Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/TB94PNpuWf_D2GiqorUq1GHmMAU.roa
File:                     TB94PNpuWf_D2GiqorUq1GHmMAU.roa (raw, json)
Hash identifier:          K0yHCxDwDPz7anu4BGvXMS/J/sA4xnt2C/oGY5uJwPg=
Subject key identifier:   4C:1F:78:3C:DA:6E:59:FF:C3:D8:68:AA:A2:B5:2A:D4:61:E6:30:05
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018224A0F11DC53503A002A5AEFAF57E0E17
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/TB94PNpuWf_D2GiqorUq1GHmMAU.roa
Signing time:             Fri 22 Jul 2022 06:38:23 +0000
ROA not before:           Fri 22 Jul 2022 06:38:23 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     209371
IP address blocks:        85.31.45.0/24 maxlen: 24
                          85.31.47.0/24 maxlen: 24
                          185.246.221.0/24 maxlen: 24
                          194.180.50.0/24 maxlen: 24
                          194.169.175.0/24 maxlen: 24
                          185.218.136.0/24 maxlen: 24
                          94.154.172.0/24 maxlen: 24
                          193.35.19.0/24 maxlen: 24
                          193.35.18.0/24 maxlen: 24
                          94.154.174.0/24 maxlen: 24
                          109.206.239.0/24 maxlen: 24
                          212.87.205.0/24 maxlen: 24
                          178.215.226.0/24 maxlen: 24
                          85.217.144.0/24 maxlen: 24
                          178.215.225.0/24 maxlen: 24
                          178.215.227.0/24 maxlen: 24
                          178.215.239.0/24 maxlen: 24
                          178.215.236.0/24 maxlen: 24
                          178.215.237.0/24 maxlen: 24
                          80.76.50.0/24 maxlen: 24
                          80.76.49.0/24 maxlen: 24
                          80.76.48.0/24 maxlen: 24
                          193.222.96.0/24 maxlen: 24
                          193.222.97.0/24 maxlen: 24
                          185.252.176.0/24 maxlen: 24
                          193.222.98.0/24 maxlen: 24
                          185.252.177.0/24 maxlen: 24
                          193.47.63.0/24 maxlen: 24
                          193.47.62.0/24 maxlen: 24
                          193.37.42.0/24 maxlen: 24
                          193.37.47.0/24 maxlen: 24
                          185.216.70.0/24 maxlen: 24
                          185.216.69.0/24 maxlen: 24
                          79.110.48.0/24 maxlen: 24
                          94.103.125.0/24 maxlen: 24
                          87.120.84.0/24 maxlen: 24
                          87.120.87.0/24 maxlen: 24
                          79.110.61.0/24 maxlen: 24
                          94.103.126.0/24 maxlen: 24
                          94.103.127.0/24 maxlen: 24
                          79.110.63.0/24 maxlen: 24
                          83.219.97.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:24:a0:f1:1d:c5:35:03:a0:02:a5:ae:fa:f5:7e:0e:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jul 22 06:38:23 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=4c1f783cda6e59ffc3d868aaa2b52ad461e63005
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:14:0d:11:29:99:25:1e:64:f4:96:8b:aa:85:
                    31:eb:b0:c2:8f:cc:a3:24:07:41:07:51:8a:e0:cb:
                    75:9e:cb:92:92:86:6e:42:6d:57:96:e8:f6:9d:15:
                    d0:46:3f:0f:3e:76:a0:ae:3f:56:00:53:fc:db:21:
                    bf:8d:47:de:b5:ee:0a:71:e1:81:40:41:90:68:bc:
                    02:6d:6c:12:c0:28:33:4a:1d:5d:0d:e3:ac:8f:35:
                    fc:6e:0c:f4:99:1a:b9:56:19:46:10:af:82:5f:92:
                    e6:76:fc:05:ef:0d:b7:19:de:71:e2:25:4b:0a:ef:
                    ed:a9:45:53:5e:12:76:d9:e0:e2:a1:d2:fd:78:a2:
                    0f:9d:be:3f:cc:18:74:87:fc:84:0e:61:20:9e:b9:
                    c8:ba:a8:a1:50:2c:c3:22:74:d8:bf:76:1c:22:b5:
                    0c:69:14:ef:18:91:47:7a:57:de:05:85:43:6e:4d:
                    a0:d4:c2:5b:fc:df:e3:46:05:8e:04:2d:eb:46:c4:
                    9e:e4:19:21:d8:f0:67:c4:25:fb:a3:7b:dd:89:bf:
