Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/n6_-RFyEQR8_f2NhOhtzh8ybu6o.roa
File:                     n6_-RFyEQR8_f2NhOhtzh8ybu6o.roa (raw, json)
Hash identifier:          KnHEKcrO6tp3Ot6N/mW+2iOs7Vb1N/2BF/Nse5qVAF4=
Subject key identifier:   9F:AF:FE:44:5C:84:41:1F:3F:7F:63:61:3A:1B:73:87:CC:9B:BB:AA
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018409884998CD773B2C140F5E64DA4C92E8
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/n6_-RFyEQR8_f2NhOhtzh8ybu6o.roa
Signing time:             Mon 24 Oct 2022 10:27:17 +0000
ROA not before:           Mon 24 Oct 2022 10:27:17 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     209371
IP address blocks:        85.31.47.0/24 maxlen: 24
                          85.31.45.0/24 maxlen: 24
                          185.246.221.0/24 maxlen: 24
                          84.21.173.0/24 maxlen: 24
                          194.180.36.0/24 maxlen: 24
                          82.115.208.0/24 maxlen: 24
                          82.115.211.0/24 maxlen: 24
                          193.35.19.0/24 maxlen: 24
                          94.154.172.0/24 maxlen: 24
                          84.21.172.0/24 maxlen: 24
                          194.55.224.0/24 maxlen: 24
                          178.215.226.0/24 maxlen: 24
                          194.55.225.0/24 maxlen: 24
                          178.215.225.0/24 maxlen: 24
                          84.54.49.0/24 maxlen: 24
                          194.55.227.0/24 maxlen: 24
                          178.215.227.0/24 maxlen: 24
                          178.215.239.0/24 maxlen: 24
                          80.76.48.0/24 maxlen: 24
                          193.47.63.0/24 maxlen: 24
                          185.216.70.0/24 maxlen: 24
                          185.216.69.0/24 maxlen: 24
                          87.120.87.0/24 maxlen: 24
                          193.25.218.0/24 maxlen: 24
                          193.25.217.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:09:88:49:98:cd:77:3b:2c:14:0f:5e:64:da:4c:92:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Oct 24 10:27:17 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=9faffe445c84411f3f7f63613a1b7387cc9bbbaa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:e3:c7:bf:31:29:f6:e9:7f:4f:a3:7f:9a:7a:
                    dc:ad:03:21:0e:b1:d5:44:be:33:24:d3:50:3a:51:
                    2a:42:b7:5c:e3:4e:1c:7d:ec:76:f7:41:ee:5c:34:
                    12:44:a2:90:df:be:03:41:0f:60:c9:6b:38:f2:ae:
                    fc:1b:a7:26:e4:d9:88:53:2c:d0:4f:93:2b:01:a7:
                    51:c9:26:e6:f7:ca:18:c4:09:54:d7:bc:10:26:3a:
                    5d:13:e8:2c:ad:f6:69:3c:f8:74:8b:12:f6:fa:e3:
                    db:cf:4f:24:fd:46:17:79:35:d3:62:a7:02:27:89:
                    34:05:17:4e:e8:fb:10:1d:b6:fa:b7:ea:41:43:d1:
                    b7:05:50:8b:1e:f5:fa:ab:03:a0:52:98:85:6b:f7:
                    fa:5e:26:2a:1d:68:52:7a:8e:42:1f:24:8b:a4:56:
                    fc:92:e2:08:5a:c3:ce:7c:00:84:5c:ba:b3:19:4b:
                    59:3f:cd:0a:7d:4a:73:b3:1b:07:9a:a0:64:d6:61:
                    c9:9d:f8:20:4c:34:d1:66:73:ee:f6:da:7e:bf:e5:
                    b8:9b:8a:36:7c:aa:e7:92:5a:59:12:53:e5:94:43:
                    ce:da:27:39:ee:17:e9:ce:45:07:37:d1:8e:0e:47:
                    1d:3e:e5:85:9f:1e:23:72:b1:16:be:46:d9:ff:9f:
