Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Nj_XCvkPO3y4EWd5uCnrlBjxsCg.roa
File:                     Nj_XCvkPO3y4EWd5uCnrlBjxsCg.roa (raw, json)
Hash identifier:          XtZ7F0Vde5V8Zxzz3h+xKrCdM/F09nE37WIYUdaNSR4=
Subject key identifier:   36:3F:D7:0A:F9:0F:3B:7C:B8:11:67:79:B8:29:EB:94:18:F1:B0:28
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       1DCBCF01
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Nj_XCvkPO3y4EWd5uCnrlBjxsCg.roa
Signing time:             Fri 08 Apr 2022 12:49:00 +0000
ROA not before:           Fri 08 Apr 2022 12:49:00 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     397423
IP address blocks:        84.54.48.0/22 maxlen: 24
                          194.180.51.0/24 maxlen: 24
                          194.169.172.0/22 maxlen: 24
                          194.180.48.0/23 maxlen: 24
                          176.125.252.0/22 maxlen: 24
                          94.154.172.0/22 maxlen: 24
                          193.25.216.0/22 maxlen: 24
                          87.121.220.0/23 maxlen: 24
                          109.206.240.0/22 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 499896065 (0x1dcbcf01)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Apr  8 12:49:00 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=363fd70af90f3b7cb8116779b829eb9418f1b028
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:5d:d3:74:40:1c:28:4f:cf:0f:9d:b7:9f:58:
                    0c:d5:e2:db:5e:50:71:ff:05:f3:dc:b6:42:a8:cc:
                    73:74:88:c6:4f:34:42:a5:f0:d9:ff:93:2a:4d:73:
                    47:e2:c9:42:d9:f2:d6:af:9c:0b:42:38:46:71:ef:
                    ad:d7:ca:4c:16:b6:bb:ca:ef:08:d5:60:75:0a:f5:
                    ff:b3:09:08:cf:8a:c1:15:eb:66:4a:a1:9c:67:32:
                    f2:1f:29:35:7d:dc:4c:d8:3a:e7:e5:4d:8f:bd:a2:
                    ea:4c:58:34:21:27:a9:17:c5:47:7f:d0:a2:44:05:
                    a9:fd:63:9b:e0:84:cc:cc:57:7c:ac:8a:ec:a3:64:
                    e5:4c:94:24:69:b9:3a:93:10:be:a3:2d:7e:65:c8:
                    83:c1:1f:ae:48:10:4b:6e:92:35:88:41:9b:5d:df:
                    58:be:28:95:14:0e:28:f6:a4:04:98:01:49:9d:f5:
                    09:cc:22:58:55:5f:4f:9e:e0:bd:d3:3b:20:45:90:
                    97:31:3b:ea:3e:ef:e3:78:e4:b1:37:1a:e5:2a:0e:
                    24:ef:ae:0a:0c:6c:cb:86:1a:90:da:be:ad:c8:ca:
                    32:ae:4e:33:45:3c:a7:85:5f:b4:01:66:b0:92:cb:
                    4c:36:42:7b:5c:0b:06:fa:7a:1f:47:8c:26:4d:82:
                    8f:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:3F:D7:0A:F9:0F:3B:7C:B8:11:67:79:B8:29:EB:94:18:F1:B0:28
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Nj_XCvkPO3y4EWd5uCnrlBjxsCg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.54.48.0/22
                  87.121.220.0/23
                  94.154.172.0/22
                  109.206.240.0/22
                  176.125.252.0/22
