Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/eg4anFQM04MrYAWK_lvo_tLD02A.roa
File:                     eg4anFQM04MrYAWK_lvo_tLD02A.roa (raw, json)
Hash identifier:          fBfrMq22fylI4CcVaGg5BasBUgqZh1ROgiBcSDmqD0w=
Subject key identifier:   7A:0E:1A:9C:54:0C:D3:83:2B:60:05:8A:FE:5B:E8:FE:D2:C3:D3:60
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       0183E5A2C2DB24E9EB3E64628CEFB8567D0E
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/eg4anFQM04MrYAWK_lvo_tLD02A.roa
Signing time:             Mon 17 Oct 2022 11:09:52 +0000
ROA not before:           Mon 17 Oct 2022 11:09:52 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     8100
IP address blocks:        91.92.6.0/24 maxlen: 24
                          91.92.16.0/24 maxlen: 24
                          91.92.21.0/24 maxlen: 24
                          193.58.121.0/24 maxlen: 24
                          193.58.123.0/24 maxlen: 24
                          193.58.122.0/24 maxlen: 24
                          193.58.120.0/24 maxlen: 24
                          87.121.44.0/22 maxlen: 24
                          194.180.38.0/24 maxlen: 24
                          194.180.37.0/24 maxlen: 24
                          194.180.39.0/24 maxlen: 24
                          87.120.218.0/23 maxlen: 24
                          87.120.220.0/23 maxlen: 24
                          193.35.18.0/24 maxlen: 24
                          178.215.237.0/24 maxlen: 24
                          178.215.238.0/24 maxlen: 24
                          87.121.162.0/23 maxlen: 24
                          87.121.69.0/24 maxlen: 24
                          193.42.34.0/24 maxlen: 24
                          193.42.35.0/24 maxlen: 24
                          193.42.33.0/24 maxlen: 24
                          87.121.103.0/24 maxlen: 24
                          79.110.48.0/24 maxlen: 24
                          87.120.100.0/22 maxlen: 24
                          193.25.219.0/24 maxlen: 24
                          87.121.220.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:e5:a2:c2:db:24:e9:eb:3e:64:62:8c:ef:b8:56:7d:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Oct 17 11:09:52 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=7a0e1a9c540cd3832b60058afe5be8fed2c3d360
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:96:c0:aa:16:c2:b4:0b:ca:48:0e:8b:4d:39:
                    a1:2d:f9:53:00:f8:8c:52:37:50:01:bc:a3:17:2b:
                    a1:aa:91:a0:d9:38:27:77:a3:17:d2:64:21:a6:cf:
                    ac:11:98:74:d7:7b:45:5d:b6:8b:53:4e:07:c0:fc:
                    3a:22:c0:27:a3:5d:50:a9:92:cc:28:f4:fe:eb:ab:
                    ea:e7:2a:47:e7:68:43:80:67:0b:3b:11:22:c8:c8:
                    ee:40:e5:ab:ce:43:49:a3:1f:fc:06:e1:19:48:9f:
                    9b:ff:cd:10:c4:94:4c:92:aa:9e:e0:57:37:e7:b5:
                    7a:85:73:4e:57:4c:d6:dc:8e:cd:7e:ce:57:75:dc:
                    76:89:98:ad:b3:bf:7a:39:9f:ac:07:e8:28:d5:14:
                    d8:59:2d:21:d8:d4:24:81:90:5b:ec:be:45:b6:c3:
                    09:e2:41:ce:68:24:e2:a6:f8:e2:fd:97:55:5d:26:
                    4b:ba:8e:f8:bd:32:c3:2b:bf:67:13:0b:87:15:43:
                    ae:cb:69:1f:af:61:83:f3:df:c3:f1:25:17:7a:46:
                    98:cd:95:f4:9e:1e:3c:5f:56:f2:d8:62:40:cd:3f:
                    f1:04:b0:b5:81:cc:cf:52:40:7a:77:92:03:ea:14:
                    e5:d5:ac:a8:81:27:a2:96:14:d5:fa:ad:23:da:ba:
                    0d:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:0E:1A:9C:54:0C:D3:83:2B:60:05:8A:FE:5B:E8:FE:D2:C3:D3:60
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/eg4anFQM04MrYAWK_lvo_tLD02A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.110.48.0/24
                  87.120.100.0/22
                  87.120.218.0-87.120.221.255
                  87.121.44.0/22
                  87.121.69.0/24
                  87.121.103.0/24
                  87.121.162.0/23
                  87.121.220.0/24
                  91.92.6.0/24
                  91.92.16.0/24
                  91.92.21.0/24
                  178.215.237.0-178.215.238.255
                  193.25.219.0/24
                  193.35.18.0/24
                  193.42.33.0-193.42.35.255
                  193.58.120.0/22
                  194.180.37.0-194.180.39.255

    Signature Algorithm: sha256WithRSAEncryption
         9d:6e:0d:57:66:6f:0f:51:f9:ab:5c:b3:a9:54:8d:57:d4:47:
         fb:e8:be:5e:27:12:d4:92:3b:f9:c6:18:33:d5:4a:c6:c8:c3:
         74:98:03:73:bb:0d:a1:43:7e:e9:cd:bd:4f:e3:6d:3d:b6:38:
         fd:ff:81:6f:93:01:67:79:bf:a5:c7:30:f7:36:3f:1a:6e:71:
         e2:df:a7:86:41:aa:96:59:d0:68:b1:66:73:c2:5d:31:12:20:
         16:cc:80:3b:30:da:ef:11:59:e7:17:ef:ae:24:e2:95:eb:c2:
         54:37:e6:c0:fb:d5:31:c4:cc:7f:83:ba:d0:8c:14:6f:35:0e:
         be:90:5a:f4:61:53:36:a5:03:b7:07:ad:c3:2e:dd:66:22:29:
         c4:ff:04:12:ac:f1:d5:2d:f1:d4:6c:e7:d3:e7:b0:ff:a7:fe:
         05:2e:bc:e8:9f:57:6e:50:b2:56:d2:6a:7a:9e:d9:85:de:17:
         1b:12:5c:62:c8:41:8d:dc:37:26:5d:03:9b:21:3a:38:e0:e4:
         2d:2b:4f:99:fd:36:28:11:8c:77:27:61:47:f4:53:f8:4d:19:
         49:a2:dd:98:14:81:e0:86:ef:3b:e2:4e:b7:98:2f:5e:fa:f9:
         0b:32:5e:51:9e:73:45:52:82:98:06:56:14:1e:27:02:92:26:
         98:47:c8:d9
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgISAYPlosLbJOnrPmRijO+4Vn0OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjIxMDE3MTEwOTUyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YTBlMWE5YzU0MGNkMzgzMmI2MDA1OGFmZTViZThmZWQyYzNkMzYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtpbAqhbCtAvKSA6LTTmhLflTAPiM
UjdQAbyjFyuhqpGg2Tgnd6MX0mQhps+sEZh013tFXbaLU04HwPw6IsAno11QqZLM
KPT+66vq5ypH52hDgGcLOxEiyMjuQOWrzkNJox/8BuEZSJ+b/80QxJRMkqqe4Fc3
57V6hXNOV0zW3I7Nfs5Xddx2iZits796OZ+sB+go1RTYWS0h2NQkgZBb7L5FtsMJ
4kHOaCTipvji/ZdVXSZLuo74vTLDK79nEwuHFUOuy2kfr2GD89/D8SUXekaYzZX0
nh48X1by2GJAzT/xBLC1gczPUkB6d5ID6hTl1ayogSeilhTV+q0j2roNlQIDAQAB
o4ICjjCCAoowHQYDVR0OBBYEFHoOGpxUDNODK2AFiv5b6P7Sw9NgMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvZWc0YW5GUU0wNE1yWUFXS19sdm9fdExEMDJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGjBggrBgEFBQcBBwEB/wSBkzCBkDCBjQQCAAEwgYYDBABP
bjADBAJXeGQwDAMEAVd42gMEAVd43AMEAld5LAMEAFd5RQMEAFd5ZwMEAVd5ogME
AFd53AMEAFtcBgMEAFtcEAMEAFtcFTAMAwQAstftAwQAstfuAwQAwRnbAwQAwSMS
MAwDBADBKiEDBALBKiADBALBOngwDAMEAMK0JQMEA8K0IDANBgkqhkiG9w0BAQsF
AAOCAQEAnW4NV2ZvD1H5q1yzqVSNV9RH++i+XicS1JI7+cYYM9VKxsjDdJgDc7sN
oUN+6c29T+NtPbY4/f+Bb5MBZ3m/pccw9zY/Gm5x4t+nhkGqllnQaLFmc8JdMRIg
FsyAOzDa7xFZ5xfvriTilevCVDfmwPvVMcTMf4O60IwUbzUOvpBa9GFTNqUDtwet
wy7dZiIpxP8EEqzx1S3x1Gzn0+ew/6f+BS686J9XblCyVtJqep7Zhd4XGxJcYshB
jdw3Jl0DmyE6OODkLStPmf02KBGMdydhR/RT+E0ZSaLdmBSB4IbvO+JOt5gvXvr5
CzJeUZ5zRVKCmAZWFB4nApImmEfI2Q==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:17:15 2024 by rpki-client on console-fra.rpki-client.org