Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/YsguFKZMDE7XfRmOPfRbWdlqszw.roa
File:                     YsguFKZMDE7XfRmOPfRbWdlqszw.roa (raw, json)
Hash identifier:          /xOYCMwbtfTDyapaBbI4hYjaRXl5dGGYKQ0JTBXdHes=
Subject key identifier:   62:C8:2E:14:A6:4C:0C:4E:D7:7D:19:8E:3D:F4:5B:59:D9:6A:B3:3C
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018ADFAEF6B81C7BF8F0C489A42DC222AEA4
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/YsguFKZMDE7XfRmOPfRbWdlqszw.roa
Signing time:             Fri 29 Sep 2023 06:45:00 +0000
ROA not before:           Fri 29 Sep 2023 06:45:00 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     0
IP address blocks:        185.218.84.0/22 maxlen: 24
                          178.215.224.0/24 maxlen: 24
                          91.92.24.0/23 maxlen: 24
                          94.156.239.0/24 maxlen: 24
                          178.215.236.0/24 maxlen: 24
                          171.22.72.0/22 maxlen: 24
                          87.121.69.0/24 maxlen: 24
                          185.252.176.0/24 maxlen: 24
                          94.156.177.0/24 maxlen: 24
                          147.78.101.0/24 maxlen: 24
                          147.78.100.0/24 maxlen: 24
                          147.78.102.0/24 maxlen: 24
                          92.119.196.0/23 maxlen: 24
                          185.216.84.0/22 maxlen: 24
                          87.121.45.0/24 maxlen: 24
                          87.121.59.0/24 maxlen: 24
                          194.180.50.0/24 maxlen: 24
                          194.169.174.0/24 maxlen: 24
                          94.156.78.0/24 maxlen: 24
                          93.123.116.0/24 maxlen: 24
                          94.154.162.0/23 maxlen: 24
                          94.154.161.0/24 maxlen: 24
                          185.219.126.0/24 maxlen: 24
                          45.151.89.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:df:ae:f6:b8:1c:7b:f8:f0:c4:89:a4:2d:c2:22:ae:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Sep 29 06:45:00 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=62c82e14a64c0c4ed77d198e3df45b59d96ab33c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:66:de:fd:89:85:8f:2e:4d:7c:92:aa:63:88:
                    db:d7:62:9d:28:0f:8b:aa:01:69:97:9f:1a:b2:24:
                    e1:ef:a4:56:9e:07:35:cb:f5:7b:e6:87:a5:36:ff:
                    b1:03:86:b0:9e:31:4c:6d:48:1d:da:de:5a:6d:37:
                    17:e7:e5:39:a5:6f:c8:0b:c8:f8:6a:ef:07:3f:e5:
                    40:9c:49:ce:b5:cc:54:9b:b6:d1:02:bc:07:17:6a:
                    35:2a:b2:0e:95:84:52:11:52:fe:cd:b3:23:3e:42:
                    0b:29:90:38:53:ea:1a:8e:22:e9:6e:ee:95:df:d3:
                    1a:fc:42:6d:83:78:77:30:90:19:0f:7a:26:3f:cf:
                    e7:ad:bd:48:29:07:74:4f:34:93:56:a8:55:57:f5:
                    fb:3c:26:f1:79:0d:1e:cb:92:c4:83:97:a4:be:44:
                    15:59:c6:43:ad:bb:34:dc:d3:ff:48:6b:4d:80:9b:
                    b0:28:ea:09:fa:89:ef:b0:5a:2e:d3:57:e4:40:cf:
                    fd:9a:7c:2d:d4:d3:73:42:b3:1a:9e:f0:6a:28:15:
                    56:e8:33:fc:1c:70:0f:2d:c3:ef:08:ae:68:1c:0d:
                    2a:a4:fa:77:03:cf:c6:e4:a3:5d:b0:df:13:fb:dc:
                    c4:5d:02:79:a5:e1:8f:0f:db:ca:47:01:84:0b:6f:
                    3c:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:C8:2E:14:A6:4C:0C:4E:D7:7D:19:8E:3D:F4:5B:59:D9:6A:B3:3C
