Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/YHVLm_G0qUQDDhi9BJdaxW8mrbU.roa
File:                     YHVLm_G0qUQDDhi9BJdaxW8mrbU.roa (raw, json)
Hash identifier:          fsgwdCNR+hN5eI+HwDFqp31h1XAAQs0KfpbjEtLLb9U=
Subject key identifier:   60:75:4B:9B:F1:B4:A9:44:03:0E:18:BD:04:97:5A:C5:6F:26:AD:B5
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       01898C0CA4D45ABD1620133D4F2D46FD989D
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/YHVLm_G0qUQDDhi9BJdaxW8mrbU.roa
Signing time:             Tue 25 Jul 2023 07:56:26 +0000
ROA not before:           Tue 25 Jul 2023 07:56:26 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     0
IP address blocks:        185.218.84.0/22 maxlen: 24
                          178.215.224.0/24 maxlen: 24
                          94.156.239.0/24 maxlen: 24
                          194.113.36.0/22 maxlen: 24
                          178.215.236.0/24 maxlen: 24
                          178.215.239.0/24 maxlen: 24
                          93.123.85.0/24 maxlen: 24
                          171.22.72.0/22 maxlen: 24
                          185.252.176.0/24 maxlen: 24
                          147.78.101.0/24 maxlen: 24
                          147.78.100.0/24 maxlen: 24
                          147.78.102.0/24 maxlen: 24
                          92.119.196.0/23 maxlen: 24
                          45.95.0.0/22 maxlen: 24
                          185.216.84.0/22 maxlen: 24
                          87.121.45.0/24 maxlen: 24
                          185.218.137.0/24 maxlen: 24
                          194.169.174.0/24 maxlen: 24
                          94.154.163.0/24 maxlen: 24
                          94.154.162.0/23 maxlen: 24
                          94.154.161.0/24 maxlen: 24
                          185.219.126.0/24 maxlen: 24
                          45.151.89.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:8c:0c:a4:d4:5a:bd:16:20:13:3d:4f:2d:46:fd:98:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jul 25 07:56:26 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=60754b9bf1b4a944030e18bd04975ac56f26adb5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:1b:de:a3:73:f0:5a:65:73:56:07:ef:b2:6c:
                    32:3d:6a:88:55:c5:32:39:de:41:e8:9d:91:37:1f:
                    ee:21:b4:25:ac:2c:d4:31:ac:43:90:9a:bb:ba:29:
                    36:3f:8f:2d:4b:66:0e:11:37:92:e1:43:21:07:f1:
                    f2:c3:a0:7c:8c:f6:57:19:18:bd:f0:17:44:8c:8b:
                    d0:b5:38:77:5f:7a:f0:e3:5d:d7:8e:51:88:24:4d:
                    e9:d0:ce:fa:ea:cf:4a:85:8e:5c:d1:27:fa:b9:f7:
                    f2:09:9b:ea:d8:28:2d:9e:58:de:42:d6:6b:c2:95:
                    90:0c:a1:21:45:6e:95:ac:ee:f3:b7:8b:89:da:09:
                    86:52:76:8a:76:7f:08:f9:82:a0:3a:fb:44:66:45:
                    6a:c9:f9:eb:5c:02:48:21:aa:83:a6:fc:44:21:47:
                    1a:e7:b5:cd:c1:ed:51:01:ee:ed:21:c5:3c:1e:11:
                    c6:c9:f1:24:c0:90:cb:19:0c:35:ed:e3:d0:60:75:
                    7d:f3:64:bf:06:8b:0f:12:5b:ae:e7:23:dc:7c:3d:
                    95:bf:9f:d2:6b:cc:f8:19:7f:6e:fd:85:b6:3e:e7:
                    f8:88:10:14:c4:6d:06:3b:94:fe:36:96:69:f4:ff:
                    0c:99:ff:95:25:52:2a:ea:50:8f:5c:d4:f6:bf:01:
                    64:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:75:4B:9B:F1:B4:A9:44:03:0E:18:BD:04:97:5A:C5:6F:26:AD:B5
