Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/YjB_FAB-vpUNsnTYViwOLt0kB5M.roa
File:                     YjB_FAB-vpUNsnTYViwOLt0kB5M.roa (raw, json)
Hash identifier:          KRuZY6Vdg5BLeRjeMZZ5fWXtoYEW8ZSq0b0g9fqZ/lU=
Subject key identifier:   62:30:7F:14:00:7E:BE:95:0D:B2:74:D8:56:2C:0E:2E:DD:24:07:93
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018A50A6850140B344939C2342BCE990DBC9
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/YjB_FAB-vpUNsnTYViwOLt0kB5M.roa
Signing time:             Fri 01 Sep 2023 12:10:04 +0000
ROA not before:           Fri 01 Sep 2023 12:10:04 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     50225
IP address blocks:        91.92.21.0/24 maxlen: 24
                          85.217.145.0/24 maxlen: 24
                          185.222.163.0/24 maxlen: 24
                          178.215.237.0/24 maxlen: 24
                          93.123.85.0/24 maxlen: 24
                          80.76.50.0/24 maxlen: 24
                          193.42.34.0/24 maxlen: 24
                          94.156.176.0/24 maxlen: 24
                          193.47.63.0/24 maxlen: 24
                          193.47.60.0/24 maxlen: 24
                          194.48.249.0/24 maxlen: 24
                          45.84.90.0/24 maxlen: 24
                          194.48.251.0/24 maxlen: 24
                          85.209.132.0/24 maxlen: 24
                          79.110.50.0/24 maxlen: 24
                          37.139.131.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:50:a6:85:01:40:b3:44:93:9c:23:42:bc:e9:90:db:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Sep  1 12:10:04 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=62307f14007ebe950db274d8562c0e2edd240793
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:31:7b:01:34:ea:df:91:8a:98:ca:1a:e6:f4:
                    4f:33:18:57:64:75:22:76:70:ec:8c:de:45:05:51:
                    d1:f1:20:bb:50:43:b4:74:9b:87:0d:89:0a:f7:9c:
                    ac:38:95:b2:e7:fb:5b:29:29:3c:27:2a:20:11:83:
                    cc:a6:79:2e:67:61:53:e7:fa:b9:94:e3:4d:7d:eb:
                    51:e3:af:71:92:71:e9:8e:fc:07:ad:ba:50:80:9d:
                    e5:c2:34:74:6d:03:8c:a9:98:11:1a:99:80:06:c9:
                    e9:89:09:15:4e:06:9a:56:96:e1:d4:7d:4b:c8:07:
                    59:42:8d:44:4d:48:5e:84:e2:f3:08:8c:2a:40:a7:
                    36:1a:67:78:34:a6:31:7e:53:8a:ec:a8:a2:25:34:
                    ad:43:ee:59:dd:4a:98:cc:a0:a0:84:c3:65:9b:5b:
                    0d:42:eb:18:43:33:9a:38:fc:f9:91:00:91:da:b1:
                    bc:ae:0f:68:a2:c0:ca:fe:b8:c2:b7:e5:83:36:98:
                    c8:f5:2c:39:8c:d8:6c:6e:20:e3:95:f9:0a:cd:bc:
                    42:9a:1d:be:12:7c:73:50:f9:be:54:a7:6a:c2:c2:
                    a1:04:1a:cc:59:77:f7:78:28:db:30:a9:a5:04:e0:
                    7f:b9:70:ac:cb:cc:1d:64:b8:d6:56:eb:d2:47:bf:
                    95:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:30:7F:14:00:7E:BE:95:0D:B2:74:D8:56:2C:0E:2E:DD:24:07:93