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/YsguFKZMDE7XfRmOPfRbWdlqszw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.151.89.0/24
                  87.121.45.0/24
                  87.121.59.0/24
                  87.121.69.0/24
                  91.92.24.0/23
                  92.119.196.0/23
                  93.123.116.0/24
                  94.154.161.0-94.154.163.255
                  94.156.78.0/24
                  94.156.177.0/24
                  94.156.239.0/24
                  147.78.100.0-147.78.102.255
                  171.22.72.0/22
                  178.215.224.0/24
                  178.215.236.0/24
                  185.216.84.0/22
                  185.218.84.0/22
                  185.219.126.0/24
                  185.252.176.0/24
                  194.169.174.0/24
                  194.180.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b5:ba:4e:66:27:ee:28:b0:f7:24:56:da:05:68:89:90:f7:59:
         7a:c1:6f:45:ba:cb:48:9a:b5:c8:74:06:75:4c:d0:79:71:be:
         59:b0:60:b4:73:cf:14:c2:d4:92:d2:8e:67:1d:94:48:a6:3e:
         5e:7c:bd:b0:13:36:de:80:9f:a8:c8:8b:7e:22:69:9b:d4:81:
         1b:c4:5a:dc:68:0d:9c:be:3c:bc:de:75:15:9b:86:70:a3:e2:
         5d:98:3e:46:83:7e:72:53:86:4f:8c:6e:b1:2a:17:23:68:f6:
         6e:8a:e9:ce:97:bd:25:27:89:b6:12:6e:b4:8b:77:32:6f:8f:
         7d:c4:e3:c7:7b:1f:e4:dd:27:f2:da:ad:28:44:1e:c2:45:ee:
         9d:59:f3:18:70:94:f8:95:9b:c3:bc:c4:b9:ff:e4:b2:d7:db:
         cc:1d:2c:14:0c:7b:67:76:38:7e:99:e6:2f:2a:af:13:10:02:
         14:e6:16:a2:b1:8b:59:11:ff:17:1e:29:a5:ee:d7:df:34:80:
         03:3e:f5:c4:6c:3b:b9:4d:ec:4c:fb:a6:bc:ec:ec:e0:19:3c:
         5f:67:af:4c:ab:06:89:4a:db:9b:0a:00:66:bb:ba:84:83:49:
         59:eb:ab:17:55:8c:56:06:4c:86:89:c8:3d:3f:9f:8a:b4:2c:
         6e:2a:34:4c
-----BEGIN CERTIFICATE-----
MIIFijCCBHKgAwIBAgISAYrfrva4HHv48MSJpC3CIq6kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwOTI5MDY0NTAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MmM4MmUxNGE2NGMwYzRlZDc3ZDE5OGUzZGY0NWI1OWQ5NmFiMzNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs2be/YmFjy5NfJKqY4jb12KdKA+L
qgFpl58asiTh76RWngc1y/V75oelNv+xA4awnjFMbUgd2t5abTcX5+U5pW/IC8j4
au8HP+VAnEnOtcxUm7bRArwHF2o1KrIOlYRSEVL+zbMjPkILKZA4U+oajiLpbu6V
39Ma/EJtg3h3MJAZD3omP8/nrb1IKQd0TzSTVqhVV/X7PCbxeQ0ey5LEg5ekvkQV
WcZDrbs03NP/SGtNgJuwKOoJ+onvsFou01fkQM/9mnwt1NNzQrManvBqKBVW6DP8
HHAPLcPvCK5oHA0qpPp3A8/G5KNdsN8T+9zEXQJ5peGPD9vKRwGEC288GQIDAQAB
o4ICljCCApIwHQYDVR0OBBYEFGLILhSmTAxO130Zjj30W1nZarM8MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvWXNndUZLWk1ERTdYZlJtT1BmUmJXZGxxc3p3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGrBggrBgEFBQcBBwEB/wSBmzCBmDCBlQQCAAEwgY4DBAAt
l1kDBABXeS0DBABXeTsDBABXeUUDBAFbXBgDBAFcd8QDBABde3QwDAMEAF6aoQME
Al6aoAMEAF6cTgMEAF6csQMEAF6c7zAMAwQCk05kAwQAk05mAwQCqxZIAwQAstfg
AwQAstfsAwQCudhUAwQCudpUAwQAudt+AwQAufywAwQAwqmuAwQAwrQyMA0GCSqG
SIb3DQEBCwUAA4IBAQC1uk5mJ+4osPckVtoFaImQ91l6wW9FustImrXIdAZ1TNB5
cb5ZsGC0c88UwtSS0o5nHZRIpj5efL2wEzbegJ+oyIt+Immb1IEbxFrcaA2cvjy8
3nUVm4Zwo+JdmD5Gg35yU4ZPjG6xKhcjaPZuiunOl70lJ4m2Em60i3cyb499xOPH
ex/k3Sfy2q0oRB7CRe6dWfMYcJT4lZvDvMS5/+Sy19vMHSwUDHtndjh+meYvKq8T
EAIU5haisYtZEf8XHiml7tffNIADPvXEbDu5TexM+6a87OzgGTxfZ69MqwaJStub
CgBmu7qEg0lZ66sXVYxWBkyGicg9P5+KtCxuKjRM
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:17:13 2024 by rpki-client on console-fra.rpki-client.org