                    a1:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:AF:FE:44:5C:84:41:1F:3F:7F:63:61:3A:1B:73:87:CC:9B:BB:AA
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/n6_-RFyEQR8_f2NhOhtzh8ybu6o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.76.48.0/24
                  82.115.208.0/24
                  82.115.211.0/24
                  84.21.172.0/23
                  84.54.49.0/24
                  85.31.45.0/24
                  85.31.47.0/24
                  87.120.87.0/24
                  94.154.172.0/24
                  178.215.225.0-178.215.227.255
                  178.215.239.0/24
                  185.216.69.0-185.216.70.255
                  185.246.221.0/24
                  193.25.217.0-193.25.218.255
                  193.35.19.0/24
                  193.47.63.0/24
                  194.55.224.0/23
                  194.55.227.0/24
                  194.180.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:80:73:40:09:0d:79:77:ca:b2:fb:7c:74:df:d3:bb:d8:04:
         5e:5a:bb:aa:09:9f:9c:b6:64:fe:32:32:09:fe:07:84:79:a7:
         0f:3b:d3:37:1f:8c:f5:65:e5:b8:c2:d5:74:c4:6a:aa:57:6a:
         6f:df:f3:04:f3:4a:ba:b5:ee:dc:00:47:bb:e9:0d:32:81:68:
         92:39:1b:9e:62:57:91:87:5d:40:f9:34:7b:db:d4:e3:0a:7d:
         5f:a0:ee:ef:95:60:ae:04:e0:3f:eb:34:35:4e:4b:d3:28:60:
         d0:cb:16:e8:78:52:5d:38:10:60:ac:d7:74:9e:c3:ec:ca:b2:
         73:c2:a6:3d:15:0a:e2:21:93:3b:de:71:2a:0f:02:ac:3c:26:
         b2:f6:7d:00:29:17:05:55:77:e9:cf:9b:8d:47:15:5f:69:b2:
         67:e7:0f:19:20:5c:b9:33:94:fa:4e:d3:78:2f:24:69:36:d4:
         60:fe:6a:37:93:7a:50:92:56:b7:8e:25:c4:a2:4c:7b:5a:05:
         9d:da:5a:c2:d5:7f:d9:28:b8:c1:6d:24:f0:ab:b6:60:ec:76:
         ee:a1:cc:eb:5a:1e:1e:c1:ea:a5:06:a0:af:a1:14:81:ba:68:
         7f:46:21:4c:93:3a:dd:1a:be:63:ec:3e:8d:9c:f1:67:b0:39:
         c4:b6:30:be
-----BEGIN CERTIFICATE-----
MIIFhjCCBG6gAwIBAgISAYQJiEmYzXc7LBQPXmTaTJLoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjIxMDI0MTAyNzE3WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZmFmZmU0NDVjODQ0MTFmM2Y3ZjYzNjEzYTFiNzM4N2NjOWJiYmFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh+PHvzEp9ul/T6N/mnrcrQMhDrHV
RL4zJNNQOlEqQrdc404cfex290HuXDQSRKKQ374DQQ9gyWs48q78G6cm5NmIUyzQ
T5MrAadRySbm98oYxAlU17wQJjpdE+gsrfZpPPh0ixL2+uPbz08k/UYXeTXTYqcC
J4k0BRdO6PsQHbb6t+pBQ9G3BVCLHvX6qwOgUpiFa/f6XiYqHWhSeo5CHySLpFb8
kuIIWsPOfACEXLqzGUtZP80KfUpzsxsHmqBk1mHJnfggTDTRZnPu9tp+v+W4m4o2
fKrnklpZElPllEPO2ic57hfpzkUHN9GODkcdPuWFnx4jcrEWvkbZ/5+h/wIDAQAB
o4ICkjCCAo4wHQYDVR0OBBYEFJ+v/kRchEEfP39jYTobc4fMm7uqMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvbjZfLVJGeUVRUjhfZjJOaE9odHpoOHlidTZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGnBggrBgEFBQcBBwEB/wSBlzCBlDCBkQQCAAEwgYoDBABQ
TDADBABSc9ADBABSc9MDBAFUFawDBABUNjEDBABVHy0DBABVHy8DBABXeFcDBABe
mqwwDAMEALLX4QMEArLX4AMEALLX7zAMAwQAudhFAwQAudhGAwQAufbdMAwDBADB
GdkDBADBGdoDBADBIxMDBADBLz8DBAHCN+ADBADCN+MDBADCtCQwDQYJKoZIhvcN
AQELBQADggEBADKAc0AJDXl3yrL7fHTf07vYBF5au6oJn5y2ZP4yMgn+B4R5pw87
0zcfjPVl5bjC1XTEaqpXam/f8wTzSrq17twAR7vpDTKBaJI5G55iV5GHXUD5NHvb
1OMKfV+g7u+VYK4E4D/rNDVOS9MoYNDLFuh4Ul04EGCs13Sew+zKsnPCpj0VCuIh
kzvecSoPAqw8JrL2fQApFwVVd+nPm41HFV9psmfnDxkgXLkzlPpO03gvJGk21GD+
ajeTelCSVreOJcSiTHtaBZ3aWsLVf9kouMFtJPCrtmDsdu6hzOtaHh7B6qUGoK+h
FIG6aH9GIUyTOt0avmPsPo2c8WewOcS2ML4=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:17:18 2024 by rpki-client on console-fra.rpki-client.org