Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/jVUJCQvq8zkgv6U_tvvGM_wOD8M.roa
File:                     jVUJCQvq8zkgv6U_tvvGM_wOD8M.roa (raw, json)
Hash identifier:          awUXP12c0zCXlzHGewcRX72EVfoVZaEl2/NScNmw1W0=
Subject key identifier:   8D:55:09:09:0B:EA:F3:39:20:BF:A5:3F:B6:FB:C6:33:FC:0E:0F:C3
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       0187B537219C1CC40ADFCFC985400288363D
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/jVUJCQvq8zkgv6U_tvvGM_wOD8M.roa
Signing time:             Mon 24 Apr 2023 21:41:41 +0000
ROA not before:           Mon 24 Apr 2023 21:41:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     34224
IP address blocks:        212.73.131.0/24 maxlen: 24
                          212.73.128.0/23 maxlen: 24
                          212.73.132.0/24 maxlen: 24
                          212.73.130.0/23 maxlen: 24
                          212.73.136.0/24 maxlen: 24
                          87.120.176.0/24 maxlen: 24
                          212.73.133.0/24 maxlen: 24
                          212.73.138.0/23 maxlen: 24
                          212.73.138.0/24 maxlen: 24
                          212.73.134.0/24 maxlen: 24
                          212.73.143.0/24 maxlen: 24
                          212.73.140.0/24 maxlen: 24
                          212.73.144.0/24 maxlen: 24
                          212.73.141.0/24 maxlen: 24
                          212.73.145.0/24 maxlen: 24
                          212.73.142.0/24 maxlen: 24
                          212.73.147.0/24 maxlen: 24
                          212.73.148.0/24 maxlen: 24
                          212.73.146.0/24 maxlen: 24
                          212.73.155.0/24 maxlen: 24
                          212.73.157.0/24 maxlen: 24
                          87.120.195.0/24 maxlen: 24
                          87.120.199.0/24 maxlen: 24
                          87.120.206.0/24 maxlen: 24
                          87.120.206.0/23 maxlen: 24
                          87.120.201.0/24 maxlen: 24
                          87.120.200.0/24 maxlen: 24
                          87.120.207.0/24 maxlen: 24
                          87.120.109.0/24 maxlen: 24
                          87.120.128.0/23 maxlen: 24
                          87.120.132.0/24 maxlen: 24
                          87.120.134.0/24 maxlen: 24
                          87.120.133.0/24 maxlen: 24
                          87.120.135.0/24 maxlen: 24
                          37.60.138.0/24 maxlen: 24
                          87.121.42.0/24 maxlen: 24
                          37.60.139.0/24 maxlen: 24
                          92.249.49.0/24 maxlen: 24
                          87.121.52.0/24 maxlen: 24
                          87.121.64.0/24 maxlen: 24
                          87.120.217.0/24 maxlen: 24
                          87.120.223.0/24 maxlen: 24
                          87.120.36.100/32 maxlen: 32
                          87.120.253.0/24 maxlen: 24
                          87.120.255.0/24 maxlen: 24
                          87.121.0.0/23 maxlen: 24
                          87.121.0.0/24 maxlen: 24
                          87.121.1.0/24 maxlen: 24
                          87.121.2.0/24 maxlen: 24
                          87.120.254.0/24 maxlen: 24
                          87.121.6.0/23 maxlen: 24
                          91.92.219.0/24 maxlen: 24
                          91.92.230.0/24 maxlen: 24
                          91.92.198.0/23 maxlen: 24
                          91.92.197.0/24 maxlen: 24
                          87.120.61.0/24 maxlen: 24
                          87.120.104.0/24 maxlen: 24
                          87.120.6.0/23 maxlen: 24
                          87.120.6.0/24 maxlen: 24
                          87.120.8.0/24 maxlen: 24
                          87.120.13.0/24 maxlen: 24
                          87.120.37.0/24 maxlen: 24
