Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/O9VE31fm75UO7HuDlxMhMdlui8g.roa
File:                     O9VE31fm75UO7HuDlxMhMdlui8g.roa (raw, json)
Hash identifier:          BJFn5oJheVqrWD40ICTJN0b5RPXMLm+li9In+9dulVM=
Subject key identifier:   3B:D5:44:DF:57:E6:EF:95:0E:EC:7B:83:97:13:21:31:D9:6E:8B:C8
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018949A585968F9EE9C6BB21CF46A5FDB631
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/O9VE31fm75UO7HuDlxMhMdlui8g.roa
Signing time:             Wed 12 Jul 2023 10:28:51 +0000
ROA not before:           Wed 12 Jul 2023 10:28:51 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     0
IP address blocks:        185.218.84.0/22 maxlen: 24
                          94.156.239.0/24 maxlen: 24
                          194.113.36.0/22 maxlen: 24
                          178.215.236.0/24 maxlen: 24
                          178.215.239.0/24 maxlen: 24
                          171.22.72.0/22 maxlen: 24
                          185.252.176.0/24 maxlen: 24
                          147.78.101.0/24 maxlen: 24
                          147.78.100.0/24 maxlen: 24
                          92.119.196.0/23 maxlen: 24
                          45.95.0.0/22 maxlen: 24
                          185.216.84.0/22 maxlen: 24
                          87.121.45.0/24 maxlen: 24
                          185.218.137.0/24 maxlen: 24
                          194.169.174.0/24 maxlen: 24
                          94.154.163.0/24 maxlen: 24
                          94.154.162.0/23 maxlen: 24
                          94.154.161.0/24 maxlen: 24
                          185.219.126.0/24 maxlen: 24
                          45.151.89.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:49:a5:85:96:8f:9e:e9:c6:bb:21:cf:46:a5:fd:b6:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jul 12 10:28:51 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3bd544df57e6ef950eec7b8397132131d96e8bc8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:92:a9:28:3b:4f:92:24:e6:8b:ff:25:9d:f1:
                    84:db:93:9f:67:b1:cb:13:dd:ab:df:84:bc:81:f4:
                    6e:f1:d2:37:ab:b9:3d:33:6f:2e:88:48:e4:d9:0e:
                    1f:2d:bb:ab:ce:cc:01:a7:8f:23:18:01:82:d4:30:
                    2b:f4:ae:51:a0:b2:2d:9d:9e:f4:a2:bc:b2:a6:c2:
                    28:ff:02:5a:87:7f:9c:95:75:71:9b:32:09:2c:03:
                    57:d2:29:fd:6b:0d:47:a9:27:d5:ad:1d:c5:34:46:
                    0c:45:45:b3:b4:0e:1e:c9:7e:ca:a6:a0:72:18:80:
                    f4:8f:9c:f9:6f:84:f0:6d:7c:0d:a6:d9:b6:f0:8b:
                    c6:59:f7:ed:b8:fe:fe:5d:ac:51:ac:92:1c:a8:f3:
                    14:12:d2:56:cb:b3:84:a1:e0:25:ec:de:83:d5:94:
                    79:84:f1:01:42:b3:7e:29:11:5e:45:2f:e1:81:54:
                    30:bc:55:1f:3f:50:cb:5b:07:40:5e:e2:ae:d2:ca:
                    cf:e8:d8:42:b3:8f:e8:b5:d7:b6:e5:c8:79:da:ed:
                    32:e8:f2:12:33:56:5e:f1:b0:ee:a8:d0:e1:0b:15:
                    16:43:e4:47:5c:c4:97:4f:a6:d0:a8:e5:14:2f:93:
                    8a:50:ed:e4:da:59:49:b6:c7:cf:22:e1:56:16:32:
                    5a:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:D5:44:DF:57:E6:EF:95:0E:EC:7B:83:97:13:21:31:D9:6E:8B:C8
