Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/g-kVkONCVRBqQInAcnYn8BjOrBE.roa
File:                     g-kVkONCVRBqQInAcnYn8BjOrBE.roa (raw, json)
Hash identifier:          uF5cP7s6t55OVOjIIPZHNPiYca5C9FrBxy41Sfst83I=
Subject key identifier:   83:E9:15:90:E3:42:55:10:6A:40:89:C0:72:76:27:F0:18:CE:AC:11
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       1DB94F51
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/g-kVkONCVRBqQInAcnYn8BjOrBE.roa
Signing time:             Mon 04 Apr 2022 13:06:03 +0000
ROA not before:           Mon 04 Apr 2022 13:06:03 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     29030
IP address blocks:        94.156.16.0/22 maxlen: 22
                          94.156.20.0/22 maxlen: 22
                          87.121.152.0/21 maxlen: 21
                          31.13.200.0/21 maxlen: 21
                          94.156.244.0/24 maxlen: 24
                          87.121.65.0/24 maxlen: 24
                          94.156.199.0/24 maxlen: 24
                          94.156.197.0/24 maxlen: 24
                          94.156.195.0/24 maxlen: 24
                          94.156.196.0/24 maxlen: 24
                          94.156.198.0/24 maxlen: 24
                          94.156.194.0/24 maxlen: 24
                          94.156.208.0/21 maxlen: 21
                          87.121.24.0/22 maxlen: 24
                          31.13.242.0/23 maxlen: 23
                          87.121.8.0/21 maxlen: 21

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 498683729 (0x1db94f51)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Apr  4 13:06:03 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=83e91590e34255106a4089c0727627f018ceac11
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:90:18:7e:19:29:70:e4:9a:16:f5:8b:05:c7:
                    63:29:ee:15:02:8c:fb:02:d1:b3:d5:7b:3a:23:cc:
                    aa:69:da:b2:ff:bd:13:99:46:79:f1:ff:98:9b:a7:
                    ca:c6:58:7e:cc:be:f9:14:d1:d1:8b:af:15:a3:ec:
                    0d:00:28:86:90:7d:e1:62:22:45:42:dd:1f:89:9d:
                    5a:84:93:68:5e:a2:45:98:5e:69:59:5e:fe:25:2c:
                    2e:52:a9:41:df:12:63:dc:99:2e:32:d3:f1:64:9f:
                    55:5a:4b:a5:d0:d2:7e:1b:0d:22:9f:19:76:f3:e1:
                    c0:8f:fc:e8:31:1e:7e:21:f1:3a:b8:ac:d0:1b:73:
                    f6:38:e3:69:e1:0c:81:d4:a4:13:17:dd:4a:d1:ea:
                    f9:aa:52:d5:30:fb:95:3f:b8:5e:06:be:7c:8e:27:
                    16:98:3f:8d:25:cb:29:a1:c5:4a:60:1f:e5:c1:f3:
                    b9:a2:40:93:59:b6:dd:13:2f:33:34:87:d2:5f:45:
                    23:9e:1a:4c:28:18:a8:fc:5e:a1:83:fa:d6:97:a7:
                    c3:70:10:98:61:9d:39:33:0b:8a:51:2e:db:d1:14:
                    ca:e8:f8:15:11:ad:cf:a7:08:4b:1f:1f:7d:31:bd:
                    99:06:eb:31:cd:33:95:1e:7c:6e:92:49:b6:62:72:
                    dc:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:E9:15:90:E3:42:55:10:6A:40:89:C0:72:76:27:F0:18:CE:AC:11
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/g-kVkONCVRBqQInAcnYn8BjOrBE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.13.200.0/21
