Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/YCkiMWYpdMoc1LiYr-biKBFqw0g.roa
File:                     YCkiMWYpdMoc1LiYr-biKBFqw0g.roa (raw, json)
Hash identifier:          EM2e3aM+uZK95cmYw6F6OaufbclXWnV8BqtFJw2kVAI=
Subject key identifier:   60:29:22:31:66:29:74:CA:1C:D4:B8:98:AF:E6:E2:28:11:6A:C3:48
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018D0C43C8C7AAF2169834895C22208092AA
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/YCkiMWYpdMoc1LiYr-biKBFqw0g.roa
Signing time:             Mon 15 Jan 2024 08:36:25 +0000
ROA not before:           Mon 15 Jan 2024 08:36:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206003
IP address blocks:        171.22.31.0/24 maxlen: 24
                          87.121.124.0/23 maxlen: 24
                          81.161.239.0/24 maxlen: 24
                          91.200.192.0/22 maxlen: 24
                          94.156.248.0/24 maxlen: 24
                          87.121.162.0/24 maxlen: 24
                          45.141.158.0/24 maxlen: 24
                          171.22.17.0/24 maxlen: 24
                          79.110.61.0/24 maxlen: 24
                          45.129.84.0/24 maxlen: 24
                          193.35.19.0/24 maxlen: 24
                          37.139.130.0/24 maxlen: 24
                          193.25.216.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:0c:43:c8:c7:aa:f2:16:98:34:89:5c:22:20:80:92:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan 15 08:36:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=60292231662974ca1cd4b898afe6e228116ac348
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:23:66:c0:03:04:fc:de:3a:87:71:09:c3:f4:
                    8f:e4:77:98:43:c9:bf:eb:2a:fd:67:40:b2:ed:2a:
                    f0:f1:d1:d4:04:22:6c:4e:7d:f9:16:e0:b8:eb:4b:
                    3b:22:2c:c1:a1:03:46:5d:d2:5b:ff:e1:23:5c:f2:
                    20:06:33:41:2a:39:8c:1c:15:ed:1d:f6:2a:47:09:
                    ef:49:8f:05:3a:e3:e4:8b:13:87:02:1a:a1:6b:b2:
                    ab:bc:82:3b:36:c5:d3:f5:f4:28:84:d7:19:14:d5:
                    1b:79:d4:09:1e:a4:8a:24:0c:c2:f3:1d:da:98:49:
                    d6:68:d1:bd:b3:ea:c2:d9:ad:3b:1e:2d:e3:77:a8:
                    5d:09:2c:50:1e:d4:1c:23:46:b4:89:29:dd:54:a3:
                    37:48:b4:3a:8b:de:49:37:45:6e:f9:b6:2d:4c:b4:
                    f2:4b:93:c2:9b:c4:25:37:8b:62:15:77:02:f2:53:
                    ca:4d:86:d4:de:aa:cf:04:af:99:4e:eb:13:77:86:
                    2d:b9:02:58:61:0e:d5:e6:1f:08:96:27:e4:f7:54:
                    33:71:56:78:78:32:65:74:16:c9:9b:b7:72:83:03:
                    7b:ce:c9:cc:69:e3:21:70:d1:10:ff:47:e7:6f:59:
                    5b:53:c6:6b:33:ca:9b:96:6c:1b:92:20:7f:26:af:
                    77:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:29:22:31:66:29:74:CA:1C:D4:B8:98:AF:E6:E2:28:11:6A:C3:48
