Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/QjYY1bsKEdyIE-sd619LPIS2Q-s.roa
File:                     QjYY1bsKEdyIE-sd619LPIS2Q-s.roa (raw, json)
Hash identifier:          6QHAjOWaUXdlG/Yfis7IXamzM07gP9Gh9nrEAmk3Asc=
Subject key identifier:   42:36:18:D5:BB:0A:11:DC:88:13:EB:1D:EB:5F:4B:3C:84:B6:43:EB
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       01883C13688382736ACADB5881A7BD7B2B80
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/QjYY1bsKEdyIE-sd619LPIS2Q-s.roa
Signing time:             Sun 21 May 2023 02:11:24 +0000
ROA not before:           Sun 21 May 2023 02:11:24 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     34224
IP address blocks:        212.73.131.0/24 maxlen: 24
                          212.73.128.0/23 maxlen: 24
                          212.73.132.0/24 maxlen: 24
                          212.73.130.0/23 maxlen: 24
                          212.73.136.0/24 maxlen: 24
                          87.120.176.0/24 maxlen: 24
                          212.73.133.0/24 maxlen: 24
                          212.73.138.0/23 maxlen: 24
                          212.73.138.0/24 maxlen: 24
                          212.73.134.0/24 maxlen: 24
                          212.73.143.0/24 maxlen: 24
                          212.73.140.0/24 maxlen: 24
                          212.73.144.0/24 maxlen: 24
                          212.73.141.0/24 maxlen: 24
                          212.73.145.0/24 maxlen: 24
                          212.73.142.0/24 maxlen: 24
                          212.73.147.0/24 maxlen: 24
                          212.73.148.0/24 maxlen: 24
                          212.73.146.0/24 maxlen: 24
                          212.73.155.0/24 maxlen: 24
                          212.73.157.0/24 maxlen: 24
                          87.120.195.0/24 maxlen: 24
                          87.120.199.0/24 maxlen: 24
                          87.120.206.0/24 maxlen: 24
                          87.120.206.0/23 maxlen: 24
                          87.120.201.0/24 maxlen: 24
                          87.120.200.0/24 maxlen: 24
                          87.120.207.0/24 maxlen: 24
                          87.120.109.0/24 maxlen: 24
                          87.120.128.0/23 maxlen: 24
                          87.120.132.0/24 maxlen: 24
                          87.120.134.0/24 maxlen: 24
                          87.120.133.0/24 maxlen: 24
                          87.120.135.0/24 maxlen: 24
                          37.60.138.0/24 maxlen: 24
                          87.121.42.0/24 maxlen: 24
                          37.60.139.0/24 maxlen: 24
                          92.249.49.0/24 maxlen: 24
                          87.121.52.0/24 maxlen: 24
                          87.121.64.0/24 maxlen: 24
                          87.120.217.0/24 maxlen: 24
                          87.120.223.0/24 maxlen: 24
                          87.120.36.100/32 maxlen: 32
                          87.120.253.0/24 maxlen: 24
                          87.120.255.0/24 maxlen: 24
                          87.121.0.0/23 maxlen: 24
                          87.121.0.0/24 maxlen: 24
                          87.121.1.0/24 maxlen: 24
                          87.121.2.0/24 maxlen: 24
                          87.120.254.0/24 maxlen: 24
                          87.121.6.0/23 maxlen: 24
                          91.92.219.0/24 maxlen: 24
                          91.92.230.0/24 maxlen: 24
                          91.92.198.0/23 maxlen: 24
                          91.92.197.0/24 maxlen: 24
                          87.120.61.0/24 maxlen: 24
                          87.120.104.0/24 maxlen: 24
                          87.120.6.0/23 maxlen: 24
                          87.120.6.0/24 maxlen: 24
                          87.120.8.0/24 maxlen: 24
                          87.120.13.0/24 maxlen: 24
                          87.120.37.0/24 maxlen: 24
