Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/aC4ORzqr2wF8oOby6jpND7ZRcE0.roa
File:                     aC4ORzqr2wF8oOby6jpND7ZRcE0.roa (raw, json)
Hash identifier:          RPOVfPCEHaX42xXWYjB93W40bNpeklBuoKhNiLlGMns=
Subject key identifier:   68:2E:0E:47:3A:AB:DB:01:7C:A0:E6:F2:EA:3A:4D:0F:B6:51:70:4D
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018A84BFE135B462ADE137BAB1DA247BFC34
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/aC4ORzqr2wF8oOby6jpND7ZRcE0.roa
Signing time:             Mon 11 Sep 2023 14:58:02 +0000
ROA not before:           Mon 11 Sep 2023 14:58:02 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     207459
IP address blocks:        91.92.24.0/24 maxlen: 24
                          91.92.24.0/23 maxlen: 23
                          91.92.25.0/24 maxlen: 24
                          193.149.29.0/24 maxlen: 24
                          193.149.30.0/24 maxlen: 24
                          193.149.28.0/22 maxlen: 22
                          193.149.31.0/24 maxlen: 24
                          193.149.28.0/24 maxlen: 24
                          87.120.87.0/24 maxlen: 24
                          87.121.59.0/24 maxlen: 24
                          93.123.116.0/24 maxlen: 24
                          94.154.163.0/24 maxlen: 24
                          176.125.255.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:84:bf:e1:35:b4:62:ad:e1:37:ba:b1:da:24:7b:fc:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Sep 11 14:58:02 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=682e0e473aabdb017ca0e6f2ea3a4d0fb651704d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:66:bf:92:4c:3c:6a:e0:49:49:1c:3e:35:af:
                    73:bc:7f:fa:99:7b:19:8e:11:ea:4a:99:c8:02:39:
                    b1:fc:09:b9:d0:d6:c8:35:07:41:13:18:30:22:62:
                    c7:b5:fc:df:34:b4:89:f1:5d:55:6c:c3:38:80:2a:
                    6c:ae:9e:30:c5:8d:64:91:e4:a0:4d:cb:23:60:81:
                    28:e6:f3:dc:22:2b:84:16:d9:48:fb:f5:e6:97:7e:
                    b8:65:be:35:40:5b:9b:56:10:3f:d3:4c:15:bf:28:
                    6a:fc:51:3c:1f:4f:38:47:cd:e9:19:21:99:9b:ee:
                    f0:c9:46:bd:ca:4e:ff:8c:6b:67:36:a5:ca:fa:dd:
                    8a:65:3b:2a:9b:77:cc:11:b6:55:2a:68:cd:77:62:
                    7c:3f:91:e9:dd:8b:f0:fc:0c:91:0d:f1:ee:d8:9a:
                    4b:1f:d9:cc:d6:dc:b4:20:24:b0:d1:36:78:21:85:
                    74:56:fc:f5:64:23:d5:d2:96:b6:d3:db:9b:0a:b4:
                    fc:9a:5e:41:ad:97:50:cb:da:ba:66:e9:01:47:09:
                    dc:21:4b:bd:42:11:53:f9:31:32:0a:d6:e0:72:8a:
                    ae:0d:e4:6c:37:ad:01:38:6f:ba:06:c1:2c:cb:e1:
                    24:f2:20:86:ab:ef:ef:8c:79:ac:e4:7d:57:4c:0a:
