Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/XntE7fC3mwenlVEU9GqIOGoYXz0.roa
File:                     XntE7fC3mwenlVEU9GqIOGoYXz0.roa (raw, json)
Hash identifier:          xwwoj3PokG5XPAiGyDNoGV6KlMrFo9G82d6Rt7pqh9w=
Subject key identifier:   5E:7B:44:ED:F0:B7:9B:07:A7:95:51:14:F4:6A:88:38:6A:18:5F:3D
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018B93EBF7B2A42B271CC7AACEBC2DA4BDC2
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/XntE7fC3mwenlVEU9GqIOGoYXz0.roa
Signing time:             Fri 03 Nov 2023 06:43:16 +0000
ROA not before:           Fri 03 Nov 2023 06:43:16 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     200105
IP address blocks:        87.121.124.0/23 maxlen: 24
                          81.161.230.0/24 maxlen: 24
                          178.215.226.0/24 maxlen: 24
                          91.200.192.0/22 maxlen: 24
                          45.9.156.0/24 maxlen: 24
                          45.139.104.0/24 maxlen: 24
                          45.129.84.0/24 maxlen: 24
                          45.129.86.0/24 maxlen: 24
                          147.78.100.0/23 maxlen: 24
                          94.154.172.0/24 maxlen: 24
                          185.246.223.0/24 maxlen: 24
                          87.121.220.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:93:eb:f7:b2:a4:2b:27:1c:c7:aa:ce:bc:2d:a4:bd:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Nov  3 06:43:16 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=5e7b44edf0b79b07a7955114f46a88386a185f3d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:b6:84:dd:23:c6:25:90:2d:da:fa:d2:bf:d0:
                    df:91:08:39:0b:78:45:33:0e:cf:87:ad:36:9e:09:
                    ae:25:59:6a:10:1c:27:5e:81:5c:79:c7:37:a6:58:
                    52:e0:cf:b3:60:8c:a8:a3:ca:05:54:b1:0b:ff:52:
                    ad:f5:1f:19:9c:06:ad:ed:b6:ad:7b:ae:b6:ba:fb:
                    da:29:3f:d8:7c:e0:79:9b:fc:b1:23:35:a9:d3:9e:
                    79:b4:37:94:8a:3e:4c:00:48:57:fa:3e:0a:fe:c0:
                    63:ed:6a:c0:f5:24:58:8b:c4:ac:b2:e8:66:fc:11:
                    0a:c4:22:49:a6:24:71:c0:f7:c9:e4:fe:37:fe:66:
                    9b:09:e8:61:14:df:0c:06:83:cd:3d:bb:d8:c9:f7:
                    49:28:15:89:11:62:b2:62:d5:8e:c1:8e:57:4f:79:
                    44:64:8d:4c:68:2f:58:13:19:f0:26:42:62:9b:39:
                    31:a6:c4:8f:6c:26:89:dd:09:79:74:dc:0b:39:17:
                    58:b0:3c:9d:9b:40:36:87:00:34:e1:1a:cf:1f:45:
                    fc:cd:c7:63:1b:e6:2b:9b:4e:fb:26:a6:4e:91:f6:
                    bf:6d:52:b7:a8:42:26:ec:5c:6e:83:15:67:0c:9c:
                    ae:d7:ee:5a:4c:13:17:73:e7:20:92:f3:93:55:1f:
                    7a:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:7B:44:ED:F0:B7:9B:07:A7:95:51:14:F4:6A:88:38:6A:18:5F:3D
