Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/NJKM3R9BOMhoEExOz5l0hft00YQ.roa
File:                     NJKM3R9BOMhoEExOz5l0hft00YQ.roa (raw, json)
Hash identifier:          72LxxoQ8dbYL5awozKygb3W01VSYSWF0+Smbr3cH52A=
Subject key identifier:   34:92:8C:DD:1F:41:38:C8:68:10:4C:4E:CF:99:74:85:FB:74:D1:84
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018BF6D787531C873F0372C563B5823C59CC
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/NJKM3R9BOMhoEExOz5l0hft00YQ.roa
Signing time:             Wed 22 Nov 2023 11:43:21 +0000
ROA not before:           Wed 22 Nov 2023 11:43:21 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     0
IP address blocks:        185.218.84.0/22 maxlen: 24
                          91.92.24.0/23 maxlen: 24
                          147.78.101.0/24 maxlen: 24
                          147.78.100.0/24 maxlen: 24
                          147.78.102.0/24 maxlen: 24
                          185.246.223.0/24 maxlen: 24
                          185.226.173.0/24 maxlen: 24
                          185.226.175.0/24 maxlen: 24
                          87.121.45.0/24 maxlen: 24
                          87.121.59.0/24 maxlen: 24
                          194.180.50.0/24 maxlen: 24
                          194.169.174.0/24 maxlen: 24
                          94.156.78.0/24 maxlen: 24
                          94.154.162.0/23 maxlen: 24
                          94.154.161.0/24 maxlen: 24
                          45.151.89.0/24 maxlen: 24
                          178.215.224.0/24 maxlen: 24
                          94.156.239.0/24 maxlen: 24
                          178.215.236.0/24 maxlen: 24
                          171.22.72.0/22 maxlen: 24
                          185.252.176.0/24 maxlen: 24
                          92.119.196.0/23 maxlen: 24
                          185.216.84.0/22 maxlen: 24
                          45.88.90.0/24 maxlen: 24
                          87.120.87.0/24 maxlen: 24
                          93.123.116.0/24 maxlen: 24
                          87.120.33.0/24 maxlen: 24
                          87.121.221.0/24 maxlen: 24
                          87.121.220.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:f6:d7:87:53:1c:87:3f:03:72:c5:63:b5:82:3c:59:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Nov 22 11:43:21 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=34928cdd1f4138c868104c4ecf997485fb74d184
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:2f:7a:b1:3c:4a:23:c3:e4:d2:83:f5:8d:3f:
                    09:27:16:42:d4:22:5c:41:5d:5d:4f:34:b8:75:a1:
                    1a:d6:2e:d9:fa:2b:f1:ae:c0:08:e2:af:6d:3b:4f:
                    80:95:0c:c5:d0:7a:b4:4b:ef:2f:4e:f9:8b:03:20:
                    ab:e8:73:12:20:28:d5:9c:65:b6:ef:36:c8:52:da:
                    6a:d3:63:7c:9a:db:70:fa:83:f8:f8:c8:dc:74:b1:
                    3e:3a:fb:70:d7:d6:30:12:d3:6c:f2:e8:ad:c0:21:
                    0d:70:78:f3:68:42:c2:4f:8a:84:aa:5c:ca:7e:ef:
                    32:94:96:ef:de:8a:3c:7c:44:74:c1:36:61:2c:78:
                    de:3f:dd:71:f0:9a:d6:eb:98:f8:b2:92:34:16:1d:
                    4d:40:c1:9b:bf:b8:b3:5f:b6:3e:84:04:66:2d:09:
                    ea:1d:9e:7e:ba:af:65:78:8a:3b:54:5d:0f:ef:0c:
                    b9:80:79:17:98:31:83:69:3c:79:f9:ec:74:63:79:
                    7b:1f:05:07:fa:dc:76:ab:a1:e1:42:56:c2:9c:df:
                    06:36:1f:52:e0:a7:80:f8:b7:5e:98:28:7d:b5:5c:
                    4c:5b:95:99:c0:a3:83:2f:f9:b5:77:1f:f3:f3:9f:
                    e3:f5:9e:28:f9:61:28:2e:36:c3:9c:54:38:af:48:
