Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Nq3Hubc0yx62rIBlQ3Pnf2b2uLU.roa
File:                     Nq3Hubc0yx62rIBlQ3Pnf2b2uLU.roa (raw, json)
Hash identifier:          ESBBObZiy4NwQrA0f4HNPagP/TZIX5zLsXNILvJN5h8=
Subject key identifier:   36:AD:C7:B9:B7:34:CB:1E:B6:AC:80:65:43:73:E7:7F:66:F6:B8:B5
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018321831C9774162723DC051303A887B078
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Nq3Hubc0yx62rIBlQ3Pnf2b2uLU.roa
Signing time:             Fri 09 Sep 2022 09:09:44 +0000
ROA not before:           Fri 09 Sep 2022 09:09:44 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     209371
IP address blocks:        85.31.45.0/24 maxlen: 24
                          85.31.47.0/24 maxlen: 24
                          185.246.221.0/24 maxlen: 24
                          84.21.173.0/24 maxlen: 24
                          194.180.36.0/24 maxlen: 24
                          92.249.50.0/24 maxlen: 24
                          185.218.136.0/24 maxlen: 24
                          82.115.208.0/24 maxlen: 24
                          82.115.209.0/24 maxlen: 24
                          82.115.210.0/24 maxlen: 24
                          82.115.211.0/24 maxlen: 24
                          94.154.172.0/24 maxlen: 24
                          193.35.19.0/24 maxlen: 24
                          84.21.172.0/24 maxlen: 24
                          194.55.226.0/24 maxlen: 24
                          178.215.226.0/24 maxlen: 24
                          84.54.48.0/24 maxlen: 24
                          84.54.49.0/24 maxlen: 24
                          194.55.224.0/24 maxlen: 24
                          194.55.225.0/24 maxlen: 24
                          178.215.225.0/24 maxlen: 24
                          194.55.227.0/24 maxlen: 24
                          178.215.227.0/24 maxlen: 24
                          178.215.239.0/24 maxlen: 24
                          178.215.236.0/24 maxlen: 24
                          80.76.48.0/24 maxlen: 24
                          193.42.32.0/24 maxlen: 24
                          193.222.97.0/24 maxlen: 24
                          193.47.63.0/24 maxlen: 24
                          193.47.62.0/24 maxlen: 24
                          193.222.99.0/24 maxlen: 24
                          193.37.42.0/24 maxlen: 24
                          185.216.70.0/24 maxlen: 24
                          185.216.69.0/24 maxlen: 24
                          94.103.125.0/24 maxlen: 24
                          87.120.84.0/24 maxlen: 24
                          87.120.87.0/24 maxlen: 24
                          94.103.126.0/24 maxlen: 24
                          193.25.217.0/24 maxlen: 24
                          193.25.218.0/24 maxlen: 24
                          87.121.221.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:21:83:1c:97:74:16:27:23:dc:05:13:03:a8:87:b0:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Sep  9 09:09:44 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=36adc7b9b734cb1eb6ac80654373e77f66f6b8b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:cd:f9:d9:2e:35:22:e7:87:df:f7:e9:a7:a8:
                    ca:5e:99:58:5d:d1:2f:cb:54:41:e7:54:48:6c:6d:
                    c4:e2:28:20:7e:2c:74:0a:d6:0b:ee:07:2b:46:9b:
                    cd:f8:67:29:01:dd:4c:47:75:02:44:8d:03:76:d9:
                    a5:58:17:c6:af:00:1f:b7:91:64:09:e0:f6:7e:83:
                    a9:4d:98:99:09:04:81:ac:89:2d:90:6a:7a:cc:44:
                    9f:5e:47:7c:3a:00:20:7f:dc:8c:e9:32:90:5b:d2:
                    76:95:22:fe:6f:5c:c7:b8:10:ec:a1:b7:61:e3:26:
                    63:28:6d:0d:ae:51:21:55:22:85:d3:48:d7:29:77:
                    b3:45:18:1d:de:54:e5:84:80:c6:33:bb:75:62:86:
                    b0:c7:df:46:96:6a:18:4e:ff:85:50:50:71:d7:6a:
                    91:1e:1e:55:e8:87:54:53:d0:97:41:5e:f1:3b:72:
                    7f:bc:cf:b7:31:45:e6:82:f5:7c:0a:1a:f5:93:7e:
                    ef:e8:85:56:56:bb:f0:3a:c6:52:88:3a:cb:b2:bc:
