Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/aDMO8WoaLk_Ha_Jssau0H2-cE6c.roa
File:                     aDMO8WoaLk_Ha_Jssau0H2-cE6c.roa (raw, json)
Hash identifier:          eoYoO4BLibRpIENay8srYPYgMQxsrQIAsRXXQMv3BaM=
Subject key identifier:   68:33:0E:F1:6A:1A:2E:4F:C7:6B:F2:6C:B1:AB:B4:1F:6F:9C:13:A7
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       01857CF66B79EA6E5A350014E4FDBC89259F
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/aDMO8WoaLk_Ha_Jssau0H2-cE6c.roa
Signing time:             Wed 04 Jan 2023 13:26:42 +0000
ROA not before:           Wed 04 Jan 2023 13:26:42 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     0
IP address blocks:        87.121.124.0/23 maxlen: 24
                          185.218.137.0/24 maxlen: 24
                          185.252.176.0/24 maxlen: 24
                          94.154.161.0/24 maxlen: 24
                          94.154.162.0/23 maxlen: 24
                          185.219.126.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:7c:f6:6b:79:ea:6e:5a:35:00:14:e4:fd:bc:89:25:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan  4 13:26:42 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=68330ef16a1a2e4fc76bf26cb1abb41f6f9c13a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:4a:3a:2a:d5:ec:21:6a:ef:5d:e6:a6:26:ed:
                    c2:ca:e2:e7:4a:3f:18:eb:4f:45:bb:68:54:a6:cb:
                    27:9b:54:19:12:ee:3e:e9:ca:95:50:df:34:d1:10:
                    3d:2b:7a:4c:cb:62:55:0f:0b:48:a7:21:ce:04:17:
                    98:9c:98:6b:b0:32:7a:e3:a2:88:45:f3:85:4b:5d:
                    f8:63:ee:2d:81:ad:81:36:04:c3:f8:cd:41:2d:1c:
                    0b:6d:70:c8:12:92:6e:1c:ec:71:ec:d4:cf:ca:2c:
                    a3:54:1c:d9:4f:86:7e:26:91:72:04:ea:4b:8c:a7:
                    4f:0e:31:6a:d8:32:16:1f:ee:78:f6:70:ab:c9:a9:
                    f5:da:1b:53:5c:c4:ca:8e:c4:52:a6:1a:56:81:d1:
                    97:d1:a9:c9:d4:cb:e6:5e:d9:c6:23:3f:40:e0:8d:
                    38:6f:f3:db:61:36:f1:ec:96:2d:5e:2b:92:4e:43:
                    d9:e5:bc:f2:51:42:19:81:45:f0:2c:84:cd:aa:d1:
                    59:dd:62:0e:3d:d9:b5:1d:00:5b:ad:39:f5:ba:e5:
                    1a:54:1c:1d:e6:ce:9a:a8:84:0c:45:d9:51:fc:79:
                    ac:f8:47:37:e2:e9:2e:67:cc:4a:d5:89:d2:a6:17:
                    67:0d:9b:3a:39:6d:5b:ad:62:9d:e4:07:1b:1d:31:
                    af:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:33:0E:F1:6A:1A:2E:4F:C7:6B:F2:6C:B1:AB:B4:1F:6F:9C:13:A7
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/aDMO8WoaLk_Ha_Jssau0H2-cE6c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.121.124.0/23
                  94.154.161.0-94.154.163.255
                  185.218.137.0/24
                  185.219.126.0/24
                  185.252.176.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:05:d2:cb:69:22:f0:ff:47:e6:c6:40:21:10:22:66:a9:d1:
         55:1c:8e:33:2c:b8:44:93:70:36:79:e0:96:58:cd:4c:93:82:
         ae:3b:2e:c7:7d:43:73:a3:b1:d6:2c:23:63:da:83:48:77:82:
         83:e3:0d:1a:02:d5:62:d2:12:c9:38:6e:ae:f8:4d:a6:b9:e1:
         ba:92:93:18:0e:3e:cf:df:89:5f:97:91:9b:f2:24:80:67:be:
         75:c2:c3:6a:17:2e:d8:70:b6:93:0e:f8:15:98:2c:e5:71:e7:
         02:ce:c1:3e:a8:84:3f:bc:96:da:e6:af:9e:b4:65:96:a9:50:
         e4:d7:9e:20:c8:da:9d:13:98:f9:f3:00:ac:45:61:34:b8:59:
         b0:97:cd:51:38:aa:23:48:ba:4f:74:cf:1b:f3:0d:60:81:69:
         71:c0:de:be:ca:a5:7c:80:f2:76:32:a9:ad:f8:63:5e:9d:87:
         2f:9a:ff:b7:24:10:c6:b6:49:86:53:7f:70:70:fe:4a:fc:19:
         8f:e6:e4:b8:dc:41:d6:92:9a:6b:fb:09:4d:22:49:4a:35:d8:
         40:a7:13:21:33:10:ff:3b:3c:57:95:46:37:6d:3e:02:93:cf:
         bb:7c:bc:0c:7d:0f:ab:16:f0:1c:2e:6f:9a:0d:2b:36:c4:fb:
         77:87:64:35
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAYV89mt56m5aNQAU5P28iSWfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwMTA0MTMyNjQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODMzMGVmMTZhMWEyZTRmYzc2YmYyNmNiMWFiYjQxZjZmOWMxM2E3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgko6KtXsIWrvXeamJu3CyuLnSj8Y
609Fu2hUpssnm1QZEu4+6cqVUN800RA9K3pMy2JVDwtIpyHOBBeYnJhrsDJ646KI
RfOFS134Y+4tga2BNgTD+M1BLRwLbXDIEpJuHOxx7NTPyiyjVBzZT4Z+JpFyBOpL
jKdPDjFq2DIWH+549nCryan12htTXMTKjsRSphpWgdGX0anJ1MvmXtnGIz9A4I04
b/PbYTbx7JYtXiuSTkPZ5bzyUUIZgUXwLITNqtFZ3WIOPdm1HQBbrTn1uuUaVBwd
5s6aqIQMRdlR/Hms+Ec34ukuZ8xK1YnSphdnDZs6OW1brWKd5AcbHTGvGwIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFGgzDvFqGi5Px2vybLGrtB9vnBOnMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvYURNTzhXb2FMa19IYV9Kc3NhdTBIMi1jRTZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjAsBAIAATAmAwQBV3l8MAwD
BABemqEDBAJemqADBAC52okDBAC5234DBAC5/LAwDQYJKoZIhvcNAQELBQADggEB
ACAF0stpIvD/R+bGQCEQImap0VUcjjMsuESTcDZ54JZYzUyTgq47Lsd9Q3OjsdYs
I2Pag0h3goPjDRoC1WLSEsk4bq74Taa54bqSkxgOPs/fiV+XkZvyJIBnvnXCw2oX
LthwtpMO+BWYLOVx5wLOwT6ohD+8ltrmr560ZZapUOTXniDI2p0TmPnzAKxFYTS4
WbCXzVE4qiNIuk90zxvzDWCBaXHA3r7KpXyA8nYyqa34Y16dhy+a/7ckEMa2SYZT
f3Bw/kr8GY/m5LjcQdaSmmv7CU0iSUo12ECnEyEzEP87PFeVRjdtPgKTz7t8vAx9
D6sW8Bwub5oNKzbE+3eHZDU=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:37 2024 by rpki-client on console-ams.rpki-client.org