Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/XctT8YBm-rDIWlgNK5dXAveMizc.roa
File:                     XctT8YBm-rDIWlgNK5dXAveMizc.roa (raw, json)
Hash identifier:          PYQ3St7RU9Xo+/NNxXTOA4zdj6eIXHCbGwGwgbWKMyc=
Subject key identifier:   5D:CB:53:F1:80:66:FA:B0:C8:5A:58:0D:2B:97:57:02:F7:8C:8B:37
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       1E909912
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/XctT8YBm-rDIWlgNK5dXAveMizc.roa
Signing time:             Fri 20 May 2022 13:50:21 +0000
ROA not before:           Fri 20 May 2022 13:50:21 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     209371
IP address blocks:        185.218.139.0/24 maxlen: 24
                          37.139.131.0/24 maxlen: 24
                          37.139.130.0/24 maxlen: 24
                          193.35.18.0/24 maxlen: 24
                          178.215.226.0/24 maxlen: 24
                          178.215.224.0/24 maxlen: 24
                          178.215.225.0/24 maxlen: 24
                          178.215.227.0/24 maxlen: 24
                          178.215.239.0/24 maxlen: 24
                          185.252.176.0/24 maxlen: 24
                          193.47.60.0/24 maxlen: 24
                          193.47.63.0/24 maxlen: 24
                          193.47.62.0/24 maxlen: 24
                          194.48.250.0/24 maxlen: 24
                          194.48.251.0/24 maxlen: 24
                          194.55.184.0/24 maxlen: 24
                          194.48.248.0/24 maxlen: 24
                          194.55.185.0/24 maxlen: 24
                          194.48.249.0/24 maxlen: 24
                          194.55.187.0/24 maxlen: 24
                          185.216.68.0/24 maxlen: 24
                          79.110.48.0/24 maxlen: 24
                          79.110.49.0/24 maxlen: 24
                          79.110.50.0/24 maxlen: 24
                          79.110.51.0/24 maxlen: 24
                          87.120.84.0/24 maxlen: 24
                          87.120.87.0/24 maxlen: 24
                          83.219.98.0/24 maxlen: 24
                          83.219.97.0/24 maxlen: 24
                          83.219.96.0/24 maxlen: 24
                          83.219.99.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 512792850 (0x1e909912)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: May 20 13:50:21 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=5dcb53f18066fab0c85a580d2b975702f78c8b37
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:9d:92:d0:00:49:97:80:cf:fa:45:92:be:f5:
                    36:fc:95:41:71:61:70:d1:75:50:a8:bb:0d:14:cf:
                    0e:fe:b9:b3:c7:92:4d:2a:5c:bd:05:e5:19:ab:1b:
                    6d:44:85:e3:19:9b:72:7b:fb:65:7e:3c:81:70:d1:
                    0f:5b:29:58:b7:60:ae:9f:fc:42:c5:c5:a9:f9:41:
                    25:da:dc:d9:15:24:c4:29:e0:ae:dd:9f:1b:eb:01:
                    1b:10:9c:ff:51:2f:42:c0:85:43:25:8b:33:1d:f7:
                    92:06:9d:61:19:5e:45:84:62:b9:ad:0a:6e:7d:fb:
                    b1:f6:44:e9:03:c8:e3:8e:8b:ea:01:55:34:15:ef:
                    38:d6:62:a0:ba:62:9d:63:f4:0f:8d:8a:8a:6e:6d:
                    28:2e:37:db:24:cd:86:89:fb:29:20:18:33:4a:ae:
                    6d:4a:20:18:1c:f7:e4:6a:ec:2b:27:a4:cb:dd:0e:
                    64:a7:6d:c3:4c:87:31:ad:5b:f4:94:83:16:ed:cd:
                    f8:6d:8e:56:26:b7:7e:9a:fe:44:1d:66:9a:a2:f6:
                    94:fd:15:09:5c:a7:95:63:60:16:49:69:25:20:fe:
                    85:ad:5e:6b:9a:83:b6:0d:43:fa:04:15:35:ce:c3:
                    fc:a1:6d:79:2b:31:31:76:38:5b:d4:b0:32:8e:36:
