Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/mOVrqAybzEW3nmKiVUSGGscu5F0.roa
File:                     mOVrqAybzEW3nmKiVUSGGscu5F0.roa (raw, json)
Hash identifier:          +3XTazfqXeaoPDZW9DdKpgIyuDYgLO9kHcdCTCKP9nw=
Subject key identifier:   98:E5:6B:A8:0C:9B:CC:45:B7:9E:62:A2:55:44:86:1A:C7:2E:E4:5D
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       1E6B6D45
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/mOVrqAybzEW3nmKiVUSGGscu5F0.roa
Signing time:             Fri 13 May 2022 07:10:41 +0000
ROA not before:           Fri 13 May 2022 07:10:41 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     8866
IP address blocks:        91.92.6.0/24 maxlen: 24
                          91.92.8.0/21 maxlen: 24
                          91.92.16.0/24 maxlen: 24
                          91.92.24.0/22 maxlen: 24
                          91.92.21.0/24 maxlen: 24
                          87.120.192.0/23 maxlen: 23
                          87.121.36.0/23 maxlen: 24
                          87.121.38.0/24 maxlen: 24
                          87.121.44.0/22 maxlen: 24
                          87.121.56.0/23 maxlen: 24
                          87.121.60.0/22 maxlen: 24
                          87.120.218.0/23 maxlen: 24
                          87.120.220.0/23 maxlen: 24
                          91.92.67.0/24 maxlen: 24
                          87.121.146.0/23 maxlen: 24
                          87.121.162.0/23 maxlen: 24
                          87.121.69.0/24 maxlen: 24
                          87.121.103.0/24 maxlen: 24
                          87.121.104.0/23 maxlen: 24
                          87.121.100.0/23 maxlen: 24
                          87.121.114.0/23 maxlen: 24
                          87.120.64.0/23 maxlen: 24
                          87.120.68.0/23 maxlen: 24
                          87.120.72.0/21 maxlen: 24
                          87.120.88.0/23 maxlen: 24
                          87.120.96.0/23 maxlen: 24
                          87.120.100.0/22 maxlen: 22
                          93.123.112.0/21 maxlen: 24
                          31.13.252.0/22 maxlen: 22
                          87.120.32.0/22 maxlen: 24
                          87.120.46.0/23 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 510356805 (0x1e6b6d45)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: May 13 07:10:41 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=98e56ba80c9bcc45b79e62a25544861ac72ee45d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:58:53:6c:fe:57:b6:a9:67:20:aa:de:a2:69:
                    68:13:25:07:36:43:5c:49:00:39:46:d4:9c:16:f1:
                    b2:32:5e:a0:59:ed:8f:ce:6a:b5:d5:3b:24:72:61:
                    e3:5e:3d:5f:7e:44:32:73:3c:0a:8e:62:10:59:ee:
                    78:5a:b8:bd:15:bd:bc:e0:4d:aa:6d:1b:04:ea:88:
                    ec:41:98:40:c7:c7:91:90:5e:58:d4:1c:69:5f:7e:
                    09:47:72:35:ce:de:cf:35:a6:b3:05:3f:15:91:5a:
                    67:31:05:ab:1c:1a:db:bb:07:74:be:a7:5b:a4:d8:
                    bc:1a:b5:e4:b1:43:70:28:30:b4:5d:fb:a1:d9:4a:
                    eb:10:4b:b8:07:5b:7a:cb:8e:a4:e7:e5:8a:0c:44:
                    c0:20:bd:20:7b:bc:18:19:0b:c7:13:c8:ba:7a:66:
                    34:69:04:9d:8a:0f:d8:05:15:b3:60:c8:25:77:cc:
                    d1:b7:f0:6c:e2:c6:4a:5b:68:be:86:31:21:cc:ee:
                    1e:a5:7f:74:c9:5d:fe:da:0e:55:61:5e:47:67:b5:
                    bf:cd:27:2e:fb:fe:1f:fc:ac:d8:8c:87:5d:53:a9:
                    01:e8:c7:fb:4f:4a:da:5f:a2:5e:ac:6a:e5:c0:72:
                    90:88:b5:61:a5:62:20:5f:0b:a8:b4:fe:ac:1c:66:
                    ae:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:E5:6B:A8:0C:9B:CC:45:B7:9E:62:A2:55:44:86:1A:C7:2E:E4:5D
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/mOVrqAybzEW3nmKiVUSGGscu5F0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.13.252.0/22
