Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/_xqBhCtRXXPfEVozBuA8eOdmOUU.roa
File:                     _xqBhCtRXXPfEVozBuA8eOdmOUU.roa (raw, json)
Hash identifier:          mc8xFNgT/MP4SKzebjPLnCqVtvxI+U/LTp2bfh5HAig=
Subject key identifier:   FF:1A:81:84:2B:51:5D:73:DF:11:5A:33:06:E0:3C:78:E7:66:39:45
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       01882F4E82F46CDF466502C3D71A7A17E3DE
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/_xqBhCtRXXPfEVozBuA8eOdmOUU.roa
Signing time:             Thu 18 May 2023 14:40:54 +0000
ROA not before:           Thu 18 May 2023 14:40:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     61302
IP address blocks:        45.9.156.0/24 maxlen: 24
                          45.12.255.0/24 maxlen: 24
                          45.66.228.0/24 maxlen: 24
                          147.78.100.0/23 maxlen: 24
                          87.120.130.0/24 maxlen: 24
                          185.246.223.0/24 maxlen: 24
                          194.180.39.0/24 maxlen: 24
                          45.139.104.0/24 maxlen: 24
                          82.115.210.0/23 maxlen: 24
                          45.129.84.0/24 maxlen: 24
                          45.129.86.0/24 maxlen: 24
                          94.154.172.0/24 maxlen: 24
                          193.35.19.0/24 maxlen: 24
                          93.123.39.0/24 maxlen: 24
                          171.22.31.0/24 maxlen: 24
                          81.161.230.0/24 maxlen: 24
                          87.121.124.0/23 maxlen: 24
                          81.161.239.0/24 maxlen: 24
                          178.215.226.0/24 maxlen: 24
                          91.200.192.0/22 maxlen: 24
                          94.156.250.0/24 maxlen: 24
                          94.156.248.0/24 maxlen: 24
                          87.121.162.0/24 maxlen: 24
                          94.156.160.0/24 maxlen: 24
                          45.141.158.0/24 maxlen: 24
                          171.22.17.0/24 maxlen: 24
                          171.22.18.0/24 maxlen: 24
                          83.219.97.0/24 maxlen: 24
                          87.121.220.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:2f:4e:82:f4:6c:df:46:65:02:c3:d7:1a:7a:17:e3:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: May 18 14:40:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ff1a81842b515d73df115a3306e03c78e7663945
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:3d:8c:b2:1c:25:52:8b:a9:c5:c6:23:15:1c:
                    7d:99:43:9e:f5:e3:27:10:bd:02:42:b9:d3:44:9b:
                    b5:0a:b9:1d:20:13:e8:04:7e:dd:e5:1a:e2:32:c4:
                    a5:73:eb:06:72:33:28:07:50:0e:c4:77:c1:1d:f0:
                    3a:0d:ce:76:14:92:d7:88:a9:69:75:8d:f6:fd:59:
                    26:84:85:df:65:9c:92:e0:56:29:02:3a:65:f8:3a:
                    3a:98:16:7d:e3:60:b9:21:91:bf:67:d3:7d:e2:20:
                    65:c7:fb:16:c9:ff:29:53:38:5c:53:c5:dd:bb:13:
                    73:aa:6a:2f:0f:04:ae:4a:6c:34:53:4d:36:34:c7:
                    5c:e0:5d:88:9b:c3:c1:3a:d3:70:b3:01:cb:61:a1:
                    87:80:a8:b6:4d:09:9a:21:3a:67:97:ae:fe:86:e2:
                    ac:20:d9:98:79:f8:73:5b:fe:65:16:98:01:f1:d7:
                    59:84:b7:eb:bd:f0:80:ce:ab:25:b5:39:c5:43:44:
                    76:c9:b0:af:f6:51:d9:c6:30:62:30:e5:18:ec:71:
                    8a:9c:81:50:ec:53:8f:95:5e:05:21:28:14:cf:92:
                    55:b4:59:6e:17:88:41:0d:ef:ac:41:af:e4:6f:0f:
                    ae:a9:66:5a:62:ed:ad:f2:5e:26:f2:40:a3:29:a6:
                    db:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:1A:81:84:2B:51:5D:73:DF:11:5A:33:06:E0:3C:78:E7:66:39:45
