Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/akJ84ReWxNhaooRSXqwWx78k8aE.roa
File:                     akJ84ReWxNhaooRSXqwWx78k8aE.roa (raw, json)
Hash identifier:          sh2LmaOYKERBNKTVY8hkiBBeEsgDOeCeYlcMRTvs2LY=
Subject key identifier:   6A:42:7C:E1:17:96:C4:D8:5A:A2:84:52:5E:AC:16:C7:BF:24:F1:A1
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       01876ECC68629EC7FBE3B0A72273BE0CB35C
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/akJ84ReWxNhaooRSXqwWx78k8aE.roa
Signing time:             Tue 11 Apr 2023 05:31:42 +0000
ROA not before:           Tue 11 Apr 2023 05:31:42 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     397423
IP address blocks:        178.215.224.0/24 maxlen: 24
                          79.110.61.0/24 maxlen: 24
                          94.103.127.0/24 maxlen: 24
                          92.249.51.0/24 maxlen: 24
                          92.249.48.0/24 maxlen: 24
                          193.25.216.0/24 maxlen: 24
                          109.206.238.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:6e:cc:68:62:9e:c7:fb:e3:b0:a7:22:73:be:0c:b3:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Apr 11 05:31:42 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=6a427ce11796c4d85aa284525eac16c7bf24f1a1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:49:87:cc:70:1d:d2:84:aa:ee:0a:e8:b3:9a:
                    57:5c:8c:2e:a9:8d:31:2f:b3:05:06:d5:51:42:b6:
                    52:d9:f9:98:b5:de:fa:cc:21:ae:fb:55:de:42:86:
                    02:55:8b:fa:52:c5:42:ec:c8:d0:3a:46:e2:5b:79:
                    66:dd:ec:f6:37:ec:c7:15:ac:f4:c2:bb:5a:69:7d:
                    65:a8:78:64:a0:f0:d3:a4:fb:49:a7:ef:e4:78:15:
                    0d:9a:c9:49:06:b9:72:30:16:44:41:7c:45:21:ab:
                    00:ff:ea:14:94:4c:ba:6e:a7:e2:5e:c1:80:61:5f:
                    4f:fb:b7:d1:1a:4e:bf:55:fb:e9:7f:02:f1:71:14:
                    98:84:fb:98:0b:e1:9f:c7:5a:82:d7:ad:d5:f8:a1:
                    00:05:20:ec:16:cf:c3:49:46:eb:32:48:a7:f5:81:
                    b8:5b:e8:f4:28:a1:bc:f1:95:91:ab:32:7d:c2:4a:
                    1e:31:72:ed:b6:76:5b:cf:0a:73:aa:c6:46:48:37:
                    3a:c8:65:2c:09:37:aa:80:a0:20:a4:40:e9:88:09:
                    a7:ca:2c:42:61:bc:73:17:69:14:a0:bb:46:ee:44:
                    2f:85:4a:1e:c5:23:0f:54:5c:0a:40:ab:2b:b3:44:
                    46:f8:2e:b1:2b:da:ac:52:34:78:b9:45:d6:6d:bc:
                    89:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:42:7C:E1:17:96:C4:D8:5A:A2:84:52:5E:AC:16:C7:BF:24:F1:A1
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/akJ84ReWxNhaooRSXqwWx78k8aE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.110.61.0/24
                  92.249.48.0/24
                  92.249.51.0/24
                  94.103.127.0/24
                  109.206.238.0/24
                  178.215.224.0/24
                  193.25.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:49:38:18:08:16:20:7a:b1:aa:51:75:02:f5:f4:80:e6:36:
         13:5e:0c:61:98:6d:b6:f1:3d:01:6c:e7:3b:3c:82:4b:2d:2b:
         9d:77:c9:b4:85:e0:43:1d:24:74:a4:41:7e:fe:15:5e:f6:e4:
         fd:8c:b1:24:a2:12:ae:a2:a1:92:0e:82:41:ab:25:cd:4d:c0:
         94:31:96:d7:97:f5:12:6f:52:83:87:5a:f2:bd:b5:f9:a9:68:
         43:2a:2d:78:ff:e3:b3:ab:c5:d7:11:ef:d3:71:e1:c5:4c:92:
         83:ed:3d:5a:de:1a:26:96:8e:f8:93:20:21:19:ee:1e:3d:cc:
         22:09:7b:0a:06:0b:40:d2:67:e3:d7:80:3e:e9:6f:d2:ad:25:
         03:90:54:e6:d4:c5:9e:01:89:bc:88:25:08:ac:40:c3:56:cb:
         fb:32:9a:3d:b2:72:32:5c:1d:db:65:ae:18:2e:19:63:5d:ce:
         52:b0:b5:eb:ec:1a:bc:1f:12:64:84:a9:99:ed:44:a5:e5:44:
         3a:c5:20:b1:10:2f:93:92:94:55:ee:83:cc:4d:ef:4a:00:66:
         79:99:51:bd:db:6a:8a:cd:20:d7:b0:92:10:0d:42:fc:20:29:
         ed:98:f1:ff:a9:2a:c5:51:33:53:88:4d:26:b7:2c:ec:9d:9d:
         a3:ea:74:5e
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYduzGhinsf747CnInO+DLNcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwNDExMDUzMTQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTQyN2NlMTE3OTZjNGQ4NWFhMjg0NTI1ZWFjMTZjN2JmMjRmMWExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2UmHzHAd0oSq7gros5pXXIwuqY0x
L7MFBtVRQrZS2fmYtd76zCGu+1XeQoYCVYv6UsVC7MjQOkbiW3lm3ez2N+zHFaz0
wrtaaX1lqHhkoPDTpPtJp+/keBUNmslJBrlyMBZEQXxFIasA/+oUlEy6bqfiXsGA
YV9P+7fRGk6/VfvpfwLxcRSYhPuYC+Gfx1qC163V+KEABSDsFs/DSUbrMkin9YG4
W+j0KKG88ZWRqzJ9wkoeMXLttnZbzwpzqsZGSDc6yGUsCTeqgKAgpEDpiAmnyixC
YbxzF2kUoLtG7kQvhUoexSMPVFwKQKsrs0RG+C6xK9qsUjR4uUXWbbyJiwIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFGpCfOEXlsTYWqKEUl6sFse/JPGhMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvYWtKODRSZVd4Tmhhb29SU1hxd1d4NzhrOGFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQAT249AwQA
XPkwAwQAXPkzAwQAXmd/AwQAbc7uAwQAstfgAwQAwRnYMA0GCSqGSIb3DQEBCwUA
A4IBAQAESTgYCBYgerGqUXUC9fSA5jYTXgxhmG228T0BbOc7PIJLLSudd8m0heBD
HSR0pEF+/hVe9uT9jLEkohKuoqGSDoJBqyXNTcCUMZbXl/USb1KDh1ryvbX5qWhD
Ki14/+Ozq8XXEe/TceHFTJKD7T1a3homlo74kyAhGe4ePcwiCXsKBgtA0mfj14A+
6W/SrSUDkFTm1MWeAYm8iCUIrEDDVsv7Mpo9snIyXB3bZa4YLhljXc5SsLXr7Bq8
HxJkhKmZ7USl5UQ6xSCxEC+TkpRV7oPMTe9KAGZ5mVG922qKzSDXsJIQDUL8ICnt
mPH/qSrFUTNTiE0mtyzsnZ2j6nRe
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:17:14 2024 by rpki-client on console-fra.rpki-client.org