                    00:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:2E:0E:47:3A:AB:DB:01:7C:A0:E6:F2:EA:3A:4D:0F:B6:51:70:4D
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/aC4ORzqr2wF8oOby6jpND7ZRcE0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.120.87.0/24
                  87.121.59.0/24
                  91.92.24.0/23
                  93.123.116.0/24
                  94.154.163.0/24
                  176.125.255.0/24
                  193.149.28.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3e:c5:27:22:b2:da:e4:f4:49:e0:03:97:69:7f:3f:04:52:84:
         53:ce:92:f0:52:bb:b7:d5:67:63:d0:65:be:f1:bb:17:1e:ad:
         2a:54:60:19:3e:1a:dd:26:7c:05:d3:5b:c0:fe:e1:ec:31:a7:
         49:1f:55:f6:dd:cc:1e:4f:2e:83:61:67:87:14:6b:3c:ac:07:
         11:cd:2b:70:23:5c:0c:69:90:15:c2:93:8f:1b:19:a0:7e:54:
         58:b2:0a:eb:d3:80:9b:ef:f1:30:f7:1e:ba:9e:ad:db:e3:e4:
         8d:d7:9b:4f:be:47:2e:33:a8:c1:88:0f:0f:38:7a:7f:44:58:
         53:68:1e:4f:08:6c:d1:50:16:11:08:e0:ca:44:e3:3c:e7:e0:
         25:10:09:9e:af:6b:e0:aa:c4:d1:25:89:34:01:f9:c6:e0:d6:
         6f:8c:4c:3e:ec:31:e4:bb:59:95:ac:26:20:87:fb:5e:6e:51:
         61:47:00:88:8a:f4:0b:51:4a:d2:46:b1:1e:7a:cf:80:63:a1:
         41:fb:32:43:57:a4:29:4f:6f:dc:dd:35:aa:35:14:77:6c:3b:
         5a:01:26:e1:b4:1e:1f:ec:b7:16:09:65:91:dc:48:5b:cf:3d:
         18:db:3c:5d:38:9b:4e:e1:e3:a9:e0:c2:13:eb:86:20:e3:49:
         e8:b0:5f:ee
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYqEv+E1tGKt4Te6sdoke/w0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwOTExMTQ1ODAyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODJlMGU0NzNhYWJkYjAxN2NhMGU2ZjJlYTNhNGQwZmI2NTE3MDRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj2a/kkw8auBJSRw+Na9zvH/6mXsZ
jhHqSpnIAjmx/Am50NbINQdBExgwImLHtfzfNLSJ8V1VbMM4gCpsrp4wxY1kkeSg
TcsjYIEo5vPcIiuEFtlI+/Xml364Zb41QFubVhA/00wVvyhq/FE8H084R83pGSGZ
m+7wyUa9yk7/jGtnNqXK+t2KZTsqm3fMEbZVKmjNd2J8P5Hp3Yvw/AyRDfHu2JpL
H9nM1ty0ICSw0TZ4IYV0Vvz1ZCPV0pa209ubCrT8ml5BrZdQy9q6ZukBRwncIUu9
QhFT+TEyCtbgcoquDeRsN60BOG+6BsEsy+Ek8iCGq+/vjHms5H1XTAoALwIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFGguDkc6q9sBfKDm8uo6TQ+2UXBNMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvYUM0T1J6cXIyd0Y4b09ieTZqcE5EN1pSY0UwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQAV3hXAwQA
V3k7AwQBW1wYAwQAXXt0AwQAXpqjAwQAsH3/AwQCwZUcMA0GCSqGSIb3DQEBCwUA
A4IBAQA+xScistrk9EngA5dpfz8EUoRTzpLwUru31Wdj0GW+8bsXHq0qVGAZPhrd
JnwF01vA/uHsMadJH1X23cweTy6DYWeHFGs8rAcRzStwI1wMaZAVwpOPGxmgflRY
sgrr04Cb7/Ew9x66nq3b4+SN15tPvkcuM6jBiA8POHp/RFhTaB5PCGzRUBYRCODK
ROM85+AlEAmer2vgqsTRJYk0AfnG4NZvjEw+7DHku1mVrCYgh/teblFhRwCIivQL
UUrSRrEees+AY6FB+zJDV6QpT2/c3TWqNRR3bDtaASbhtB4f7LcWCWWR3Ehbzz0Y
2zxdOJtO4eOp4MIT64Yg40nosF/u
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:37 2024 by rpki-client on console-ams.rpki-client.org