Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Q40aOkleYAgkZcfHajMyS3e37Qo.roa
File:                     Q40aOkleYAgkZcfHajMyS3e37Qo.roa (raw, json)
Hash identifier:          hmOuHa4YAhZUKZjWQ+CV2kp6Q4n6Enp9mi9Mx1X2tKw=
Subject key identifier:   43:8D:1A:3A:49:5E:60:08:24:65:C7:C7:6A:33:32:4B:77:B7:ED:0A
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       1ECCACA8
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Q40aOkleYAgkZcfHajMyS3e37Qo.roa
Signing time:             Tue 31 May 2022 08:21:13 +0000
ROA not before:           Tue 31 May 2022 08:21:13 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     22653
IP address blocks:        31.169.124.0/24 maxlen: 24
                          31.169.125.0/24 maxlen: 24
                          31.169.127.0/24 maxlen: 24
                          31.169.126.0/24 maxlen: 24
                          194.55.226.0/24 maxlen: 24
                          194.55.225.0/24 maxlen: 24
                          194.55.224.0/24 maxlen: 24
                          194.55.227.0/24 maxlen: 24
                          79.110.60.0/24 maxlen: 24
                          79.110.63.0/24 maxlen: 24
                          79.110.62.0/24 maxlen: 24
                          79.110.61.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 516730024 (0x1eccaca8)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: May 31 08:21:13 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=438d1a3a495e60082465c7c76a33324b77b7ed0a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:d6:e0:ae:af:0b:0f:03:c0:98:72:c2:04:a7:
                    93:96:e8:00:ca:55:cb:b6:63:f8:fa:9d:a0:15:de:
                    fe:6f:64:3d:bf:49:e4:4b:de:81:44:43:d5:0a:7c:
                    8e:44:95:a4:da:09:d5:45:91:76:53:1e:04:0e:a2:
                    c3:96:33:57:54:6e:b6:23:c3:6a:58:93:b2:a2:12:
                    d3:c3:a6:0c:52:83:f5:81:8c:43:1b:50:88:7a:a6:
                    33:8d:34:fb:e3:f2:39:c2:5c:67:f5:62:3b:7d:32:
                    13:07:f1:08:e7:1d:d2:f4:a3:35:b1:c5:ef:0e:2c:
                    6e:d2:70:9f:02:c9:b0:10:32:d3:78:03:51:f2:ad:
                    9b:cd:e1:81:ca:79:fd:b8:f4:fe:be:6d:2f:bc:0b:
                    b7:98:b9:60:b8:59:ac:c7:d4:98:7c:86:f3:ad:a5:
                    df:c1:f6:e0:a0:d4:20:2e:17:88:9b:99:d5:1e:95:
                    db:b0:e2:35:62:40:19:f3:87:7c:b6:e5:8f:d6:d5:
                    a0:0e:c0:a8:97:f5:3c:df:76:43:f3:02:8b:1d:8f:
                    fa:86:3d:c9:98:ec:75:c3:b4:8c:f5:35:72:89:7f:
                    f7:c0:ac:ae:3d:9c:10:f7:d3:4d:97:62:a4:cb:b3:
                    f8:59:81:63:ca:26:65:0c:97:98:6e:5b:c4:5d:fa:
                    92:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:8D:1A:3A:49:5E:60:08:24:65:C7:C7:6A:33:32:4B:77:B7:ED:0A
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Q40aOkleYAgkZcfHajMyS3e37Qo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.169.124.0/22