                          87.120.43.0/24 maxlen: 24
                          87.120.39.0/24 maxlen: 24
                          91.92.0.0/24 maxlen: 24
                          91.92.2.0/24 maxlen: 24
                          91.92.1.0/24 maxlen: 24
                          91.92.109.0/24 maxlen: 24
                          91.92.139.0/24 maxlen: 24
                          91.92.69.0/24 maxlen: 24
                          91.92.65.0/24 maxlen: 24
                          91.92.66.0/24 maxlen: 24
                          91.92.68.0/24 maxlen: 24
                          91.92.105.0/24 maxlen: 24
                          94.156.216.0/21 maxlen: 24
                          94.156.233.0/24 maxlen: 24
                          94.156.227.0/24 maxlen: 24
                          94.156.232.0/22 maxlen: 22
                          94.156.232.0/24 maxlen: 24
                          93.123.64.0/24 maxlen: 24
                          94.156.249.0/24 maxlen: 24
                          94.156.251.0/24 maxlen: 24
                          94.156.252.0/24 maxlen: 24
                          94.156.248.0/24 maxlen: 24
                          94.156.172.0/23 maxlen: 24
                          93.123.8.0/24 maxlen: 24
                          94.156.185.0/24 maxlen: 24
                          94.156.188.0/24 maxlen: 24
                          94.156.190.0/24 maxlen: 24
                          93.123.12.0/24 maxlen: 24
                          93.123.18.0/24 maxlen: 24
                          93.123.28.0/23 maxlen: 24
                          93.123.37.0/24 maxlen: 24
                          93.123.36.0/24 maxlen: 24
                          93.123.32.0/22 maxlen: 24
                          94.156.15.0/24 maxlen: 24
                          94.156.12.0/24 maxlen: 24
                          94.156.44.0/24 maxlen: 24
                          94.156.42.0/24 maxlen: 24
                          94.156.106.0/24 maxlen: 24
                          94.156.129.0/24 maxlen: 24
                          94.156.159.0/24 maxlen: 24
                          94.156.158.0/24 maxlen: 24
                          94.156.153.0/24 maxlen: 24
                          94.156.77.0/24 maxlen: 24
                          94.156.98.0/24 maxlen: 24
                          94.156.94.0/24 maxlen: 24
                          94.156.100.0/24 maxlen: 24
                          31.13.195.0/24 maxlen: 24
                          31.13.197.0/24 maxlen: 24
                          87.121.150.0/23 maxlen: 24
                          31.13.217.0/24 maxlen: 24
                          87.121.161.0/24 maxlen: 24
                          31.13.216.0/21 maxlen: 24
                          31.13.223.0/24 maxlen: 24
                          31.13.221.0/24 maxlen: 24
                          87.121.79.0/24 maxlen: 24
                          87.121.83.0/24 maxlen: 24
                          87.121.82.0/24 maxlen: 24
                          87.121.90.0/23 maxlen: 24
                          87.121.112.0/24 maxlen: 24
                          87.121.111.0/24 maxlen: 24
                          87.121.118.0/24 maxlen: 24
                          87.121.113.0/24 maxlen: 24
                          31.13.230.0/23 maxlen: 24
                          31.13.236.0/22 maxlen: 24
                          31.13.245.0/24 maxlen: 24
                          31.13.241.0/24 maxlen: 24
                          2a00:1728:35::/48 maxlen: 48
                          2a00:1728:27::/48 maxlen: 48
                          2a00:1728:21::/48 maxlen: 48
                          2a00:1728:0:d::/64 maxlen: 64
                          2a00:1728:1b::/48 maxlen: 48
                          2a00:1728:34::/48 maxlen: 48
                          2a00:1728:23::/48 maxlen: 48
                          2a00:1728:31::/48 maxlen: 48
