Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/im054CG-8kj21KZDiVii_CDSb7Y.roa
File:                     im054CG-8kj21KZDiVii_CDSb7Y.roa (raw, json)
Hash identifier:          qHKJE9P4j6ZtSoqQJCxW3t2CZloWcIf3kRVKzsZiWjc=
Subject key identifier:   8A:6D:39:E0:21:BE:F2:48:F6:D4:A6:43:89:58:A2:FC:20:D2:6F:B6
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018C57B4403853D8EBF3FBAED618B6C52A0A
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/im054CG-8kj21KZDiVii_CDSb7Y.roa
Signing time:             Mon 11 Dec 2023 07:07:59 +0000
ROA not before:           Mon 11 Dec 2023 07:07:59 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     50738
IP address blocks:        87.121.124.0/23 maxlen: 24
                          171.22.31.0/24 maxlen: 24
                          81.161.239.0/24 maxlen: 24
                          91.200.192.0/22 maxlen: 24
                          94.156.250.0/24 maxlen: 24
                          94.156.248.0/24 maxlen: 24
                          87.121.162.0/24 maxlen: 24
                          147.78.100.0/23 maxlen: 24
                          45.141.158.0/24 maxlen: 24
                          171.22.17.0/24 maxlen: 24
                          171.22.18.0/24 maxlen: 24
                          92.249.48.0/24 maxlen: 24
                          79.110.61.0/24 maxlen: 24
                          83.219.97.0/24 maxlen: 24
                          45.129.84.0/24 maxlen: 24
                          45.129.86.0/24 maxlen: 24
                          94.154.172.0/24 maxlen: 24
                          193.35.19.0/24 maxlen: 24
                          37.139.130.0/24 maxlen: 24
                          193.25.216.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:57:b4:40:38:53:d8:eb:f3:fb:ae:d6:18:b6:c5:2a:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Dec 11 07:07:59 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=8a6d39e021bef248f6d4a6438958a2fc20d26fb6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:4b:d9:7b:e9:a2:a8:6f:5e:ef:6d:ea:f8:8b:
                    53:f7:77:9f:f7:90:67:62:ce:7f:98:ec:85:02:9c:
                    fe:80:cb:75:fd:aa:d3:e0:b4:2c:ce:58:48:06:49:
                    29:f0:e1:de:2a:06:20:5e:26:d4:67:34:25:1b:8e:
                    5c:bd:8d:e3:04:72:a3:b3:cf:8e:d6:93:53:55:4a:
                    7c:f0:ff:32:3a:be:db:fc:ec:c7:fb:88:24:3e:90:
                    11:34:46:b2:3d:c8:16:76:3b:82:90:da:a5:68:10:
                    99:c3:fd:5e:53:6a:12:7b:67:73:cb:7d:76:8a:8a:
                    1f:24:f2:d8:b3:d2:38:4e:66:3c:9f:0e:42:f8:0f:
                    bc:4b:9b:7a:7f:a7:f7:6c:7c:e0:88:58:82:c1:96:
                    85:d3:a4:54:83:c2:de:3f:2e:2d:78:60:43:a9:0f:
                    b9:c4:ff:64:71:1b:e3:85:0f:28:af:6d:98:84:6c:
                    48:dc:bc:dc:3a:2b:27:cc:39:e4:c3:5b:8c:6b:96:
                    f3:6b:ab:8d:53:0a:05:7f:89:97:99:c1:a6:60:18:
                    0c:59:46:f5:a8:5d:20:83:ad:67:64:b7:f2:6f:49:
                    a2:8d:b3:d2:a0:79:a4:14:db:d1:f3:91:b8:cb:31:
                    16:76:16:98:98:0c:30:41:be:ad:3d:bd:02:7c:83:
                    69:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:6D:39:E0:21:BE:F2:48:F6:D4:A6:43:89:58:A2:FC:20:D2:6F:B6
