Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/dhC6UaJ2KCPhoNQX6FTIfhpx_Gw.roa
File:                     dhC6UaJ2KCPhoNQX6FTIfhpx_Gw.roa (raw, json)
Hash identifier:          4rydtMTe4N3WnuaqMw0AJgcu6FTDZOkr7VHJSJoqs+c=
Subject key identifier:   76:10:BA:51:A2:76:28:23:E1:A0:D4:17:E8:54:C8:7E:1A:71:FC:6C
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       1EB01D3B
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/dhC6UaJ2KCPhoNQX6FTIfhpx_Gw.roa
Signing time:             Fri 27 May 2022 12:18:13 +0000
ROA not before:           Fri 27 May 2022 12:18:13 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     209371
IP address blocks:        194.180.50.0/24 maxlen: 24
                          185.218.139.0/24 maxlen: 24
                          37.139.131.0/24 maxlen: 24
                          94.154.172.0/24 maxlen: 24
                          37.139.130.0/24 maxlen: 24
                          193.35.18.0/24 maxlen: 24
                          178.215.226.0/24 maxlen: 24
                          178.215.224.0/24 maxlen: 24
                          178.215.225.0/24 maxlen: 24
                          178.215.227.0/24 maxlen: 24
                          178.215.239.0/24 maxlen: 24
                          80.76.51.0/24 maxlen: 24
                          185.252.176.0/24 maxlen: 24
                          193.47.63.0/24 maxlen: 24
                          193.47.62.0/24 maxlen: 24
                          194.48.250.0/24 maxlen: 24
                          194.48.251.0/24 maxlen: 24
                          194.48.248.0/24 maxlen: 24
                          185.216.68.0/24 maxlen: 24
                          79.110.48.0/24 maxlen: 24
                          79.110.49.0/24 maxlen: 24
                          79.110.50.0/24 maxlen: 24
                          87.120.84.0/24 maxlen: 24
                          87.120.87.0/24 maxlen: 24
                          83.219.98.0/24 maxlen: 24
                          83.219.97.0/24 maxlen: 24
                          83.219.96.0/24 maxlen: 24
                          83.219.99.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 514858299 (0x1eb01d3b)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: May 27 12:18:13 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=7610ba51a2762823e1a0d417e854c87e1a71fc6c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:12:81:87:9b:84:01:4e:b0:8f:19:83:c2:13:
                    44:89:84:e0:ac:fe:38:e5:bd:42:e1:29:53:86:85:
                    11:8e:bb:06:80:88:ee:a0:86:d4:db:86:5f:ae:d9:
                    16:6c:0b:fa:9d:72:8b:48:ba:56:1d:4a:d3:cf:c9:
                    26:28:05:9c:c6:0d:62:6f:eb:04:4c:ab:55:75:fb:
                    3d:4e:81:08:1e:b0:c0:f9:99:ed:9a:8c:7f:33:d3:
                    d8:94:93:72:a0:77:1c:7a:59:98:cd:e7:bd:d9:ca:
                    bc:3e:dd:f0:e6:5e:c6:37:4c:5c:77:f8:b5:83:46:
                    b4:f3:0c:45:0c:af:b6:3c:c1:fd:f6:39:a2:cf:40:
                    70:2c:e9:b9:a3:97:5d:21:c3:cd:c3:0a:24:27:c6:
                    94:c2:e3:42:38:ef:97:00:99:71:47:d2:a2:7f:83:
                    e6:98:fd:a1:3c:9d:10:3d:de:5b:58:78:7a:36:39:
                    56:97:64:12:0e:53:0a:4d:55:91:ba:ec:e7:74:b5:
                    12:83:4e:ac:ed:f7:79:82:6e:28:c3:2b:9d:8f:22:
                    82:09:b7:3f:53:3e:6c:38:50:96:94:93:b1:fb:e9:
                    4d:c6:cb:1b:28:3f:f8:20:12:01:17:75:de:e6:8a:
                    4c:3f:ac:f5:67:d0:55:a7:85:55:29:ca:3b:16:a6:
                    53:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:10:BA:51:A2:76:28:23:E1:A0:D4:17:E8:54:C8:7E:1A:71:FC:6C