                          87.120.43.0/24 maxlen: 24
                          87.120.39.0/24 maxlen: 24
                          91.92.0.0/24 maxlen: 24
                          91.92.2.0/24 maxlen: 24
                          91.92.1.0/24 maxlen: 24
                          91.92.109.0/24 maxlen: 24
                          91.92.139.0/24 maxlen: 24
                          91.92.69.0/24 maxlen: 24
                          91.92.65.0/24 maxlen: 24
                          91.92.66.0/24 maxlen: 24
                          91.92.68.0/24 maxlen: 24
                          91.92.105.0/24 maxlen: 24
                          94.156.216.0/21 maxlen: 24
                          94.156.233.0/24 maxlen: 24
                          94.156.227.0/24 maxlen: 24
                          94.156.232.0/22 maxlen: 22
                          94.156.232.0/24 maxlen: 24
                          93.123.64.0/24 maxlen: 24
                          94.156.249.0/24 maxlen: 24
                          94.156.251.0/24 maxlen: 24
                          94.156.252.0/24 maxlen: 24
                          94.156.172.0/23 maxlen: 24
                          93.123.8.0/24 maxlen: 24
                          94.156.185.0/24 maxlen: 24
                          94.156.188.0/24 maxlen: 24
                          94.156.190.0/24 maxlen: 24
                          93.123.12.0/24 maxlen: 24
                          93.123.18.0/24 maxlen: 24
                          93.123.28.0/23 maxlen: 24
                          93.123.37.0/24 maxlen: 24
                          93.123.36.0/24 maxlen: 24
                          93.123.32.0/22 maxlen: 24
                          94.156.15.0/24 maxlen: 24
                          94.156.12.0/24 maxlen: 24
                          94.156.44.0/24 maxlen: 24
                          94.156.42.0/24 maxlen: 24
                          94.156.106.0/24 maxlen: 24
                          94.156.130.0/24 maxlen: 24
                          94.156.129.0/24 maxlen: 24
                          94.156.159.0/24 maxlen: 24
                          94.156.158.0/24 maxlen: 24
                          94.156.153.0/24 maxlen: 24
                          94.156.77.0/24 maxlen: 24
                          94.156.98.0/24 maxlen: 24
                          94.156.94.0/24 maxlen: 24
                          94.156.100.0/24 maxlen: 24
                          31.13.195.0/24 maxlen: 24
                          31.13.197.0/24 maxlen: 24
                          87.121.150.0/23 maxlen: 24
                          31.13.217.0/24 maxlen: 24
                          87.121.161.0/24 maxlen: 24
                          31.13.216.0/21 maxlen: 24
                          31.13.223.0/24 maxlen: 24
                          31.13.221.0/24 maxlen: 24
                          87.121.79.0/24 maxlen: 24
                          87.121.83.0/24 maxlen: 24
                          87.121.82.0/24 maxlen: 24
                          87.121.90.0/23 maxlen: 24
                          87.121.112.0/24 maxlen: 24
                          87.121.111.0/24 maxlen: 24
                          87.121.118.0/24 maxlen: 24
                          87.121.113.0/24 maxlen: 24
                          31.13.230.0/23 maxlen: 24
                          31.13.236.0/22 maxlen: 24
                          31.13.245.0/24 maxlen: 24
                          31.13.241.0/24 maxlen: 24
                          2a00:1728:35::/48 maxlen: 48
                          2a00:1728:27::/48 maxlen: 48
                          2a00:1728:21::/48 maxlen: 48
                          2a00:1728:0:d::/64 maxlen: 64
                          2a00:1728:1b::/48 maxlen: 48
                          2a00:1728:34::/48 maxlen: 48
                          2a00:1728:23::/48 maxlen: 48
                          2a00:1728:31::/48 maxlen: 48
