Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/aBrSEmdD5wHRHVv-EfhPzgB5fe8.roa
File:                     aBrSEmdD5wHRHVv-EfhPzgB5fe8.roa (raw, json)
Hash identifier:          RhbgUKeMHLBx2kIs9QniKgL6/oh6b1hn4BTRjeUUNlI=
Subject key identifier:   68:1A:D2:12:67:43:E7:01:D1:1D:5B:FE:11:F8:4F:CE:00:79:7D:EF
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       1CC5E654
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/aBrSEmdD5wHRHVv-EfhPzgB5fe8.roa
Signing time:             Tue 18 Jan 2022 11:49:22 +0000
ROA not before:           Tue 18 Jan 2022 11:49:22 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     393398
IP address blocks:        81.161.237.0/24 maxlen: 24
                          79.110.60.0/22 maxlen: 24
                          83.219.96.0/22 maxlen: 24
                          185.218.136.0/22 maxlen: 24
                          82.115.208.0/22 maxlen: 24
                          193.37.40.0/22 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 482731604 (0x1cc5e654)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan 18 11:49:22 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=681ad2126743e701d11d5bfe11f84fce00797def
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:6b:bd:85:72:0d:55:c1:0b:3b:45:83:2b:cc:
                    61:27:9f:e1:f3:98:71:1a:e1:a2:82:bc:d0:bf:e6:
                    cc:68:6e:c4:1c:57:da:a6:35:a6:8a:3b:67:0f:2c:
                    59:b1:76:04:e2:37:2e:e8:1f:b0:6f:6f:3a:7a:9e:
                    82:57:1d:fb:e7:59:7b:dd:d3:09:b3:c6:d9:ed:1f:
                    cb:2f:a6:52:b7:fe:25:93:15:f5:5f:3c:64:1b:49:
                    cc:37:bc:88:2a:eb:44:90:58:52:7c:9e:df:b4:59:
                    4a:a9:ec:bb:07:4c:24:31:ef:b6:2e:e5:fb:6b:9a:
                    c0:b0:d8:ae:c9:1a:aa:51:35:7e:74:e6:c6:09:a8:
                    f5:9f:61:d2:79:f3:12:90:bf:57:9c:be:d0:7f:74:
                    1f:c1:8e:13:b5:54:d7:8e:01:0a:ac:a8:7f:32:42:
                    0c:ad:4a:b4:3f:d2:53:6d:ac:13:39:f1:54:27:3b:
                    ac:d7:a7:94:c5:91:85:34:05:cd:b7:82:bf:a9:de:
                    c6:1f:61:3b:b9:38:36:5a:b0:cf:7c:11:7e:5b:af:
                    be:34:aa:5d:80:6c:66:71:d0:64:1b:e9:5e:ea:fd:
                    57:9e:a9:40:6e:78:3f:1f:9d:55:b0:67:d1:74:33:
                    fb:85:02:9a:e7:f5:ad:f0:01:8b:8b:1d:d0:a8:bd:
                    ea:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:1A:D2:12:67:43:E7:01:D1:1D:5B:FE:11:F8:4F:CE:00:79:7D:EF
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/aBrSEmdD5wHRHVv-EfhPzgB5fe8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.110.60.0/22
                  81.161.237.0/24
                  82.115.208.0/22
                  83.219.96.0/22
                  185.218.136.0/22