                          2a00:1728:25::/48 maxlen: 48
                          2a00:1728:3::/48 maxlen: 48
                          2a00:1728:1f::/48 maxlen: 48
                          2a00:1728::/32 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:b5:37:21:9c:1c:c4:0a:df:cf:c9:85:40:02:88:36:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Apr 24 21:41:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=8d5509090beaf33920bfa53fb6fbc633fc0e0fc3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:cc:0d:49:46:08:e5:66:8e:ec:31:91:da:08:
                    f4:57:5b:fd:8f:f2:61:89:0a:8c:13:de:64:af:a5:
                    41:c7:7f:a2:5d:03:54:e3:8b:88:e3:31:18:21:f8:
                    2e:38:9c:e3:4a:51:c3:ef:21:78:3d:42:23:fc:21:
                    13:cc:eb:84:cb:89:98:8a:50:2b:04:13:9c:b9:59:
                    ab:31:ff:07:7a:64:f5:e9:7a:6d:bd:0c:16:51:fc:
                    d2:f4:a2:8f:a8:4a:48:27:f3:6b:00:b8:9d:1f:ec:
                    dc:b6:36:c3:c2:d4:64:8b:d3:15:bd:a7:91:19:58:
                    76:a4:da:bb:cf:ed:60:6f:e6:2b:db:7e:83:e7:77:
                    1a:70:c1:5c:d0:7f:e6:9b:28:72:19:f9:82:b1:d6:
                    d4:cf:c7:ce:b5:4e:fe:14:d4:5a:a5:1f:3d:33:52:
                    b5:6a:bb:16:ba:36:09:eb:47:e4:34:48:7c:d7:86:
                    0e:b0:01:c6:5b:d0:94:a6:29:bd:94:d7:af:93:97:
                    08:fe:81:99:68:ea:5d:89:ad:9d:a7:20:06:cc:d7:
                    25:d6:3e:ee:89:6a:97:d5:6c:8e:1c:c4:38:be:ab:
                    3b:25:a9:98:0b:d4:13:f4:d1:63:8c:59:d3:6e:82:
                    90:37:86:ec:37:77:98:03:27:c1:d0:81:ab:59:38:
                    39:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:55:09:09:0B:EA:F3:39:20:BF:A5:3F:B6:FB:C6:33:FC:0E:0F:C3
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/jVUJCQvq8zkgv6U_tvvGM_wOD8M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.13.195.0/24
                  31.13.197.0/24
                  31.13.216.0/21
                  31.13.230.0/23
                  31.13.236.0/22
                  31.13.241.0/24
                  31.13.245.0/24
                  37.60.138.0/23
                  87.120.6.0-87.120.8.255
                  87.120.13.0/24
                  87.120.36.100/32
                  87.120.37.0/24
                  87.120.39.0/24
                  87.120.43.0/24
                  87.120.61.0/24
                  87.120.104.0/24
                  87.120.109.0/24
                  87.120.128.0/23
                  87.120.132.0/22
                  87.120.176.0/24
                  87.120.195.0/24
                  87.120.199.0-87.120.201.255
                  87.120.206.0/23
                  87.120.217.0/24
                  87.120.223.0/24
                  87.120.253.0-87.121.2.255
                  87.121.6.0/23
                  87.121.42.0/24
                  87.121.52.0/24
                  87.121.64.0/24
                  87.121.79.0/24
                  87.121.82.0/23
                  87.121.90.0/23
                  87.121.111.0-87.121.113.255
                  87.121.118.0/24
                  87.121.150.0/23
                  87.121.161.0/24
                  91.92.0.0-91.92.2.255
                  91.92.65.0-91.92.66.255
                  91.92.68.0/23
                  91.92.105.0/24
                  91.92.109.0/24
                  91.92.139.0/24
                  91.92.197.0-91.92.199.255
                  91.92.219.0/24
                  91.92.230.0/24
                  92.249.49.0/24
                  93.123.8.0/24
                  93.123.12.0/24
                  93.123.18.0/24
                  93.123.28.0/23
                  93.123.32.0-93.123.37.255
                  93.123.64.0/24
                  94.156.12.0/24
                  94.156.15.0/24
                  94.156.42.0/24
                  94.156.44.0/24
                  94.156.77.0/24
                  94.156.94.0/24