                  79.110.60.0/22
                  194.55.224.0/22

    Signature Algorithm: sha256WithRSAEncryption
         52:04:e6:bb:55:85:2e:18:d6:6b:09:c6:ce:2c:a2:b4:74:9e:
         ee:f1:87:1e:25:50:f5:78:0c:67:0c:1f:8b:91:04:df:6a:b9:
         da:92:e1:4b:40:7c:3f:01:59:14:44:fd:2b:36:84:a7:43:91:
         58:04:0b:a2:21:55:3e:6e:33:42:a5:d4:d7:4f:42:2e:69:6a:
         9c:52:cc:2b:9e:e2:90:e6:db:89:2d:ec:db:cd:aa:5c:11:28:
         f0:d8:b7:ce:0b:a8:6a:52:b3:79:c6:df:54:2e:37:9d:0e:07:
         b1:96:7b:da:2b:d4:86:04:d3:32:aa:ae:7a:d5:0f:1d:fb:e9:
         f0:26:8f:dd:5e:cb:ab:a5:d4:8e:f4:c8:d4:91:44:0e:00:af:
         48:af:dc:b2:ef:7c:e8:ce:96:e7:a1:3c:b5:42:c1:30:c0:1f:
         88:2c:dc:8c:d2:2f:e0:7b:b8:a4:88:26:d6:0b:cc:fd:d4:67:
         98:8c:e6:ca:8c:bf:1d:65:41:aa:10:dd:22:cf:a2:a1:1f:67:
         49:0d:5e:d3:ef:99:e6:57:dc:ba:91:bf:3c:65:db:69:d6:25:
         38:b6:4f:34:98:7b:14:9c:3b:78:39:2e:df:c1:70:ef:4f:b6:
         ce:b0:b0:87:12:cb:85:78:f3:eb:11:f0:89:40:60:6e:72:06:
         8b:37:51:e3
-----BEGIN CERTIFICATE-----
MIIE+zCCA+OgAwIBAgIEHsysqDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygy
MmM0YWMzZTNjNDNkNzBkMDUzNDljODE1YmFhZGQzOGFkNzc1ZTlkMB4XDTIyMDUz
MTA4MjExM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNDM4ZDFhM2E0OTVl
NjAwODI0NjVjN2M3NmEzMzMyNGI3N2I3ZWQwYTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANTW4K6vCw8DwJhywgSnk5boAMpVy7Zj+PqdoBXe/m9kPb9J
5EvegURD1Qp8jkSVpNoJ1UWRdlMeBA6iw5YzV1RutiPDaliTsqIS08OmDFKD9YGM
QxtQiHqmM400++PyOcJcZ/ViO30yEwfxCOcd0vSjNbHF7w4sbtJwnwLJsBAy03gD
UfKtm83hgcp5/bj0/r5tL7wLt5i5YLhZrMfUmHyG862l38H24KDUIC4XiJuZ1R6V
27DiNWJAGfOHfLblj9bVoA7AqJf1PN92Q/MCix2P+oY9yZjsdcO0jPU1col/98Cs
rj2cEPfTTZdipMuz+FmBY8omZQyXmG5bxF36km0CAwEAAaOCAhUwggIRMB0GA1Ud
DgQWBBRDjRo6SV5gCCRlx8dqMzJLd7ftCjAfBgNVHSMEGDAWgBQixKw+PEPXDQU0
nIFbqt04rXdenTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0lzU3NQanhEMXcwRk5KeUJXNnJkT0sxM1hwMC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMDMvOTEzYTNhLWY1NTAtNDZmMC1hY2M3LWNkM2NhNTk3NTcxMi8x
L1E0MGFPa2xlWUFna1pjZkhhak15UzNlMzdRby5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDMv
OTEzYTNhLWY1NTAtNDZmMC1hY2M3LWNkM2NhNTk3NTcxMi8xL0lzU3NQanhEMXcw
Rk5KeUJXNnJkT0sxM1hwMC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAr
BggrBgEFBQcBBwEB/wQcMBowGAQCAAEwEgMEAh+pfAMEAk9uPAMEAsI34DANBgkq
hkiG9w0BAQsFAAOCAQEAUgTmu1WFLhjWawnGziyitHSe7vGHHiVQ9XgMZwwfi5EE
32q52pLhS0B8PwFZFET9KzaEp0ORWAQLoiFVPm4zQqXU109CLmlqnFLMK57ikObb
iS3s282qXBEo8Ni3zguoalKzecbfVC43nQ4HsZZ72ivUhgTTMqquetUPHfvp8CaP
3V7Lq6XUjvTI1JFEDgCvSK/csu986M6W56E8tULBMMAfiCzcjNIv4Hu4pIgm1gvM
/dRnmIzmyoy/HWVBqhDdIs+ioR9nSQ1e0++Z5lfcupG/PGXbadYlOLZPNJh7FJw7
eDku38Fw70+2zrCwhxLLhXjz6xHwiUBgbnIGizdR4w==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:17:06 2024 by rpki-client on console-fra.rpki-client.org