                    a4:ad:f0:e9:a0:7f:ee:c2:ee:c9:44:78:aa:91:d1:
                    a9:15:71:de:a5:c2:1b:1f:15:21:78:0d:fd:bb:85:
                    47:83:2e:35:30:d0:95:d4:74:c8:e7:39:65:75:4c:
                    18:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:AD:C7:B9:B7:34:CB:1E:B6:AC:80:65:43:73:E7:7F:66:F6:B8:B5
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Nq3Hubc0yx62rIBlQ3Pnf2b2uLU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.76.48.0/24
                  82.115.208.0/22
                  84.21.172.0/23
                  84.54.48.0/23
                  85.31.45.0/24
                  85.31.47.0/24
                  87.120.84.0/24
                  87.120.87.0/24
                  87.121.221.0/24
                  92.249.50.0/24
                  94.103.125.0-94.103.126.255
                  94.154.172.0/24
                  178.215.225.0-178.215.227.255
                  178.215.236.0/24
                  178.215.239.0/24
                  185.216.69.0-185.216.70.255
                  185.218.136.0/24
                  185.246.221.0/24
                  193.25.217.0-193.25.218.255
                  193.35.19.0/24
                  193.37.42.0/24
                  193.42.32.0/24
                  193.47.62.0/23
                  193.222.97.0/24
                  193.222.99.0/24
                  194.55.224.0/22
                  194.180.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:a1:68:22:59:f3:0e:10:a3:b0:46:a5:9e:ac:de:98:b5:07:
         4b:55:64:28:a9:f7:82:60:c3:9b:f6:4b:35:3e:fe:1e:4d:b2:
         51:f9:b2:29:ea:64:62:d1:01:b3:91:86:60:3b:1c:7e:98:c2:
         0b:90:34:64:f6:51:8a:86:43:e0:59:94:42:d7:cf:ab:af:0d:
         d5:09:88:87:cc:df:8c:dd:23:9c:86:e0:a0:12:d4:c4:3e:46:
         9e:36:d6:d0:f3:3b:9e:d5:e4:09:c0:e5:d2:20:5a:de:77:dc:
         a5:3a:f4:66:69:df:a3:72:2a:d6:40:ca:09:a6:f8:cc:24:4c:
         fa:43:58:f4:97:f5:70:a8:77:0d:c3:c7:76:d7:13:03:c8:9a:
         72:86:5a:34:9c:48:34:c1:1b:4c:39:71:ec:13:44:c5:80:b5:
         c6:a9:ea:1d:83:a5:27:37:ef:61:60:82:55:5a:a3:ba:fd:c1:
         b4:98:35:a2:e6:a9:2d:f6:7f:24:49:a2:7b:a8:93:bf:0a:a2:
         dc:63:0e:6c:b3:07:3a:ac:19:bc:92:81:ac:eb:80:bd:78:8f:
         ff:17:03:58:9d:8b:43:a4:d3:7e:ab:5b:d9:e6:fb:8a:16:b7:
         78:25:d7:b2:b3:35:25:42:4b:99:04:0f:7c:fb:64:86:76:97:
         2c:71:fe:f1
-----BEGIN CERTIFICATE-----
MIIFvjCCBKagAwIBAgISAYMhgxyXdBYnI9wFEwOoh7B4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjIwOTA5MDkwOTQ0WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNmFkYzdiOWI3MzRjYjFlYjZhYzgwNjU0MzczZTc3ZjY2ZjZiOGI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg8352S41IueH3/fpp6jKXplYXdEv
y1RB51RIbG3E4iggfix0CtYL7gcrRpvN+GcpAd1MR3UCRI0DdtmlWBfGrwAft5Fk
CeD2foOpTZiZCQSBrIktkGp6zESfXkd8OgAgf9yM6TKQW9J2lSL+b1zHuBDsobdh
4yZjKG0NrlEhVSKF00jXKXezRRgd3lTlhIDGM7t1Yoawx99GlmoYTv+FUFBx12qR
Hh5V6IdUU9CXQV7xO3J/vM+3MUXmgvV8Chr1k37v6IVWVrvwOsZSiDrLsrykrfDp
oH/uwu7JRHiqkdGpFXHepcIbHxUheA39u4VHgy41MNCV1HTI5zlldUwYewIDAQAB
o4ICyjCCAsYwHQYDVR0OBBYEFDatx7m3NMsetqyAZUNz539m9ri1MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvTnEzSHViYzB5eDYycklCbFEzUG5mMmIydUxVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHfBggrBgEFBQcBBwEB/wSBzzCBzDCByQQCAAEwgcIDBABQ
TDADBAJSc9ADBAFUFawDBAFUNjADBABVHy0DBABVHy8DBABXeFQDBABXeFcDBABX
ed0DBABc+TIwDAMEAF5nfQMEAF5nfgMEAF6arDAMAwQAstfhAwQCstfgAwQAstfs
AwQAstfvMAwDBAC52EUDBAC52EYDBAC52ogDBAC59t0wDAMEAMEZ2QMEAMEZ2gME
AMEjEwMEAMElKgMEAMEqIAMEAcEvPgMEAMHeYQMEAMHeYwMEAsI34AMEAMK0JDAN
BgkqhkiG9w0BAQsFAAOCAQEABqFoIlnzDhCjsEalnqzemLUHS1VkKKn3gmDDm/ZL
NT7+Hk2yUfmyKepkYtEBs5GGYDscfpjCC5A0ZPZRioZD4FmUQtfPq68N1QmIh8zf
jN0jnIbgoBLUxD5GnjbW0PM7ntXkCcDl0iBa3nfcpTr0Zmnfo3Iq1kDKCab4zCRM
+kNY9Jf1cKh3DcPHdtcTA8iacoZaNJxINMEbTDlx7BNExYC1xqnqHYOlJzfvYWCC
VVqjuv3BtJg1ouapLfZ/JEmie6iTvwqi3GMObLMHOqwZvJKBrOuAvXiP/xcDWJ2L
Q6TTfqtb2eb7iha3eCXXsrM1JUJLmQQPfPtkhnaXLHH+8Q==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:17:05 2024 by rpki-client on console-fra.rpki-client.org