                    5a:92:15:7b:7d:33:bf:94:fa:02:ed:bb:dc:e9:d9:
                    16:b2:a2:2f:cd:b0:81:a5:c5:e0:d4:23:e2:1f:30:
                    b3:d6:f9:6a:b3:49:c8:8d:46:53:81:97:eb:7a:42:
                    2c:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:1F:78:3C:DA:6E:59:FF:C3:D8:68:AA:A2:B5:2A:D4:61:E6:30:05
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/TB94PNpuWf_D2GiqorUq1GHmMAU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.110.48.0/24
                  79.110.61.0/24
                  79.110.63.0/24
                  80.76.48.0-80.76.50.255
                  83.219.97.0/24
                  85.31.45.0/24
                  85.31.47.0/24
                  85.217.144.0/24
                  87.120.84.0/24
                  87.120.87.0/24
                  94.103.125.0-94.103.127.255
                  94.154.172.0/24
                  94.154.174.0/24
                  109.206.239.0/24
                  178.215.225.0-178.215.227.255
                  178.215.236.0/23
                  178.215.239.0/24
                  185.216.69.0-185.216.70.255
                  185.218.136.0/24
                  185.246.221.0/24
                  185.252.176.0/23
                  193.35.18.0/23
                  193.37.42.0/24
                  193.37.47.0/24
                  193.47.62.0/23
                  193.222.96.0-193.222.98.255
                  194.169.175.0/24
                  194.180.50.0/24
                  212.87.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a4:be:8f:37:64:3f:19:aa:7d:3d:60:13:59:44:ee:18:2f:cb:
         d2:4a:d8:56:c3:b6:bb:00:c7:c4:62:61:d9:91:3c:b7:87:ac:
         7c:6d:f4:62:be:b6:8f:88:66:39:72:d8:fc:d0:7f:ec:e4:6e:
         48:24:dc:24:eb:c3:31:b9:ed:5b:12:b9:36:2d:29:bd:d2:0d:
         c1:da:ca:20:1c:ff:c2:9e:fb:89:89:b0:90:0c:92:05:44:17:
         64:6e:1f:0d:d0:ef:19:ad:1a:81:f3:3c:71:cf:b5:60:e3:40:
         b9:c3:f2:ac:92:b4:d2:9c:5c:17:15:60:11:39:b9:7f:92:ed:
         02:15:83:1b:5c:58:38:da:82:3a:17:88:0d:e2:df:8d:1d:63:
         f3:83:28:f4:c1:bd:19:88:88:e3:af:03:fb:3e:d1:ce:47:99:
         4b:b2:cb:fc:86:44:68:16:2a:23:e2:e1:5d:4f:e0:ae:4e:95:
         19:1a:d8:3c:74:9c:c8:0e:71:98:17:14:77:ca:90:20:68:9c:
         f1:e0:f4:43:7f:10:3f:ab:9f:17:ac:20:5d:cb:34:45:3d:a7:
         ad:b9:cb:2b:28:25:57:3f:a4:fd:33:c8:1a:75:f7:fd:11:5f:
         3a:6b:32:42:65:45:d4:ce:2d:4a:b1:08:06:44:d7:ea:a1:1c:
         04:93:ab:32
-----BEGIN CERTIFICATE-----
MIIF0jCCBLqgAwIBAgISAYIkoPEdxTUDoAKlrvr1fg4XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjIwNzIyMDYzODIzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzFmNzgzY2RhNmU1OWZmYzNkODY4YWFhMmI1MmFkNDYxZTYzMDA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArhQNESmZJR5k9JaLqoUx67DCj8yj
JAdBB1GK4Mt1nsuSkoZuQm1Xluj2nRXQRj8PPnagrj9WAFP82yG/jUfete4KceGB
QEGQaLwCbWwSwCgzSh1dDeOsjzX8bgz0mRq5VhlGEK+CX5LmdvwF7w23Gd5x4iVL
Cu/tqUVTXhJ22eDiodL9eKIPnb4/zBh0h/yEDmEgnrnIuqihUCzDInTYv3YcIrUM
aRTvGJFHelfeBYVDbk2g1MJb/N/jRgWOBC3rRsSe5Bkh2PBnxCX7o3vdib9akhV7
fTO/lPoC7bvc6dkWsqIvzbCBpcXg1CPiHzCz1vlqs0nIjUZTgZfrekIslQIDAQAB
o4IC3jCCAtowHQYDVR0OBBYEFEwfeDzabln/w9hoqqK1KtRh5jAFMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvVEI5NFBOcHVXZl9EMkdpcW9yVXExR0htTUFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHzBggrBgEFBQcBBwEB/wSB4zCB4DCB3QQCAAEwgdYDBABP
bjADBABPbj0DBABPbj8wDAMEBFBMMAMEAFBMMgMEAFPbYQMEAFUfLQMEAFUfLwME
AFXZkAMEAFd4VAMEAFd4VzAMAwQAXmd9AwQHXmcAAwQAXpqsAwQAXpquAwQAbc7v
MAwDBACy1+EDBAKy1+ADBAGy1+wDBACy1+8wDAMEALnYRQMEALnYRgMEALnaiAME
ALn23QMEAbn8sAMEAcEjEgMEAMElKgMEAMElLwMEAcEvPjAMAwQFwd5gAwQAwd5i
AwQAwqmvAwQAwrQyAwQA1FfNMA0GCSqGSIb3DQEBCwUAA4IBAQCkvo83ZD8Zqn09
YBNZRO4YL8vSSthWw7a7AMfEYmHZkTy3h6x8bfRivraPiGY5ctj80H/s5G5IJNwk
68Mxue1bErk2LSm90g3B2sogHP/CnvuJibCQDJIFRBdkbh8N0O8ZrRqB8zxxz7Vg
40C5w/KskrTSnFwXFWARObl/ku0CFYMbXFg42oI6F4gN4t+NHWPzgyj0wb0ZiIjj
rwP7PtHOR5lLssv8hkRoFioj4uFdT+CuTpUZGtg8dJzIDnGYFxR3ypAgaJzx4PRD
fxA/q58XrCBdyzRFPaetucsrKCVXP6T9M8gadff9EV86azJCZUXUzi1KsQgGRNfq
oRwEk6sy
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:17:07 2024 by rpki-client on console-fra.rpki-client.org