Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/O1cOssFrN8YYsj1gl-Oltmr3gdw.roa
File:                     O1cOssFrN8YYsj1gl-Oltmr3gdw.roa (raw, json)
Hash identifier:          iI0GSTKlCqExTrDNy3z6+ZbAffEJo4hceQo4Tj66E3I=
Subject key identifier:   3B:57:0E:B2:C1:6B:37:C6:18:B2:3D:60:97:E3:A5:B6:6A:F7:81:DC
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       01851A264BE9EC502135C83BAE0DD41CF276
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/O1cOssFrN8YYsj1gl-Oltmr3gdw.roa
Signing time:             Fri 16 Dec 2022 08:56:35 +0000
ROA not before:           Fri 16 Dec 2022 08:56:35 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     50225
IP address blocks:        194.55.224.0/24 maxlen: 24
                          84.54.50.0/24 maxlen: 24
                          178.215.226.0/24 maxlen: 24
                          194.55.225.0/24 maxlen: 24
                          45.12.252.0/24 maxlen: 24
                          193.47.63.0/24 maxlen: 24
                          193.47.60.0/24 maxlen: 24
                          45.88.64.0/24 maxlen: 24
                          45.88.65.0/24 maxlen: 24
                          194.180.38.0/24 maxlen: 24
                          194.180.39.0/24 maxlen: 24
                          83.219.96.0/24 maxlen: 24
                          94.154.162.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:1a:26:4b:e9:ec:50:21:35:c8:3b:ae:0d:d4:1c:f2:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Dec 16 08:56:35 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=3b570eb2c16b37c618b23d6097e3a5b66af781dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:42:a6:ee:98:58:09:2e:ae:15:b7:3d:26:09:
                    4c:9f:23:27:79:71:06:a7:7e:64:2d:3d:21:46:7a:
                    84:51:37:c5:93:1f:38:d8:8e:07:f2:9b:c0:c6:28:
                    f4:4a:40:71:37:01:8f:81:38:c4:d1:11:d9:51:6b:
                    c8:2b:29:a4:cf:43:51:af:20:91:60:5b:c5:26:43:
                    09:04:c7:9a:de:3a:e8:62:c4:a5:76:41:e2:29:a3:
                    25:7b:69:c3:8b:49:b8:b1:23:a3:30:d2:5f:de:69:
                    0f:ae:b4:2b:4c:d4:b7:2a:ed:f7:df:f9:78:82:f4:
                    b7:c8:2b:48:10:8e:a9:48:b2:f7:b7:aa:37:d0:6b:
                    ef:7e:16:f5:4a:65:0e:7c:36:69:13:6e:1d:bc:cf:
                    80:e4:1f:8e:49:ef:55:da:9e:2a:92:98:97:b7:f4:
                    d1:3c:5d:6d:e0:f6:5c:55:79:6a:42:1c:bf:4f:74:
                    a4:07:c6:82:25:f6:6f:15:1c:69:87:0c:d7:fa:9d:
                    b5:27:68:54:9b:59:15:46:e5:2c:a2:97:ff:0c:94:
                    b0:27:a5:6f:19:02:d6:a7:11:99:bf:0b:03:15:0e:
                    b0:1c:4b:8f:ca:6f:8e:5c:d3:02:25:8a:1c:3a:f2:
                    8c:45:22:3e:f9:00:ef:1f:1d:94:6e:e3:cd:f5:9a:
                    3e:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:57:0E:B2:C1:6B:37:C6:18:B2:3D:60:97:E3:A5:B6:6A:F7:81:DC
