Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/bQfc5l0B4Fx6ZntHMj4hjvbTZq0.roa
File:                     bQfc5l0B4Fx6ZntHMj4hjvbTZq0.roa (raw, json)
Hash identifier:          pOJCnOlswnXaipnbpSryKcx2hjzxQ3UFizHp7Ey1wls=
Subject key identifier:   6D:07:DC:E6:5D:01:E0:5C:7A:66:7B:47:32:3E:21:8E:F6:D3:66:AD
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       01877A9ADA5D98B30AECB2413B7488BDAE7F
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/bQfc5l0B4Fx6ZntHMj4hjvbTZq0.roa
Signing time:             Thu 13 Apr 2023 12:33:01 +0000
ROA not before:           Thu 13 Apr 2023 12:33:01 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     0
IP address blocks:        185.218.84.0/22 maxlen: 24
                          84.54.49.0/24 maxlen: 24
                          178.215.236.0/24 maxlen: 24
                          178.215.237.0/24 maxlen: 24
                          141.98.7.0/24 maxlen: 24
                          171.22.72.0/22 maxlen: 24
                          45.149.233.0/24 maxlen: 24
                          45.128.233.0/24 maxlen: 24
                          147.78.101.0/24 maxlen: 24
                          147.78.100.0/24 maxlen: 24
                          92.119.196.0/23 maxlen: 24
                          87.120.64.0/23 maxlen: 24
                          94.103.125.0/24 maxlen: 24
                          185.216.84.0/22 maxlen: 24
                          185.218.137.0/24 maxlen: 24
                          82.115.209.0/24 maxlen: 24
                          194.49.87.0/24 maxlen: 24
                          94.154.162.0/23 maxlen: 24
                          94.154.161.0/24 maxlen: 24
                          185.219.126.0/24 maxlen: 24
                          94.154.172.0/24 maxlen: 24
                          193.25.217.0/24 maxlen: 24
                          87.121.220.0/24 maxlen: 24
                          45.151.89.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:7a:9a:da:5d:98:b3:0a:ec:b2:41:3b:74:88:bd:ae:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Apr 13 12:33:01 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=6d07dce65d01e05c7a667b47323e218ef6d366ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:97:c8:b9:e1:d6:ab:ca:4c:48:0d:8c:31:f2:
                    6c:57:77:a6:56:2f:9b:83:2d:3f:92:e7:46:4e:db:
                    df:a3:0c:89:2a:87:78:12:5e:d3:65:f3:86:e2:74:
                    fb:27:bc:67:3e:b5:a1:ac:d3:f4:94:3f:df:b4:f3:
                    02:a8:c2:eb:c5:50:ce:ff:76:1a:c1:d7:3d:bb:8a:
                    9d:05:09:e8:b9:d9:18:59:90:d9:55:65:dc:53:e4:
                    68:69:70:b4:35:4f:f2:05:7c:ad:4b:44:e1:b4:55:
                    e3:b5:36:7b:1e:b3:c6:95:b3:4d:f2:26:e7:0a:8b:
                    c5:da:8d:94:a1:ea:0f:77:53:1b:21:be:1a:94:c2:
                    f8:21:bd:be:c4:6c:76:47:78:26:f4:8b:f5:b6:84:
                    66:50:bf:f0:a3:a4:5f:75:b1:35:b1:e6:f0:69:f6:
                    23:fa:16:34:47:c5:5b:6b:54:69:6a:0e:e5:32:e5:
                    b2:d2:35:e1:c4:12:4b:a7:d6:86:74:1b:b4:9d:c3:
                    3b:82:ea:66:0b:ef:42:e5:13:b3:61:5a:f3:1b:33:
                    91:27:24:aa:06:e2:ce:74:d1:25:af:50:e3:f1:f9:
                    aa:b4:4e:96:81:ad:65:e9:e5:8b:a3:20:9f:c8:79:
                    7a:9c:5d:fe:a2:ca:40:31:dc:87:dc:07:e5:2b:4a:
                    c3:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:07:DC:E6:5D:01:E0:5C:7A:66:7B:47:32:3E:21:8E:F6:D3:66:AD