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/YHVLm_G0qUQDDhi9BJdaxW8mrbU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.95.0.0/22
                  45.151.89.0/24
                  87.121.45.0/24
                  92.119.196.0/23
                  93.123.85.0/24
                  94.154.161.0-94.154.163.255
                  94.156.239.0/24
                  147.78.100.0-147.78.102.255
                  171.22.72.0/22
                  178.215.224.0/24
                  178.215.236.0/24
                  178.215.239.0/24
                  185.216.84.0/22
                  185.218.84.0/22
                  185.218.137.0/24
                  185.219.126.0/24
                  185.252.176.0/24
                  194.113.36.0/22
                  194.169.174.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:ce:f1:59:45:e8:4e:41:95:16:d8:1e:ae:36:f8:d8:a9:31:
         af:6e:c3:e1:50:4d:5c:4a:c1:36:28:21:74:97:8d:4b:16:8d:
         7e:70:75:ab:a4:84:be:92:e0:d3:1d:17:8f:03:9b:fb:01:93:
         df:e4:17:4a:98:8e:73:cf:c6:0c:d1:ee:a3:90:18:c2:f1:c6:
         eb:36:b1:03:8b:cc:42:e8:32:82:f1:be:db:75:6f:bc:a0:18:
         81:58:15:a5:e8:b8:c7:70:fd:ce:89:11:8b:9f:37:86:68:f7:
         0f:27:35:41:ba:5b:45:48:b3:b4:15:69:06:4f:89:1d:16:3e:
         da:2e:f3:6b:8d:d1:35:7e:22:97:f4:0f:18:8c:00:a8:de:90:
         ce:53:c0:a6:dc:4e:6a:80:d9:6d:d7:09:a0:ce:78:f9:8e:55:
         42:5d:52:26:1a:10:30:d9:d1:b8:bd:1b:af:5f:d7:f1:dd:e4:
         cd:d5:65:5f:35:bf:51:df:21:d7:3f:03:42:d5:80:57:59:07:
         24:c4:b2:18:fc:a4:34:1b:a5:bd:6e:d6:f2:25:13:6d:9f:34:
         eb:14:f6:bd:72:24:91:be:6f:65:7c:8b:d4:b0:c2:dc:9e:01:
         58:e3:e7:f4:32:e6:4e:95:c5:ec:82:32:0d:99:74:04:66:7c:
         85:4a:b9:a1
-----BEGIN CERTIFICATE-----
MIIFfjCCBGagAwIBAgISAYmMDKTUWr0WIBM9Ty1G/ZidMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwNzI1MDc1NjI2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDc1NGI5YmYxYjRhOTQ0MDMwZTE4YmQwNDk3NWFjNTZmMjZhZGI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnRveo3PwWmVzVgfvsmwyPWqIVcUy
Od5B6J2RNx/uIbQlrCzUMaxDkJq7uik2P48tS2YOETeS4UMhB/Hyw6B8jPZXGRi9
8BdEjIvQtTh3X3rw413XjlGIJE3p0M766s9KhY5c0Sf6uffyCZvq2CgtnljeQtZr
wpWQDKEhRW6VrO7zt4uJ2gmGUnaKdn8I+YKgOvtEZkVqyfnrXAJIIaqDpvxEIUca
57XNwe1RAe7tIcU8HhHGyfEkwJDLGQw17ePQYHV982S/BosPEluu5yPcfD2Vv5/S
a8z4GX9u/YW2Puf4iBAUxG0GO5T+NpZp9P8Mmf+VJVIq6lCPXNT2vwFklQIDAQAB
o4ICijCCAoYwHQYDVR0OBBYEFGB1S5vxtKlEAw4YvQSXWsVvJq21MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvWUhWTG1fRzBxVVFERGhpOUJKZGF4VzhtcmJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGfBggrBgEFBQcBBwEB/wSBjzCBjDCBiQQCAAEwgYIDBAIt
XwADBAAtl1kDBABXeS0DBAFcd8QDBABde1UwDAMEAF6aoQMEAl6aoAMEAF6c7zAM
AwQCk05kAwQAk05mAwQCqxZIAwQAstfgAwQAstfsAwQAstfvAwQCudhUAwQCudpU
AwQAudqJAwQAudt+AwQAufywAwQCwnEkAwQAwqmuMA0GCSqGSIb3DQEBCwUAA4IB
AQBuzvFZRehOQZUW2B6uNvjYqTGvbsPhUE1cSsE2KCF0l41LFo1+cHWrpIS+kuDT
HRePA5v7AZPf5BdKmI5zz8YM0e6jkBjC8cbrNrEDi8xC6DKC8b7bdW+8oBiBWBWl
6LjHcP3OiRGLnzeGaPcPJzVBultFSLO0FWkGT4kdFj7aLvNrjdE1fiKX9A8YjACo
3pDOU8Cm3E5qgNlt1wmgznj5jlVCXVImGhAw2dG4vRuvX9fx3eTN1WVfNb9R3yHX
PwNC1YBXWQckxLIY/KQ0G6W9btbyJRNtnzTrFPa9ciSRvm9lfIvUsMLcngFY4+f0
MuZOlcXsgjINmXQEZnyFSrmh
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:17:13 2024 by rpki-client on console-fra.rpki-client.org