Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/MK86spCC_uC82VJcdVp2UvGXDhQ.roa
File:                     MK86spCC_uC82VJcdVp2UvGXDhQ.roa (raw, json)
Hash identifier:          0VQdI0KmxqQ1Rv83LM5V+ZqjTxcPGNfD9dbJsC5dOLQ=
Subject key identifier:   30:AF:3A:B2:90:82:FE:E0:BC:D9:52:5C:75:5A:76:52:F1:97:0E:14
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018CB0D1587AA18CACEC36FEE31339EABBE8
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/MK86spCC_uC82VJcdVp2UvGXDhQ.roa
Signing time:             Thu 28 Dec 2023 14:25:58 +0000
ROA not before:           Thu 28 Dec 2023 14:25:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     206003
IP address blocks:        171.22.31.0/24 maxlen: 24
                          87.121.124.0/23 maxlen: 24
                          81.161.239.0/24 maxlen: 24
                          91.200.192.0/22 maxlen: 24
                          94.156.248.0/24 maxlen: 24
                          87.121.162.0/24 maxlen: 24
                          45.141.158.0/24 maxlen: 24
                          171.22.17.0/24 maxlen: 24
                          171.22.18.0/24 maxlen: 24
                          79.110.61.0/24 maxlen: 24
                          45.129.84.0/24 maxlen: 24
                          193.35.19.0/24 maxlen: 24
                          37.139.130.0/24 maxlen: 24
                          193.25.216.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:b0:d1:58:7a:a1:8c:ac:ec:36:fe:e3:13:39:ea:bb:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Dec 28 14:25:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=30af3ab29082fee0bcd9525c755a7652f1970e14
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:ba:7f:be:61:9d:a6:a6:a8:a0:57:7b:4d:41:
                    b2:93:95:4a:85:a0:b3:97:55:19:f8:f2:6c:72:e4:
                    f0:b0:77:9c:e8:2d:b3:e3:52:e0:21:79:59:6f:f8:
                    7c:60:23:f4:1d:7d:3f:c3:7f:4c:19:d1:ce:d3:b4:
                    0a:c7:33:36:29:de:3e:58:81:88:08:b1:ec:2e:f3:
                    5e:1e:6d:fe:35:c4:16:f0:82:49:8c:4b:4d:84:59:
                    0b:70:71:a5:9e:95:1e:3f:98:c7:c4:7e:dd:0a:f1:
                    7e:77:b6:f3:18:86:20:09:58:d0:e5:e4:7e:7b:dd:
                    7d:2a:59:aa:71:5f:fd:6a:23:4d:fd:2c:a7:30:24:
                    87:90:5b:21:17:75:0d:97:ca:1e:db:8a:90:66:a1:
                    be:70:72:cc:13:97:22:28:44:57:9e:4a:b1:67:32:
                    4e:ec:38:ff:21:77:85:71:0b:71:af:40:68:ea:ad:
                    a4:48:eb:ad:f4:90:f5:b1:90:c3:d2:f4:66:ce:de:
                    01:95:76:33:4a:47:38:78:6f:db:f0:e9:35:e5:0c:
                    b1:05:84:cb:52:da:9c:6b:c0:cf:99:31:5f:e4:62:
                    7c:d9:d1:1f:b3:4f:3d:e0:a4:65:42:ae:46:03:95:
                    da:ac:01:8d:2f:d8:db:50:fe:c8:c4:05:0e:e3:bb:
                    f0:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:AF:3A:B2:90:82:FE:E0:BC:D9:52:5C:75:5A:76:52:F1:97:0E:14
