/23 maxlen: 24
                          87.120.96.0/23 maxlen: 24
                          93.123.112.0/22 maxlen: 24
                          93.123.116.0/23 maxlen: 24
                          93.123.119.0/24 maxlen: 24
                          87.120.32.0/22 maxlen: 24
                          193.25.219.0/24 maxlen: 24
                          87.120.46.0/23 maxlen: 24
                          94.156.2.0/24 maxlen: 24
                          94.156.8.0/24 maxlen: 24
                          91.92.16.0/24 maxlen: 24
                          91.92.21.0/24 maxlen: 24
                          91.92.26.0/23 maxlen: 24
                          193.58.121.0/24 maxlen: 24
                          193.58.123.0/24 maxlen: 24
                          94.156.131.0/24 maxlen: 24
                          94.156.152.0/24 maxlen: 24
                          94.156.154.0/23 maxlen: 24
                          91.92.67.0/24 maxlen: 24
                          94.156.78.0/23 maxlen: 24
                          37.139.130.0/23 maxlen: 24
                          212.87.205.0/24 maxlen: 24
                          87.121.146.0/23 maxlen: 24
                          178.215.238.0/24 maxlen: 24
                          87.121.163.0/24 maxlen: 24
                          185.252.177.0/24 maxlen: 24
                          193.47.62.0/24 maxlen: 24
                          87.121.104.0/24 maxlen: 24
                          87.121.103.0/24 maxlen: 24
                          87.121.114.0/23 maxlen: 24
                          31.13.252.0/22 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:98:28:0a:9b:1c:0d:f3:b6:6f:06:43:64:ea:15:f8:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Feb 28 13:13:26 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=303b83c07826f8f14241489d7701f86f593db1e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:39:b8:35:5e:a5:28:12:c7:c1:20:d6:11:f0:
                    52:4f:d3:b4:2c:44:0b:2b:a4:9f:d4:73:a5:48:60:
                    da:f6:93:46:04:3f:b5:cf:62:85:db:12:20:92:1c:
                    9b:8a:90:22:fb:70:55:bc:27:0d:8d:6a:40:bc:64:
                    ac:35:c7:ed:b6:b1:d6:3e:5c:1d:15:32:fd:f5:14:
                    4b:10:6f:76:a6:67:59:ab:ae:0b:99:6e:e4:e6:21:
                    8c:bd:51:4f:2b:30:bf:cc:fb:66:ec:57:27:2d:24:
                    58:00:ea:2a:01:93:bd:0a:02:46:24:17:90:25:40:
                    34:a1:22:fe:a0:d7:b4:f6:e3:cb:c1:a8:09:60:8b:
                    32:1d:b3:90:c5:8a:06:71:fd:89:f6:7c:dc:e4:29:
                    cd:a4:e8:1f:ed:49:77:02:59:f1:28:fe:1c:99:1f:
                    44:8e:2e:e3:6f:50:e9:93:a5:2b:c7:78:19:ca:20:
                    09:b6:c2:e6:61:1d:e4:5c:39:7a:5c:33:9a:58:96:
                    c0:bc:46:85:5f:ec:d3:97:46:69:2d:23:26:f6:7f:
                    7d:16:33:71:ea:4f:90:85:52:50:5b:01:fa:a6:39:
                    00:7f:1b:78:5f:c4:69:9c:c7:9a:9f:f6:67:da:48:
                    d4:92:18:b0:ff:67:5f:10:03:0e:2a:b8:a4:1c:cb:
                    7e:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:3B:83:C0:78:26:F8:F1:42:41:48:9D:77:01:F8:6F:59:3D:B1:E6
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/MDuDwHgm-PFCQUiddwH4b1k9seY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.13.252.0/22
                  37.139.130.0/23
                  87.120.32.0/22
                  87.120.46.0/23
                  87.120.64.0/23
                  87.120.96.0/23
                  87.120.192.0/23
                  87.120.219.0/24
                  87.121.36.0-87.121.38.255
                  87.121.60.0/22
                  87.121.103.0-87.121.104.255
                  87.121.114.0/23
                  87.121.146.0/23
                  87.121.163.0/24
                  91.92.16.0/24
                  91.92.21.0/24
                  91.92.26.0/23
