Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/ZdcQxrTi63BADCzYKoyZ413Ffrs.roa
File:                     ZdcQxrTi63BADCzYKoyZ413Ffrs.roa (raw, json)
Hash identifier:          nwvo3H0gZ9veKkzrQZJid2g5Mnqk7ko+9BvG2JOmbW4=
Subject key identifier:   65:D7:10:C6:B4:E2:EB:70:40:0C:2C:D8:2A:8C:99:E3:5D:C5:7E:BB
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018697D0252A7917846E0285998B78BFDB04
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/ZdcQxrTi63BADCzYKoyZ413Ffrs.roa
Signing time:             Tue 28 Feb 2023 11:37:25 +0000
ROA not before:           Tue 28 Feb 2023 11:37:25 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     0
IP address blocks:        185.218.84.0/22 maxlen: 24
                          87.121.124.0/23 maxlen: 24
                          45.81.241.0/24 maxlen: 24
                          178.215.236.0/24 maxlen: 24
                          171.22.72.0/22 maxlen: 24
                          185.252.176.0/24 maxlen: 24
                          171.22.19.0/24 maxlen: 24
                          92.119.196.0/23 maxlen: 24
                          185.216.84.0/22 maxlen: 24
                          185.218.137.0/24 maxlen: 24
                          94.154.161.0/24 maxlen: 24
                          94.154.162.0/23 maxlen: 24
                          185.219.126.0/24 maxlen: 24
                          45.151.89.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:97:d0:25:2a:79:17:84:6e:02:85:99:8b:78:bf:db:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Feb 28 11:37:25 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=65d710c6b4e2eb70400c2cd82a8c99e35dc57ebb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:ae:a4:b4:ca:9c:5f:1a:c0:43:df:b0:47:f8:
                    5b:10:17:03:59:bb:cd:57:01:8d:2b:1c:e9:98:ea:
                    73:6b:4e:20:a3:13:4d:ec:11:db:e3:02:9e:e9:b6:
                    0c:1b:40:b3:22:ed:29:50:9a:2d:cc:96:a4:83:a0:
                    07:6a:dc:eb:90:be:ff:9b:36:3e:ca:69:7a:ec:63:
                    e7:e4:82:81:96:b4:00:7f:c4:cc:dc:b8:1b:9a:00:
                    3f:b7:54:49:4d:0e:c6:36:c4:79:a0:2c:bb:14:7c:
                    b2:31:70:de:87:59:e1:26:78:58:e3:e8:ad:13:3f:
                    68:62:43:94:08:45:b5:87:94:d0:fa:d2:94:8c:0c:
                    16:00:e4:5f:04:27:01:56:a6:41:03:e8:9f:cc:e1:
                    24:fa:56:2b:e2:b9:57:c9:cc:49:6c:81:43:98:a8:
                    54:33:7a:ec:68:fd:62:15:0f:61:c3:e1:0b:fe:d3:
                    dd:a2:60:48:4a:b0:9e:80:36:5b:a7:ca:cf:ff:62:
                    89:23:72:16:ed:eb:ef:ed:e4:b5:db:1c:e6:c9:ff:
                    b1:17:63:38:6f:93:3c:7f:9f:2c:5e:c1:3b:d3:f9:
                    6e:7a:d9:45:16:db:21:5e:8a:61:9c:83:24:88:e6:
                    73:3c:02:fa:0c:11:cb:b3:ae:13:00:0e:fc:af:09:
                    b4:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:D7:10:C6:B4:E2:EB:70:40:0C:2C:D8:2A:8C:99:E3:5D:C5:7E:BB
