Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/hfDCbpPfIv-UXvgfeY-hxiLE8-c.roa
File:                     hfDCbpPfIv-UXvgfeY-hxiLE8-c.roa (raw, json)
Hash identifier:          Dz6UpUkyzWknY20eL5qY7KP3t3Yn7IvORvDY64H/8Rw=
Subject key identifier:   85:F0:C2:6E:93:DF:22:FF:94:5E:F8:1F:79:8F:A1:C6:22:C4:F3:E7
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       01889F20934E961FFAB9EB216C8BA38B3C60
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/hfDCbpPfIv-UXvgfeY-hxiLE8-c.roa
Signing time:             Fri 09 Jun 2023 07:48:12 +0000
ROA not before:           Fri 09 Jun 2023 07:48:12 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     0
IP address blocks:        185.218.84.0/22 maxlen: 24
                          94.156.239.0/24 maxlen: 24
                          178.215.236.0/24 maxlen: 24
                          171.22.72.0/22 maxlen: 24
                          147.78.101.0/24 maxlen: 24
                          147.78.100.0/24 maxlen: 24
                          92.119.196.0/23 maxlen: 24
                          185.216.84.0/22 maxlen: 24
                          94.103.126.0/24 maxlen: 24
                          185.218.137.0/24 maxlen: 24
                          94.154.162.0/23 maxlen: 24
                          94.154.161.0/24 maxlen: 24
                          185.219.126.0/24 maxlen: 24
                          45.151.89.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:9f:20:93:4e:96:1f:fa:b9:eb:21:6c:8b:a3:8b:3c:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jun  9 07:48:12 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=85f0c26e93df22ff945ef81f798fa1c622c4f3e7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:0f:47:6a:34:cb:ca:e8:99:7f:9c:6e:29:2f:
                    7a:5f:1a:3b:c1:d2:05:03:4b:35:6e:8b:7c:9c:24:
                    c4:28:ad:94:3f:dc:54:a9:3a:69:db:30:3b:50:0a:
                    74:71:2f:bd:8f:22:06:78:73:bd:0c:90:7a:40:91:
                    51:ca:d8:02:91:fd:92:6f:b3:b5:bf:9b:b2:8d:d3:
                    c0:94:7c:1f:b8:10:07:17:f5:76:51:6f:63:12:f5:
                    34:68:77:4b:5f:3b:95:79:a6:e6:08:37:16:dd:90:
                    6b:81:77:0a:5c:d4:04:04:cf:5b:68:55:cf:f5:f0:
                    da:d2:e1:5a:e3:71:7c:71:fd:b0:ab:78:8e:1b:a0:
                    78:60:96:4e:b8:a5:0a:b2:28:af:9d:da:a2:9e:2a:
                    68:22:8b:d1:ce:be:d7:06:a8:cf:3a:f9:3f:17:59:
                    cf:a4:c6:ed:bc:f1:d5:9f:b6:15:65:67:a7:81:d1:
                    ae:5e:a5:1a:9e:61:dd:60:b8:3d:1f:27:93:e0:19:
                    97:f9:1a:5d:ba:6d:7c:f8:c6:aa:30:d1:56:60:10:
                    66:b9:e4:e3:d7:70:37:9d:f4:54:f5:d0:74:bf:f6:
                    47:74:f0:97:3b:5f:0c:76:fd:71:19:ba:6d:bd:b3:
                    58:ed:72:8c:53:33:b7:f9:8b:dd:f0:75:3f:8c:01:
                    65:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:F0:C2:6E:93:DF:22:FF:94:5E:F8:1F:79:8F:A1:C6:22:C4:F3:E7
