Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/QErqnDdVS1FUPVtuHSQAhFYXewY.roa
File:                     QErqnDdVS1FUPVtuHSQAhFYXewY.roa (raw, json)
Hash identifier:          NQBht41VyfWYUq6fGGCDHsojRw/+SKDPKFRrlWg1C3A=
Subject key identifier:   40:4A:EA:9C:37:55:4B:51:54:3D:5B:6E:1D:24:00:84:56:17:7B:06
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018E62171D93C4107D02986194E8E3423AF2
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/QErqnDdVS1FUPVtuHSQAhFYXewY.roa
Signing time:             Thu 21 Mar 2024 17:37:45 +0000
ROA not before:           Thu 21 Mar 2024 17:37:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207279
IP address blocks:        2.59.253.0/24 maxlen: 24
                          45.84.91.0/24 maxlen: 24
                          45.88.64.0/24 maxlen: 24
                          45.88.91.0/24 maxlen: 24
                          79.110.51.0/24 maxlen: 24
                          83.219.97.0/24 maxlen: 24
                          92.119.198.0/24 maxlen: 24
                          92.249.50.0/24 maxlen: 24
                          94.154.162.0/24 maxlen: 24
                          94.156.75.0/24 maxlen: 24
                          109.206.239.0/24 maxlen: 24
                          178.215.225.0/24 maxlen: 24
                          178.215.227.0/24 maxlen: 24
                          178.215.236.0/24 maxlen: 24
                          185.222.160.0/24 maxlen: 24
                          185.222.161.0/24 maxlen: 24
                          185.222.162.0/24 maxlen: 24
                          185.246.223.0/24 maxlen: 24
                          193.25.217.0/24 maxlen: 24
                          193.37.40.0/24 maxlen: 24
                          193.37.42.0/24 maxlen: 24
                          193.37.44.0/24 maxlen: 24
                          193.222.97.0/24 maxlen: 24
                          193.222.99.0/24 maxlen: 24
                          194.55.187.0/24 maxlen: 24
                          194.55.225.0/24 maxlen: 24
                          194.59.31.0/24 maxlen: 24
                          194.180.38.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:62:17:1d:93:c4:10:7d:02:98:61:94:e8:e3:42:3a:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Mar 21 17:37:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=404aea9c37554b51543d5b6e1d24008456177b06
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:b6:2f:83:5f:10:7a:0b:c9:06:a5:ab:24:3d:
                    6e:e5:b5:63:1d:2a:47:82:a2:51:35:db:6a:33:2a:
                    1a:dc:28:f1:60:0f:f6:07:0c:71:a1:85:52:90:63:
                    28:23:5a:e3:dd:ef:c6:19:fd:ac:f5:9d:85:5d:fa:
                    08:34:b4:27:3d:34:bc:84:4a:80:c4:6b:bd:af:42:
                    8a:0a:32:1b:f6:d9:4d:65:1a:b5:e7:f7:ba:90:c2:
                    e6:ca:b4:82:87:60:ff:3a:3d:c1:bb:b0:17:bb:a2:
                    1f:9c:51:62:52:6d:18:2c:d4:9e:a5:90:23:a8:14:
                    00:b1:61:7f:ce:4c:e3:f8:91:33:8d:8a:66:4e:79:
                    95:d9:5f:77:d1:6c:2e:f9:4d:ce:35:d8:e6:9e:73:
                    6a:f0:c5:50:50:2f:69:f6:e7:fb:b6:0a:47:79:e1:
                    6f:a5:5d:09:ba:30:7b:79:46:26:ea:39:d6:af:0b:
                    df:8a:81:1f:aa:51:94:e3:dd:3c:34:ed:90:0c:88:
                    3d:58:ca:6f:ec:0e:23:37:3e:4b:41:52:00:1e:8c:
                    6d:c4:39:19:08:0a:0a:79:7f:8b:df:9f:80:99:6a:
                    c4:dc:d7:9a:2b:26:fc:3b:00:c7:77:0d:21:b0:3f:
                    38:6c:ec:f6:17:2a:13:bd:cd:d1:c4:10:9b:7d:63:
                    9b:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:4A:EA:9C:37:55:4B:51:54:3D:5B:6E:1D:24:00:84:56:17:7B:06
