Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/kdg5h2Sd1u11nJLGl9UUZdrWQTU.roa
File:                     kdg5h2Sd1u11nJLGl9UUZdrWQTU.roa (raw, json)
Hash identifier:          Rc4HSr98Arb9+WbGdfQL3SlrhXKlQU1YXA9sCTv5GlQ=
Subject key identifier:   91:D8:39:87:64:9D:D6:ED:75:9C:92:C6:97:D5:14:65:DA:D6:41:35
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       0185A4F123D6D4AC39F53E59118B68A6CB8E
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/kdg5h2Sd1u11nJLGl9UUZdrWQTU.roa
Signing time:             Thu 12 Jan 2023 07:45:44 +0000
ROA not before:           Thu 12 Jan 2023 07:45:44 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     50225
IP address blocks:        194.55.224.0/24 maxlen: 24
                          178.215.226.0/24 maxlen: 24
                          194.55.225.0/24 maxlen: 24
                          185.222.160.0/24 maxlen: 24
                          185.222.161.0/24 maxlen: 24
                          45.9.156.0/24 maxlen: 24
                          45.12.255.0/24 maxlen: 24
                          94.156.160.0/24 maxlen: 24
                          193.42.34.0/24 maxlen: 24
                          193.47.63.0/24 maxlen: 24
                          193.47.60.0/24 maxlen: 24
                          45.84.91.0/24 maxlen: 24
                          45.88.64.0/24 maxlen: 24
                          45.88.65.0/24 maxlen: 24
                          194.180.39.0/24 maxlen: 24
                          45.129.84.0/24 maxlen: 24
                          94.154.162.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:a4:f1:23:d6:d4:ac:39:f5:3e:59:11:8b:68:a6:cb:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan 12 07:45:44 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=91d83987649dd6ed759c92c697d51465dad64135
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:23:76:28:14:31:7a:b0:74:51:94:e6:64:29:
                    be:ad:3b:ab:ff:d1:99:82:64:a3:75:79:a5:6a:16:
                    2a:49:ce:0f:b0:cc:2b:78:79:cc:7f:89:b8:81:df:
                    8a:96:f7:38:79:8f:53:df:f4:4e:09:70:00:12:02:
                    e2:a3:e5:6f:d0:af:b1:59:04:09:9e:2a:d6:f5:7b:
                    14:d9:e8:61:72:f3:c6:b2:ae:ad:a8:c3:9d:11:0e:
                    77:b2:9f:85:85:6e:ba:5d:f7:85:f5:fe:8e:82:69:
                    e7:78:b4:94:28:23:e2:7c:02:b0:56:fd:74:80:94:
                    f7:77:a9:d0:34:e5:f0:f3:fa:20:25:0c:a3:5c:12:
                    cb:83:d6:20:c3:1e:c2:32:6d:b7:2a:f6:97:d3:e2:
                    47:f6:73:b6:4a:1d:06:7b:e8:9c:53:9d:cb:46:cc:
                    aa:16:6c:c1:10:06:a7:35:43:41:fe:93:bc:00:cd:
                    be:ad:a2:a6:f6:43:68:7e:54:e0:50:72:fc:6d:f7:
                    20:cf:2f:ad:91:b6:9a:ea:ab:85:af:60:f1:a3:75:
                    1b:3f:5f:e1:21:ac:03:0a:20:e7:7d:d9:25:b4:a0:
                    0f:49:18:56:84:81:ae:26:6f:54:fc:9b:fd:c0:e2:
                    f3:fd:0c:51:1b:dd:cb:90:b3:11:2c:5d:78:18:43:
                    dd:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:D8:39:87:64:9D:D6:ED:75:9C:92:C6:97:D5:14:65:DA:D6:41:35