                  91.92.67.0/24
                  93.123.24.0/24
                  93.123.26.0/23
                  93.123.30.0/23
                  93.123.39.0/24
                  93.123.68.0/22
                  93.123.76.0-93.123.80.255
                  93.123.86.0/23
                  93.123.112.0-93.123.117.255
                  93.123.119.0/24
                  94.154.160.0/23
                  94.154.173.0/24
                  94.156.2.0/24
                  94.156.8.0/24
                  94.156.78.0/23
                  94.156.131.0/24
                  94.156.152.0/24
                  94.156.154.0/23
                  94.156.168.0/23
                  94.156.176.0-94.156.181.255
                  94.156.237.0-94.156.238.255
                  178.215.238.0/24
                  185.252.177.0/24
                  193.25.219.0/24
                  193.47.62.0/24
                  193.58.121.0/24
                  193.58.123.0/24
                  194.48.249.0/24
                  194.55.226.0/24
                  212.87.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:b6:a4:63:d3:31:3c:ee:7a:a4:3d:e8:cd:1f:97:af:e9:76:
         10:07:55:3a:ef:ba:be:3a:7d:61:62:47:78:d3:ad:16:56:6e:
         fd:4e:bd:64:7e:cf:7e:69:6b:10:4d:84:f8:b9:37:99:43:24:
         cb:da:54:74:7c:72:bc:b0:b8:ac:dc:cb:03:3a:57:a9:20:29:
         e9:8f:c9:cc:c7:4d:38:d6:d4:71:8e:04:b7:47:0c:55:fa:85:
         07:9c:5b:c0:b0:30:d3:af:70:cb:11:25:72:87:06:da:e2:9a:
         ca:53:cf:b5:61:96:98:aa:8e:33:d6:c6:71:cd:b7:c5:0d:bb:
         a9:97:be:44:a9:af:d9:c4:ea:da:fb:d4:e7:0c:23:ab:bf:66:
         e9:37:42:eb:01:4b:70:fe:be:ee:32:9e:2e:23:74:fd:85:00:
         47:5c:81:9e:65:17:08:36:74:7a:3e:0b:d6:3a:57:3c:f0:47:
         eb:f7:80:f6:e4:b0:0f:6c:3f:ec:20:66:9b:69:b7:c9:6d:65:
         35:f6:b8:fc:eb:bf:eb:d1:cf:dd:50:5a:be:68:bf:d8:08:fc:
         ee:02:94:40:30:35:08:f7:84:61:37:8c:dc:56:d7:fa:c6:21:
         be:e2:28:8d:af:20:d3:86:10:cd:d5:8d:4f:a6:d7:fc:31:56:
         e0:c4:66:87
-----BEGIN CERTIFICATE-----
MIIGSzCCBTOgAwIBAgISAYaYKAqbHA3ztm8GQ2TqFfjeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwMjI4MTMxMzI2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDNiODNjMDc4MjZmOGYxNDI0MTQ4OWQ3NzAxZjg2ZjU5M2RiMWU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlTm4NV6lKBLHwSDWEfBST9O0LEQL
K6Sf1HOlSGDa9pNGBD+1z2KF2xIgkhybipAi+3BVvCcNjWpAvGSsNcfttrHWPlwd
FTL99RRLEG92pmdZq64LmW7k5iGMvVFPKzC/zPtm7FcnLSRYAOoqAZO9CgJGJBeQ
JUA0oSL+oNe09uPLwagJYIsyHbOQxYoGcf2J9nzc5CnNpOgf7Ul3AlnxKP4cmR9E
ji7jb1Dpk6Urx3gZyiAJtsLmYR3kXDl6XDOaWJbAvEaFX+zTl0ZpLSMm9n99FjNx
6k+QhVJQWwH6pjkAfxt4X8RpnMean/Zn2kjUkhiw/2dfEAMOKrikHMt+swIDAQAB
o4IDVzCCA1MwHQYDVR0OBBYEFDA7g8B4JvjxQkFInXcB+G9ZPbHmMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvTUR1RHdIZ20tUEZDUVVpZGR3SDRiMWs5c2VZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBawYIKwYBBQUHAQcBAf8EggFaMIIBVjCCAVIEAgABMIIB
SgMEAh8N/AMEASWLggMEAld4IAMEAVd4LgMEAVd4QAMEAVd4YAMEAVd4wAMEAFd4
2zAMAwQCV3kkAwQAV3kmAwQCV3k8MAwDBABXeWcDBABXeWgDBAFXeXIDBAFXeZID
BABXeaMDBABbXBADBABbXBUDBAFbXBoDBABbXEMDBABdexgDBAFdexoDBAFdex4D
BABdeycDBAJde0QwDAMEAl17TAMEAF17UAMEAV17VjAMAwQEXXtwAwQBXXt0AwQA
XXt3AwQBXpqgAwQAXpqtAwQAXpwCAwQAXpwIAwQBXpxOAwQAXpyDAwQAXpyYAwQB
XpyaAwQBXpyoMAwDBARenLADBAFenLQwDAMEAF6c7QMEAF6c7gMEALLX7gMEALn8
sQMEAMEZ2wMEAMEvPgMEAME6eQMEAME6ewMEAMIw+QMEAMI34gMEANRXzTANBgkq
hkiG9w0BAQsFAAOCAQEAKbakY9MxPO56pD3ozR+Xr+l2EAdVOu+6vjp9YWJHeNOt
FlZu/U69ZH7PfmlrEE2E+Lk3mUMky9pUdHxyvLC4rNzLAzpXqSAp6Y/JzMdNONbU
cY4Et0cMVfqFB5xbwLAw069wyxElcocG2uKaylPPtWGWmKqOM9bGcc23xQ27qZe+
RKmv2cTq2vvU5wwjq79m6TdC6wFLcP6+7jKeLiN0/YUAR1yBnmUXCDZ0ej4L1jpX
PPBH6/eA9uSwD2w/7CBmm2m3yW1lNfa4/Ou/69HP3VBavmi/2Aj87gKUQDA1CPeE
YTeM3FbX+sYhvuIoja8g04YQzdWNT6bX/DFW4MRmhw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:31 2024 by rpki-client on console-ams.rpki-client.org