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/hfDCbpPfIv-UXvgfeY-hxiLE8-c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.151.89.0/24
                  92.119.196.0/23
                  94.103.126.0/24
                  94.154.161.0-94.154.163.255
                  94.156.239.0/24
                  147.78.100.0/23
                  171.22.72.0/22
                  178.215.236.0/24
                  185.216.84.0/22
                  185.218.84.0/22
                  185.218.137.0/24
                  185.219.126.0/24

    Signature Algorithm: sha256WithRSAEncryption
         af:e3:54:f9:af:5e:2e:fd:c9:bb:34:d5:4d:82:e1:b1:ef:46:
         07:b0:b0:47:8e:a8:c5:e8:18:3d:12:fe:89:a8:47:31:7a:4e:
         85:d0:fd:6b:a6:18:65:08:66:64:b0:d8:20:2c:46:cf:f7:cb:
         49:ec:2e:43:5d:6c:3a:1f:c9:72:fc:f8:55:5b:22:80:e1:fc:
         8c:fe:0f:07:1c:2f:50:d0:32:ce:eb:65:08:7c:5d:82:77:74:
         95:1f:55:f2:a1:b6:d2:9c:b7:3b:03:04:bb:6e:6b:83:78:01:
         16:63:00:22:22:a1:dc:36:02:9f:1c:6b:84:b4:25:6e:25:60:
         f4:d3:b2:51:64:df:be:7b:4c:43:93:29:9c:76:7d:f1:54:70:
         37:f4:5a:bc:f1:eb:6c:e8:0c:8e:58:c6:3b:76:29:13:a4:2f:
         83:5f:06:8f:c0:0c:d2:80:50:fa:8f:18:5a:e7:e8:71:c2:38:
         69:7b:5b:49:5e:f3:d0:15:7b:26:83:50:c0:bc:65:ee:a0:f9:
         61:7e:28:02:07:3d:f3:0e:46:fa:e0:f3:87:ac:86:f6:93:c8:
         98:09:af:54:b4:03:d6:51:90:6d:60:4a:14:10:71:77:3f:b7:
         30:3c:91:21:4b:00:66:84:84:94:37:71:5f:3e:8b:3a:1a:bd:
         61:93:30:e8
-----BEGIN CERTIFICATE-----
MIIFRzCCBC+gAwIBAgISAYifIJNOlh/6ueshbIujizxgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwNjA5MDc0ODEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NWYwYzI2ZTkzZGYyMmZmOTQ1ZWY4MWY3OThmYTFjNjIyYzRmM2U3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvg9HajTLyuiZf5xuKS96Xxo7wdIF
A0s1bot8nCTEKK2UP9xUqTpp2zA7UAp0cS+9jyIGeHO9DJB6QJFRytgCkf2Sb7O1
v5uyjdPAlHwfuBAHF/V2UW9jEvU0aHdLXzuVeabmCDcW3ZBrgXcKXNQEBM9baFXP
9fDa0uFa43F8cf2wq3iOG6B4YJZOuKUKsiivndqinipoIovRzr7XBqjPOvk/F1nP
pMbtvPHVn7YVZWengdGuXqUanmHdYLg9HyeT4BmX+Rpdum18+MaqMNFWYBBmueTj
13A3nfRU9dB0v/ZHdPCXO18Mdv1xGbptvbNY7XKMUzO3+Yvd8HU/jAFlBwIDAQAB
o4ICUzCCAk8wHQYDVR0OBBYEFIXwwm6T3yL/lF74H3mPocYixPPnMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvaGZEQ2JwUGZJdi1VWHZnZmVZLWh4aUxFOC1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGkGCCsGAQUFBwEHAQH/BFowWDBWBAIAATBQAwQALZdZAwQB
XHfEAwQAXmd+MAwDBABemqEDBAJemqADBABenO8DBAGTTmQDBAKrFkgDBACy1+wD
BAK52FQDBAK52lQDBAC52okDBAC5234wDQYJKoZIhvcNAQELBQADggEBAK/jVPmv
Xi79ybs01U2C4bHvRgewsEeOqMXoGD0S/omoRzF6ToXQ/WumGGUIZmSw2CAsRs/3
y0nsLkNdbDofyXL8+FVbIoDh/Iz+DwccL1DQMs7rZQh8XYJ3dJUfVfKhttKctzsD
BLtua4N4ARZjACIiodw2Ap8ca4S0JW4lYPTTslFk3757TEOTKZx2ffFUcDf0Wrzx
62zoDI5Yxjt2KROkL4NfBo/ADNKAUPqPGFrn6HHCOGl7W0le89AVeyaDUMC8Ze6g
+WF+KAIHPfMORvrg84eshvaTyJgJr1S0A9ZRkG1gShQQcXc/tzA8kSFLAGaEhJQ3
cV8+izoavWGTMOg=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:17:17 2024 by rpki-client on console-fra.rpki-client.org