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/YjB_FAB-vpUNsnTYViwOLt0kB5M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.139.131.0/24
                  45.84.90.0/24
                  79.110.50.0/24
                  80.76.50.0/24
                  85.209.132.0/24
                  85.217.145.0/24
                  91.92.21.0/24
                  93.123.85.0/24
                  94.156.176.0/24
                  178.215.237.0/24
                  185.222.163.0/24
                  193.42.34.0/24
                  193.47.60.0/24
                  193.47.63.0/24
                  194.48.249.0/24
                  194.48.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:fe:3e:1c:c6:d1:82:1d:2a:1a:11:59:a8:fe:d2:89:28:97:
         50:6c:c7:f3:d0:22:f1:52:4b:62:0f:c9:51:92:e4:61:9a:27:
         3c:5b:67:e1:5e:75:b0:94:89:0f:c6:5a:db:7b:b0:8a:91:00:
         f9:35:25:d0:31:bb:48:62:bc:6e:d2:53:d5:d5:88:ba:b0:68:
         06:14:3b:05:a7:cf:fa:c7:a3:01:13:cf:5f:3f:b0:d1:c8:ef:
         50:dc:64:4b:bd:c6:a1:f1:0a:82:69:b4:4a:a2:37:9b:92:bd:
         4e:c3:2d:fe:f4:24:a5:80:48:93:3b:d7:90:0e:79:be:b2:df:
         44:94:10:b9:29:fb:3b:10:7a:57:f7:bc:a8:9d:66:1f:0f:22:
         13:77:01:96:57:dc:0a:39:da:dd:f2:ed:b2:3f:66:15:77:8c:
         d0:8b:c7:14:97:d8:4e:34:d2:c7:d6:9a:2d:0f:68:a1:ce:c2:
         3f:68:3c:35:5f:95:62:80:32:07:ab:9e:5e:5a:d6:f7:05:65:
         07:9a:20:4e:66:cd:a4:93:0d:c7:d7:01:7e:15:c8:1e:3b:24:
         55:5e:ff:e2:55:87:c7:20:df:c7:a5:33:6b:e0:72:11:13:56:
         96:29:d7:9e:41:31:28:9f:89:2e:16:cf:2d:39:53:91:8a:cb:
         8d:74:1c:85
-----BEGIN CERTIFICATE-----
MIIFVzCCBD+gAwIBAgISAYpQpoUBQLNEk5wjQrzpkNvJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwOTAxMTIxMDA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjMwN2YxNDAwN2ViZTk1MGRiMjc0ZDg1NjJjMGUyZWRkMjQwNzkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxzF7ATTq35GKmMoa5vRPMxhXZHUi
dnDsjN5FBVHR8SC7UEO0dJuHDYkK95ysOJWy5/tbKSk8JyogEYPMpnkuZ2FT5/q5
lONNfetR469xknHpjvwHrbpQgJ3lwjR0bQOMqZgRGpmABsnpiQkVTgaaVpbh1H1L
yAdZQo1ETUhehOLzCIwqQKc2Gmd4NKYxflOK7KiiJTStQ+5Z3UqYzKCghMNlm1sN
QusYQzOaOPz5kQCR2rG8rg9oosDK/rjCt+WDNpjI9Sw5jNhsbiDjlfkKzbxCmh2+
EnxzUPm+VKdqwsKhBBrMWXf3eCjbMKmlBOB/uXCsy8wdZLjWVuvSR7+VaQIDAQAB
o4ICYzCCAl8wHQYDVR0OBBYEFGIwfxQAfr6VDbJ02FYsDi7dJAeTMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvWWpCX0ZBQi12cFVOc25UWVZpd09MdDBrQjVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHkGCCsGAQUFBwEHAQH/BGowaDBmBAIAATBgAwQAJYuDAwQA
LVRaAwQAT24yAwQAUEwyAwQAVdGEAwQAVdmRAwQAW1wVAwQAXXtVAwQAXpywAwQA
stftAwQAud6jAwQAwSoiAwQAwS88AwQAwS8/AwQAwjD5AwQAwjD7MA0GCSqGSIb3
DQEBCwUAA4IBAQAF/j4cxtGCHSoaEVmo/tKJKJdQbMfz0CLxUktiD8lRkuRhmic8
W2fhXnWwlIkPxlrbe7CKkQD5NSXQMbtIYrxu0lPV1Yi6sGgGFDsFp8/6x6MBE89f
P7DRyO9Q3GRLvcah8QqCabRKojebkr1Owy3+9CSlgEiTO9eQDnm+st9ElBC5Kfs7
EHpX97yonWYfDyITdwGWV9wKOdrd8u2yP2YVd4zQi8cUl9hONNLH1potD2ihzsI/
aDw1X5VigDIHq55eWtb3BWUHmiBOZs2kkw3H1wF+FcgeOyRVXv/iVYfHIN/HpTNr
4HIRE1aWKdeeQTEon4kuFs8tOVORisuNdByF
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:36 2024 by rpki-client on console-ams.rpki-client.org