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/YCkiMWYpdMoc1LiYr-biKBFqw0g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.139.130.0/24
                  45.129.84.0/24
                  45.141.158.0/24
                  79.110.61.0/24
                  81.161.239.0/24
                  87.121.124.0/23
                  87.121.162.0/24
                  91.200.192.0/22
                  94.156.248.0/24
                  171.22.17.0/24
                  171.22.31.0/24
                  193.25.216.0/24
                  193.35.19.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:66:d9:93:39:b6:82:6c:15:f6:40:84:a2:e0:95:c1:22:27:
         d0:cf:00:fb:81:43:14:c1:76:4e:39:80:9b:47:76:43:c9:b1:
         10:d5:64:13:ae:e3:89:73:3f:0d:c1:26:b7:82:aa:da:1f:f7:
         2b:ec:dc:d4:40:04:09:3b:97:a1:35:8c:56:14:b3:c6:3d:32:
         80:86:d7:34:cf:1c:c8:6a:b5:73:80:cb:b9:ae:02:6f:b9:ac:
         02:09:49:7e:07:b5:72:4d:ef:77:54:1e:00:ea:e1:21:bd:00:
         b8:85:56:3e:88:5a:08:52:d5:e2:21:b5:6b:29:15:31:b7:70:
         24:18:6f:34:6b:bd:5f:99:26:be:57:92:cf:e2:2c:f4:1f:2c:
         c9:91:b6:9e:53:41:96:49:81:a8:7d:eb:52:99:8f:f2:84:53:
         81:af:ab:0f:44:58:2c:17:06:e4:9c:69:7d:41:42:d7:1e:23:
         9e:af:b0:be:59:9a:54:cf:01:a0:e5:cf:cf:5f:de:75:03:0d:
         d1:a9:31:1d:83:1f:b0:a9:e2:20:33:81:2f:31:0e:de:30:db:
         75:a8:34:83:00:89:62:17:a1:c9:fc:b2:ed:0f:3a:1e:d7:ae:
         4b:99:bf:45:5a:5e:1e:de:74:b0:49:42:4f:d5:70:f6:97:48:
         f0:4d:8b:c7
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgISAY0MQ8jHqvIWmDSJXCIggJKqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMTE1MDgzNjI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDI5MjIzMTY2Mjk3NGNhMWNkNGI4OThhZmU2ZTIyODExNmFjMzQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3yNmwAME/N46h3EJw/SP5HeYQ8m/
6yr9Z0Cy7Srw8dHUBCJsTn35FuC460s7IizBoQNGXdJb/+EjXPIgBjNBKjmMHBXt
HfYqRwnvSY8FOuPkixOHAhqha7KrvII7NsXT9fQohNcZFNUbedQJHqSKJAzC8x3a
mEnWaNG9s+rC2a07Hi3jd6hdCSxQHtQcI0a0iSndVKM3SLQ6i95JN0Vu+bYtTLTy
S5PCm8QlN4tiFXcC8lPKTYbU3qrPBK+ZTusTd4YtuQJYYQ7V5h8Ilifk91QzcVZ4
eDJldBbJm7dygwN7zsnMaeMhcNEQ/0fnb1lbU8ZrM8qblmwbkiB/Jq93kwIDAQAB
o4ICUTCCAk0wHQYDVR0OBBYEFGApIjFmKXTKHNS4mK/m4igRasNIMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvWUNraU1XWXBkTW9jMUxpWXItYmlLQkZxdzBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGcGCCsGAQUFBwEHAQH/BFgwVjBUBAIAATBOAwQAJYuCAwQA
LYFUAwQALY2eAwQAT249AwQAUaHvAwQBV3l8AwQAV3miAwQCW8jAAwQAXpz4AwQA
qxYRAwQAqxYfAwQAwRnYAwQAwSMTMA0GCSqGSIb3DQEBCwUAA4IBAQA7ZtmTObaC
bBX2QISi4JXBIifQzwD7gUMUwXZOOYCbR3ZDybEQ1WQTruOJcz8NwSa3gqraH/cr
7NzUQAQJO5ehNYxWFLPGPTKAhtc0zxzIarVzgMu5rgJvuawCCUl+B7VyTe93VB4A
6uEhvQC4hVY+iFoIUtXiIbVrKRUxt3AkGG80a71fmSa+V5LP4iz0HyzJkbaeU0GW
SYGofetSmY/yhFOBr6sPRFgsFwbknGl9QULXHiOer7C+WZpUzwGg5c/PX951Aw3R
qTEdgx+wqeIgM4EvMQ7eMNt1qDSDAIliF6HJ/LLtDzoe165Lmb9FWl4e3nSwSUJP
1XD2l0jwTYvH
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:36 2024 by rpki-client on console-ams.rpki-client.org