Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/mcB-uwUictU7vtuqIWV0_KzRHWY.roa
File:                     mcB-uwUictU7vtuqIWV0_KzRHWY.roa (raw, json)
Hash identifier:          FPyzYFASDaLyvRIg0vysg9EbhZYb8g4uxktcEMsAAEQ=
Subject key identifier:   99:C0:7E:BB:05:22:72:D5:3B:BE:DB:AA:21:65:74:FC:AC:D1:1D:66
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       0187C848B9DFD1171B7175D841C1A5F4F4CE
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/mcB-uwUictU7vtuqIWV0_KzRHWY.roa
Signing time:             Fri 28 Apr 2023 14:33:41 +0000
ROA not before:           Fri 28 Apr 2023 14:33:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     0
IP address blocks:        185.218.84.0/22 maxlen: 24
                          178.215.236.0/24 maxlen: 24
                          171.22.72.0/22 maxlen: 24
                          193.148.56.0/22 maxlen: 24
                          147.78.101.0/24 maxlen: 24
                          147.78.100.0/24 maxlen: 24
                          92.119.196.0/23 maxlen: 24
                          87.120.64.0/23 maxlen: 24
                          185.216.84.0/22 maxlen: 24
                          94.103.126.0/24 maxlen: 24
                          45.88.88.0/23 maxlen: 24
                          185.218.137.0/24 maxlen: 24
                          94.154.162.0/23 maxlen: 24
                          94.154.161.0/24 maxlen: 24
                          185.219.126.0/24 maxlen: 24
                          45.151.89.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:c8:48:b9:df:d1:17:1b:71:75:d8:41:c1:a5:f4:f4:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Apr 28 14:33:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=99c07ebb052272d53bbedbaa216574fcacd11d66
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:ec:16:66:0f:9b:a2:1c:3e:b5:05:93:6d:81:
                    f9:18:04:93:48:d2:8d:f3:a6:a4:48:84:ad:3f:bc:
                    82:7f:ee:2d:c4:d8:11:06:c0:a4:6b:42:e3:92:f6:
                    ee:d6:1b:08:c2:6e:f9:a4:16:91:69:3c:4d:97:f2:
                    d3:fc:99:b1:44:e4:8d:61:63:85:ce:8e:4c:03:64:
                    e8:7d:8c:fa:65:90:52:1b:42:b8:9c:a2:24:0b:95:
                    00:7d:b9:11:70:3e:0f:ae:64:75:b5:a6:c5:88:1f:
                    9b:ef:07:dc:6a:fc:1d:05:64:68:b0:a1:a9:bb:af:
                    2f:69:77:b2:34:dc:cf:f7:db:41:dd:84:1b:58:e6:
                    5f:a5:28:6f:a1:a5:86:94:41:43:b8:8f:61:37:20:
                    66:84:58:4f:45:8f:06:d7:50:99:c5:90:60:fd:ff:
                    1f:a2:0f:c5:46:5b:b9:b6:ad:a8:a5:55:7c:74:30:
                    42:fa:df:7f:d5:d9:13:76:7f:03:db:f0:f0:8e:d1:
                    8f:11:16:e3:47:22:6e:b0:33:be:2c:16:51:ff:43:
                    62:ea:61:9a:e2:de:c3:c2:02:3b:07:bc:3e:c9:e0:
                    a4:d4:8d:75:be:35:8d:98:e5:26:d7:28:7c:7c:d3:
                    5d:63:30:10:08:e3:b1:55:7e:02:c3:9d:1e:7c:dd:
                    21:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:C0:7E:BB:05:22:72:D5:3B:BE:DB:AA:21:65:74:FC:AC:D1:1D:66
