Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/SnInuex2V-8yB6cVTppp6tyNhfQ.roa
File:                     SnInuex2V-8yB6cVTppp6tyNhfQ.roa (raw, json)
Hash identifier:          9UWAHU+TQteJZrGYKBuGudkn/rMm3WYtOiluEawu+Bc=
Subject key identifier:   4A:72:27:B9:EC:76:57:EF:32:07:A7:15:4E:9A:69:EA:DC:8D:85:F4
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018A6552030223CF69F672A52361A22FEC83
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/SnInuex2V-8yB6cVTppp6tyNhfQ.roa
Signing time:             Tue 05 Sep 2023 12:29:48 +0000
ROA not before:           Tue 05 Sep 2023 12:29:48 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     50225
IP address blocks:        85.217.145.0/24 maxlen: 24
                          185.222.163.0/24 maxlen: 24
                          178.215.237.0/24 maxlen: 24
                          93.123.85.0/24 maxlen: 24
                          80.76.50.0/24 maxlen: 24
                          193.42.34.0/24 maxlen: 24
                          94.156.176.0/24 maxlen: 24
                          193.47.63.0/24 maxlen: 24
                          194.48.249.0/24 maxlen: 24
                          45.84.90.0/24 maxlen: 24
                          194.48.251.0/24 maxlen: 24
                          85.209.132.0/24 maxlen: 24
                          79.110.50.0/24 maxlen: 24
                          176.125.252.0/24 maxlen: 24
                          37.139.131.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:65:52:03:02:23:cf:69:f6:72:a5:23:61:a2:2f:ec:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Sep  5 12:29:48 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=4a7227b9ec7657ef3207a7154e9a69eadc8d85f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:7c:6c:7b:e0:d5:68:b0:9a:1e:b3:98:da:fb:
                    28:54:54:35:c3:f5:fe:7a:6c:6e:1b:94:a9:95:3b:
                    a7:3e:1a:17:56:b6:24:94:c6:3a:75:13:96:8b:a3:
                    36:08:eb:6d:94:3c:af:47:4b:d6:9b:13:7b:06:7e:
                    25:20:a9:37:d2:40:07:ab:ef:94:f0:bf:0e:3d:f8:
                    72:04:40:7f:9f:3d:aa:f3:ae:08:df:08:d3:cb:62:
                    37:98:1d:b0:15:d2:a4:42:64:24:1c:ca:7b:a9:47:
                    2d:ff:d4:9a:37:34:7f:86:bc:b7:69:6c:11:42:22:
                    dc:8f:54:de:e3:86:f3:5b:7d:f4:8c:47:6a:78:02:
                    f9:2f:47:e8:5b:8a:3c:91:58:2a:ac:9d:16:6c:6a:
                    76:b6:18:f3:9d:ef:fb:82:c2:82:74:43:6e:4b:77:
                    a2:4f:c6:c3:e4:51:7c:e6:82:4b:76:0e:b8:8b:7c:
                    d8:9c:64:16:b6:00:e2:06:6b:64:11:5f:09:b3:bc:
                    6f:d8:58:ee:fb:bb:4a:e5:ad:24:da:6d:9d:eb:94:
                    0a:e0:cf:5c:c0:d2:25:ab:fd:16:32:42:82:f5:78:
                    bc:82:78:15:40:2e:e4:32:f5:78:00:1e:21:95:46:
                    4b:d1:13:ec:9a:cd:b4:ba:56:f7:06:00:cb:d4:79:
                    c0:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:72:27:B9:EC:76:57:EF:32:07:A7:15:4E:9A:69:EA:DC:8D:85:F4
