Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/f4kwwf_mXEseWIf7xpk3M5ubW3I.roa
File:                     f4kwwf_mXEseWIf7xpk3M5ubW3I.roa (raw, json)
Hash identifier:          tadi0mAo5quUm0O1yQO0sFlswmslJfLsxLCmZYvvppg=
Subject key identifier:   7F:89:30:C1:FF:E6:5C:4B:1E:58:87:FB:C6:99:37:33:9B:9B:5B:72
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018CC8DCEDA6DEA0034B55412CEDF0A4C6D4
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/f4kwwf_mXEseWIf7xpk3M5ubW3I.roa
Signing time:             Tue 02 Jan 2024 06:29:31 +0000
ROA not before:           Tue 02 Jan 2024 06:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50738
IP address blocks:        87.121.124.0/23 maxlen: 24
                          171.22.31.0/24 maxlen: 24
                          81.161.239.0/24 maxlen: 24
                          91.200.192.0/22 maxlen: 24
                          94.156.248.0/24 maxlen: 24
                          87.121.162.0/24 maxlen: 24
                          45.141.158.0/24 maxlen: 24
                          171.22.17.0/24 maxlen: 24
                          171.22.18.0/24 maxlen: 24
                          79.110.61.0/24 maxlen: 24
                          45.129.84.0/24 maxlen: 24
                          193.35.19.0/24 maxlen: 24
                          37.139.130.0/24 maxlen: 24
                          193.25.216.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dc:ed:a6:de:a0:03:4b:55:41:2c:ed:f0:a4:c6:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan  2 06:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7f8930c1ffe65c4b1e5887fbc69937339b9b5b72
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:aa:c4:f7:2d:5e:61:9c:10:96:8b:21:45:8a:
                    a6:40:b6:ea:9d:a4:d2:2d:cb:c0:1b:c7:ad:9d:4a:
                    65:a9:47:c0:55:8e:16:12:3b:b5:59:3c:1c:11:d4:
                    6c:e4:b9:0c:9b:70:72:b3:01:b3:26:6f:6f:8e:ac:
                    52:28:c5:a0:9e:d2:90:ec:f5:a4:9d:15:00:60:7c:
                    9c:3e:a1:aa:a5:fd:36:3e:18:ca:5a:ac:58:f3:43:
                    8a:1c:9a:99:0a:1a:fd:d1:d2:04:d2:6c:1c:5f:75:
                    d8:1c:1c:5a:6e:8b:6b:32:fa:44:a6:78:0c:ee:70:
                    43:4f:33:bf:a1:79:9c:27:15:01:df:e2:d9:d6:30:
                    df:19:f2:1d:63:b3:ee:d3:ba:38:5d:4b:c1:ec:97:
                    54:e0:4a:75:af:cc:03:fe:57:c3:64:f7:11:fb:6b:
                    31:39:b8:73:11:ae:1a:0e:99:08:1b:29:8d:44:25:
                    88:d2:32:ad:7c:bd:e9:11:0e:6f:87:38:5a:9d:84:
                    2c:b4:01:af:c5:7a:ec:42:60:44:d3:64:97:59:1b:
                    bd:ba:51:46:c8:fa:5d:ea:5e:81:e8:5b:ce:f5:43:
                    71:96:6d:51:ef:51:4c:bc:4a:45:b4:0d:e9:85:15:
                    13:a8:c1:5a:24:fb:cc:2f:a3:f7:ca:7c:cc:1c:0d:
                    a7:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:89:30:C1:FF:E6:5C:4B:1E:58:87:FB:C6:99:37:33:9B:9B:5B:72