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/bQfc5l0B4Fx6ZntHMj4hjvbTZq0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.128.233.0/24
                  45.149.233.0/24
                  45.151.89.0/24
                  82.115.209.0/24
                  84.54.49.0/24
                  87.120.64.0/23
                  87.121.220.0/24
                  92.119.196.0/23
                  94.103.125.0/24
                  94.154.161.0-94.154.163.255
                  94.154.172.0/24
                  141.98.7.0/24
                  147.78.100.0/23
                  171.22.72.0/22
                  178.215.236.0/23
                  185.216.84.0/22
                  185.218.84.0/22
                  185.218.137.0/24
                  185.219.126.0/24
                  193.25.217.0/24
                  194.49.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:4c:31:c7:15:72:7a:d7:83:0c:71:f4:4f:c3:86:2d:09:d6:
         1f:42:81:3b:91:28:63:88:03:3c:45:26:59:6a:7d:c8:a6:d4:
         bb:11:41:c4:e7:37:eb:90:db:99:9f:d4:d4:04:3f:21:c6:26:
         14:f9:2e:7a:25:41:c9:bb:46:ab:87:36:38:43:45:28:89:b5:
         74:90:f0:7d:bf:8b:14:a1:66:09:66:4c:2f:e5:31:3a:80:dc:
         85:74:81:5b:55:60:24:ca:06:60:34:92:b7:fb:08:56:21:84:
         b4:f0:e4:81:7a:92:8c:5c:87:70:5c:2d:b6:23:8a:37:aa:43:
         c1:ec:57:09:1f:0f:6d:d3:7a:f3:09:5d:a1:8c:39:06:fc:bb:
         36:aa:f9:d9:05:d7:c2:5d:28:fd:83:48:5d:83:0f:41:10:4f:
         8e:1b:f7:e7:96:76:27:b0:0f:02:56:9d:aa:b1:e3:56:e5:dc:
         cd:99:d2:1a:0b:51:3c:b8:d6:0d:f4:eb:76:ae:c2:0c:3f:7e:
         b3:15:a5:c9:ec:0a:54:a6:07:44:c5:54:f3:d7:c6:34:e0:bf:
         48:b1:73:8b:db:8c:37:75:17:fe:49:3e:4c:1d:4f:4e:8e:56:
         df:30:9f:ed:e0:e7:cd:20:da:1a:28:16:49:a4:08:fd:5e:d0:
         79:b0:19:6c
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgISAYd6mtpdmLMK7LJBO3SIva5/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwNDEzMTIzMzAxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDA3ZGNlNjVkMDFlMDVjN2E2NjdiNDczMjNlMjE4ZWY2ZDM2NmFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo5fIueHWq8pMSA2MMfJsV3emVi+b
gy0/kudGTtvfowyJKod4El7TZfOG4nT7J7xnPrWhrNP0lD/ftPMCqMLrxVDO/3Ya
wdc9u4qdBQnoudkYWZDZVWXcU+RoaXC0NU/yBXytS0ThtFXjtTZ7HrPGlbNN8ibn
CovF2o2UoeoPd1MbIb4alML4Ib2+xGx2R3gm9Iv1toRmUL/wo6RfdbE1sebwafYj
+hY0R8Vba1Rpag7lMuWy0jXhxBJLp9aGdBu0ncM7gupmC+9C5ROzYVrzGzORJySq
BuLOdNElr1Dj8fmqtE6Wga1l6eWLoyCfyHl6nF3+ospAMdyH3AflK0rDAwIDAQAB
o4ICjjCCAoowHQYDVR0OBBYEFG0H3OZdAeBcemZ7RzI+IY7202atMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvYlFmYzVsMEI0Rng2Wm50SE1qNGhqdmJUWnEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGjBggrBgEFBQcBBwEB/wSBkzCBkDCBjQQCAAEwgYYDBAAt
gOkDBAAtlekDBAAtl1kDBABSc9EDBABUNjEDBAFXeEADBABXedwDBAFcd8QDBABe
Z30wDAMEAF6aoQMEAl6aoAMEAF6arAMEAI1iBwMEAZNOZAMEAqsWSAMEAbLX7AME
ArnYVAMEArnaVAMEALnaiQMEALnbfgMEAMEZ2QMEAMIxVzANBgkqhkiG9w0BAQsF
AAOCAQEAnEwxxxVyeteDDHH0T8OGLQnWH0KBO5EoY4gDPEUmWWp9yKbUuxFBxOc3
65DbmZ/U1AQ/IcYmFPkueiVBybtGq4c2OENFKIm1dJDwfb+LFKFmCWZML+UxOoDc
hXSBW1VgJMoGYDSSt/sIViGEtPDkgXqSjFyHcFwttiOKN6pDwexXCR8PbdN68wld
oYw5Bvy7Nqr52QXXwl0o/YNIXYMPQRBPjhv355Z2J7APAladqrHjVuXczZnSGgtR
PLjWDfTrdq7CDD9+sxWlyewKVKYHRMVU89fGNOC/SLFzi9uMN3UX/kk+TB1PTo5W
3zCf7eDnzSDaGigWSaQI/V7QebAZbA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:17:14 2024 by rpki-client on console-fra.rpki-client.org