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/dhC6UaJ2KCPhoNQX6FTIfhpx_Gw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.139.130.0/23
                  79.110.48.0-79.110.50.255
                  80.76.51.0/24
                  83.219.96.0/22
                  87.120.84.0/24
                  87.120.87.0/24
                  94.154.172.0/24
                  178.215.224.0/22
                  178.215.239.0/24
                  185.216.68.0/24
                  185.218.139.0/24
                  185.252.176.0/24
                  193.35.18.0/24
                  193.47.62.0/23
                  194.48.248.0/24
                  194.48.250.0/23
                  194.180.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:21:de:85:db:bb:48:11:90:46:8e:69:48:1f:d2:f8:3c:df:
         63:4d:ff:89:c0:39:bd:65:6b:13:ca:85:1a:5b:4b:53:e9:61:
         84:b9:1e:13:ab:a3:54:c0:77:94:88:48:64:9e:2e:ee:c6:ff:
         e3:35:4a:c7:28:6d:8c:27:38:ca:8b:98:cc:ae:20:e6:dc:e9:
         0f:a4:17:29:63:18:4d:d4:60:96:cf:6a:46:ad:ed:1a:26:0a:
         69:fb:90:29:33:0f:4b:96:7a:fe:99:53:6a:45:6c:6c:44:2a:
         e8:1f:50:d2:ab:7d:9d:86:2a:e8:8a:00:a6:0c:d4:e5:5e:ad:
         86:1d:8f:8f:dd:1b:74:04:50:48:7b:af:e0:e8:57:b5:c3:1f:
         f4:55:19:53:fc:cd:3d:be:91:8c:eb:76:af:3b:7a:b2:85:7f:
         4e:e4:bb:ae:1b:6c:40:b0:e3:a1:77:79:4d:9c:a8:4f:bb:d9:
         79:07:b9:28:64:0a:cc:ef:fc:34:24:48:f5:c5:60:fe:14:9f:
         01:5c:1e:b6:d2:3a:e4:b8:7c:68:7b:3f:61:20:05:3c:69:50:
         51:c3:ba:a7:2d:68:76:ef:35:ea:42:79:72:27:38:65:12:c1:
         7d:1d:6b:21:27:88:8a:66:d2:c8:22:fc:a8:51:38:db:6f:93:
         20:3c:6e:fe
-----BEGIN CERTIFICATE-----
MIIFWDCCBECgAwIBAgIEHrAdOzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygy
MmM0YWMzZTNjNDNkNzBkMDUzNDljODE1YmFhZGQzOGFkNzc1ZTlkMB4XDTIyMDUy
NzEyMTgxM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNzYxMGJhNTFhMjc2
MjgyM2UxYTBkNDE3ZTg1NGM4N2UxYTcxZmM2YzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMISgYebhAFOsI8Zg8ITRImE4Kz+OOW9QuEpU4aFEY67BoCI
7qCG1NuGX67ZFmwL+p1yi0i6Vh1K08/JJigFnMYNYm/rBEyrVXX7PU6BCB6wwPmZ
7ZqMfzPT2JSTcqB3HHpZmM3nvdnKvD7d8OZexjdMXHf4tYNGtPMMRQyvtjzB/fY5
os9AcCzpuaOXXSHDzcMKJCfGlMLjQjjvlwCZcUfSon+D5pj9oTydED3eW1h4ejY5
VpdkEg5TCk1Vkbrs53S1EoNOrO33eYJuKMMrnY8iggm3P1M+bDhQlpSTsfvpTcbL
Gyg/+CASARd13uaKTD+s9WfQVaeFVSnKOxamUyMCAwEAAaOCAnIwggJuMB0GA1Ud
DgQWBBR2ELpRonYoI+Gg1BfoVMh+GnH8bDAfBgNVHSMEGDAWgBQixKw+PEPXDQU0
nIFbqt04rXdenTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0lzU3NQanhEMXcwRk5KeUJXNnJkT0sxM1hwMC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMDMvOTEzYTNhLWY1NTAtNDZmMC1hY2M3LWNkM2NhNTk3NTcxMi8x
L2RoQzZVYUoyS0NQaG9OUVg2RlRJZmhweF9Hdy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDMv
OTEzYTNhLWY1NTAtNDZmMC1hY2M3LWNkM2NhNTk3NTcxMi8xL0lzU3NQanhEMXcw
Rk5KeUJXNnJkT0sxM1hwMC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjCB
hwYIKwYBBQUHAQcBAf8EeDB2MHQEAgABMG4DBAEli4IwDAMEBE9uMAMEAE9uMgME
AFBMMwMEAlPbYAMEAFd4VAMEAFd4VwMEAF6arAMEArLX4AMEALLX7wMEALnYRAME
ALnaiwMEALn8sAMEAMEjEgMEAcEvPgMEAMIw+AMEAcIw+gMEAMK0MjANBgkqhkiG
9w0BAQsFAAOCAQEAeSHehdu7SBGQRo5pSB/S+DzfY03/icA5vWVrE8qFGltLU+lh
hLkeE6ujVMB3lIhIZJ4u7sb/4zVKxyhtjCc4youYzK4g5tzpD6QXKWMYTdRgls9q
Rq3tGiYKafuQKTMPS5Z6/plTakVsbEQq6B9Q0qt9nYYq6IoApgzU5V6thh2Pj90b
dARQSHuv4OhXtcMf9FUZU/zNPb6RjOt2rzt6soV/TuS7rhtsQLDjoXd5TZyoT7vZ
eQe5KGQKzO/8NCRI9cVg/hSfAVwettI65Lh8aHs/YSAFPGlQUcO6py1odu816kJ5
cic4ZRLBfR1rISeIimbSyCL8qFE422+TIDxu/g==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:17:15 2024 by rpki-client on console-fra.rpki-client.org