                  193.25.216.0/22
                  194.169.172.0/22
                  194.180.48.0/23
                  194.180.51.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:51:ca:f4:6c:9f:82:f6:9c:55:cf:8f:d2:b6:47:27:02:22:
         09:1b:27:dd:f6:a2:7e:f6:fa:d4:cc:96:ab:0f:fb:7d:8d:d3:
         32:63:26:0d:e7:58:59:f8:93:1c:20:d0:41:05:05:fd:17:b4:
         7e:46:3a:a0:66:38:27:c8:89:6c:74:38:b4:87:e7:63:57:66:
         59:3e:17:c7:81:44:91:cf:0d:1f:c8:5f:f4:76:24:8c:84:1f:
         29:f2:ca:6f:dc:96:f8:8f:37:39:e5:8f:f7:2d:eb:58:af:fd:
         6f:db:14:4e:15:93:ec:08:ca:e3:7c:db:d4:76:50:30:cd:30:
         e5:1b:27:35:31:bc:e4:7b:72:73:e2:0b:48:83:a0:1e:a8:1a:
         5a:a5:33:46:2b:13:11:81:8a:4a:54:10:a5:2d:12:cc:a3:c7:
         05:4f:8b:d1:74:56:f2:d3:79:17:fd:ae:6f:de:9f:14:49:35:
         69:10:cf:3b:b1:d8:19:eb:98:6a:80:56:a5:d2:ec:86:ab:20:
         29:48:67:dd:c5:13:52:63:0e:9c:fd:39:4e:8e:94:58:1a:27:
         ac:6d:71:ce:6b:14:3d:28:82:62:79:00:01:60:06:94:12:33:
         f3:17:84:24:34:e5:3c:40:36:07:50:7e:a2:0c:14:67:8c:84:
         8b:a7:d7:71
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgIEHcvPATANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygy
MmM0YWMzZTNjNDNkNzBkMDUzNDljODE1YmFhZGQzOGFkNzc1ZTlkMB4XDTIyMDQw
ODEyNDkwMFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMzYzZmQ3MGFmOTBm
M2I3Y2I4MTE2Nzc5YjgyOWViOTQxOGYxYjAyODCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJhd03RAHChPzw+dt59YDNXi215Qcf8F89y2QqjMc3SIxk80
QqXw2f+TKk1zR+LJQtny1q+cC0I4RnHvrdfKTBa2u8rvCNVgdQr1/7MJCM+KwRXr
ZkqhnGcy8h8pNX3cTNg65+VNj72i6kxYNCEnqRfFR3/QokQFqf1jm+CEzMxXfKyK
7KNk5UyUJGm5OpMQvqMtfmXIg8EfrkgQS26SNYhBm13fWL4olRQOKPakBJgBSZ31
CcwiWFVfT57gvdM7IEWQlzE76j7v43jksTca5SoOJO+uCgxsy4YakNq+rcjKMq5O
M0U8p4VftAFmsJLLTDZCe1wLBvp6H0eMJk2CjwkCAwEAAaOCAjkwggI1MB0GA1Ud
DgQWBBQ2P9cK+Q87fLgRZ3m4KeuUGPGwKDAfBgNVHSMEGDAWgBQixKw+PEPXDQU0
nIFbqt04rXdenTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0lzU3NQanhEMXcwRk5KeUJXNnJkT0sxM1hwMC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMDMvOTEzYTNhLWY1NTAtNDZmMC1hY2M3LWNkM2NhNTk3NTcxMi8x
L05qX1hDdmtQTzN5NEVXZDV1Q25ybEJqeHNDZy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDMv
OTEzYTNhLWY1NTAtNDZmMC1hY2M3LWNkM2NhNTk3NTcxMi8xL0lzU3NQanhEMXcw
Rk5KeUJXNnJkT0sxM1hwMC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBP
BggrBgEFBQcBBwEB/wRAMD4wPAQCAAEwNgMEAlQ2MAMEAVd53AMEAl6arAMEAm3O
8AMEArB9/AMEAsEZ2AMEAsKprAMEAcK0MAMEAMK0MzANBgkqhkiG9w0BAQsFAAOC
AQEAHlHK9GyfgvacVc+P0rZHJwIiCRsn3faifvb61MyWqw/7fY3TMmMmDedYWfiT
HCDQQQUF/Re0fkY6oGY4J8iJbHQ4tIfnY1dmWT4Xx4FEkc8NH8hf9HYkjIQfKfLK
b9yW+I83OeWP9y3rWK/9b9sUThWT7AjK43zb1HZQMM0w5RsnNTG85Htyc+ILSIOg
HqgaWqUzRisTEYGKSlQQpS0SzKPHBU+L0XRW8tN5F/2ub96fFEk1aRDPO7HYGeuY
aoBWpdLshqsgKUhn3cUTUmMOnP05To6UWBonrG1xzmsUPSiCYnkAAWAGlBIz8xeE
JDTlPEA2B1B+ogwUZ4yEi6fXcQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:17:05 2024 by rpki-client on console-fra.rpki-client.org