                  31.13.242.0/23
                  87.121.8.0/21
                  87.121.24.0/22
                  87.121.65.0/24
                  87.121.152.0/21
                  94.156.16.0/21
                  94.156.194.0-94.156.199.255
                  94.156.208.0/21
                  94.156.244.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:35:16:55:7e:20:6b:e0:01:c0:a3:aa:f2:11:f5:22:23:04:
         a5:89:5b:78:92:fd:5b:99:d6:35:07:09:a0:e3:3c:01:1d:ab:
         ca:1c:64:72:70:7c:99:f7:01:24:b8:0e:fc:9a:28:04:9d:c7:
         7d:b6:17:ac:cc:33:2b:af:30:4c:fb:0e:6e:ba:2d:62:e0:60:
         72:1f:3a:f8:22:d8:5e:4c:2c:7f:a6:80:0e:f8:c3:74:20:c0:
         a2:c1:75:8d:21:de:3d:5e:a9:88:dc:2b:93:48:ce:34:d9:61:
         72:ce:48:a4:a9:96:6b:b2:6f:70:89:0f:70:97:c2:78:bd:9b:
         6c:fc:07:25:ac:76:90:f6:97:06:8f:41:a4:d2:c9:4a:f8:d8:
         4a:b0:e3:aa:27:7c:53:ed:92:8e:d7:91:c4:a8:d3:86:12:3f:
         42:97:1c:0b:10:f9:1b:0f:53:13:53:b5:4f:c9:66:99:df:8e:
         27:bf:dc:b8:ad:c7:5e:b8:8d:a0:e6:b5:cd:c7:7a:30:80:cf:
         3e:64:e9:97:04:93:fb:c5:4d:fa:78:2f:75:a7:49:09:47:79:
         f6:41:89:62:14:a0:fc:c6:22:95:e1:b5:80:bd:aa:07:4b:6d:
         2c:18:62:0e:3f:01:60:5b:95:8f:8e:bc:41:dc:61:f1:ed:61:
         52:86:c5:4e
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIEHblPUTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygy
MmM0YWMzZTNjNDNkNzBkMDUzNDljODE1YmFhZGQzOGFkNzc1ZTlkMB4XDTIyMDQw
NDEzMDYwM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoODNlOTE1OTBlMzQy
NTUxMDZhNDA4OWMwNzI3NjI3ZjAxOGNlYWMxMTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMaQGH4ZKXDkmhb1iwXHYynuFQKM+wLRs9V7OiPMqmnasv+9
E5lGefH/mJunysZYfsy++RTR0YuvFaPsDQAohpB94WIiRULdH4mdWoSTaF6iRZhe
aVle/iUsLlKpQd8SY9yZLjLT8WSfVVpLpdDSfhsNIp8ZdvPhwI/86DEefiHxOris
0Btz9jjjaeEMgdSkExfdStHq+apS1TD7lT+4Xga+fI4nFpg/jSXLKaHFSmAf5cHz
uaJAk1m23RMvMzSH0l9FI54aTCgYqPxeoYP61penw3AQmGGdOTMLilEu29EUyuj4
FRGtz6cISx8ffTG9mQbrMc0zlR58bpJJtmJy3GUCAwEAAaOCAkcwggJDMB0GA1Ud
DgQWBBSD6RWQ40JVEGpAicBydifwGM6sETAfBgNVHSMEGDAWgBQixKw+PEPXDQU0
nIFbqt04rXdenTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0lzU3NQanhEMXcwRk5KeUJXNnJkT0sxM1hwMC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMDMvOTEzYTNhLWY1NTAtNDZmMC1hY2M3LWNkM2NhNTk3NTcxMi8x
L2cta1ZrT05DVlJCcVFJbkFjblluOEJqT3JCRS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDMv
OTEzYTNhLWY1NTAtNDZmMC1hY2M3LWNkM2NhNTk3NTcxMi8xL0lzU3NQanhEMXcw
Rk5KeUJXNnJkT0sxM1hwMC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBd
BggrBgEFBQcBBwEB/wROMEwwSgQCAAEwRAMEAx8NyAMEAR8N8gMEA1d5CAMEAld5
GAMEAFd5QQMEA1d5mAMEA16cEDAMAwQBXpzCAwQDXpzAAwQDXpzQAwQAXpz0MA0G
CSqGSIb3DQEBCwUAA4IBAQAnNRZVfiBr4AHAo6ryEfUiIwSliVt4kv1bmdY1Bwmg
4zwBHavKHGRycHyZ9wEkuA78migEncd9theszDMrrzBM+w5uui1i4GByHzr4Ithe
TCx/poAO+MN0IMCiwXWNId49XqmI3CuTSM402WFyzkikqZZrsm9wiQ9wl8J4vZts
/AclrHaQ9pcGj0Gk0slK+NhKsOOqJ3xT7ZKO15HEqNOGEj9ClxwLEPkbD1MTU7VP
yWaZ344nv9y4rcdeuI2g5rXNx3owgM8+ZOmXBJP7xU36eC91p0kJR3n2QYliFKD8
xiKV4bWAvaoHS20sGGIOPwFgW5WPjrxB3GHx7WFShsVO
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:39 2024 by rpki-client on console-ams.rpki-client.org