                          2a00:1728:25::/48 maxlen: 48
                          2a00:1728:3::/48 maxlen: 48
                          2a00:1728:1f::/48 maxlen: 48
                          2a00:1728::/32 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:3c:13:68:83:82:73:6a:ca:db:58:81:a7:bd:7b:2b:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: May 21 02:11:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=423618d5bb0a11dc8813eb1deb5f4b3c84b643eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:28:71:20:06:65:3c:7d:b8:38:b2:3d:37:0a:
                    35:be:87:17:aa:d8:af:b2:d4:2d:ce:c5:bb:dc:d8:
                    f5:d5:63:16:ed:e5:08:b7:bd:f0:a8:96:bd:69:1b:
                    c4:a4:7d:0c:02:2e:20:43:0f:3f:3f:64:38:65:24:
                    86:42:8d:ff:32:e4:c9:ad:7e:d0:41:c4:2c:eb:1b:
                    48:4b:41:7e:fa:7d:14:25:99:3d:c7:d9:2f:bd:b5:
                    ec:27:b2:e9:61:4a:e2:5a:8b:9e:b4:f5:a3:cb:65:
                    21:00:3b:2c:52:a1:79:90:54:cd:d3:66:f9:50:5a:
                    e1:1c:f3:46:f7:b7:fb:9a:2a:8f:60:91:d1:26:ce:
                    46:d7:ea:a4:e6:56:ce:f5:f6:ca:5e:f3:ca:db:ed:
                    79:d6:ca:98:a4:cc:f9:1c:70:d8:4c:90:0c:42:42:
                    1b:50:21:ca:3f:32:a7:35:d7:32:78:36:8f:cf:14:
                    c2:d1:d8:71:37:0d:17:1e:94:f0:9a:35:af:5d:f9:
                    e6:13:a6:96:d5:32:59:e4:a4:47:63:2c:bc:61:a7:
                    73:d9:a8:f3:de:7a:12:bc:b6:4b:35:94:74:5d:8e:
                    9f:a0:0a:4d:c9:bc:32:df:8c:72:cc:bf:c5:bc:83:
                    ea:92:67:97:4d:6b:be:1d:6c:8a:33:73:64:22:3a:
                    e6:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:36:18:D5:BB:0A:11:DC:88:13:EB:1D:EB:5F:4B:3C:84:B6:43:EB
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/QjYY1bsKEdyIE-sd619LPIS2Q-s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.13.195.0/24
                  31.13.197.0/24
                  31.13.216.0/21
                  31.13.230.0/23
                  31.13.236.0/22
                  31.13.241.0/24
                  31.13.245.0/24
                  37.60.138.0/23
                  87.120.6.0-87.120.8.255
                  87.120.13.0/24
                  87.120.36.100/32
                  87.120.37.0/24
                  87.120.39.0/24
                  87.120.43.0/24
                  87.120.61.0/24
                  87.120.104.0/24
                  87.120.109.0/24
                  87.120.128.0/23
                  87.120.132.0/22
                  87.120.176.0/24
                  87.120.195.0/24
                  87.120.199.0-87.120.201.255
                  87.120.206.0/23
                  87.120.217.0/24
                  87.120.223.0/24
                  87.120.253.0-87.121.2.255
                  87.121.6.0/23
                  87.121.42.0/24
                  87.121.52.0/24
                  87.121.64.0/24
                  87.121.79.0/24
                  87.121.82.0/23
                  87.121.90.0/23
                  87.121.111.0-87.121.113.255
                  87.121.118.0/24
                  87.121.150.0/23
                  87.121.161.0/24
                  91.92.0.0-91.92.2.255
                  91.92.65.0-91.92.66.255
                  91.92.68.0/23
                  91.92.105.0/24
                  91.92.109.0/24
                  91.92.139.0/24
                  91.92.197.0-91.92.199.255
                  91.92.219.0/24
                  91.92.230.0/24
                  92.249.49.0/24
                  93.123.8.0/24
                  93.123.12.0/24
                  93.123.18.0/24
                  93.123.28.0/23
                  93.123.32.0-93.123.37.255
                  93.123.64.0/24
                  94.156.12.0/24
                  94.156.15.0/24
                  94.156.42.0/24
                  94.156.44.0/24
                  94.156.77.0/24
                  94.156.94.0/24