                  94.156.98.0/24
                  94.156.100.0/24
                  94.156.106.0/24
                  94.156.129.0/24
                  94.156.153.0/24
                  94.156.158.0/23
                  94.156.172.0/23
                  94.156.185.0/24
                  94.156.188.0/24
                  94.156.190.0/24
                  94.156.216.0/21
                  94.156.227.0/24
                  94.156.232.0/22
                  94.156.248.0/23
                  94.156.251.0-94.156.252.255
                  212.73.128.0-212.73.134.255
                  212.73.136.0/24
                  212.73.138.0-212.73.148.255
                  212.73.155.0/24
                  212.73.157.0/24
                IPv6:
                  2a00:1728::/32

    Signature Algorithm: sha256WithRSAEncryption
         03:4a:98:0d:bd:7d:f6:15:e4:eb:b4:bd:5b:94:7c:90:5e:19:
         e1:c9:14:36:fb:09:a0:a9:b7:37:04:78:a6:68:bc:c1:8e:13:
         7a:29:cf:59:0a:96:98:68:4b:6c:f8:06:3d:db:25:ec:7a:01:
         22:e5:fb:d4:48:df:b0:73:59:ad:8a:7b:df:18:f5:e9:18:67:
         d1:73:36:43:43:57:e1:2b:71:cd:d0:ee:41:f3:b9:af:a4:7d:
         a3:4c:f4:7d:9a:e1:13:93:94:0b:20:8b:96:dc:a1:0e:f6:41:
         5f:60:50:b2:a6:75:7c:72:81:60:de:0b:aa:26:d2:12:99:ad:
         1e:98:70:18:e5:e5:f5:d5:59:e4:d8:41:13:ee:f6:92:47:bb:
         67:8d:da:f2:af:7a:04:0d:25:0d:bc:92:e2:45:1a:e6:d1:fb:
         19:53:80:35:ea:ef:3d:26:ee:ad:bb:4a:d2:6b:48:c0:68:4e:
         44:ff:07:d6:83:7c:db:02:a6:76:a4:32:8f:01:67:1e:c9:d9:
         05:b7:25:f0:66:de:c4:d9:c7:7f:47:09:0d:73:da:19:ba:58:
         24:d4:bf:1b:05:b8:07:be:c3:17:55:d0:64:d1:89:e9:8e:9a:
         9e:c7:8c:27:3e:1b:4e:f5:aa:c2:3e:48:dd:99:e4:e3:6f:24:
         a5:65:18:16
-----BEGIN CERTIFICATE-----
MIIHQjCCBiqgAwIBAgISAYe1NyGcHMQK38/JhUACiDY9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwNDI0MjE0MTQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDU1MDkwOTBiZWFmMzM5MjBiZmE1M2ZiNmZiYzYzM2ZjMGUwZmMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoMwNSUYI5WaO7DGR2gj0V1v9j/Jh
iQqME95kr6VBx3+iXQNU44uI4zEYIfguOJzjSlHD7yF4PUIj/CETzOuEy4mYilAr
BBOcuVmrMf8HemT16XptvQwWUfzS9KKPqEpIJ/NrALidH+zctjbDwtRki9MVvaeR
GVh2pNq7z+1gb+Yr236D53cacMFc0H/mmyhyGfmCsdbUz8fOtU7+FNRapR89M1K1
arsWujYJ60fkNEh814YOsAHGW9CUpim9lNevk5cI/oGZaOpdia2dpyAGzNcl1j7u
iWqX1WyOHMQ4vqs7JamYC9QT9NFjjFnTboKQN4bsN3eYAyfB0IGrWTg57QIDAQAB
o4IETjCCBEowHQYDVR0OBBYEFI1VCQkL6vM5IL+lP7b7xjP8Dg/DMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvalZVSkNRdnE4emtndjZVX3R2dkdNX3dPRDhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIICYgYIKwYBBQUHAQcBAf8EggJRMIICTTCCAjoEAgABMIIC
MgMEAB8NwwMEAB8NxQMEAx8N2AMEAR8N5gMEAh8N7AMEAB8N8QMEAB8N9QMEASU8
ijAMAwQBV3gGAwQAV3gIAwQAV3gNAwUAV3gkZAMEAFd4JQMEAFd4JwMEAFd4KwME
AFd4PQMEAFd4aAMEAFd4bQMEAVd4gAMEAld4hAMEAFd4sAMEAFd4wzAMAwQAV3jH
AwQBV3jIAwQBV3jOAwQAV3jZAwQAV3jfMAwDBABXeP0DBABXeQIDBAFXeQYDBABX
eSoDBABXeTQDBABXeUADBABXeU8DBAFXeVIDBAFXeVowDAMEAFd5bwMEAVd5cAME
AFd5dgMEAVd5lgMEAFd5oTALAwMCW1wDBABbXAIwDAMEAFtcQQMEAFtcQgMEAVtc
RAMEAFtcaQMEAFtcbQMEAFtcizAMAwQAW1zFAwQDW1zAAwQAW1zbAwQAW1zmAwQA
XPkxAwQAXXsIAwQAXXsMAwQAXXsSAwQBXXscMAwDBAVdeyADBAFdeyQDBABde0AD
BABenAwDBABenA8DBABenCoDBABenCwDBABenE0DBABenF4DBABenGIDBABenGQD
BABenGoDBABenIEDBABenJkDBAFenJ4DBAFenKwDBABenLkDBABenLwDBABenL4D
BANenNgDBABenOMDBAJenOgDBAFenPgwDAMEAF6c+wMEAF6c/DAMAwQH1EmAAwQA
1EmGAwQA1EmIMAwDBAHUSYoDBADUSZQDBADUSZsDBADUSZ0wDQQCAAIwBwMFACoA
FygwDQYJKoZIhvcNAQELBQADggEBAANKmA29ffYV5Ou0vVuUfJBeGeHJFDb7CaCp
tzcEeKZovMGOE3opz1kKlphoS2z4Bj3bJex6ASLl+9RI37BzWa2Ke98Y9ekYZ9Fz
NkNDV+Ercc3Q7kHzua+kfaNM9H2a4ROTlAsgi5bcoQ72QV9gULKmdXxygWDeC6om
0hKZrR6YcBjl5fXVWeTYQRPu9pJHu2eN2vKvegQNJQ28kuJFGubR+xlTgDXq7z0m
7q27StJrSMBoTkT/B9aDfNsCpnakMo8BZx7J2QW3JfBm3sTZx39HCQ1z2hm6WCTU
vxsFuAe+wxdV0GTRiemOmp7HjCc+G071qsI+SN2Z5ONvJKVlGBY=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:41 2024 by rpki-client on console-ams.rpki-client.org