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/O1cOssFrN8YYsj1gl-Oltmr3gdw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.12.252.0/24
                  45.88.64.0/23
                  83.219.96.0/24
                  84.54.50.0/24
                  94.154.162.0/24
                  178.215.226.0/24
                  193.47.60.0/24
                  193.47.63.0/24
                  194.55.224.0/23
                  194.180.38.0/23

    Signature Algorithm: sha256WithRSAEncryption
         89:bc:02:75:d6:e1:89:6c:1d:96:32:2a:8d:64:b3:d7:17:7d:
         14:c7:e8:0a:20:52:de:60:44:10:c3:b0:8d:a6:8c:3a:a7:a5:
         f7:e5:e9:13:c0:1a:48:6c:be:7b:68:91:69:6d:e0:bc:e4:58:
         7f:54:d9:b7:eb:b0:80:b1:4e:bd:8b:81:42:ab:94:e8:ee:87:
         9c:dc:7b:41:86:12:8c:79:8c:bc:64:c9:8d:e3:75:36:38:72:
         2e:91:96:67:86:c4:47:b3:d2:66:18:b7:49:6c:5e:c4:20:08:
         1f:29:c0:2e:7c:45:39:a7:a7:b4:30:1c:2b:10:2a:c3:32:cb:
         6a:71:c4:78:5c:a3:b6:a9:f3:fa:ef:f6:24:56:68:b4:ed:1e:
         73:6f:47:17:b6:19:5e:58:9d:52:e7:50:a6:a2:c1:95:98:88:
         2e:90:13:46:3a:66:e1:76:6f:14:94:44:e2:3a:1e:bb:6b:46:
         d2:d6:a1:1c:72:86:e6:f7:b8:27:c7:d4:ba:e6:e5:f6:32:62:
         66:19:cc:30:7b:44:70:24:58:08:8e:49:aa:e1:93:73:30:39:
         26:0e:f8:5c:58:6e:0c:c9:13:b8:9a:00:ab:82:8c:ec:4f:f1:
         e8:78:7a:21:e1:6a:2d:b8:ba:32:8e:b7:db:1a:47:e6:a7:3d:
         8b:92:3d:71
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYUaJkvp7FAhNcg7rg3UHPJ2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjIxMjE2MDg1NjM1WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjU3MGViMmMxNmIzN2M2MThiMjNkNjA5N2UzYTViNjZhZjc4MWRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiEKm7phYCS6uFbc9JglMnyMneXEG
p35kLT0hRnqEUTfFkx842I4H8pvAxij0SkBxNwGPgTjE0RHZUWvIKymkz0NRryCR
YFvFJkMJBMea3jroYsSldkHiKaMle2nDi0m4sSOjMNJf3mkPrrQrTNS3Ku333/l4
gvS3yCtIEI6pSLL3t6o30Gvvfhb1SmUOfDZpE24dvM+A5B+OSe9V2p4qkpiXt/TR
PF1t4PZcVXlqQhy/T3SkB8aCJfZvFRxphwzX+p21J2hUm1kVRuUsopf/DJSwJ6Vv
GQLWpxGZvwsDFQ6wHEuPym+OXNMCJYocOvKMRSI++QDvHx2UbuPN9Zo+dQIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFDtXDrLBazfGGLI9YJfjpbZq94HcMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvTzFjT3NzRnJOOFlZc2oxZ2wtT2x0bXIzZ2R3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQALQz8AwQB
LVhAAwQAU9tgAwQAVDYyAwQAXpqiAwQAstfiAwQAwS88AwQAwS8/AwQBwjfgAwQB
wrQmMA0GCSqGSIb3DQEBCwUAA4IBAQCJvAJ11uGJbB2WMiqNZLPXF30Ux+gKIFLe
YEQQw7CNpow6p6X35ekTwBpIbL57aJFpbeC85Fh/VNm367CAsU69i4FCq5To7oec
3HtBhhKMeYy8ZMmN43U2OHIukZZnhsRHs9JmGLdJbF7EIAgfKcAufEU5p6e0MBwr
ECrDMstqccR4XKO2qfP67/YkVmi07R5zb0cXthleWJ1S51CmosGVmIgukBNGOmbh
dm8UlETiOh67a0bS1qEccobm97gnx9S65uX2MmJmGcwwe0RwJFgIjkmq4ZNzMDkm
DvhcWG4MyRO4mgCrgozsT/HoeHoh4WotuLoyjrfbGkfmpz2Lkj1x
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:31 2024 by rpki-client on console-ams.rpki-client.org