                  94.156.98.0/24
                  94.156.100.0/24
                  94.156.106.0/24
                  94.156.129.0-94.156.130.255
                  94.156.153.0/24
                  94.156.158.0/23
                  94.156.172.0/23
                  94.156.185.0/24
                  94.156.188.0/24
                  94.156.190.0/24
                  94.156.216.0/21
                  94.156.227.0/24
                  94.156.232.0/22
                  94.156.249.0/24
                  94.156.251.0-94.156.252.255
                  212.73.128.0-212.73.134.255
                  212.73.136.0/24
                  212.73.138.0-212.73.148.255
                  212.73.155.0/24
                  212.73.157.0/24
                IPv6:
                  2a00:1728::/32

    Signature Algorithm: sha256WithRSAEncryption
         4e:bd:fb:8f:d9:4c:c5:6f:22:4b:a7:eb:46:59:bb:b7:8c:82:
         64:5e:80:c5:c2:88:c1:4f:ad:9d:f3:70:1a:63:f7:97:50:bb:
         16:8d:67:7b:d8:94:02:a0:c8:a5:b6:83:f6:14:4d:70:89:f8:
         39:9e:4b:8d:82:59:d5:32:ca:e6:f8:df:2a:00:d0:21:20:92:
         fc:87:74:98:0e:44:c8:95:a2:4e:fa:1b:15:bf:b7:e1:63:3a:
         1f:12:0c:95:1b:9d:a0:1f:70:33:a4:20:78:9d:d3:e2:65:20:
         e9:ad:3f:ef:0d:35:95:78:32:2c:1c:57:90:7c:a7:02:b9:3e:
         1d:f2:dc:13:c0:5d:4a:fe:55:c5:9a:ce:c7:bf:f6:9d:2b:31:
         4a:a0:ba:85:72:06:48:1d:62:29:ec:3f:3a:48:82:6e:0c:f2:
         c8:7c:7d:25:4c:e3:19:04:b3:8a:a0:dd:1e:9a:03:d3:bc:0c:
         a4:f0:1e:3c:ff:d1:d3:b7:2e:fc:cf:78:20:da:f3:c5:e1:7e:
         c8:57:28:c0:c8:02:ae:94:fc:58:0b:cb:e4:2e:b7:38:9e:07:
         26:06:6a:79:7b:3f:2a:fe:de:0b:60:1e:1f:79:2b:4a:88:a3:
         f8:82:a3:30:8b:e8:ab:d6:c8:1f:f7:24:73:4b:d0:c6:fc:3a:
         eb:43:d4:30
-----BEGIN CERTIFICATE-----
MIIHSjCCBjKgAwIBAgISAYg8E2iDgnNqyttYgae9eyuAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwNTIxMDIxMTI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjM2MThkNWJiMGExMWRjODgxM2ViMWRlYjVmNGIzYzg0YjY0M2ViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7ihxIAZlPH24OLI9Nwo1vocXqtiv
stQtzsW73Nj11WMW7eUIt73wqJa9aRvEpH0MAi4gQw8/P2Q4ZSSGQo3/MuTJrX7Q
QcQs6xtIS0F++n0UJZk9x9kvvbXsJ7LpYUriWouetPWjy2UhADssUqF5kFTN02b5
UFrhHPNG97f7miqPYJHRJs5G1+qk5lbO9fbKXvPK2+151sqYpMz5HHDYTJAMQkIb
UCHKPzKnNdcyeDaPzxTC0dhxNw0XHpTwmjWvXfnmE6aW1TJZ5KRHYyy8Yadz2ajz
3noSvLZLNZR0XY6foApNybwy34xyzL/FvIPqkmeXTWu+HWyKM3NkIjrmhwIDAQAB
o4IEVjCCBFIwHQYDVR0OBBYEFEI2GNW7ChHciBPrHetfSzyEtkPrMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvUWpZWTFic0tFZHlJRS1zZDYxOUxQSVMyUS1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIICagYIKwYBBQUHAQcBAf8EggJZMIICVTCCAkIEAgABMIIC
OgMEAB8NwwMEAB8NxQMEAx8N2AMEAR8N5gMEAh8N7AMEAB8N8QMEAB8N9QMEASU8
ijAMAwQBV3gGAwQAV3gIAwQAV3gNAwUAV3gkZAMEAFd4JQMEAFd4JwMEAFd4KwME
AFd4PQMEAFd4aAMEAFd4bQMEAVd4gAMEAld4hAMEAFd4sAMEAFd4wzAMAwQAV3jH
AwQBV3jIAwQBV3jOAwQAV3jZAwQAV3jfMAwDBABXeP0DBABXeQIDBAFXeQYDBABX
eSoDBABXeTQDBABXeUADBABXeU8DBAFXeVIDBAFXeVowDAMEAFd5bwMEAVd5cAME
AFd5dgMEAVd5lgMEAFd5oTALAwMCW1wDBABbXAIwDAMEAFtcQQMEAFtcQgMEAVtc
RAMEAFtcaQMEAFtcbQMEAFtcizAMAwQAW1zFAwQDW1zAAwQAW1zbAwQAW1zmAwQA
XPkxAwQAXXsIAwQAXXsMAwQAXXsSAwQBXXscMAwDBAVdeyADBAFdeyQDBABde0AD
BABenAwDBABenA8DBABenCoDBABenCwDBABenE0DBABenF4DBABenGIDBABenGQD
BABenGowDAMEAF6cgQMEAF6cggMEAF6cmQMEAV6cngMEAV6crAMEAF6cuQMEAF6c
vAMEAF6cvgMEA16c2AMEAF6c4wMEAl6c6AMEAF6c+TAMAwQAXpz7AwQAXpz8MAwD
BAfUSYADBADUSYYDBADUSYgwDAMEAdRJigMEANRJlAMEANRJmwMEANRJnTANBAIA
AjAHAwUAKgAXKDANBgkqhkiG9w0BAQsFAAOCAQEATr37j9lMxW8iS6frRlm7t4yC
ZF6AxcKIwU+tnfNwGmP3l1C7Fo1ne9iUAqDIpbaD9hRNcIn4OZ5LjYJZ1TLK5vjf
KgDQISCS/Id0mA5EyJWiTvobFb+34WM6HxIMlRudoB9wM6QgeJ3T4mUg6a0/7w01
lXgyLBxXkHynArk+HfLcE8BdSv5VxZrOx7/2nSsxSqC6hXIGSB1iKew/OkiCbgzy
yHx9JUzjGQSziqDdHpoD07wMpPAePP/R07cu/M94INrzxeF+yFcowMgCrpT8WAvL
5C63OJ4HJgZqeXs/Kv7eC2AeH3krSoij+IKjMIvoq9bIH/ckc0vQxvw660PUMA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:17:07 2024 by rpki-client on console-fra.rpki-client.org