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/XntE7fC3mwenlVEU9GqIOGoYXz0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.9.156.0/24
                  45.129.84.0/24
                  45.129.86.0/24
                  45.139.104.0/24
                  81.161.230.0/24
                  87.121.124.0/23
                  87.121.220.0/24
                  91.200.192.0/22
                  94.154.172.0/24
                  147.78.100.0/23
                  178.215.226.0/24
                  185.246.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:d8:82:0c:0b:5e:47:c0:1e:f9:dd:0e:c2:24:ad:87:2e:67:
         e1:44:f0:b2:2c:c5:26:32:83:3f:7f:ec:45:28:cf:2f:fa:12:
         ca:c6:74:79:42:a2:45:04:01:a3:0a:d5:be:17:67:7f:49:1d:
         bc:54:c4:f4:7e:53:b4:f1:b8:3b:73:28:4b:21:6c:91:ee:84:
         af:66:84:87:f8:6b:4a:6e:54:0c:de:ac:a6:25:10:7f:2f:a4:
         cd:49:d8:9c:ce:01:83:97:14:a2:70:03:dc:d0:6c:26:d2:b1:
         55:a0:91:b7:54:d1:02:d1:ac:2d:78:92:39:44:5d:58:74:29:
         8e:2f:8f:39:46:31:7b:92:7e:9f:6d:d6:d0:78:c9:ad:ce:ea:
         03:ca:4c:06:6b:3c:8a:87:39:e6:32:c8:e1:3f:63:e2:0c:f3:
         65:d9:15:76:e8:a3:92:f5:f1:47:80:4c:fd:c7:0e:82:f3:e0:
         8b:c7:87:0a:e9:59:2c:d6:34:84:8a:99:20:85:b2:9f:e2:8a:
         e8:ea:d4:a6:72:b0:81:ff:f8:2d:3c:c0:50:de:10:89:6c:82:
         2c:8d:25:f2:20:62:5a:95:ab:38:84:d4:25:df:5f:44:79:74:
         c6:80:1c:f1:23:70:e2:c2:16:eb:b0:e6:de:6f:b1:8b:37:f7:
         e1:44:73:d0
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAYuT6/eypCsnHMeqzrwtpL3CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMxMTAzMDY0MzE2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTdiNDRlZGYwYjc5YjA3YTc5NTUxMTRmNDZhODgzODZhMTg1ZjNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkraE3SPGJZAt2vrSv9DfkQg5C3hF
Mw7Ph602ngmuJVlqEBwnXoFcecc3plhS4M+zYIyoo8oFVLEL/1Kt9R8ZnAat7bat
e662uvvaKT/YfOB5m/yxIzWp0555tDeUij5MAEhX+j4K/sBj7WrA9SRYi8Sssuhm
/BEKxCJJpiRxwPfJ5P43/mabCehhFN8MBoPNPbvYyfdJKBWJEWKyYtWOwY5XT3lE
ZI1MaC9YExnwJkJimzkxpsSPbCaJ3Ql5dNwLORdYsDydm0A2hwA04RrPH0X8zcdj
G+Yrm077JqZOkfa/bVK3qEIm7FxugxVnDJyu1+5aTBMXc+cgkvOTVR96zwIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFF57RO3wt5sHp5VRFPRqiDhqGF89MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvWG50RTdmQzNtd2VubFZFVTlHcUlPR29ZWHowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDBOBAIAATBIAwQALQmcAwQA
LYFUAwQALYFWAwQALYtoAwQAUaHmAwQBV3l8AwQAV3ncAwQCW8jAAwQAXpqsAwQB
k05kAwQAstfiAwQAufbfMA0GCSqGSIb3DQEBCwUAA4IBAQCV2IIMC15HwB753Q7C
JK2HLmfhRPCyLMUmMoM/f+xFKM8v+hLKxnR5QqJFBAGjCtW+F2d/SR28VMT0flO0
8bg7cyhLIWyR7oSvZoSH+GtKblQM3qymJRB/L6TNSdiczgGDlxSicAPc0Gwm0rFV
oJG3VNEC0awteJI5RF1YdCmOL485RjF7kn6fbdbQeMmtzuoDykwGazyKhznmMsjh
P2PiDPNl2RV26KOS9fFHgEz9xw6C8+CLx4cK6Vks1jSEipkghbKf4oro6tSmcrCB
//gtPMBQ3hCJbIIsjSXyIGJalas4hNQl319EeXTGgBzxI3DiwhbrsObeb7GLN/fh
RHPQ
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:35 2024 by rpki-client on console-ams.rpki-client.org