                    65:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:92:8C:DD:1F:41:38:C8:68:10:4C:4E:CF:99:74:85:FB:74:D1:84
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/NJKM3R9BOMhoEExOz5l0hft00YQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.88.90.0/24
                  45.151.89.0/24
                  87.120.33.0/24
                  87.120.87.0/24
                  87.121.45.0/24
                  87.121.59.0/24
                  87.121.220.0/23
                  91.92.24.0/23
                  92.119.196.0/23
                  93.123.116.0/24
                  94.154.161.0-94.154.163.255
                  94.156.78.0/24
                  94.156.239.0/24
                  147.78.100.0-147.78.102.255
                  171.22.72.0/22
                  178.215.224.0/24
                  178.215.236.0/24
                  185.216.84.0/22
                  185.218.84.0/22
                  185.226.173.0/24
                  185.226.175.0/24
                  185.246.223.0/24
                  185.252.176.0/24
                  194.169.174.0/24
                  194.180.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:12:ac:7f:6d:a8:62:84:51:5a:85:95:6f:fa:83:30:06:c5:
         0a:f9:a5:af:fd:77:34:fe:e4:57:97:6c:33:7f:4c:af:45:e6:
         af:76:e9:ef:c1:56:3d:5c:17:fb:fe:fd:5f:ab:53:0a:a0:84:
         66:09:66:70:8f:51:7b:c4:20:9b:5a:c6:a5:88:41:d4:06:1c:
         f4:c1:79:5d:78:40:5f:07:61:02:d7:87:4b:95:55:c3:e1:dc:
         c7:d5:c1:4b:b8:ac:dd:b9:3c:26:36:c4:e6:d2:ce:28:71:2b:
         54:96:52:4c:56:8c:e1:3f:ae:f1:3a:48:72:4d:a8:16:26:47:
         2a:5e:15:ad:f6:33:c6:8d:1d:80:77:e9:98:44:e9:ca:e4:91:
         72:58:07:89:60:b3:56:c0:b0:92:f1:a2:51:65:6b:9c:a0:c5:
         4b:17:ae:08:cb:4a:f5:ae:09:c2:29:93:14:f3:f1:10:8b:0e:
         c4:a8:c6:bf:12:e0:36:0d:1e:f9:c6:5c:7a:5e:55:a3:a5:86:
         92:89:3a:64:79:e4:69:b6:cf:dc:53:cd:05:2f:d1:7a:08:fd:
         d5:8f:1a:9d:42:78:2f:5a:f0:d9:78:2f:c0:26:27:64:ba:b4:
         18:91:0f:ad:61:0a:3f:67:b2:1f:20:b6:ac:d4:6a:58:c5:a7:
         3b:93:f8:28
-----BEGIN CERTIFICATE-----
MIIFojCCBIqgAwIBAgISAYv214dTHIc/A3LFY7WCPFnMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMxMTIyMTE0MzIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDkyOGNkZDFmNDEzOGM4NjgxMDRjNGVjZjk5NzQ4NWZiNzRkMTg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmy96sTxKI8Pk0oP1jT8JJxZC1CJc
QV1dTzS4daEa1i7Z+ivxrsAI4q9tO0+AlQzF0Hq0S+8vTvmLAyCr6HMSICjVnGW2
7zbIUtpq02N8mttw+oP4+MjcdLE+Ovtw19YwEtNs8uitwCENcHjzaELCT4qEqlzK
fu8ylJbv3oo8fER0wTZhLHjeP91x8JrW65j4spI0Fh1NQMGbv7izX7Y+hARmLQnq
HZ5+uq9leIo7VF0P7wy5gHkXmDGDaTx5+ex0Y3l7HwUH+tx2q6HhQlbCnN8GNh9S
4KeA+LdemCh9tVxMW5WZwKODL/m1dx/z85/j9Z4o+WEoLjbDnFQ4r0hlnQIDAQAB
o4ICrjCCAqowHQYDVR0OBBYEFDSSjN0fQTjIaBBMTs+ZdIX7dNGEMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvTkpLTTNSOUJPTWhvRUV4T3o1bDBoZnQwMFlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHDBggrBgEFBQcBBwEB/wSBszCBsDCBrQQCAAEwgaYDBAAt
WFoDBAAtl1kDBABXeCEDBABXeFcDBABXeS0DBABXeTsDBAFXedwDBAFbXBgDBAFc
d8QDBABde3QwDAMEAF6aoQMEAl6aoAMEAF6cTgMEAF6c7zAMAwQCk05kAwQAk05m
AwQCqxZIAwQAstfgAwQAstfsAwQCudhUAwQCudpUAwQAueKtAwQAueKvAwQAufbf
AwQAufywAwQAwqmuAwQAwrQyMA0GCSqGSIb3DQEBCwUAA4IBAQA4Eqx/bahihFFa
hZVv+oMwBsUK+aWv/Xc0/uRXl2wzf0yvReavdunvwVY9XBf7/v1fq1MKoIRmCWZw
j1F7xCCbWsaliEHUBhz0wXldeEBfB2EC14dLlVXD4dzH1cFLuKzduTwmNsTm0s4o
cStUllJMVozhP67xOkhyTagWJkcqXhWt9jPGjR2Ad+mYROnK5JFyWAeJYLNWwLCS
8aJRZWucoMVLF64Iy0r1rgnCKZMU8/EQiw7EqMa/EuA2DR75xlx6XlWjpYaSiTpk
eeRpts/cU80FL9F6CP3VjxqdQngvWvDZeC/AJidkurQYkQ+tYQo/Z7IfILas1GpY
xac7k/go
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:31 2024 by rpki-client on console-ams.rpki-client.org