Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/RwvdCRLrtSePvIWr3csRTpj0Hk0.roa
File:                     RwvdCRLrtSePvIWr3csRTpj0Hk0.roa (raw, json)
Hash identifier:          5p9oIZ6coMVV3AF9MVL03eStyMYjIDbjTtnQSCoS34k=
Subject key identifier:   47:0B:DD:09:12:EB:B5:27:8F:BC:85:AB:DD:CB:11:4E:98:F4:1E:4D
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       01878023C935DCB43CB4EE2874B171382D13
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/RwvdCRLrtSePvIWr3csRTpj0Hk0.roa
Signing time:             Fri 14 Apr 2023 14:20:41 +0000
ROA not before:           Fri 14 Apr 2023 14:20:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     207459
IP address blocks:        185.221.67.0/24 maxlen: 24
                          91.92.24.0/24 maxlen: 24
                          91.92.24.0/23 maxlen: 23
                          91.92.25.0/24 maxlen: 24
                          194.180.50.0/24 maxlen: 24
                          193.149.29.0/24 maxlen: 24
                          193.149.30.0/24 maxlen: 24
                          193.149.28.0/22 maxlen: 22
                          193.149.31.0/24 maxlen: 24
                          193.149.28.0/24 maxlen: 24
                          171.22.19.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:80:23:c9:35:dc:b4:3c:b4:ee:28:74:b1:71:38:2d:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Apr 14 14:20:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=470bdd0912ebb5278fbc85abddcb114e98f41e4d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:d3:69:ef:bb:d4:b5:72:84:01:8b:f9:48:24:
                    b9:0f:b7:2f:50:82:1d:66:2c:fb:0e:d7:00:10:26:
                    36:2d:28:ea:bb:b2:40:41:bd:61:d1:b7:7a:30:3d:
                    48:9c:c5:95:3c:bb:52:2a:ea:70:91:e7:25:9d:20:
                    84:ea:a7:16:b0:3e:96:34:6c:1b:8f:01:fd:50:fb:
                    88:5c:28:c9:eb:af:eb:12:77:05:bf:80:56:32:b6:
                    69:bf:c2:15:76:fa:3f:29:03:5f:f2:4e:93:77:50:
                    a9:03:6d:da:66:c0:bc:dd:eb:24:3b:55:c0:56:c6:
                    e2:58:93:b7:26:c5:79:2b:1c:14:87:87:67:ad:a2:
                    b9:82:51:0d:84:f1:65:de:21:c9:a3:65:e7:db:22:
                    0e:b8:72:15:9a:b2:2e:ad:f5:6a:b7:62:0d:86:da:
                    81:a2:d2:44:e6:de:29:37:c9:ec:29:a8:42:f4:2c:
                    b2:56:1d:02:e2:d0:14:19:1f:b0:21:c4:f8:83:5b:
                    8b:6a:ec:f9:b9:68:10:b7:6e:1a:32:30:45:bc:aa:
                    92:99:ca:88:bd:ec:66:a7:8a:93:45:90:e7:2e:eb:
                    c5:d5:31:2e:d2:20:44:e1:19:0d:9d:cd:c4:f3:bd:
                    79:c4:bd:7a:79:f7:59:8b:84:5e:87:60:60:e5:02:
                    80:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:0B:DD:09:12:EB:B5:27:8F:BC:85:AB:DD:CB:11:4E:98:F4:1E:4D
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/RwvdCRLrtSePvIWr3csRTpj0Hk0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.92.24.0/23
                  171.22.19.0/24
                  185.221.67.0/24
                  193.149.28.0/22
                  194.180.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:02:b5:27:43:90:eb:59:70:0d:d4:c2:ba:98:56:5f:37:d9:
         97:69:58:0f:c9:2d:7e:f1:b7:6b:0b:bc:c3:12:1b:21:2e:2b:
         65:32:74:25:f9:81:03:b9:5e:91:24:e8:d1:41:ec:da:6f:db:
         ea:19:11:61:7a:b6:b2:7f:f9:7f:54:1a:6f:3f:59:58:e3:29:
         28:f9:92:72:77:45:06:d4:61:18:65:82:bb:e0:fb:d9:1a:00:
         7f:2f:8c:4f:d5:86:68:a4:8a:f5:90:fc:df:2d:9d:5a:1b:54:
         09:7f:7d:2d:2c:41:41:2c:d9:36:64:68:49:40:f3:b3:94:36:
         ec:8c:f7:a0:b1:2a:2e:2c:71:27:64:a3:ef:84:42:c4:ad:0e:
         95:a8:2c:13:c7:7c:7b:f7:6f:b3:cf:3d:a2:03:cd:27:37:dd:
         55:67:b6:b4:48:3c:de:57:02:33:13:74:75:0e:d1:ae:3a:c6:
         64:df:b2:29:44:93:f3:42:10:32:f8:98:25:e7:af:8e:c2:1d:
         07:50:e9:c2:01:84:5b:61:42:b4:4e:b6:38:ea:d2:e6:f4:b3:
         48:42:48:cc:55:b2:e2:68:89:7a:5e:64:a8:f2:03:bb:3a:4c:
         5f:95:6c:b4:f5:ec:28:b8:c9:8c:99:e0:f2:12:78:d4:2b:fa:
         fa:27:17:ac
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYeAI8k13LQ8tO4odLFxOC0TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwNDE0MTQyMDQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzBiZGQwOTEyZWJiNTI3OGZiYzg1YWJkZGNiMTE0ZTk4ZjQxZTRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAidNp77vUtXKEAYv5SCS5D7cvUIId
Ziz7DtcAECY2LSjqu7JAQb1h0bd6MD1InMWVPLtSKupwkeclnSCE6qcWsD6WNGwb
jwH9UPuIXCjJ66/rEncFv4BWMrZpv8IVdvo/KQNf8k6Td1CpA23aZsC83eskO1XA
VsbiWJO3JsV5KxwUh4dnraK5glENhPFl3iHJo2Xn2yIOuHIVmrIurfVqt2INhtqB
otJE5t4pN8nsKahC9CyyVh0C4tAUGR+wIcT4g1uLauz5uWgQt24aMjBFvKqSmcqI
vexmp4qTRZDnLuvF1TEu0iBE4RkNnc3E8715xL16efdZi4Reh2Bg5QKAbwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFEcL3QkS67Unj7yFq93LEU6Y9B5NMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvUnd2ZENSTHJ0U2VQdklXcjNjc1JUcGowSGswLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQBW1wYAwQA
qxYTAwQAud1DAwQCwZUcAwQAwrQyMA0GCSqGSIb3DQEBCwUAA4IBAQCfArUnQ5Dr
WXAN1MK6mFZfN9mXaVgPyS1+8bdrC7zDEhshLitlMnQl+YEDuV6RJOjRQezab9vq
GRFherayf/l/VBpvP1lY4yko+ZJyd0UG1GEYZYK74PvZGgB/L4xP1YZopIr1kPzf
LZ1aG1QJf30tLEFBLNk2ZGhJQPOzlDbsjPegsSouLHEnZKPvhELErQ6VqCwTx3x7
92+zzz2iA80nN91VZ7a0SDzeVwIzE3R1DtGuOsZk37IpRJPzQhAy+Jgl56+Owh0H
UOnCAYRbYUK0TrY46tLm9LNIQkjMVbLiaIl6XmSo8gO7OkxflWy09ewouMmMmeDy
EnjUK/r6Jxes
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:17:07 2024 by rpki-client on console-fra.rpki-client.org