Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/hsxXFeR5gltasgvU7yL8BI9grbs.roa
File:                     hsxXFeR5gltasgvU7yL8BI9grbs.roa (raw, json)
Hash identifier:          lNx2Ks/dQcxokb26lumbyhWHKkHODb3aOqPSH8lHeXU=
Subject key identifier:   86:CC:57:15:E4:79:82:5B:5A:B2:0B:D4:EF:22:FC:04:8F:60:AD:BB
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018437541E417D7B4FC62A9B4A7141A8F8FB
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/hsxXFeR5gltasgvU7yL8BI9grbs.roa
Signing time:             Wed 02 Nov 2022 07:52:50 +0000
ROA not before:           Wed 02 Nov 2022 07:52:50 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     20454
IP address blocks:        81.161.237.0/24 maxlen: 24
                          84.54.48.0/24 maxlen: 24
                          94.156.234.0/23 maxlen: 24
                          185.222.160.0/22 maxlen: 24
                          93.123.81.0/24 maxlen: 24
                          94.156.160.0/23 maxlen: 24
                          185.252.176.0/24 maxlen: 24
                          94.156.182.0/23 maxlen: 24
                          193.37.40.0/23 maxlen: 24
                          194.48.250.0/23 maxlen: 24
                          194.55.184.0/24 maxlen: 24
                          194.59.30.0/23 maxlen: 24
                          87.120.84.0/24 maxlen: 24
                          94.103.124.0/23 maxlen: 24
                          194.180.36.0/24 maxlen: 24
                          87.121.58.0/24 maxlen: 24
                          83.219.98.0/23 maxlen: 24
                          82.115.210.0/23 maxlen: 24
                          87.120.5.0/24 maxlen: 24
                          176.125.252.0/22 maxlen: 24
                          94.154.174.0/23 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:37:54:1e:41:7d:7b:4f:c6:2a:9b:4a:71:41:a8:f8:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Nov  2 07:52:50 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=86cc5715e479825b5ab20bd4ef22fc048f60adbb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:bd:00:db:37:6e:b7:f0:74:65:60:d2:0c:ae:
                    4a:f9:a9:c9:a3:73:c8:ed:00:7b:aa:b1:9d:a1:af:
                    11:5c:fe:1c:cb:76:34:e4:56:bb:9d:ac:6d:2a:c3:
                    57:bd:b3:45:27:65:68:e7:61:4f:44:74:86:34:c4:
                    84:4f:7d:cf:7a:b9:aa:89:b1:88:84:4d:96:14:d2:
                    45:fe:45:7a:66:5d:2a:dd:3c:55:1e:ad:5c:38:65:
                    ee:67:8d:26:1c:f8:1e:65:b7:81:31:ca:87:44:94:
                    92:8f:cc:fe:68:99:d2:71:7d:1b:f1:a8:94:99:d1:
                    cb:76:24:b2:d2:c7:16:2f:f9:9d:06:cf:b0:60:ea:
                    f3:0e:0a:9b:74:a4:ae:14:da:1c:c1:fd:fb:18:db:
                    8d:a8:6b:77:68:ae:e1:70:f5:a1:1e:21:ae:c2:12:
                    31:6a:6b:c5:ac:6a:7d:55:11:46:c6:78:46:27:e6:
                    6c:98:3e:fe:e0:4b:4a:15:cb:43:c9:de:29:08:9d:
                    d2:43:b9:bc:97:d1:a3:9e:65:f2:9a:f2:ac:1c:63:
                    60:98:7a:ce:ca:7e:e8:4d:06:3e:12:67:e1:11:21:
                    27:5c:84:03:d1:0b:60:70:16:c5:02:9c:87:0b:b6:
                    96:56:cd:1b:f6:c0:bd:6b:ff:4e:28:fd:83:de:30:
                    b4:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:CC:57:15:E4:79:82:5B:5A:B2:0B:D4:EF:22:FC:04:8F:60:AD:BB