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/f4kwwf_mXEseWIf7xpk3M5ubW3I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.139.130.0/24
                  45.129.84.0/24
                  45.141.158.0/24
                  79.110.61.0/24
                  81.161.239.0/24
                  87.121.124.0/23
                  87.121.162.0/24
                  91.200.192.0/22
                  94.156.248.0/24
                  171.22.17.0-171.22.18.255
                  171.22.31.0/24
                  193.25.216.0/24
                  193.35.19.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:e0:4d:71:75:53:6d:77:35:dd:e1:00:af:29:83:d5:48:b0:
         9d:56:38:8c:49:b7:0b:70:d6:9a:0e:47:31:cb:6a:dc:ed:74:
         60:0e:79:ec:36:d4:4c:71:b0:60:66:d8:0c:09:b5:70:f2:21:
         96:4a:90:a9:ab:8a:6b:18:0c:53:2c:b3:0c:57:91:1b:30:09:
         86:95:46:8b:c1:2f:3a:61:a3:47:7d:ea:14:16:7e:61:10:80:
         0f:fd:68:c7:6d:20:c5:5b:1e:a3:23:d1:51:ad:52:aa:80:58:
         b4:66:b2:f9:bc:8a:5d:3e:fe:5a:a6:9b:3b:f4:11:a5:50:4f:
         92:90:bd:34:9c:5f:13:aa:f7:db:12:29:07:83:c9:0a:07:df:
         4f:45:d8:f4:25:37:d6:e7:7f:4c:b0:59:d2:e6:b2:d7:c7:9f:
         fa:5f:9e:6b:43:81:04:bf:0b:07:df:9c:19:bd:6c:da:27:9b:
         68:5c:d8:33:65:96:e9:54:5f:87:54:2d:60:da:e7:ea:d8:29:
         0f:2f:31:45:f7:7f:d2:74:73:7c:0d:ce:14:27:3c:e5:8b:f4:
         10:ca:ed:80:75:fd:9a:b5:77:a8:7f:91:62:7b:0f:a9:18:76:
         e2:de:2f:2a:6b:b5:91:6f:fb:0a:b0:a4:e2:29:4f:2f:1f:87:
         09:4f:8f:4a
-----BEGIN CERTIFICATE-----
MIIFTTCCBDWgAwIBAgISAYzI3O2m3qADS1VBLO3wpMbUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMTAyMDYyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Zjg5MzBjMWZmZTY1YzRiMWU1ODg3ZmJjNjk5MzczMzliOWI1YjcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgarE9y1eYZwQloshRYqmQLbqnaTS
LcvAG8etnUplqUfAVY4WEju1WTwcEdRs5LkMm3ByswGzJm9vjqxSKMWgntKQ7PWk
nRUAYHycPqGqpf02PhjKWqxY80OKHJqZChr90dIE0mwcX3XYHBxabotrMvpEpngM
7nBDTzO/oXmcJxUB3+LZ1jDfGfIdY7Pu07o4XUvB7JdU4Ep1r8wD/lfDZPcR+2sx
ObhzEa4aDpkIGymNRCWI0jKtfL3pEQ5vhzhanYQstAGvxXrsQmBE02SXWRu9ulFG
yPpd6l6B6FvO9UNxlm1R71FMvEpFtA3phRUTqMFaJPvML6P3ynzMHA2nqQIDAQAB
o4ICWTCCAlUwHQYDVR0OBBYEFH+JMMH/5lxLHliH+8aZNzObm1tyMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvZjRrd3dmX21YRXNlV0lmN3hwazNNNXViVzNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG8GCCsGAQUFBwEHAQH/BGAwXjBcBAIAATBWAwQAJYuCAwQA
LYFUAwQALY2eAwQAT249AwQAUaHvAwQBV3l8AwQAV3miAwQCW8jAAwQAXpz4MAwD
BACrFhEDBACrFhIDBACrFh8DBADBGdgDBADBIxMwDQYJKoZIhvcNAQELBQADggEB
AGvgTXF1U213Nd3hAK8pg9VIsJ1WOIxJtwtw1poORzHLatztdGAOeew21ExxsGBm
2AwJtXDyIZZKkKmrimsYDFMsswxXkRswCYaVRovBLzpho0d96hQWfmEQgA/9aMdt
IMVbHqMj0VGtUqqAWLRmsvm8il0+/lqmmzv0EaVQT5KQvTScXxOq99sSKQeDyQoH
309F2PQlN9bnf0ywWdLmstfHn/pfnmtDgQS/CwffnBm9bNonm2hc2DNllulUX4dU
LWDa5+rYKQ8vMUX3f9J0c3wNzhQnPOWL9BDK7YB1/Zq1d6h/kWJ7D6kYduLeLypr
tZFv+wqwpOIpTy8fhwlPj0o=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:17:16 2024 by rpki-client on console-fra.rpki-client.org