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/SnInuex2V-8yB6cVTppp6tyNhfQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.139.131.0/24
                  45.84.90.0/24
                  79.110.50.0/24
                  80.76.50.0/24
                  85.209.132.0/24
                  85.217.145.0/24
                  93.123.85.0/24
                  94.156.176.0/24
                  176.125.252.0/24
                  178.215.237.0/24
                  185.222.163.0/24
                  193.42.34.0/24
                  193.47.63.0/24
                  194.48.249.0/24
                  194.48.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:b3:ce:4b:5b:a8:9b:70:3d:75:3a:be:ac:41:af:a5:69:bc:
         5b:10:30:82:c6:92:89:1a:2a:e8:6b:03:11:db:7e:fc:b7:dd:
         d4:b8:a6:e1:0e:11:83:5b:80:cf:20:86:d8:46:19:ca:e7:19:
         f7:2d:be:3c:d8:3b:c1:e7:ee:c5:53:1b:cb:05:f2:52:14:d5:
         37:f8:e1:1d:75:69:d0:f1:65:12:df:d4:4e:99:36:8b:e4:23:
         f9:27:44:e1:31:09:1a:ed:b4:ae:63:56:dd:3f:f5:6d:7b:6f:
         4f:24:34:71:4e:ca:08:a0:7d:39:67:75:f3:b8:04:27:63:ef:
         22:ee:2a:51:e4:4d:39:29:9e:89:70:49:81:7f:9e:0e:0a:ec:
         c3:4f:98:5b:b0:b1:e5:3b:ba:61:04:a2:25:9f:33:53:25:1d:
         96:a5:62:2d:33:7b:4d:fe:fe:75:28:cd:2f:eb:2e:de:e3:9d:
         f5:e2:dd:a0:9b:fd:b5:c0:4c:6c:68:f0:ea:59:99:81:53:1f:
         be:f1:f4:76:0f:a6:5a:70:18:fe:aa:a4:f1:4e:cb:67:fa:fb:
         0b:22:62:94:ae:6d:2d:a5:3b:ee:d7:60:cf:ba:55:de:18:a5:
         b9:64:17:f5:aa:d9:f2:a8:69:8c:8d:b6:4c:09:48:02:9f:b8:
         0c:45:5a:e7
-----BEGIN CERTIFICATE-----
MIIFUTCCBDmgAwIBAgISAYplUgMCI89p9nKlI2GiL+yDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwOTA1MTIyOTQ4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTcyMjdiOWVjNzY1N2VmMzIwN2E3MTU0ZTlhNjllYWRjOGQ4NWY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyXxse+DVaLCaHrOY2vsoVFQ1w/X+
emxuG5SplTunPhoXVrYklMY6dROWi6M2COttlDyvR0vWmxN7Bn4lIKk30kAHq++U
8L8OPfhyBEB/nz2q864I3wjTy2I3mB2wFdKkQmQkHMp7qUct/9SaNzR/hry3aWwR
QiLcj1Te44bzW330jEdqeAL5L0foW4o8kVgqrJ0WbGp2thjzne/7gsKCdENuS3ei
T8bD5FF85oJLdg64i3zYnGQWtgDiBmtkEV8Js7xv2Fju+7tK5a0k2m2d65QK4M9c
wNIlq/0WMkKC9Xi8gngVQC7kMvV4AB4hlUZL0RPsms20ulb3BgDL1HnAIwIDAQAB
o4ICXTCCAlkwHQYDVR0OBBYEFEpyJ7nsdlfvMgenFU6aaercjYX0MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvU25JbnVleDJWLTh5QjZjVlRwcHA2dHlOaGZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHMGCCsGAQUFBwEHAQH/BGQwYjBgBAIAATBaAwQAJYuDAwQA
LVRaAwQAT24yAwQAUEwyAwQAVdGEAwQAVdmRAwQAXXtVAwQAXpywAwQAsH38AwQA
stftAwQAud6jAwQAwSoiAwQAwS8/AwQAwjD5AwQAwjD7MA0GCSqGSIb3DQEBCwUA
A4IBAQA7s85LW6ibcD11Or6sQa+labxbEDCCxpKJGiroawMR2378t93UuKbhDhGD
W4DPIIbYRhnK5xn3Lb482DvB5+7FUxvLBfJSFNU3+OEddWnQ8WUS39ROmTaL5CP5
J0ThMQka7bSuY1bdP/Vte29PJDRxTsoIoH05Z3XzuAQnY+8i7ipR5E05KZ6JcEmB
f54OCuzDT5hbsLHlO7phBKIlnzNTJR2WpWItM3tN/v51KM0v6y7e45314t2gm/21
wExsaPDqWZmBUx++8fR2D6ZacBj+qqTxTstn+vsLImKUrm0tpTvu12DPulXeGKW5
ZBf1qtnyqGmMjbZMCUgCn7gMRVrn
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:33 2024 by rpki-client on console-ams.rpki-client.org