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/QErqnDdVS1FUPVtuHSQAhFYXewY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.59.253.0/24
                  45.84.91.0/24
                  45.88.64.0/24
                  45.88.91.0/24
                  79.110.51.0/24
                  83.219.97.0/24
                  92.119.198.0/24
                  92.249.50.0/24
                  94.154.162.0/24
                  94.156.75.0/24
                  109.206.239.0/24
                  178.215.225.0/24
                  178.215.227.0/24
                  178.215.236.0/24
                  185.222.160.0-185.222.162.255
                  185.246.223.0/24
                  193.25.217.0/24
                  193.37.40.0/24
                  193.37.42.0/24
                  193.37.44.0/24
                  193.222.97.0/24
                  193.222.99.0/24
                  194.55.187.0/24
                  194.55.225.0/24
                  194.59.31.0/24
                  194.180.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:c8:33:13:d4:6e:a9:17:66:43:6e:2b:1b:61:d2:91:2d:b1:
         fb:24:17:53:c2:3c:65:21:31:2c:c0:fa:54:8a:b5:19:10:88:
         54:fc:5e:f6:8b:56:db:72:83:b6:34:4e:d0:75:df:24:5b:36:
         b1:0a:54:05:b9:e7:2f:cb:8c:6d:e1:e1:f5:b1:ea:c0:a4:93:
         c6:3a:cf:71:a8:04:6d:15:43:bc:da:d9:6b:4c:f9:3f:0a:ff:
         a8:12:ac:6f:37:fb:f6:24:57:c9:b7:51:51:19:b6:b5:78:e1:
         22:20:00:6e:f2:04:8d:0d:37:d0:f1:3a:38:68:2c:c3:c8:2e:
         6b:0d:e3:61:bd:19:67:00:92:5e:0e:85:8e:57:a9:6f:11:23:
         73:60:da:b0:75:2e:4a:82:9e:da:61:a0:e4:97:cf:6a:0a:c7:
         7f:d0:77:a3:7f:c8:f0:82:47:6e:fb:db:24:34:2d:97:d1:c1:
         fa:5d:d4:b3:50:a9:95:59:79:7e:52:fb:76:1e:45:4d:99:55:
         8f:9e:57:8f:a5:cc:ed:e5:36:23:0e:29:76:83:4c:50:d4:f6:
         c9:1c:f8:43:33:42:db:58:c8:ca:c8:94:82:69:70:42:50:c2:
         4a:f5:07:e5:13:9a:d8:7e:96:73:cd:6d:34:34:a4:49:f6:12:
         b8:2b:a5:bc
-----BEGIN CERTIFICATE-----
MIIFoDCCBIigAwIBAgISAY5iFx2TxBB9AphhlOjjQjryMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMzIxMTczNzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDRhZWE5YzM3NTU0YjUxNTQzZDViNmUxZDI0MDA4NDU2MTc3YjA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw7Yvg18QegvJBqWrJD1u5bVjHSpH
gqJRNdtqMyoa3CjxYA/2BwxxoYVSkGMoI1rj3e/GGf2s9Z2FXfoINLQnPTS8hEqA
xGu9r0KKCjIb9tlNZRq15/e6kMLmyrSCh2D/Oj3Bu7AXu6IfnFFiUm0YLNSepZAj
qBQAsWF/zkzj+JEzjYpmTnmV2V930Wwu+U3ONdjmnnNq8MVQUC9p9uf7tgpHeeFv
pV0JujB7eUYm6jnWrwvfioEfqlGU4908NO2QDIg9WMpv7A4jNz5LQVIAHoxtxDkZ
CAoKeX+L35+AmWrE3NeaKyb8OwDHdw0hsD84bOz2FyoTvc3RxBCbfWObuQIDAQAB
o4ICrDCCAqgwHQYDVR0OBBYEFEBK6pw3VUtRVD1bbh0kAIRWF3sGMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvUUVycW5EZFZTMUZVUFZ0dUhTUUFoRllYZXdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHBBggrBgEFBQcBBwEB/wSBsTCBrjCBqwQCAAEwgaQDBAAC
O/0DBAAtVFsDBAAtWEADBAAtWFsDBABPbjMDBABT22EDBABcd8YDBABc+TIDBABe
mqIDBABenEsDBABtzu8DBACy1+EDBACy1+MDBACy1+wwDAMEBbneoAMEALneogME
ALn23wMEAMEZ2QMEAMElKAMEAMElKgMEAMElLAMEAMHeYQMEAMHeYwMEAMI3uwME
AMI34QMEAMI7HwMEAMK0JjANBgkqhkiG9w0BAQsFAAOCAQEAVcgzE9RuqRdmQ24r
G2HSkS2x+yQXU8I8ZSExLMD6VIq1GRCIVPxe9otW23KDtjRO0HXfJFs2sQpUBbnn
L8uMbeHh9bHqwKSTxjrPcagEbRVDvNrZa0z5Pwr/qBKsbzf79iRXybdRURm2tXjh
IiAAbvIEjQ030PE6OGgsw8guaw3jYb0ZZwCSXg6FjlepbxEjc2DasHUuSoKe2mGg
5JfPagrHf9B3o3/I8IJHbvvbJDQtl9HB+l3Us1CplVl5flL7dh5FTZlVj55Xj6XM
7eU2Iw4pdoNMUNT2yRz4QzNC21jIysiUgmlwQlDCSvUH5ROa2H6Wc81tNDSkSfYS
uCulvA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:17:06 2024 by rpki-client on console-fra.rpki-client.org