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/im054CG-8kj21KZDiVii_CDSb7Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.139.130.0/24
                  45.129.84.0/24
                  45.129.86.0/24
                  45.141.158.0/24
                  79.110.61.0/24
                  81.161.239.0/24
                  83.219.97.0/24
                  87.121.124.0/23
                  87.121.162.0/24
                  91.200.192.0/22
                  92.249.48.0/24
                  94.154.172.0/24
                  94.156.248.0/24
                  94.156.250.0/24
                  147.78.100.0/23
                  171.22.17.0-171.22.18.255
                  171.22.31.0/24
                  193.25.216.0/24
                  193.35.19.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:21:1e:64:67:a4:da:8c:65:c1:44:df:c5:d8:0f:33:02:a2:
         40:20:00:dc:66:45:32:6f:d6:1b:65:94:75:4c:75:d0:e7:91:
         e4:b6:a0:2b:e8:df:a7:28:8a:8c:e9:67:4a:e5:6f:d1:f9:2f:
         13:ab:63:41:eb:65:66:b9:1a:c4:10:b6:26:22:00:bc:8d:43:
         3d:2c:8b:e2:79:e7:18:7d:ae:7f:d3:40:c5:86:14:43:49:82:
         37:5e:69:9f:8d:fb:61:18:77:f7:03:db:33:67:e5:5e:ca:91:
         0c:a3:a6:41:f8:49:4a:c6:1f:64:54:1d:dc:73:24:08:87:ec:
         fe:58:4f:c6:b6:a6:0b:d2:10:39:82:25:a4:70:43:d7:75:14:
         60:96:95:95:18:20:f8:d9:5f:d2:9f:41:58:7b:97:63:4d:65:
         1d:05:ed:9e:9c:f4:f4:23:09:b3:7a:27:f6:a6:79:20:d3:ac:
         91:cb:bf:9c:bf:81:da:cd:ed:3f:8d:86:83:8d:c4:a4:80:0f:
         21:e2:46:57:15:2d:4a:a6:97:d2:a9:28:40:1a:d2:b7:f4:44:
         42:58:d6:3c:6d:3e:b4:a7:ec:85:08:70:67:7c:e0:16:22:04:
         a4:86:c4:d0:5b:ff:4e:7a:5c:6e:6a:b2:b2:c1:7d:69:f9:97:
         55:3e:71:de
-----BEGIN CERTIFICATE-----
MIIFdTCCBF2gAwIBAgISAYxXtEA4U9jr8/uu1hi2xSoKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMxMjExMDcwNzU5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTZkMzllMDIxYmVmMjQ4ZjZkNGE2NDM4OTU4YTJmYzIwZDI2ZmI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjEvZe+miqG9e723q+ItT93ef95Bn
Ys5/mOyFApz+gMt1/arT4LQszlhIBkkp8OHeKgYgXibUZzQlG45cvY3jBHKjs8+O
1pNTVUp88P8yOr7b/OzH+4gkPpARNEayPcgWdjuCkNqlaBCZw/1eU2oSe2dzy312
ioofJPLYs9I4TmY8nw5C+A+8S5t6f6f3bHzgiFiCwZaF06RUg8LePy4teGBDqQ+5
xP9kcRvjhQ8or22YhGxI3LzcOisnzDnkw1uMa5bza6uNUwoFf4mXmcGmYBgMWUb1
qF0gg61nZLfyb0mijbPSoHmkFNvR85G4yzEWdhaYmAwwQb6tPb0CfINp8QIDAQAB
o4ICgTCCAn0wHQYDVR0OBBYEFIptOeAhvvJI9tSmQ4lYovwg0m+2MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvaW0wNTRDRy04a2oyMUtaRGlWaWlfQ0RTYjdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGWBggrBgEFBQcBBwEB/wSBhjCBgzCBgAQCAAEwegMEACWL
ggMEAC2BVAMEAC2BVgMEAC2NngMEAE9uPQMEAFGh7wMEAFPbYQMEAVd5fAMEAFd5
ogMEAlvIwAMEAFz5MAMEAF6arAMEAF6c+AMEAF6c+gMEAZNOZDAMAwQAqxYRAwQA
qxYSAwQAqxYfAwQAwRnYAwQAwSMTMA0GCSqGSIb3DQEBCwUAA4IBAQBRIR5kZ6Ta
jGXBRN/F2A8zAqJAIADcZkUyb9YbZZR1THXQ55HktqAr6N+nKIqM6WdK5W/R+S8T
q2NB62VmuRrEELYmIgC8jUM9LIvieecYfa5/00DFhhRDSYI3XmmfjfthGHf3A9sz
Z+VeypEMo6ZB+ElKxh9kVB3ccyQIh+z+WE/GtqYL0hA5giWkcEPXdRRglpWVGCD4
2V/Sn0FYe5djTWUdBe2enPT0Iwmzeif2pnkg06yRy7+cv4Haze0/jYaDjcSkgA8h
4kZXFS1KppfSqShAGtK39ERCWNY8bT60p+yFCHBnfOAWIgSkhsTQW/9OelxuarKy
wX1p+ZdVPnHe
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:41 2024 by rpki-client on console-ams.rpki-client.org