Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/aCh48kfoz0gTSNWwBJcdqw1zFMo.roa
File:                     aCh48kfoz0gTSNWwBJcdqw1zFMo.roa (raw, json)
Hash identifier:          3PkmUzw3qYK9l2dCwTs7uzpQ/87pCb1XcIv6vvMYfeg=
Subject key identifier:   68:28:78:F2:47:E8:CF:48:13:48:D5:B0:04:97:1D:AB:0D:73:14:CA
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018586D1A2D2E598302573B9B1968E2F68FC
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/aCh48kfoz0gTSNWwBJcdqw1zFMo.roa
Signing time:             Fri 06 Jan 2023 11:22:43 +0000
ROA not before:           Fri 06 Jan 2023 11:22:43 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     211252
IP address blocks:        85.217.145.0/24 maxlen: 24
                          45.81.39.0/24 maxlen: 24
                          45.66.230.0/24 maxlen: 24
                          80.76.51.0/24 maxlen: 24
                          85.31.44.0/24 maxlen: 24
                          85.31.46.0/24 maxlen: 24
                          185.252.178.0/24 maxlen: 24
                          193.47.61.0/24 maxlen: 24
                          194.55.186.0/24 maxlen: 24
                          185.246.221.0/24 maxlen: 24
                          185.246.220.0/24 maxlen: 24
                          109.206.241.0/24 maxlen: 24
                          109.206.243.0/24 maxlen: 24
                          185.254.37.0/24 maxlen: 24
                          185.216.71.0/24 maxlen: 24
                          79.110.62.0/24 maxlen: 24
                          79.110.63.0/24 maxlen: 24
                          194.180.48.0/24 maxlen: 24
                          194.180.49.0/24 maxlen: 24
                          185.225.73.0/24 maxlen: 24
                          37.139.128.0/24 maxlen: 24
                          37.139.129.0/24 maxlen: 24
                          84.21.172.0/24 maxlen: 24
                          109.206.240.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:86:d1:a2:d2:e5:98:30:25:73:b9:b1:96:8e:2f:68:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan  6 11:22:43 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=682878f247e8cf481348d5b004971dab0d7314ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:2d:29:9c:3a:b7:7f:18:ac:e2:e7:48:f0:d7:
                    ca:50:50:6e:9e:3d:42:af:ae:83:f1:38:ab:00:72:
                    34:e4:64:65:b0:8d:22:1c:0f:77:ea:d8:87:dc:60:
                    01:dd:12:dc:be:07:27:c7:f1:67:51:54:02:ed:90:
                    02:60:93:e5:67:4a:2b:cf:0e:b1:89:1d:7b:70:ee:
                    67:0a:45:8b:a3:4c:87:90:de:0c:f8:bb:5c:cc:a1:
                    3c:9b:c0:9e:c2:c6:03:9d:f2:07:e0:d6:f8:f2:cf:
                    cf:4e:dc:6c:a3:1c:d1:41:ef:99:56:aa:df:05:6c:
                    4d:8a:23:f5:fd:a8:93:15:4e:dd:f3:f9:62:0b:17:
                    54:5d:f4:02:4b:5e:8c:36:49:8e:00:bd:dd:16:39:
                    4c:b2:86:c5:ed:2e:41:69:5e:3a:4c:83:c5:50:f4:
                    27:79:06:f5:04:7a:85:82:7f:8d:b9:fb:de:1d:17:
                    b9:47:13:dd:04:f2:88:a2:6b:ca:7b:7a:44:05:28:
                    43:e1:09:2d:c9:20:6d:5e:f4:cc:2c:41:e4:0d:f9:
                    28:15:5a:59:b7:e0:5e:52:65:dc:3e:00:ac:37:81:
                    24:71:d7:8b:ff:40:66:ca:2c:7a:43:b1:b2:e3:80:
                    22:02:2d:fd:8a:bf:ae:46:53:cb:f8:82:71:27:40:
                    84:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:28:78:F2:47:E8:CF:48:13:48:D5:B0:04:97:1D:AB:0D:73:14:CA
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/aCh48kfoz0gTSNWwBJcdqw1zFMo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.139.128.0/23
                  45.66.230.0/24
                  45.81.39.0/24
                  79.110.62.0/23
                  80.76.51.0/24
                  84.21.172.0/24
                  85.31.44.0/24
                  85.31.46.0/24
                  85.217.145.0/24
                  109.206.240.0/23
                  109.206.243.0/24
                  185.216.71.0/24
                  185.225.73.0/24
                  185.246.220.0/23
                  185.252.178.0/24
                  185.254.37.0/24
                  193.47.61.0/24
                  194.55.186.0/24
                  194.180.48.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4c:67:eb:25:07:34:4d:64:e2:24:40:9e:45:42:1b:9f:72:c2:
         ed:dd:67:28:90:04:28:16:2e:fd:19:37:88:49:d9:0d:ed:a0:
         2c:50:3a:3d:ab:af:e9:34:ae:7e:23:7e:6c:46:be:e8:25:4f:
         77:e0:a1:76:e9:7b:1e:59:c6:c6:e5:2b:a2:5e:19:4c:4a:9d:
         31:23:ac:e6:90:2b:c2:19:00:0f:76:69:74:bb:d4:d6:dc:35:
         8b:b9:85:b3:ee:c9:1d:ce:b4:84:c2:1e:01:31:18:7e:f3:0a:
         4b:d0:eb:5c:2d:f8:3a:29:f2:17:05:f2:6c:bd:8c:39:52:fe:
         33:a4:0b:83:1f:a0:56:25:9a:6c:9b:50:02:23:4c:a6:30:3c:
         de:b9:65:89:c1:31:86:82:cc:94:95:f4:86:99:44:83:4d:ab:
         fc:70:37:26:c6:6f:48:03:4b:60:69:ca:d9:56:69:fa:24:b1:
         b7:26:9c:3b:c8:52:42:cf:1b:16:db:df:ec:28:6f:d4:be:95:
         93:19:4e:c2:12:75:d0:b3:68:ee:9a:c1:13:b7:a3:3e:ac:3e:
         f2:fc:2a:0e:13:9c:6c:b4:a3:48:19:ca:a5:93:41:f8:50:06:
         7e:75:9e:c2:f9:f1:33:5b:b0:04:c7:43:76:35:a0:69:33:14:
         50:5e:ad:74
-----BEGIN CERTIFICATE-----
MIIFajCCBFKgAwIBAgISAYWG0aLS5ZgwJXO5sZaOL2j8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwMTA2MTEyMjQzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODI4NzhmMjQ3ZThjZjQ4MTM0OGQ1YjAwNDk3MWRhYjBkNzMxNGNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyi0pnDq3fxis4udI8NfKUFBunj1C
r66D8TirAHI05GRlsI0iHA936tiH3GAB3RLcvgcnx/FnUVQC7ZACYJPlZ0orzw6x
iR17cO5nCkWLo0yHkN4M+LtczKE8m8CewsYDnfIH4Nb48s/PTtxsoxzRQe+ZVqrf
BWxNiiP1/aiTFU7d8/liCxdUXfQCS16MNkmOAL3dFjlMsobF7S5BaV46TIPFUPQn
eQb1BHqFgn+NufveHRe5RxPdBPKIomvKe3pEBShD4QktySBtXvTMLEHkDfkoFVpZ
t+BeUmXcPgCsN4EkcdeL/0Bmyix6Q7Gy44AiAi39ir+uRlPL+IJxJ0CE3wIDAQAB
o4ICdjCCAnIwHQYDVR0OBBYEFGgoePJH6M9IE0jVsASXHasNcxTKMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvYUNoNDhrZm96MGdUU05Xd0JKY2RxdzF6Rk1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGLBggrBgEFBQcBBwEB/wR8MHoweAQCAAEwcgMEASWLgAME
AC1C5gMEAC1RJwMEAU9uPgMEAFBMMwMEAFQVrAMEAFUfLAMEAFUfLgMEAFXZkQME
AW3O8AMEAG3O8wMEALnYRwMEALnhSQMEAbn23AMEALn8sgMEALn+JQMEAMEvPQME
AMI3ugMEAcK0MDANBgkqhkiG9w0BAQsFAAOCAQEATGfrJQc0TWTiJECeRUIbn3LC
7d1nKJAEKBYu/Rk3iEnZDe2gLFA6Pauv6TSufiN+bEa+6CVPd+Chdul7HlnGxuUr
ol4ZTEqdMSOs5pArwhkAD3ZpdLvU1tw1i7mFs+7JHc60hMIeATEYfvMKS9DrXC34
OinyFwXybL2MOVL+M6QLgx+gViWabJtQAiNMpjA83rllicExhoLMlJX0hplEg02r
/HA3JsZvSANLYGnK2VZp+iSxtyacO8hSQs8bFtvf7Chv1L6VkxlOwhJ10LNo7prB
E7ejPqw+8vwqDhOcbLSjSBnKpZNB+FAGfnWewvnxM1uwBMdDdjWgaTMUUF6tdA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:37 2024 by rpki-client on console-ams.rpki-client.org