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/kdg5h2Sd1u11nJLGl9UUZdrWQTU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.9.156.0/24
                  45.12.255.0/24
                  45.84.91.0/24
                  45.88.64.0/23
                  45.129.84.0/24
                  94.154.162.0/24
                  94.156.160.0/24
                  178.215.226.0/24
                  185.222.160.0/23
                  193.42.34.0/24
                  193.47.60.0/24
                  193.47.63.0/24
                  194.55.224.0/23
                  194.180.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:17:92:99:27:aa:b2:28:f7:d3:14:82:06:f5:5d:07:7a:d9:
         c5:4a:b2:73:c9:71:d9:9d:71:a2:90:eb:92:a7:97:54:0b:49:
         f8:25:f6:a7:8c:6d:fc:4a:cd:30:f1:87:73:32:51:2b:d3:71:
         6a:aa:08:68:fb:73:4d:68:ca:86:b3:6d:b1:78:c8:d0:54:75:
         c3:19:db:59:65:1c:31:f0:c0:76:d1:75:7a:22:5b:36:13:b1:
         28:b7:06:3f:fb:4d:68:17:00:76:f1:e9:fc:18:a3:ed:24:f6:
         98:89:5c:33:9e:f1:a6:f2:11:bc:79:a6:ac:48:93:1d:88:e6:
         46:5b:47:9f:6c:45:ee:b5:e9:e5:09:1d:b2:40:43:8c:5b:42:
         be:8a:e5:4a:c9:bb:2d:ee:94:f8:03:72:46:b8:0c:ab:74:1c:
         d1:41:bd:65:e3:7e:b1:d3:56:87:b6:8a:a1:0d:9a:c9:bc:0a:
         03:22:d8:84:9f:31:d8:dc:f3:be:2e:cf:e7:03:6b:55:76:be:
         cb:b4:8b:f5:d8:7d:b5:11:41:46:12:c7:26:89:50:fc:a0:de:
         02:f5:ae:13:b2:2c:05:1f:bf:dc:a0:65:58:97:8c:4c:4e:07:
         9d:79:dd:1f:ad:ff:0e:23:49:20:9f:4b:17:b5:0c:77:aa:77:
         3a:e4:be:29
-----BEGIN CERTIFICATE-----
MIIFSzCCBDOgAwIBAgISAYWk8SPW1Kw59T5ZEYtopsuOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwMTEyMDc0NTQ0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MWQ4Mzk4NzY0OWRkNmVkNzU5YzkyYzY5N2Q1MTQ2NWRhZDY0MTM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjSN2KBQxerB0UZTmZCm+rTur/9GZ
gmSjdXmlahYqSc4PsMwreHnMf4m4gd+Klvc4eY9T3/ROCXAAEgLio+Vv0K+xWQQJ
nirW9XsU2ehhcvPGsq6tqMOdEQ53sp+FhW66XfeF9f6OgmnneLSUKCPifAKwVv10
gJT3d6nQNOXw8/ogJQyjXBLLg9Ygwx7CMm23KvaX0+JH9nO2Sh0Ge+icU53LRsyq
FmzBEAanNUNB/pO8AM2+raKm9kNoflTgUHL8bfcgzy+tkbaa6quFr2Dxo3UbP1/h
IawDCiDnfdkltKAPSRhWhIGuJm9U/Jv9wOLz/QxRG93LkLMRLF14GEPdMwIDAQAB
o4ICVzCCAlMwHQYDVR0OBBYEFJHYOYdkndbtdZySxpfVFGXa1kE1MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEva2RnNWgyU2QxdTExbkpMR2w5VVVaZHJXUVRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG0GCCsGAQUFBwEHAQH/BF4wXDBaBAIAATBUAwQALQmcAwQA
LQz/AwQALVRbAwQBLVhAAwQALYFUAwQAXpqiAwQAXpygAwQAstfiAwQBud6gAwQA
wSoiAwQAwS88AwQAwS8/AwQBwjfgAwQAwrQnMA0GCSqGSIb3DQEBCwUAA4IBAQCj
F5KZJ6qyKPfTFIIG9V0HetnFSrJzyXHZnXGikOuSp5dUC0n4JfanjG38Ss0w8Ydz
MlEr03Fqqgho+3NNaMqGs22xeMjQVHXDGdtZZRwx8MB20XV6Ils2E7EotwY/+01o
FwB28en8GKPtJPaYiVwznvGm8hG8eaasSJMdiOZGW0efbEXutenlCR2yQEOMW0K+
iuVKybst7pT4A3JGuAyrdBzRQb1l436x01aHtoqhDZrJvAoDItiEnzHY3PO+Ls/n
A2tVdr7LtIv12H21EUFGEscmiVD8oN4C9a4TsiwFH7/coGVYl4xMTgeded0frf8O
I0kgn0sXtQx3qnc65L4p
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:17:17 2024 by rpki-client on console-fra.rpki-client.org