Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/gZKcS9OLeDQ-AWbbi-ek2Nx4e8Y.roa
File:                     gZKcS9OLeDQ-AWbbi-ek2Nx4e8Y.roa (raw, json)
Hash identifier:          XViB1cZZBpEKnb5nzz3bqNHa9Scda8hoBo//IKT5/pg=
Subject key identifier:   81:92:9C:4B:D3:8B:78:34:3E:01:66:DB:8B:E7:A4:D8:DC:78:7B:C6
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018A8D4651D8468D51F00937CB9D7C8C9FB2
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/gZKcS9OLeDQ-AWbbi-ek2Nx4e8Y.roa
Signing time:             Wed 13 Sep 2023 06:41:50 +0000
ROA not before:           Wed 13 Sep 2023 06:41:50 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     50225
IP address blocks:        85.217.145.0/24 maxlen: 24
                          185.222.163.0/24 maxlen: 24
                          178.215.237.0/24 maxlen: 24
                          93.123.85.0/24 maxlen: 24
                          80.76.50.0/24 maxlen: 24
                          193.42.34.0/24 maxlen: 24
                          94.156.176.0/24 maxlen: 24
                          193.47.63.0/24 maxlen: 24
                          194.48.249.0/24 maxlen: 24
                          45.84.90.0/24 maxlen: 24
                          194.48.251.0/24 maxlen: 24
                          85.209.132.0/24 maxlen: 24
                          79.110.50.0/24 maxlen: 24
                          176.125.252.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:8d:46:51:d8:46:8d:51:f0:09:37:cb:9d:7c:8c:9f:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Sep 13 06:41:50 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=81929c4bd38b78343e0166db8be7a4d8dc787bc6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:96:60:dd:e8:cb:a1:29:04:9a:94:19:8a:56:
                    5f:57:5f:0b:15:a6:8b:ab:37:c5:25:22:ce:c1:61:
                    32:74:e0:26:2e:da:9c:24:12:96:4a:e2:3a:ab:a4:
                    29:ba:a1:54:d1:7a:c6:80:66:4f:26:15:2b:68:a4:
                    07:9e:bc:a1:57:29:ab:69:5a:14:bc:37:4f:ed:1c:
                    5b:0b:9e:1b:67:c4:ac:3a:d1:ff:2a:3e:31:da:3a:
                    72:6e:88:90:55:e3:1c:c0:76:1b:b0:44:ab:c5:2b:
                    46:3e:25:8c:a4:73:38:2b:1a:63:cd:23:dc:db:76:
                    d6:4c:1b:54:a8:27:a8:7d:f5:9d:00:d9:c1:3b:82:
                    f2:30:8a:70:26:84:20:f2:f5:31:20:aa:cf:82:42:
                    03:0c:11:f6:f5:b3:4a:1c:56:b5:89:ea:73:0c:ed:
                    11:65:aa:5d:3f:68:83:15:08:da:a3:c8:72:49:d2:
                    e5:5b:2f:26:a5:b5:0c:a9:3e:ad:b5:40:b4:2b:a7:
                    43:41:f4:8b:42:b9:3f:08:c2:ee:13:42:b8:0e:dc:
                    76:00:4d:40:00:d3:54:e4:b6:13:14:97:17:2f:e1:
                    d1:57:ff:46:f0:a9:94:1b:26:3d:e6:90:eb:b7:c0:
                    2f:fa:13:e1:b9:50:56:98:cd:59:5d:fb:78:28:61:
                    a8:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:92:9C:4B:D3:8B:78:34:3E:01:66:DB:8B:E7:A4:D8:DC:78:7B:C6