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/MK86spCC_uC82VJcdVp2UvGXDhQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.139.130.0/24
                  45.129.84.0/24
                  45.141.158.0/24
                  79.110.61.0/24
                  81.161.239.0/24
                  87.121.124.0/23
                  87.121.162.0/24
                  91.200.192.0/22
                  94.156.248.0/24
                  171.22.17.0-171.22.18.255
                  171.22.31.0/24
                  193.25.216.0/24
                  193.35.19.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:04:72:e7:8c:37:34:19:aa:4c:ee:42:c5:18:a0:c8:35:1d:
         e7:67:d7:07:d4:3e:89:3d:fc:75:29:41:eb:24:7d:9b:56:fe:
         ff:58:b8:15:1c:e2:f2:ad:2b:4f:37:ef:da:89:fd:2e:52:2a:
         f4:da:e3:9a:a6:ef:2d:78:7b:76:42:e8:e0:03:4b:7d:22:89:
         ff:d2:bf:91:99:2c:42:cf:e5:f4:9d:af:d2:fa:17:df:2b:9c:
         71:7b:74:da:20:33:12:21:45:95:5b:0c:b1:37:af:fe:7c:18:
         bd:52:31:83:5e:55:ff:85:2a:de:58:26:bd:9a:1f:7a:f2:50:
         f5:a7:a2:e2:1d:d2:59:be:e3:1b:1d:14:aa:7f:9f:b7:17:98:
         1c:83:b0:32:57:ab:57:45:c3:ee:cc:94:57:7f:52:07:11:24:
         36:d1:4d:86:bd:f2:ee:4d:3c:9f:03:7c:bc:b1:eb:41:49:14:
         96:7f:d7:f0:54:b7:73:34:8a:fc:0e:53:80:b1:00:5f:39:2d:
         62:0a:bf:14:11:ac:04:78:31:e5:5b:58:2f:b7:73:96:5b:39:
         73:bc:ce:c6:f5:39:05:7d:a2:32:6e:62:ae:d1:6b:5c:00:43:
         3f:57:c2:4b:17:2c:76:bf:48:dc:7e:af:68:7d:4a:31:9d:6c:
         26:a1:7b:72
-----BEGIN CERTIFICATE-----
MIIFTTCCBDWgAwIBAgISAYyw0Vh6oYys7Db+4xM56rvoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMxMjI4MTQyNTU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMGFmM2FiMjkwODJmZWUwYmNkOTUyNWM3NTVhNzY1MmYxOTcwZTE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgbp/vmGdpqaooFd7TUGyk5VKhaCz
l1UZ+PJscuTwsHec6C2z41LgIXlZb/h8YCP0HX0/w39MGdHO07QKxzM2Kd4+WIGI
CLHsLvNeHm3+NcQW8IJJjEtNhFkLcHGlnpUeP5jHxH7dCvF+d7bzGIYgCVjQ5eR+
e919KlmqcV/9aiNN/SynMCSHkFshF3UNl8oe24qQZqG+cHLME5ciKERXnkqxZzJO
7Dj/IXeFcQtxr0Bo6q2kSOut9JD1sZDD0vRmzt4BlXYzSkc4eG/b8Ok15QyxBYTL
Utqca8DPmTFf5GJ82dEfs0894KRlQq5GA5XarAGNL9jbUP7IxAUO47vw5wIDAQAB
o4ICWTCCAlUwHQYDVR0OBBYEFDCvOrKQgv7gvNlSXHVadlLxlw4UMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvTUs4NnNwQ0NfdUM4MlZKY2RWcDJVdkdYRGhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG8GCCsGAQUFBwEHAQH/BGAwXjBcBAIAATBWAwQAJYuCAwQA
LYFUAwQALY2eAwQAT249AwQAUaHvAwQBV3l8AwQAV3miAwQCW8jAAwQAXpz4MAwD
BACrFhEDBACrFhIDBACrFh8DBADBGdgDBADBIxMwDQYJKoZIhvcNAQELBQADggEB
AHsEcueMNzQZqkzuQsUYoMg1Hedn1wfUPok9/HUpQeskfZtW/v9YuBUc4vKtK083
79qJ/S5SKvTa45qm7y14e3ZC6OADS30iif/Sv5GZLELP5fSdr9L6F98rnHF7dNog
MxIhRZVbDLE3r/58GL1SMYNeVf+FKt5YJr2aH3ryUPWnouId0lm+4xsdFKp/n7cX
mByDsDJXq1dFw+7MlFd/UgcRJDbRTYa98u5NPJ8DfLyx60FJFJZ/1/BUt3M0ivwO
U4CxAF85LWIKvxQRrAR4MeVbWC+3c5ZbOXO8zsb1OQV9ojJuYq7Ra1wAQz9XwksX
LHa/SNx+r2h9SjGdbCahe3I=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:17:05 2024 by rpki-client on console-fra.rpki-client.org