Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/lM51KmqwKtzHQrcuKPGI5mIQ41k.roa
File:                     lM51KmqwKtzHQrcuKPGI5mIQ41k.roa (raw, json)
Hash identifier:          JnX+zofHkcVugrxgJItX/XKcjII9s1sxPaRD5U3GnsY=
Subject key identifier:   94:CE:75:2A:6A:B0:2A:DC:C7:42:B7:2E:28:F1:88:E6:62:10:E3:59
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       1E8248AE
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/lM51KmqwKtzHQrcuKPGI5mIQ41k.roa
Signing time:             Wed 18 May 2022 07:08:18 +0000
ROA not before:           Wed 18 May 2022 07:08:18 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     22773
IP address blocks:        87.121.124.0/23 maxlen: 24
                          87.121.122.0/23 maxlen: 24
                          185.207.12.0/24 maxlen: 24
                          84.21.172.0/23 maxlen: 24
                          109.206.238.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 511854766 (0x1e8248ae)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: May 18 07:08:18 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=94ce752a6ab02adcc742b72e28f188e66210e359
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:b5:9d:3a:4c:39:1f:4d:58:86:f2:fd:19:53:
                    8a:9d:47:bc:f3:01:ea:02:61:2d:6b:60:15:8c:49:
                    70:a7:97:8d:27:07:bf:90:31:1d:23:74:25:92:cc:
                    6d:ea:c4:a2:cd:68:a2:a3:3a:23:50:f4:e4:ad:53:
                    06:3d:d4:84:b9:39:f6:e5:6b:92:f9:de:42:2a:ff:
                    85:83:1a:1a:76:0c:33:d4:a6:2d:7b:26:0c:79:8f:
                    bc:be:37:46:0d:3f:09:a5:d5:e9:c1:ef:15:6c:20:
                    aa:8f:c9:62:6d:9d:d9:30:0b:0c:5a:5f:9a:a6:62:
                    d8:4b:af:dc:68:61:26:e8:db:57:66:8b:46:3a:d8:
                    68:a5:d7:01:79:d9:a4:65:d7:bf:32:87:85:02:30:
                    cb:c9:d1:b1:eb:2f:55:e5:63:8f:bd:ce:22:3b:57:
                    1e:ac:fc:84:4d:66:5a:85:34:cb:a9:70:e6:8a:ae:
                    5e:ed:c1:ad:4c:2c:93:ea:b9:c5:f6:dd:f7:8f:ae:
                    32:47:a6:e0:fc:a7:07:e1:e9:bb:31:7b:af:19:fb:
                    7f:ee:b1:4b:3f:0f:36:eb:7f:0e:cd:6b:df:2a:a5:
                    73:3c:e4:ea:1e:fe:8d:8d:4a:11:eb:22:23:c2:70:
                    84:9d:ad:66:de:bb:96:98:4b:27:67:1b:4e:b9:75:
                    94:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:CE:75:2A:6A:B0:2A:DC:C7:42:B7:2E:28:F1:88:E6:62:10:E3:59
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/lM51KmqwKtzHQrcuKPGI5mIQ41k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.21.172.0/23
                  87.121.122.0-87.121.125.255
                  109.206.238.0/24
                  185.207.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:25:b5:20:d4:5a:5f:23:17:d5:e1:80:14:c1:ba:93:3b:1b:
         0d:46:07:84:f3:03:cc:ba:bd:eb:f1:33:1b:f2:09:30:7b:ff:
         9d:3d:68:2a:2f:7f:40:a5:82:a1:a9:90:aa:f7:8f:d2:62:8e:
         15:c3:aa:2e:82:d0:e2:3e:80:91:b8:a6:1c:4e:e3:33:7b:de:
         47:e2:13:54:81:a6:1c:a6:74:42:12:31:9f:8d:24:88:70:4d:
         09:22:74:37:6d:67:24:bc:b9:08:1b:5f:63:ab:b5:f2:7e:59:
         84:20:fe:d1:e5:a3:cd:f8:fd:41:31:58:53:39:d7:97:21:17:
         82:c7:4b:d8:c8:7c:90:26:d6:20:0d:40:f4:07:29:f1:9e:27:
         6f:fb:aa:4d:23:da:c5:e2:f7:a0:6e:fb:76:1e:c0:fa:da:00:
         a9:13:b3:dc:ec:04:e4:78:a5:34:8c:42:0f:3c:a4:2d:14:00:
         f3:e4:3e:24:7d:01:62:e8:aa:5a:41:a4:d0:c3:68:aa:a6:01:
         02:83:75:33:96:7d:f3:a4:ab:54:e6:58:7d:7a:79:f6:ef:6e:
         db:a3:a9:e7:ae:0d:91:fe:bc:d8:c3:f3:ae:77:da:5b:f0:97:
         a1:3f:54:98:22:2c:16:be:00:92:19:bf:e7:3a:ef:9c:10:28:
         0a:c9:82:1c
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgIEHoJIrjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygy
MmM0YWMzZTNjNDNkNzBkMDUzNDljODE1YmFhZGQzOGFkNzc1ZTlkMB4XDTIyMDUx
ODA3MDgxOFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOTRjZTc1MmE2YWIw
MmFkY2M3NDJiNzJlMjhmMTg4ZTY2MjEwZTM1OTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANm1nTpMOR9NWIby/RlTip1HvPMB6gJhLWtgFYxJcKeXjScH
v5AxHSN0JZLMberEos1ooqM6I1D05K1TBj3UhLk59uVrkvneQir/hYMaGnYMM9Sm
LXsmDHmPvL43Rg0/CaXV6cHvFWwgqo/JYm2d2TALDFpfmqZi2Euv3GhhJujbV2aL
RjrYaKXXAXnZpGXXvzKHhQIwy8nRsesvVeVjj73OIjtXHqz8hE1mWoU0y6lw5oqu
Xu3BrUwsk+q5xfbd94+uMkem4PynB+HpuzF7rxn7f+6xSz8PNut/Ds1r3yqlczzk
6h7+jY1KEesiI8JwhJ2tZt67lphLJ2cbTrl1lAsCAwEAAaOCAiMwggIfMB0GA1Ud
DgQWBBSUznUqarAq3MdCty4o8YjmYhDjWTAfBgNVHSMEGDAWgBQixKw+PEPXDQU0
nIFbqt04rXdenTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0lzU3NQanhEMXcwRk5KeUJXNnJkT0sxM1hwMC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMDMvOTEzYTNhLWY1NTAtNDZmMC1hY2M3LWNkM2NhNTk3NTcxMi8x
L2xNNTFLbXF3S3R6SFFyY3VLUEdJNW1JUTQxay5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDMv
OTEzYTNhLWY1NTAtNDZmMC1hY2M3LWNkM2NhNTk3NTcxMi8xL0lzU3NQanhEMXcw
Rk5KeUJXNnJkT0sxM1hwMC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA5
BggrBgEFBQcBBwEB/wQqMCgwJgQCAAEwIAMEAVQVrDAMAwQBV3l6AwQBV3l8AwQA
bc7uAwQAuc8MMA0GCSqGSIb3DQEBCwUAA4IBAQBZJbUg1FpfIxfV4YAUwbqTOxsN
RgeE8wPMur3r8TMb8gkwe/+dPWgqL39ApYKhqZCq94/SYo4Vw6ougtDiPoCRuKYc
TuMze95H4hNUgaYcpnRCEjGfjSSIcE0JInQ3bWckvLkIG19jq7XyflmEIP7R5aPN
+P1BMVhTOdeXIReCx0vYyHyQJtYgDUD0Bynxnidv+6pNI9rF4vegbvt2HsD62gCp
E7Pc7ATkeKU0jEIPPKQtFADz5D4kfQFi6KpaQaTQw2iqpgECg3Uzln3zpKtU5lh9
enn2727bo6nnrg2R/rzYw/Oud9pb8JehP1SYIiwWvgCSGb/nOu+cECgKyYIc
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:42 2024 by rpki-client on console-ams.rpki-client.org