Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/bNgD4gQegC2WZLi7Qw572nVxSRA.roa
File:                     bNgD4gQegC2WZLi7Qw572nVxSRA.roa (raw, json)
Hash identifier:          EaMwdUrvKPAski4HzwFmowUvowfIohYZTGwHN3B/u2s=
Subject key identifier:   6C:D8:03:E2:04:1E:80:2D:96:64:B8:BB:43:0E:7B:DA:75:71:49:10
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018A4042E3463123C92925F8C4571BBEEA66
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/bNgD4gQegC2WZLi7Qw572nVxSRA.roa
Signing time:             Tue 29 Aug 2023 07:47:19 +0000
ROA not before:           Tue 29 Aug 2023 07:47:19 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     50225
IP address blocks:        91.92.21.0/24 maxlen: 24
                          85.217.145.0/24 maxlen: 24
                          185.222.163.0/24 maxlen: 24
                          178.215.237.0/24 maxlen: 24
                          93.123.85.0/24 maxlen: 24
                          80.76.50.0/24 maxlen: 24
                          193.42.34.0/24 maxlen: 24
                          94.156.176.0/24 maxlen: 24
                          193.47.63.0/24 maxlen: 24
                          193.47.60.0/24 maxlen: 24
                          194.48.249.0/24 maxlen: 24
                          45.84.90.0/24 maxlen: 24
                          194.48.251.0/24 maxlen: 24
                          85.209.132.0/24 maxlen: 24
                          79.110.50.0/24 maxlen: 24
                          176.125.252.0/24 maxlen: 24
                          37.139.131.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:40:42:e3:46:31:23:c9:29:25:f8:c4:57:1b:be:ea:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Aug 29 07:47:19 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=6cd803e2041e802d9664b8bb430e7bda75714910
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:12:4b:89:93:85:1a:68:63:50:0e:af:7f:be:
                    0a:b9:4e:af:bd:26:24:8b:a8:99:2d:90:d4:83:e9:
                    b7:fd:d7:fc:e7:2d:f7:60:0a:d1:87:a6:0f:b0:0e:
                    d3:71:58:fc:d3:01:bc:6b:04:2b:6a:ab:40:bc:6f:
                    73:a8:72:a9:96:b6:af:41:9d:69:58:c6:a7:0a:56:
                    7b:8d:3c:fc:1c:8d:30:9c:1c:5d:18:66:6f:ba:bd:
                    8b:8b:61:7b:7e:89:60:d8:ea:df:2f:42:9f:52:b9:
                    50:22:40:b1:8f:9c:44:f5:d4:e8:5c:1e:49:d7:48:
                    96:15:80:c7:2d:06:d7:6e:b4:f8:43:9e:8d:c5:8c:
                    65:c2:ef:29:04:ca:71:40:a4:06:9d:d3:d9:ca:c0:
                    98:ee:f0:e9:ad:52:b3:cd:8f:27:80:48:a7:96:f5:
                    73:55:a8:01:bc:0b:8c:c7:e7:a7:e2:26:18:ba:a5:
                    6e:48:50:21:f0:da:ba:97:3a:50:0e:38:23:34:c4:
                    2d:53:0e:b6:76:f4:45:1f:97:ce:fe:25:47:7e:59:
                    9d:09:11:55:23:1e:7f:6a:bc:c3:84:1f:3f:62:f5:
                    5a:b3:6d:be:9e:f3:a7:ef:9b:64:99:53:05:92:0b:
                    ce:fc:82:ea:11:80:16:24:74:e8:7d:6b:dc:09:71:
                    81:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:D8:03:E2:04:1E:80:2D:96:64:B8:BB:43:0E:7B:DA:75:71:49:10