                  193.37.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         83:5e:d1:35:32:14:c5:1a:82:f3:d7:32:b0:ab:67:5e:66:ac:
         75:52:5d:bf:ae:59:09:04:73:c2:5c:21:c4:c8:ab:f0:29:9e:
         32:bb:f0:8f:a0:e9:c7:83:4b:9a:66:fb:28:f1:25:40:d3:b6:
         96:20:1f:70:17:dd:51:a9:91:bf:51:b2:cc:d5:20:8b:62:a5:
         a0:39:6e:c6:32:15:57:c4:18:18:6e:7b:aa:c6:b7:c1:43:84:
         87:14:77:f2:94:a7:9e:a0:b0:2e:33:4e:45:d5:14:1c:36:86:
         06:e1:02:77:08:78:88:9e:2f:2d:88:83:07:28:30:df:de:d2:
         7f:34:03:a6:85:f8:c6:3c:c5:00:cd:3d:e6:0d:6f:5c:b1:5a:
         6a:c8:c6:f9:3a:4b:7f:48:b5:28:46:6e:fe:e8:00:44:ff:16:
         14:b9:84:80:d0:b1:4a:ad:a0:ac:3c:ce:c7:69:7e:0a:a1:11:
         35:c7:10:2d:0d:19:07:05:9c:d6:2e:39:dc:f2:55:b7:0c:c7:
         51:5b:7a:de:d0:b1:93:e0:f5:54:83:ce:c5:62:e5:e8:9e:29:
         69:83:49:51:f7:1d:39:3d:dd:d1:a3:b9:50:78:e5:2a:7a:9d:
         6d:f3:4e:48:2a:43:7a:90:8d:7e:bd:73:6c:18:31:d5:58:fc:
         f4:b6:f3:b0
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgIEHMXmVDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygy
MmM0YWMzZTNjNDNkNzBkMDUzNDljODE1YmFhZGQzOGFkNzc1ZTlkMB4XDTIyMDEx
ODExNDkyMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNjgxYWQyMTI2NzQz
ZTcwMWQxMWQ1YmZlMTFmODRmY2UwMDc5N2RlZjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMZrvYVyDVXBCztFgyvMYSef4fOYcRrhooK80L/mzGhuxBxX
2qY1poo7Zw8sWbF2BOI3LugfsG9vOnqeglcd++dZe93TCbPG2e0fyy+mUrf+JZMV
9V88ZBtJzDe8iCrrRJBYUnye37RZSqnsuwdMJDHvti7l+2uawLDYrskaqlE1fnTm
xgmo9Z9h0nnzEpC/V5y+0H90H8GOE7VU144BCqyofzJCDK1KtD/SU22sEznxVCc7
rNenlMWRhTQFzbeCv6nexh9hO7k4Nlqwz3wRfluvvjSqXYBsZnHQZBvpXur9V56p
QG54Px+dVbBn0XQz+4UCmuf1rfABi4sd0Ki96tsCAwEAAaOCAicwggIjMB0GA1Ud
DgQWBBRoGtISZ0PnAdEdW/4R+E/OAHl97zAfBgNVHSMEGDAWgBQixKw+PEPXDQU0
nIFbqt04rXdenTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0lzU3NQanhEMXcwRk5KeUJXNnJkT0sxM1hwMC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMDMvOTEzYTNhLWY1NTAtNDZmMC1hY2M3LWNkM2NhNTk3NTcxMi8x
L2FCclNFbWRENXdIUkhWdi1FZmhQemdCNWZlOC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDMv
OTEzYTNhLWY1NTAtNDZmMC1hY2M3LWNkM2NhNTk3NTcxMi8xL0lzU3NQanhEMXcw
Rk5KeUJXNnJkT0sxM1hwMC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA9
BggrBgEFBQcBBwEB/wQuMCwwKgQCAAEwJAMEAk9uPAMEAFGh7QMEAlJz0AMEAlPb
YAMEArnaiAMEAsElKDANBgkqhkiG9w0BAQsFAAOCAQEAg17RNTIUxRqC89cysKtn
XmasdVJdv65ZCQRzwlwhxMir8CmeMrvwj6Dpx4NLmmb7KPElQNO2liAfcBfdUamR
v1GyzNUgi2KloDluxjIVV8QYGG57qsa3wUOEhxR38pSnnqCwLjNORdUUHDaGBuEC
dwh4iJ4vLYiDBygw397SfzQDpoX4xjzFAM095g1vXLFaasjG+TpLf0i1KEZu/ugA
RP8WFLmEgNCxSq2grDzOx2l+CqERNccQLQ0ZBwWc1i453PJVtwzHUVt63tCxk+D1
VIPOxWLl6J4paYNJUfcdOT3d0aO5UHjlKnqdbfNOSCpDepCNfr1zbBgx1Vj89Lbz
sA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:17:14 2024 by rpki-client on console-fra.rpki-client.org