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/_xqBhCtRXXPfEVozBuA8eOdmOUU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.9.156.0/24
                  45.12.255.0/24
                  45.66.228.0/24
                  45.129.84.0/24
                  45.129.86.0/24
                  45.139.104.0/24
                  45.141.158.0/24
                  81.161.230.0/24
                  81.161.239.0/24
                  82.115.210.0/23
                  83.219.97.0/24
                  87.120.130.0/24
                  87.121.124.0/23
                  87.121.162.0/24
                  87.121.220.0/24
                  91.200.192.0/22
                  93.123.39.0/24
                  94.154.172.0/24
                  94.156.160.0/24
                  94.156.248.0/24
                  94.156.250.0/24
                  147.78.100.0/23
                  171.22.17.0-171.22.18.255
                  171.22.31.0/24
                  178.215.226.0/24
                  185.246.223.0/24
                  193.35.19.0/24
                  194.180.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:be:de:a6:8c:eb:57:3a:58:4b:74:8e:0b:55:70:f9:2a:98:
         ef:91:52:23:fd:3e:c1:43:a6:1c:2e:89:78:cc:a1:26:14:e0:
         69:a4:b4:be:9c:8b:eb:e9:31:7d:f5:6b:66:55:f5:84:17:27:
         fa:e8:77:31:a1:9e:a9:81:88:3f:8d:71:1a:e1:fe:a8:e4:c4:
         72:86:47:14:1a:50:fa:87:57:39:4f:9a:78:c9:82:22:b8:de:
         11:a3:fb:09:28:0f:9e:be:ad:b4:d6:e0:7a:23:45:6b:1a:71:
         c7:67:79:3c:a4:8b:80:75:dc:6d:cc:2b:59:c6:f9:c6:69:c4:
         43:24:d0:cc:08:7f:aa:02:97:4a:91:6e:c7:77:b7:6f:90:2c:
         bd:1a:00:55:a1:91:7b:cb:e2:16:0b:e5:a7:c0:1e:58:e7:01:
         ad:c6:74:d7:6d:35:84:3b:7f:79:58:dc:e7:e0:cd:75:a6:b4:
         20:1c:4f:0e:28:3c:82:2b:55:fc:0b:bd:0c:74:85:63:48:c6:
         c2:9e:f3:07:92:6c:9d:d1:7f:d2:87:2e:fd:41:71:01:f2:e9:
         e8:f1:74:54:9b:ae:be:29:89:4a:73:21:c4:ab:64:4a:ab:65:
         61:b8:80:3e:70:7b:3c:75:13:4a:94:bc:84:0d:a4:9f:64:8f:
         66:c8:c7:ca
-----BEGIN CERTIFICATE-----
MIIFrDCCBJSgAwIBAgISAYgvToL0bN9GZQLD1xp6F+PeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwNTE4MTQ0MDU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjFhODE4NDJiNTE1ZDczZGYxMTVhMzMwNmUwM2M3OGU3NjYzOTQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjj2MshwlUoupxcYjFRx9mUOe9eMn
EL0CQrnTRJu1CrkdIBPoBH7d5RriMsSlc+sGcjMoB1AOxHfBHfA6Dc52FJLXiKlp
dY32/VkmhIXfZZyS4FYpAjpl+Do6mBZ942C5IZG/Z9N94iBlx/sWyf8pUzhcU8Xd
uxNzqmovDwSuSmw0U002NMdc4F2Im8PBOtNwswHLYaGHgKi2TQmaITpnl67+huKs
INmYefhzW/5lFpgB8ddZhLfrvfCAzqsltTnFQ0R2ybCv9lHZxjBiMOUY7HGKnIFQ
7FOPlV4FISgUz5JVtFluF4hBDe+sQa/kbw+uqWZaYu2t8l4m8kCjKabb+QIDAQAB
o4ICuDCCArQwHQYDVR0OBBYEFP8agYQrUV1z3xFaMwbgPHjnZjlFMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvX3hxQmhDdFJYWFBmRVZvekJ1QThlT2RtT1VVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHNBggrBgEFBQcBBwEB/wSBvTCBujCBtwQCAAEwgbADBAAt
CZwDBAAtDP8DBAAtQuQDBAAtgVQDBAAtgVYDBAAti2gDBAAtjZ4DBABRoeYDBABR
oe8DBAFSc9IDBABT22EDBABXeIIDBAFXeXwDBABXeaIDBABXedwDBAJbyMADBABd
eycDBABemqwDBABenKADBABenPgDBABenPoDBAGTTmQwDAMEAKsWEQMEAKsWEgME
AKsWHwMEALLX4gMEALn23wMEAMEjEwMEAMK0JzANBgkqhkiG9w0BAQsFAAOCAQEA
F77epozrVzpYS3SOC1Vw+SqY75FSI/0+wUOmHC6JeMyhJhTgaaS0vpyL6+kxffVr
ZlX1hBcn+uh3MaGeqYGIP41xGuH+qOTEcoZHFBpQ+odXOU+aeMmCIrjeEaP7CSgP
nr6ttNbgeiNFaxpxx2d5PKSLgHXcbcwrWcb5xmnEQyTQzAh/qgKXSpFux3e3b5As
vRoAVaGRe8viFgvlp8AeWOcBrcZ01201hDt/eVjc5+DNdaa0IBxPDig8gitV/Au9
DHSFY0jGwp7zB5JsndF/0ocu/UFxAfLp6PF0VJuuvimJSnMhxKtkSqtlYbiAPnB7
PHUTSpS8hA2kn2SPZsjHyg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:17:14 2024 by rpki-client on console-fra.rpki-client.org