Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/WBbli8OHHEFuKQkoNqp1zgex8mU.roa
File:                     WBbli8OHHEFuKQkoNqp1zgex8mU.roa (raw, json)
Hash identifier:          WVe+kANgNNWnSfScNUCMCGO1Y5yacAlpF6xyUZxzKYY=
Subject key identifier:   58:16:E5:8B:C3:87:1C:41:6E:29:09:28:36:AA:75:CE:07:B1:F2:65
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018962B75D4D3A186499644B14B664B8B9A1
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/WBbli8OHHEFuKQkoNqp1zgex8mU.roa
Signing time:             Mon 17 Jul 2023 07:18:51 +0000
ROA not before:           Mon 17 Jul 2023 07:18:51 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     0
IP address blocks:        185.218.84.0/22 maxlen: 24
                          94.156.239.0/24 maxlen: 24
                          194.113.36.0/22 maxlen: 24
                          178.215.236.0/24 maxlen: 24
                          178.215.239.0/24 maxlen: 24
                          171.22.72.0/22 maxlen: 24
                          185.252.176.0/24 maxlen: 24
                          147.78.101.0/24 maxlen: 24
                          147.78.100.0/24 maxlen: 24
                          147.78.102.0/24 maxlen: 24
                          92.119.196.0/23 maxlen: 24
                          45.95.0.0/22 maxlen: 24
                          185.216.84.0/22 maxlen: 24
                          87.121.45.0/24 maxlen: 24
                          185.218.137.0/24 maxlen: 24
                          194.169.174.0/24 maxlen: 24
                          94.154.163.0/24 maxlen: 24
                          94.154.162.0/23 maxlen: 24
                          94.154.161.0/24 maxlen: 24
                          185.219.126.0/24 maxlen: 24
                          45.151.89.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:62:b7:5d:4d:3a:18:64:99:64:4b:14:b6:64:b8:b9:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jul 17 07:18:51 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=5816e58bc3871c416e29092836aa75ce07b1f265
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:6b:26:79:ed:ac:f6:9d:0a:dc:01:f5:d7:1f:
                    ab:49:49:39:55:e7:63:8c:91:6f:27:09:27:2f:74:
                    3d:84:29:b2:65:36:d4:7d:31:30:8c:dc:fe:aa:02:
                    73:61:f1:b7:07:4e:45:b5:26:00:a9:39:a0:3f:1d:
                    68:e9:88:ba:c9:26:41:98:0a:f8:16:45:99:b7:63:
                    fe:22:87:c7:35:c0:47:a7:17:b9:79:18:8f:1d:33:
                    b8:41:20:e8:78:12:86:d1:4e:4c:07:8d:39:61:33:
                    63:c3:ea:3a:72:2f:1a:69:72:a0:6f:be:86:f0:8e:
                    77:d1:c7:09:08:cd:35:66:9f:a5:7b:d5:94:23:1d:
                    b9:ff:d7:a9:b6:32:17:2a:65:8a:4e:23:f3:41:47:
                    e9:b6:8d:36:1c:8c:fe:00:7a:8a:de:fa:79:30:59:
                    6d:39:27:63:bf:83:18:31:e5:df:d6:a8:46:86:6e:
                    a7:4e:7c:d5:c1:ee:7a:0e:67:e4:2f:00:2f:49:de:
                    a1:b8:16:16:eb:31:df:06:91:e4:f4:17:69:73:25:
                    8e:9a:bc:28:1d:48:e5:aa:f0:93:e1:01:dd:8b:81:
                    d2:96:a9:12:94:43:bd:4c:d2:ae:bf:19:b1:ed:c2:
                    d6:9f:1a:6e:21:e5:59:6c:b1:1d:33:18:d5:7a:2b:
                    7f:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:16:E5:8B:C3:87:1C:41:6E:29:09:28:36:AA:75:CE:07:B1:F2:65
