Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/aWqt12xdjnhN7yZs-zJQhJ1jIiw.roa
File:                     aWqt12xdjnhN7yZs-zJQhJ1jIiw.roa (raw, json)
Hash identifier:          5YCAfxAR1i7Ni4K4OxBSWpHi561x5SiVxx3SlD5X9XI=
Subject key identifier:   69:6A:AD:D7:6C:5D:8E:78:4D:EF:26:6C:FB:32:50:84:9D:63:22:2C
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018D0DC74B92071589177068C4C891F08D7F
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/aWqt12xdjnhN7yZs-zJQhJ1jIiw.roa
Signing time:             Mon 15 Jan 2024 15:39:41 +0000
ROA not before:           Mon 15 Jan 2024 15:39:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199605
IP address blocks:        171.22.31.0/24 maxlen: 24
                          45.129.84.0/24 maxlen: 24
                          37.139.130.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:0d:c7:4b:92:07:15:89:17:70:68:c4:c8:91:f0:8d:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan 15 15:39:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=696aadd76c5d8e784def266cfb3250849d63222c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:ef:09:83:10:a3:03:c6:e8:5e:93:26:37:ef:
                    66:04:27:e0:85:33:04:00:6f:0e:23:01:6e:45:84:
                    90:2c:15:ea:f4:3f:76:4c:87:ef:13:80:c2:b4:5c:
                    1d:91:4c:e1:1f:23:3e:4e:d2:6e:7e:f3:c8:ff:23:
                    fd:8b:5e:97:50:14:ee:50:38:10:e3:b9:fa:1e:43:
                    fc:21:4b:12:83:93:b1:4c:60:1b:c3:4e:e0:f8:7e:
                    f1:91:b9:40:7d:64:8a:73:3c:07:e9:77:22:21:bd:
                    94:31:cd:99:57:b2:5b:8a:32:5b:2a:43:90:70:26:
                    82:34:18:8d:4b:4d:2c:75:74:2c:5a:a0:82:70:a2:
                    d3:32:28:7c:0f:11:97:43:02:13:32:8c:76:59:ed:
                    35:fc:fc:10:10:b1:62:16:97:61:48:35:df:15:fe:
                    ad:7c:35:09:bf:40:9c:54:b1:43:5c:b2:e1:b1:ac:
                    69:74:ec:c4:eb:8a:07:2c:d7:1d:43:0c:4d:db:f5:
                    f9:6b:26:9e:00:90:1a:be:ba:7d:2d:b4:8f:78:0b:
                    01:0e:a6:18:60:4b:d5:9b:a7:41:9d:01:5d:f0:2c:
                    37:1f:f9:fd:00:e6:54:66:24:ca:26:c8:db:f3:f4:
                    50:56:e5:b7:70:78:c1:4d:f2:2c:ab:24:53:1b:07:
                    61:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:6A:AD:D7:6C:5D:8E:78:4D:EF:26:6C:FB:32:50:84:9D:63:22:2C
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/aWqt12xdjnhN7yZs-zJQhJ1jIiw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.139.130.0/24
                  45.129.84.0/24
                  171.22.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:11:0f:47:aa:2a:03:c3:c3:de:52:5d:6b:2f:82:7e:d1:bb:
         e1:ae:62:de:7e:0c:f7:54:35:5f:27:a0:0d:52:75:c6:86:ef:
         ff:3b:fd:2d:59:71:02:27:60:2d:46:5f:8d:05:29:d6:47:2b:
         1c:41:a1:9b:90:0f:8c:5f:76:84:b7:dd:a8:d5:42:82:e5:0f:
         15:96:a8:f8:e7:c4:8d:4e:f4:02:cd:c3:88:30:57:b5:0d:f0:
         fe:dd:be:c0:fc:c0:ca:63:2f:9a:56:8d:f1:b8:05:5e:80:fc:
         73:03:72:a6:61:ff:86:de:c0:e2:a0:98:bf:32:b2:f4:53:d3:
         94:0d:37:78:f8:18:9f:3a:81:bd:20:16:9a:35:ca:52:8e:e8:
         de:78:41:7a:99:9f:ed:3c:c3:80:d5:49:1d:8d:ee:79:45:73:
         de:d9:b8:13:f3:1f:e9:06:cc:07:73:88:09:67:f3:20:16:a5:
         84:f0:98:31:71:96:11:c1:9f:51:6a:da:b1:dc:bc:a6:2e:5c:
         cc:db:f4:d7:c9:f7:08:34:75:ae:af:74:67:86:62:ed:01:31:
         04:03:5c:70:bb:e7:1b:13:89:bb:3a:53:6d:8a:65:eb:3a:6c:
         f5:1b:11:92:d3:7e:04:05:49:0a:27:50:c4:80:0a:b8:b0:4e:
         37:d3:f9:91
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY0Nx0uSBxWJF3BoxMiR8I1/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMTE1MTUzOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTZhYWRkNzZjNWQ4ZTc4NGRlZjI2NmNmYjMyNTA4NDlkNjMyMjJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxO8JgxCjA8boXpMmN+9mBCfghTME
AG8OIwFuRYSQLBXq9D92TIfvE4DCtFwdkUzhHyM+TtJufvPI/yP9i16XUBTuUDgQ
47n6HkP8IUsSg5OxTGAbw07g+H7xkblAfWSKczwH6XciIb2UMc2ZV7JbijJbKkOQ
cCaCNBiNS00sdXQsWqCCcKLTMih8DxGXQwITMox2We01/PwQELFiFpdhSDXfFf6t
fDUJv0CcVLFDXLLhsaxpdOzE64oHLNcdQwxN2/X5ayaeAJAavrp9LbSPeAsBDqYY
YEvVm6dBnQFd8Cw3H/n9AOZUZiTKJsjb8/RQVuW3cHjBTfIsqyRTGwdhnQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFGlqrddsXY54Te8mbPsyUISdYyIsMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvYVdxdDEyeGRqbmhON3lacy16SlFoSjFqSWl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAJYuCAwQA
LYFUAwQAqxYfMA0GCSqGSIb3DQEBCwUAA4IBAQCMEQ9HqioDw8PeUl1rL4J+0bvh
rmLefgz3VDVfJ6ANUnXGhu//O/0tWXECJ2AtRl+NBSnWRyscQaGbkA+MX3aEt92o
1UKC5Q8Vlqj458SNTvQCzcOIMFe1DfD+3b7A/MDKYy+aVo3xuAVegPxzA3KmYf+G
3sDioJi/MrL0U9OUDTd4+BifOoG9IBaaNcpSjujeeEF6mZ/tPMOA1Ukdje55RXPe
2bgT8x/pBswHc4gJZ/MgFqWE8JgxcZYRwZ9Ratqx3LymLlzM2/TXyfcINHWur3Rn
hmLtATEEA1xwu+cbE4m7OlNtimXrOmz1GxGS034EBUkKJ1DEgAq4sE430/mR
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:37 2024 by rpki-client on console-ams.rpki-client.org