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/ZdcQxrTi63BADCzYKoyZ413Ffrs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.81.241.0/24
                  45.151.89.0/24
                  87.121.124.0/23
                  92.119.196.0/23
                  94.154.161.0-94.154.163.255
                  171.22.19.0/24
                  171.22.72.0/22
                  178.215.236.0/24
                  185.216.84.0/22
                  185.218.84.0/22
                  185.218.137.0/24
                  185.219.126.0/24
                  185.252.176.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:56:35:74:b0:e9:10:35:eb:26:77:e9:66:e3:ba:dd:81:68:
         87:a6:c2:44:98:d6:d6:5c:27:03:d3:dc:2e:3b:1f:29:2f:3a:
         ac:e9:1d:8b:92:ae:35:f2:f6:af:e4:96:00:38:c1:05:6f:4e:
         32:73:71:b4:36:a8:9b:2d:98:2d:c7:74:14:d9:1d:ad:45:03:
         9a:06:73:2f:bc:b4:e2:24:71:c4:4b:c6:df:00:7f:8f:53:34:
         73:8c:ac:91:17:53:d0:de:2b:bb:20:b6:01:64:c4:4d:24:1f:
         10:a4:18:f0:a5:49:24:73:75:33:48:2d:61:68:1f:f6:80:af:
         0b:c4:83:37:77:bb:4c:f1:a9:23:d5:27:75:d2:68:fa:81:e3:
         cf:e1:57:e8:11:df:4f:b1:73:e4:e2:03:0f:f8:96:bf:de:83:
         61:11:04:78:7b:95:da:85:f2:b2:e7:29:04:1f:bd:c0:18:4e:
         0e:2e:6c:ff:88:cb:7e:a0:72:91:a4:9b:a4:23:d1:52:fd:bf:
         93:18:cf:a9:05:9b:f4:d7:61:5e:7b:74:99:da:0b:5b:38:84:
         eb:fd:20:18:08:31:f1:c9:43:91:0a:3e:e0:70:b3:1b:64:a3:
         37:8d:18:8b:f6:63:7d:1f:30:9f:8d:b3:6c:7c:35:a9:fe:98:
         99:69:ab:2d
-----BEGIN CERTIFICATE-----
MIIFTTCCBDWgAwIBAgISAYaX0CUqeReEbgKFmYt4v9sEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwMjI4MTEzNzI1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NWQ3MTBjNmI0ZTJlYjcwNDAwYzJjZDgyYThjOTllMzVkYzU3ZWJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg66ktMqcXxrAQ9+wR/hbEBcDWbvN
VwGNKxzpmOpza04goxNN7BHb4wKe6bYMG0CzIu0pUJotzJakg6AHatzrkL7/mzY+
yml67GPn5IKBlrQAf8TM3LgbmgA/t1RJTQ7GNsR5oCy7FHyyMXDeh1nhJnhY4+it
Ez9oYkOUCEW1h5TQ+tKUjAwWAORfBCcBVqZBA+ifzOEk+lYr4rlXycxJbIFDmKhU
M3rsaP1iFQ9hw+EL/tPdomBISrCegDZbp8rP/2KJI3IW7evv7eS12xzmyf+xF2M4
b5M8f58sXsE70/luetlFFtshXophnIMkiOZzPAL6DBHLs64TAA78rwm0twIDAQAB
o4ICWTCCAlUwHQYDVR0OBBYEFGXXEMa04utwQAws2CqMmeNdxX67MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvWmRjUXhyVGk2M0JBREN6WUtveVo0MTNGZnJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG8GCCsGAQUFBwEHAQH/BGAwXjBcBAIAATBWAwQALVHxAwQA
LZdZAwQBV3l8AwQBXHfEMAwDBABemqEDBAJemqADBACrFhMDBAKrFkgDBACy1+wD
BAK52FQDBAK52lQDBAC52okDBAC5234DBAC5/LAwDQYJKoZIhvcNAQELBQADggEB
AEVWNXSw6RA16yZ36Wbjut2BaIemwkSY1tZcJwPT3C47HykvOqzpHYuSrjXy9q/k
lgA4wQVvTjJzcbQ2qJstmC3HdBTZHa1FA5oGcy+8tOIkccRLxt8Af49TNHOMrJEX
U9DeK7sgtgFkxE0kHxCkGPClSSRzdTNILWFoH/aArwvEgzd3u0zxqSPVJ3XSaPqB
48/hV+gR30+xc+TiAw/4lr/eg2ERBHh7ldqF8rLnKQQfvcAYTg4ubP+Iy36gcpGk
m6Qj0VL9v5MYz6kFm/TXYV57dJnaC1s4hOv9IBgIMfHJQ5EKPuBwsxtkozeNGIv2
Y30fMJ+Ns2x8Nan+mJlpqy0=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:17:14 2024 by rpki-client on console-fra.rpki-client.org