                  87.120.32.0/22
                  87.120.46.0/23
                  87.120.64.0/23
                  87.120.68.0/23
                  87.120.72.0/21
                  87.120.88.0/23
                  87.120.96.0/23
                  87.120.100.0/22
                  87.120.192.0/23
                  87.120.218.0-87.120.221.255
                  87.121.36.0-87.121.38.255
                  87.121.44.0/22
                  87.121.56.0/23
                  87.121.60.0/22
                  87.121.69.0/24
                  87.121.100.0/23
                  87.121.103.0-87.121.105.255
                  87.121.114.0/23
                  87.121.146.0/23
                  87.121.162.0/23
                  91.92.6.0/24
                  91.92.8.0-91.92.16.255
                  91.92.21.0/24
                  91.92.24.0/22
                  91.92.67.0/24
                  93.123.112.0/21

    Signature Algorithm: sha256WithRSAEncryption
         5e:54:03:dd:a1:77:4f:01:f5:b5:49:d8:ce:c2:db:97:1d:c8:
         f0:93:34:c8:fe:9d:9f:39:07:27:5a:3e:90:28:5d:1b:21:f8:
         6d:4b:b8:c6:e9:66:32:1a:06:e1:b9:19:69:80:3c:a6:69:89:
         18:be:cb:8f:8d:4e:fb:0b:11:d8:80:6f:f7:60:87:c6:b8:8f:
         61:f4:53:49:da:60:dd:41:44:67:bb:9a:f4:dc:3f:8b:f2:ad:
         be:02:05:a6:fb:ca:f1:09:3a:3c:ce:46:69:c7:94:f4:5f:6a:
         a1:fb:e6:f4:32:fa:70:83:df:ed:4b:31:99:60:62:6a:e9:c7:
         d9:51:63:9e:65:64:bd:25:ca:53:fd:20:d9:e7:3b:0f:45:7e:
         96:ab:48:6e:3e:04:29:b1:e2:ba:02:51:cb:ce:49:55:24:2d:
         c6:92:b8:59:af:7c:bd:da:5a:9d:c4:24:6d:4d:5c:2c:52:f1:
         d2:5a:73:af:c5:2d:04:89:a0:ad:00:1e:e1:4c:3f:eb:e7:6a:
         17:41:d1:45:b3:c3:25:c2:84:bf:72:4a:d1:d2:98:b7:55:ce:
         40:39:64:c5:92:72:e5:88:44:c7:bb:36:ab:d5:45:dc:a8:6e:
         c5:1a:1e:7f:5e:80:b9:53:ae:01:10:d0:ec:6f:e4:78:25:3a:
         5b:e7:91:6a
-----BEGIN CERTIFICATE-----
MIIFsDCCBJigAwIBAgIEHmttRTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygy
MmM0YWMzZTNjNDNkNzBkMDUzNDljODE1YmFhZGQzOGFkNzc1ZTlkMB4XDTIyMDUx
MzA3MTA0MVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOThlNTZiYTgwYzli
Y2M0NWI3OWU2MmEyNTU0NDg2MWFjNzJlZTQ1ZDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANxYU2z+V7apZyCq3qJpaBMlBzZDXEkAOUbUnBbxsjJeoFnt
j85qtdU7JHJh4149X35EMnM8Co5iEFnueFq4vRW9vOBNqm0bBOqI7EGYQMfHkZBe
WNQcaV9+CUdyNc7ezzWmswU/FZFaZzEFqxwa27sHdL6nW6TYvBq15LFDcCgwtF37
odlK6xBLuAdbesuOpOfligxEwCC9IHu8GBkLxxPIunpmNGkEnYoP2AUVs2DIJXfM
0bfwbOLGSltovoYxIczuHqV/dMld/toOVWFeR2e1v80nLvv+H/ys2IyHXVOpAejH
+09K2l+iXqxq5cBykIi1YaViIF8LqLT+rBxmrgUCAwEAAaOCAsowggLGMB0GA1Ud
DgQWBBSY5WuoDJvMRbeeYqJVRIYaxy7kXTAfBgNVHSMEGDAWgBQixKw+PEPXDQU0
nIFbqt04rXdenTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0lzU3NQanhEMXcwRk5KeUJXNnJkT0sxM1hwMC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMDMvOTEzYTNhLWY1NTAtNDZmMC1hY2M3LWNkM2NhNTk3NTcxMi8x
L21PVnJxQXliekVXM25tS2lWVVNHR3NjdTVGMC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDMv
OTEzYTNhLWY1NTAtNDZmMC1hY2M3LWNkM2NhNTk3NTcxMi8xL0lzU3NQanhEMXcw
Rk5KeUJXNnJkT0sxM1hwMC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjCB
3wYIKwYBBQUHAQcBAf8Egc8wgcwwgckEAgABMIHCAwQCHw38AwQCV3ggAwQBV3gu
AwQBV3hAAwQBV3hEAwQDV3hIAwQBV3hYAwQBV3hgAwQCV3hkAwQBV3jAMAwDBAFX
eNoDBAFXeNwwDAMEAld5JAMEAFd5JgMEAld5LAMEAVd5OAMEAld5PAMEAFd5RQME
AVd5ZDAMAwQAV3lnAwQBV3loAwQBV3lyAwQBV3mSAwQBV3miAwQAW1wGMAwDBANb
XAgDBABbXBADBABbXBUDBAJbXBgDBABbXEMDBANde3AwDQYJKoZIhvcNAQELBQAD
ggEBAF5UA92hd08B9bVJ2M7C25cdyPCTNMj+nZ85BydaPpAoXRsh+G1LuMbpZjIa
BuG5GWmAPKZpiRi+y4+NTvsLEdiAb/dgh8a4j2H0U0naYN1BRGe7mvTcP4vyrb4C
Bab7yvEJOjzORmnHlPRfaqH75vQy+nCD3+1LMZlgYmrpx9lRY55lZL0lylP9INnn
Ow9FfparSG4+BCmx4roCUcvOSVUkLcaSuFmvfL3aWp3EJG1NXCxS8dJac6/FLQSJ
oK0AHuFMP+vnahdB0UWzwyXChL9yStHSmLdVzkA5ZMWScuWIRMe7NqvVRdyobsUa
Hn9egLlTrgEQ0Oxv5HglOlvnkWo=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:42 2024 by rpki-client on console-ams.rpki-client.org