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/hsxXFeR5gltasgvU7yL8BI9grbs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.161.237.0/24
                  82.115.210.0/23
                  83.219.98.0/23
                  84.54.48.0/24
                  87.120.5.0/24
                  87.120.84.0/24
                  87.121.58.0/24
                  93.123.81.0/24
                  94.103.124.0/23
                  94.154.174.0/23
                  94.156.160.0/23
                  94.156.182.0/23
                  94.156.234.0/23
                  176.125.252.0/22
                  185.222.160.0/22
                  185.252.176.0/24
                  193.37.40.0/23
                  194.48.250.0/23
                  194.55.184.0/24
                  194.59.30.0/23
                  194.180.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:c7:4f:87:f8:92:c9:6b:77:fe:54:26:e8:84:21:83:8b:b5:
         38:07:94:91:69:fc:bc:d0:a7:e9:9b:33:a0:f2:d2:16:83:f4:
         be:34:55:32:60:cf:31:21:40:55:b9:17:c2:d6:ef:28:4c:35:
         de:77:62:a7:cd:70:28:93:b0:b9:13:c5:57:a1:a5:fb:6c:2e:
         db:b0:2a:c2:e8:d3:d3:8a:ad:68:2d:4c:f8:91:38:e3:91:d6:
         a9:b9:c3:ac:83:bf:88:c3:54:89:74:51:eb:2c:10:9e:65:5f:
         7d:05:4a:81:47:7a:55:5d:8e:60:6c:ef:6a:15:66:96:f9:44:
         7e:85:ca:b9:c1:87:ba:2e:8d:34:66:0c:f0:9c:22:f4:9a:61:
         8e:c5:3d:a1:50:02:f6:dd:60:e8:de:3a:5f:83:67:4f:88:a2:
         fe:11:1e:4b:a8:1c:38:d4:3e:1d:da:82:79:e3:b5:f6:2b:06:
         b5:45:49:fa:ce:47:2e:ac:11:a1:e8:78:ea:50:f2:89:e8:f0:
         a3:b3:05:a3:88:5e:6b:e0:70:41:c8:5f:a6:c7:2a:4f:9b:41:
         c4:e0:3d:64:72:6e:45:82:e2:bf:0d:dc:6c:be:5b:17:fd:cd:
         36:40:b0:ac:e1:7e:13:1c:7a:04:ff:9f:a2:f8:2f:38:bf:03:
         7a:b5:43:ea
-----BEGIN CERTIFICATE-----
MIIFeTCCBGGgAwIBAgISAYQ3VB5BfXtPxiqbSnFBqPj7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjIxMTAyMDc1MjUwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NmNjNTcxNWU0Nzk4MjViNWFiMjBiZDRlZjIyZmMwNDhmNjBhZGJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqb0A2zdut/B0ZWDSDK5K+anJo3PI
7QB7qrGdoa8RXP4cy3Y05Fa7naxtKsNXvbNFJ2Vo52FPRHSGNMSET33PermqibGI
hE2WFNJF/kV6Zl0q3TxVHq1cOGXuZ40mHPgeZbeBMcqHRJSSj8z+aJnScX0b8aiU
mdHLdiSy0scWL/mdBs+wYOrzDgqbdKSuFNocwf37GNuNqGt3aK7hcPWhHiGuwhIx
amvFrGp9VRFGxnhGJ+ZsmD7+4EtKFctDyd4pCJ3SQ7m8l9GjnmXymvKsHGNgmHrO
yn7oTQY+EmfhESEnXIQD0QtgcBbFApyHC7aWVs0b9sC9a/9OKP2D3jC00QIDAQAB
o4IChTCCAoEwHQYDVR0OBBYEFIbMVxXkeYJbWrIL1O8i/ASPYK27MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvaHN4WEZlUjVnbHRhc2d2VTd5TDhCSTlncmJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGaBggrBgEFBQcBBwEB/wSBijCBhzCBhAQCAAEwfgMEAFGh
7QMEAVJz0gMEAVPbYgMEAFQ2MAMEAFd4BQMEAFd4VAMEAFd5OgMEAF17UQMEAV5n
fAMEAV6argMEAV6coAMEAV6ctgMEAV6c6gMEArB9/AMEArneoAMEALn8sAMEAcEl
KAMEAcIw+gMEAMI3uAMEAcI7HgMEAMK0JDANBgkqhkiG9w0BAQsFAAOCAQEAcsdP
h/iSyWt3/lQm6IQhg4u1OAeUkWn8vNCn6ZszoPLSFoP0vjRVMmDPMSFAVbkXwtbv
KEw13ndip81wKJOwuRPFV6Gl+2wu27AqwujT04qtaC1M+JE445HWqbnDrIO/iMNU
iXRR6ywQnmVffQVKgUd6VV2OYGzvahVmlvlEfoXKucGHui6NNGYM8Jwi9JphjsU9
oVAC9t1g6N46X4NnT4ii/hEeS6gcONQ+HdqCeeO19isGtUVJ+s5HLqwRoeh46lDy
iejwo7MFo4hea+BwQchfpscqT5tBxOA9ZHJuRYLivw3cbL5bF/3NNkCwrOF+Exx6
BP+fovgvOL8DerVD6g==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:40 2024 by rpki-client on console-ams.rpki-client.org