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/bNgD4gQegC2WZLi7Qw572nVxSRA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.139.131.0/24
                  45.84.90.0/24
                  79.110.50.0/24
                  80.76.50.0/24
                  85.209.132.0/24
                  85.217.145.0/24
                  91.92.21.0/24
                  93.123.85.0/24
                  94.156.176.0/24
                  176.125.252.0/24
                  178.215.237.0/24
                  185.222.163.0/24
                  193.42.34.0/24
                  193.47.60.0/24
                  193.47.63.0/24
                  194.48.249.0/24
                  194.48.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:0b:97:91:df:62:be:a7:36:71:ee:bc:bf:62:9a:d9:c6:12:
         18:ff:8a:53:50:72:af:a0:fc:e4:10:fb:5c:09:0b:25:28:f6:
         ee:05:a1:92:67:bf:f3:13:0d:7a:e6:97:15:e6:29:b2:88:3a:
         e8:5e:4b:93:8a:2e:90:62:7f:55:0f:e4:5b:e5:35:41:ae:f3:
         e7:81:be:40:95:63:51:dc:f8:89:25:16:84:7e:ac:e5:64:8b:
         68:02:c3:1d:c3:a4:d3:9d:b9:99:db:9d:bf:de:77:03:7e:e9:
         86:f7:78:22:4c:f7:05:95:9b:44:3b:ca:e9:32:1e:2a:f2:24:
         63:d0:ff:81:76:a8:11:ac:18:db:62:00:43:dd:40:5d:e9:1c:
         d9:cb:1d:93:0a:7c:9a:98:1f:82:42:41:c5:73:3c:a5:91:0c:
         e4:bd:72:52:d7:17:73:61:cc:87:6f:3d:45:08:07:8f:2b:3e:
         40:c8:5a:6e:f3:11:3c:8e:64:43:71:99:f1:67:bf:c6:a9:ec:
         5a:45:56:f5:af:96:86:ef:c2:7b:05:7c:a8:a9:31:1e:c0:a8:
         8d:b6:d1:75:e1:61:a2:86:38:c8:7d:25:d6:d0:a3:03:88:fb:
         3d:fd:c1:59:9a:f2:1e:0f:62:70:fa:1f:37:ec:b4:26:4c:71:
         33:53:b3:f2
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgISAYpAQuNGMSPJKSX4xFcbvupmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwODI5MDc0NzE5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Y2Q4MDNlMjA0MWU4MDJkOTY2NGI4YmI0MzBlN2JkYTc1NzE0OTEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoBJLiZOFGmhjUA6vf74KuU6vvSYk
i6iZLZDUg+m3/df85y33YArRh6YPsA7TcVj80wG8awQraqtAvG9zqHKplravQZ1p
WManClZ7jTz8HI0wnBxdGGZvur2Li2F7folg2OrfL0KfUrlQIkCxj5xE9dToXB5J
10iWFYDHLQbXbrT4Q56NxYxlwu8pBMpxQKQGndPZysCY7vDprVKzzY8ngEinlvVz
VagBvAuMx+en4iYYuqVuSFAh8Nq6lzpQDjgjNMQtUw62dvRFH5fO/iVHflmdCRFV
Ix5/arzDhB8/YvVas22+nvOn75tkmVMFkgvO/ILqEYAWJHTofWvcCXGBVQIDAQAB
o4ICaTCCAmUwHQYDVR0OBBYEFGzYA+IEHoAtlmS4u0MOe9p1cUkQMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvYk5nRDRnUWVnQzJXWkxpN1F3NTcyblZ4U1JBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMH8GCCsGAQUFBwEHAQH/BHAwbjBsBAIAATBmAwQAJYuDAwQA
LVRaAwQAT24yAwQAUEwyAwQAVdGEAwQAVdmRAwQAW1wVAwQAXXtVAwQAXpywAwQA
sH38AwQAstftAwQAud6jAwQAwSoiAwQAwS88AwQAwS8/AwQAwjD5AwQAwjD7MA0G
CSqGSIb3DQEBCwUAA4IBAQA3C5eR32K+pzZx7ry/YprZxhIY/4pTUHKvoPzkEPtc
CQslKPbuBaGSZ7/zEw165pcV5imyiDroXkuTii6QYn9VD+Rb5TVBrvPngb5AlWNR
3PiJJRaEfqzlZItoAsMdw6TTnbmZ252/3ncDfumG93giTPcFlZtEO8rpMh4q8iRj
0P+BdqgRrBjbYgBD3UBd6RzZyx2TCnyamB+CQkHFczylkQzkvXJS1xdzYcyHbz1F
CAePKz5AyFpu8xE8jmRDcZnxZ7/GqexaRVb1r5aG78J7BXyoqTEewKiNttF14WGi
hjjIfSXW0KMDiPs9/cFZmvIeD2Jw+h837LQmTHEzU7Py
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:17:14 2024 by rpki-client on console-fra.rpki-client.org