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/mcB-uwUictU7vtuqIWV0_KzRHWY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.88.88.0/23
                  45.151.89.0/24
                  87.120.64.0/23
                  92.119.196.0/23
                  94.103.126.0/24
                  94.154.161.0-94.154.163.255
                  147.78.100.0/23
                  171.22.72.0/22
                  178.215.236.0/24
                  185.216.84.0/22
                  185.218.84.0/22
                  185.218.137.0/24
                  185.219.126.0/24
                  193.148.56.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6b:28:db:ed:3e:06:81:e9:2c:ee:d6:47:bf:8a:2e:6c:b6:6e:
         6f:de:1d:1d:3d:8a:17:46:1c:d1:35:2e:7f:0f:95:96:c8:25:
         cd:56:ca:ef:22:33:8d:ed:29:d4:b6:3d:80:de:b0:84:f5:7c:
         5b:df:56:04:ae:73:f1:09:af:52:34:8a:ec:2c:2f:db:fb:4c:
         5b:f1:39:a9:28:23:3f:5f:92:97:16:92:4b:ed:12:a6:d4:ed:
         32:14:c4:8b:47:24:84:62:05:56:f4:44:d1:54:42:8d:f4:dd:
         d1:25:1c:8a:aa:52:a0:22:f4:1b:17:8b:0d:1f:fe:57:88:2b:
         49:c1:62:59:5b:c4:ea:c5:c5:27:0c:94:8b:f8:35:03:a5:68:
         f6:12:b0:4d:8f:85:2d:4c:16:93:66:9d:17:7c:e9:e4:28:91:
         03:b7:4a:32:dd:41:58:13:df:56:e7:96:ee:34:87:07:0f:39:
         86:a8:0a:9f:88:c4:90:76:64:79:fb:b6:38:e9:53:1e:83:e1:
         a5:53:a3:66:53:f9:2e:c3:a3:be:18:72:89:b8:95:91:5b:ea:
         a5:82:1b:68:4f:fd:49:b8:46:a8:5f:4a:b5:d9:87:90:4e:58:
         1f:5c:18:a1:fc:c7:be:68:dc:3c:b9:b2:39:22:4e:a6:08:8f:
         44:e8:10:3b
-----BEGIN CERTIFICATE-----
MIIFUzCCBDugAwIBAgISAYfISLnf0RcbcXXYQcGl9PTOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwNDI4MTQzMzQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OWMwN2ViYjA1MjI3MmQ1M2JiZWRiYWEyMTY1NzRmY2FjZDExZDY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhuwWZg+bohw+tQWTbYH5GASTSNKN
86akSIStP7yCf+4txNgRBsCka0Ljkvbu1hsIwm75pBaRaTxNl/LT/JmxROSNYWOF
zo5MA2TofYz6ZZBSG0K4nKIkC5UAfbkRcD4PrmR1tabFiB+b7wfcavwdBWRosKGp
u68vaXeyNNzP99tB3YQbWOZfpShvoaWGlEFDuI9hNyBmhFhPRY8G11CZxZBg/f8f
og/FRlu5tq2opVV8dDBC+t9/1dkTdn8D2/DwjtGPERbjRyJusDO+LBZR/0Ni6mGa
4t7DwgI7B7w+yeCk1I11vjWNmOUm1yh8fNNdYzAQCOOxVX4Cw50efN0htwIDAQAB
o4ICXzCCAlswHQYDVR0OBBYEFJnAfrsFInLVO77bqiFldPys0R1mMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvbWNCLXV3VWljdFU3dnR1cUlXVjBfS3pSSFdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHUGCCsGAQUFBwEHAQH/BGYwZDBiBAIAATBcAwQBLVhYAwQA
LZdZAwQBV3hAAwQBXHfEAwQAXmd+MAwDBABemqEDBAJemqADBAGTTmQDBAKrFkgD
BACy1+wDBAK52FQDBAK52lQDBAC52okDBAC5234DBALBlDgwDQYJKoZIhvcNAQEL
BQADggEBAGso2+0+BoHpLO7WR7+KLmy2bm/eHR09ihdGHNE1Ln8PlZbIJc1Wyu8i
M43tKdS2PYDesIT1fFvfVgSuc/EJr1I0iuwsL9v7TFvxOakoIz9fkpcWkkvtEqbU
7TIUxItHJIRiBVb0RNFUQo303dElHIqqUqAi9BsXiw0f/leIK0nBYllbxOrFxScM
lIv4NQOlaPYSsE2PhS1MFpNmnRd86eQokQO3SjLdQVgT31bnlu40hwcPOYaoCp+I
xJB2ZHn7tjjpUx6D4aVTo2ZT+S7Do74Ycom4lZFb6qWCG2hP/Um4RqhfSrXZh5BO
WB9cGKH8x75o3Dy5sjkiTqYIj0ToEDs=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:42 2024 by rpki-client on console-ams.rpki-client.org