                    ea:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:CB:53:F1:80:66:FA:B0:C8:5A:58:0D:2B:97:57:02:F7:8C:8B:37
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/XctT8YBm-rDIWlgNK5dXAveMizc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.139.130.0/23
                  79.110.48.0/22
                  83.219.96.0/22
                  87.120.84.0/24
                  87.120.87.0/24
                  178.215.224.0/22
                  178.215.239.0/24
                  185.216.68.0/24
                  185.218.139.0/24
                  185.252.176.0/24
                  193.35.18.0/24
                  193.47.60.0/24
                  193.47.62.0/23
                  194.48.248.0/22
                  194.55.184.0/23
                  194.55.187.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:e3:69:8d:e1:f4:8c:3d:b5:5c:95:e0:95:1d:5d:64:42:f5:
         41:d7:b6:62:93:cb:8c:cf:9f:41:a5:58:9b:74:6d:27:b8:0f:
         af:48:57:c7:45:b9:10:fb:84:4e:28:61:c9:a3:6e:f6:00:a4:
         b8:d2:f0:12:52:82:7f:01:8b:ab:10:59:25:b9:a6:28:e1:2d:
         d1:b2:3b:46:b7:1d:41:c9:a6:40:2c:ac:85:0e:9d:17:8e:41:
         b9:25:08:6a:64:f2:5b:6b:af:00:8c:d0:10:8d:f9:53:c9:34:
         b5:29:75:80:d9:f2:bd:11:ff:4a:ec:dc:a2:a3:4c:19:f6:a5:
         84:66:fe:18:d6:61:2a:37:3d:11:57:be:21:94:c8:c1:f6:68:
         8a:f6:13:66:4f:df:dd:48:dc:d6:6b:b9:c6:25:88:a3:30:9c:
         96:7e:62:ac:81:62:83:03:2f:fd:48:79:55:98:9c:6c:f6:c0:
         2e:d0:ac:a6:50:fa:a7:ee:58:d0:6e:53:2f:ae:e0:75:4a:fa:
         a2:b0:d7:c9:f4:e0:ce:df:ff:0e:a1:ed:71:ff:ce:03:b0:61:
         bf:ed:7f:79:39:cc:0e:d1:a0:4e:8c:37:91:c9:05:96:7c:bc:
         52:5b:d0:8a:dd:b3:93:95:a3:e4:c0:d9:35:e2:20:db:18:9d:
         4b:02:25:d1
-----BEGIN CERTIFICATE-----
MIIFSTCCBDGgAwIBAgIEHpCZEjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygy
MmM0YWMzZTNjNDNkNzBkMDUzNDljODE1YmFhZGQzOGFkNzc1ZTlkMB4XDTIyMDUy
MDEzNTAyMVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNWRjYjUzZjE4MDY2
ZmFiMGM4NWE1ODBkMmI5NzU3MDJmNzhjOGIzNzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKCdktAASZeAz/pFkr71NvyVQXFhcNF1UKi7DRTPDv65s8eS
TSpcvQXlGasbbUSF4xmbcnv7ZX48gXDRD1spWLdgrp/8QsXFqflBJdrc2RUkxCng
rt2fG+sBGxCc/1EvQsCFQyWLMx33kgadYRleRYRiua0Kbn37sfZE6QPI446L6gFV
NBXvONZioLpinWP0D42Kim5tKC432yTNhon7KSAYM0qubUogGBz35GrsKyeky90O
ZKdtw0yHMa1b9JSDFu3N+G2OVia3fpr+RB1mmqL2lP0VCVynlWNgFklpJSD+ha1e
a5qDtg1D+gQVNc7D/KFteSsxMXY4W9SwMo426lECAwEAAaOCAmMwggJfMB0GA1Ud
DgQWBBRdy1PxgGb6sMhaWA0rl1cC94yLNzAfBgNVHSMEGDAWgBQixKw+PEPXDQU0
nIFbqt04rXdenTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0lzU3NQanhEMXcwRk5KeUJXNnJkT0sxM1hwMC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMDMvOTEzYTNhLWY1NTAtNDZmMC1hY2M3LWNkM2NhNTk3NTcxMi8x
L1hjdFQ4WUJtLXJESVdsZ05LNWRYQXZlTWl6Yy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDMv
OTEzYTNhLWY1NTAtNDZmMC1hY2M3LWNkM2NhNTk3NTcxMi8xL0lzU3NQanhEMXcw
Rk5KeUJXNnJkT0sxM1hwMC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjB5
BggrBgEFBQcBBwEB/wRqMGgwZgQCAAEwYAMEASWLggMEAk9uMAMEAlPbYAMEAFd4
VAMEAFd4VwMEArLX4AMEALLX7wMEALnYRAMEALnaiwMEALn8sAMEAMEjEgMEAMEv
PAMEAcEvPgMEAsIw+AMEAcI3uAMEAMI3uzANBgkqhkiG9w0BAQsFAAOCAQEACuNp
jeH0jD21XJXglR1dZEL1Qde2YpPLjM+fQaVYm3RtJ7gPr0hXx0W5EPuETihhyaNu
9gCkuNLwElKCfwGLqxBZJbmmKOEt0bI7RrcdQcmmQCyshQ6dF45BuSUIamTyW2uv
AIzQEI35U8k0tSl1gNnyvRH/SuzcoqNMGfalhGb+GNZhKjc9EVe+IZTIwfZoivYT
Zk/f3Ujc1mu5xiWIozCcln5irIFigwMv/Uh5VZicbPbALtCsplD6p+5Y0G5TL67g
dUr6orDXyfTgzt//DqHtcf/OA7Bhv+1/eTnMDtGgTow3kckFlny8UlvQit2zk5Wj
5MDZNeIg2xidSwIl0Q==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:17:13 2024 by rpki-client on console-fra.rpki-client.org