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/WBbli8OHHEFuKQkoNqp1zgex8mU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.95.0.0/22
                  45.151.89.0/24
                  87.121.45.0/24
                  92.119.196.0/23
                  94.154.161.0-94.154.163.255
                  94.156.239.0/24
                  147.78.100.0-147.78.102.255
                  171.22.72.0/22
                  178.215.236.0/24
                  178.215.239.0/24
                  185.216.84.0/22
                  185.218.84.0/22
                  185.218.137.0/24
                  185.219.126.0/24
                  185.252.176.0/24
                  194.113.36.0/22
                  194.169.174.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:c6:5d:14:b9:d5:5a:1c:8b:03:06:10:9b:1a:8c:77:66:28:
         75:9d:5b:c0:aa:27:e6:4f:5b:48:cc:c6:6b:cc:54:a6:1a:3d:
         3a:c3:27:63:20:3f:eb:d8:43:93:31:1e:2d:25:a4:64:6d:10:
         1b:a1:db:c4:6d:7a:ee:d9:2f:ad:bc:41:40:23:fe:19:5b:20:
         84:cb:3f:41:8f:9b:bf:90:28:99:d1:a2:64:c6:d4:31:a1:88:
         88:82:c9:42:46:90:dd:cc:7b:26:88:c5:79:e0:3e:b2:46:05:
         b6:14:eb:0c:d3:e6:06:bc:da:46:52:d8:04:ef:29:02:7c:46:
         26:b1:13:e4:bc:21:c5:6c:4e:0c:11:75:0d:f8:08:5a:75:dc:
         aa:fb:9f:55:f3:78:95:1c:77:f5:f4:69:1c:78:3d:c9:7c:7b:
         3f:f4:5e:29:b0:7d:28:ed:62:8c:ca:47:7a:f2:bd:13:2f:1d:
         3f:15:3f:ca:e9:e0:c7:b7:e9:e7:00:6b:72:14:c3:83:1f:00:
         00:27:cd:d3:a7:7b:5b:39:8b:9a:b7:86:d7:18:1e:75:bf:31:
         c8:3b:ab:b2:ab:63:a3:c2:57:54:93:d8:e7:93:7f:62:1f:06:
         3b:75:83:40:4f:3a:11:ee:e4:d3:ec:7c:d3:ad:bf:95:ed:ea:
         77:03:72:dc
-----BEGIN CERTIFICATE-----
MIIFbzCCBFegAwIBAgISAYlit11NOhhkmWRLFLZkuLmhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwNzE3MDcxODUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ODE2ZTU4YmMzODcxYzQxNmUyOTA5MjgzNmFhNzVjZTA3YjFmMjY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtGsmee2s9p0K3AH11x+rSUk5Vedj
jJFvJwknL3Q9hCmyZTbUfTEwjNz+qgJzYfG3B05FtSYAqTmgPx1o6Yi6ySZBmAr4
FkWZt2P+IofHNcBHpxe5eRiPHTO4QSDoeBKG0U5MB405YTNjw+o6ci8aaXKgb76G
8I530ccJCM01Zp+le9WUIx25/9eptjIXKmWKTiPzQUfpto02HIz+AHqK3vp5MFlt
OSdjv4MYMeXf1qhGhm6nTnzVwe56DmfkLwAvSd6huBYW6zHfBpHk9BdpcyWOmrwo
HUjlqvCT4QHdi4HSlqkSlEO9TNKuvxmx7cLWnxpuIeVZbLEdMxjVeit/TQIDAQAB
o4ICezCCAncwHQYDVR0OBBYEFFgW5YvDhxxBbikJKDaqdc4HsfJlMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvV0JibGk4T0hIRUZ1S1Frb05xcDF6Z2V4OG1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGQBggrBgEFBQcBBwEB/wSBgDB+MHwEAgABMHYDBAItXwAD
BAAtl1kDBABXeS0DBAFcd8QwDAMEAF6aoQMEAl6aoAMEAF6c7zAMAwQCk05kAwQA
k05mAwQCqxZIAwQAstfsAwQAstfvAwQCudhUAwQCudpUAwQAudqJAwQAudt+AwQA
ufywAwQCwnEkAwQAwqmuMA0GCSqGSIb3DQEBCwUAA4IBAQBBxl0UudVaHIsDBhCb
Gox3Zih1nVvAqifmT1tIzMZrzFSmGj06wydjID/r2EOTMR4tJaRkbRAbodvEbXru
2S+tvEFAI/4ZWyCEyz9Bj5u/kCiZ0aJkxtQxoYiIgslCRpDdzHsmiMV54D6yRgW2
FOsM0+YGvNpGUtgE7ykCfEYmsRPkvCHFbE4MEXUN+Ahaddyq+59V83iVHHf19Gkc
eD3JfHs/9F4psH0o7WKMykd68r0TLx0/FT/K6eDHt+nnAGtyFMODHwAAJ83Tp3tb
OYuat4bXGB51vzHIO6uyq2OjwldUk9jnk39iHwY7dYNATzoR7uTT7HzTrb+V7ep3
A3Lc
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:17:12 2024 by rpki-client on console-fra.rpki-client.org