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/O9VE31fm75UO7HuDlxMhMdlui8g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.95.0.0/22
                  45.151.89.0/24
                  87.121.45.0/24
                  92.119.196.0/23
                  94.154.161.0-94.154.163.255
                  94.156.239.0/24
                  147.78.100.0/23
                  171.22.72.0/22
                  178.215.236.0/24
                  178.215.239.0/24
                  185.216.84.0/22
                  185.218.84.0/22
                  185.218.137.0/24
                  185.219.126.0/24
                  185.252.176.0/24
                  194.113.36.0/22
                  194.169.174.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:fe:10:73:a6:05:d6:76:9e:81:dd:62:b7:42:4e:a0:a7:6a:
         d8:9c:1c:33:ab:a2:4b:66:7c:89:50:14:b2:33:22:a1:7c:69:
         a3:25:91:89:2a:4d:a7:1d:c1:c5:f5:a6:77:4a:8f:45:be:cf:
         b8:f6:33:11:8c:83:91:61:66:60:85:3b:da:88:94:62:22:d7:
         e6:34:33:4c:c5:8e:56:dd:0f:45:1f:4e:e0:b4:78:43:cf:d5:
         95:b1:2d:d2:a0:09:75:75:f9:74:1e:cb:3e:12:2c:cb:f1:79:
         46:1e:11:6e:81:a4:59:0f:ac:19:4f:ca:64:ac:5c:2e:23:73:
         14:ff:8e:c6:df:c0:ae:d3:f5:be:98:d9:c5:0f:bd:89:d0:05:
         aa:c5:90:b6:54:d8:af:d0:c2:5d:16:8f:a3:df:12:5f:fc:d3:
         c9:16:88:2b:69:fe:eb:3c:da:91:0f:39:70:b6:00:67:fd:a7:
         8e:6f:fa:b6:16:eb:70:e5:e9:72:ad:91:03:a5:93:5d:ca:70:
         60:ad:23:19:70:a0:af:07:d5:ef:9e:14:88:8c:4a:8f:4a:fc:
         0e:10:7b:7b:1a:76:0a:95:c7:db:bb:cf:ee:3e:bd:71:6b:d4:
         31:10:99:f7:82:09:55:b5:9d:b0:fa:bb:6a:fb:4e:46:32:53:
         e1:e5:5f:40
-----BEGIN CERTIFICATE-----
MIIFZjCCBE6gAwIBAgISAYlJpYWWj57pxrshz0al/bYxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwNzEyMTAyODUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYmQ1NDRkZjU3ZTZlZjk1MGVlYzdiODM5NzEzMjEzMWQ5NmU4YmM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwZKpKDtPkiTmi/8lnfGE25OfZ7HL
E92r34S8gfRu8dI3q7k9M28uiEjk2Q4fLburzswBp48jGAGC1DAr9K5RoLItnZ70
oryypsIo/wJah3+clXVxmzIJLANX0in9aw1HqSfVrR3FNEYMRUWztA4eyX7KpqBy
GID0j5z5b4TwbXwNptm28IvGWfftuP7+XaxRrJIcqPMUEtJWy7OEoeAl7N6D1ZR5
hPEBQrN+KRFeRS/hgVQwvFUfP1DLWwdAXuKu0srP6NhCs4/otde25ch52u0y6PIS
M1Ze8bDuqNDhCxUWQ+RHXMSXT6bQqOUUL5OKUO3k2llJtsfPIuFWFjJasQIDAQAB
o4ICcjCCAm4wHQYDVR0OBBYEFDvVRN9X5u+VDux7g5cTITHZbovIMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvTzlWRTMxZm03NVVPN0h1RGx4TWhNZGx1aThnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGHBggrBgEFBQcBBwEB/wR4MHYwdAQCAAEwbgMEAi1fAAME
AC2XWQMEAFd5LQMEAVx3xDAMAwQAXpqhAwQCXpqgAwQAXpzvAwQBk05kAwQCqxZI
AwQAstfsAwQAstfvAwQCudhUAwQCudpUAwQAudqJAwQAudt+AwQAufywAwQCwnEk
AwQAwqmuMA0GCSqGSIb3DQEBCwUAA4IBAQAQ/hBzpgXWdp6B3WK3Qk6gp2rYnBwz
q6JLZnyJUBSyMyKhfGmjJZGJKk2nHcHF9aZ3So9Fvs+49jMRjIORYWZghTvaiJRi
ItfmNDNMxY5W3Q9FH07gtHhDz9WVsS3SoAl1dfl0Hss+EizL8XlGHhFugaRZD6wZ
T8pkrFwuI3MU/47G38Cu0/W+mNnFD72J0AWqxZC2VNiv0MJdFo+j3xJf/NPJFogr
af7rPNqRDzlwtgBn/aeOb/q2Futw5elyrZEDpZNdynBgrSMZcKCvB9XvnhSIjEqP
SvwOEHt7GnYKlcfbu8/uPr1xa9QxEJn3gglVtZ2w+rtq+05GMlPh5V9A
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:31 2024 by rpki-client on console-ams.rpki-client.org