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/gZKcS9OLeDQ-AWbbi-ek2Nx4e8Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.84.90.0/24
                  79.110.50.0/24
                  80.76.50.0/24
                  85.209.132.0/24
                  85.217.145.0/24
                  93.123.85.0/24
                  94.156.176.0/24
                  176.125.252.0/24
                  178.215.237.0/24
                  185.222.163.0/24
                  193.42.34.0/24
                  193.47.63.0/24
                  194.48.249.0/24
                  194.48.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:9b:23:f3:c5:4c:5e:44:9b:3b:25:62:eb:1d:39:69:0b:70:
         a8:44:1a:4e:6b:90:ea:e0:7f:b5:cb:cf:bb:15:d8:4e:af:23:
         fa:02:4d:81:3d:a9:32:f7:48:22:27:26:89:4e:0c:9a:84:1e:
         18:38:d7:22:18:d6:4b:f5:86:6b:f6:6e:7e:5f:ed:d8:38:ca:
         4f:de:e4:05:3c:51:5f:63:ee:f3:e4:e8:dc:95:4e:67:d0:bc:
         7a:f5:e7:54:4e:c6:21:2a:46:63:c3:7a:9e:54:fc:a7:31:d7:
         39:c0:9d:e0:1b:3b:49:db:e3:9c:a0:ea:5f:6e:d6:fa:bc:3b:
         b6:c5:d4:63:83:36:85:be:7f:dc:cd:95:37:84:55:a7:13:2b:
         2b:91:75:27:4f:0e:60:4c:ee:8d:89:02:df:53:15:63:d5:1c:
         8d:1b:8b:54:0c:7e:39:d7:ef:0d:51:1d:7e:26:83:c3:db:b1:
         c4:cc:15:71:50:ac:54:5a:01:22:3f:ef:14:75:82:c3:19:f0:
         e6:30:51:7c:99:48:7b:a4:63:5e:ca:70:e6:ad:18:4f:3e:ea:
         84:29:22:84:53:69:75:cf:fa:18:3c:c1:3f:9d:f2:88:0f:92:
         3c:ea:d6:2c:46:d1:e7:6a:1a:7d:fc:ac:cc:34:e4:d7:e6:90:
         75:b1:a9:1e
-----BEGIN CERTIFICATE-----
MIIFSzCCBDOgAwIBAgISAYqNRlHYRo1R8Ak3y518jJ+yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwOTEzMDY0MTUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MTkyOWM0YmQzOGI3ODM0M2UwMTY2ZGI4YmU3YTRkOGRjNzg3YmM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgZZg3ejLoSkEmpQZilZfV18LFaaL
qzfFJSLOwWEydOAmLtqcJBKWSuI6q6QpuqFU0XrGgGZPJhUraKQHnryhVymraVoU
vDdP7RxbC54bZ8SsOtH/Kj4x2jpyboiQVeMcwHYbsESrxStGPiWMpHM4KxpjzSPc
23bWTBtUqCeoffWdANnBO4LyMIpwJoQg8vUxIKrPgkIDDBH29bNKHFa1iepzDO0R
ZapdP2iDFQjao8hySdLlWy8mpbUMqT6ttUC0K6dDQfSLQrk/CMLuE0K4Dtx2AE1A
ANNU5LYTFJcXL+HRV/9G8KmUGyY95pDrt8Av+hPhuVBWmM1ZXft4KGGoDwIDAQAB
o4ICVzCCAlMwHQYDVR0OBBYEFIGSnEvTi3g0PgFm24vnpNjceHvGMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvZ1pLY1M5T0xlRFEtQVdiYmktZWsyTng0ZThZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG0GCCsGAQUFBwEHAQH/BF4wXDBaBAIAATBUAwQALVRaAwQA
T24yAwQAUEwyAwQAVdGEAwQAVdmRAwQAXXtVAwQAXpywAwQAsH38AwQAstftAwQA
ud6jAwQAwSoiAwQAwS8/AwQAwjD5AwQAwjD7MA0GCSqGSIb3DQEBCwUAA4IBAQBV
myPzxUxeRJs7JWLrHTlpC3CoRBpOa5Dq4H+1y8+7FdhOryP6Ak2BPaky90giJyaJ
TgyahB4YONciGNZL9YZr9m5+X+3YOMpP3uQFPFFfY+7z5OjclU5n0Lx69edUTsYh
KkZjw3qeVPynMdc5wJ3gGztJ2+OcoOpfbtb6vDu2xdRjgzaFvn/czZU3hFWnEysr
kXUnTw5gTO6NiQLfUxVj1RyNG4tUDH451+8NUR1+JoPD27HEzBVxUKxUWgEiP+8U
dYLDGfDmMFF8mUh7pGNeynDmrRhPPuqEKSKEU2l1z/oYPME/nfKID5I86tYsRtHn
ahp9/KzMNOTX5pB1sake
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:17:16 2024 by rpki-client on console-fra.rpki-client.org