Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/om6aL40-9rJzsYyKguyUNcR57zk.roa
File:                     om6aL40-9rJzsYyKguyUNcR57zk.roa (raw, json)
Hash identifier:          IMPBoq6WMZPOWBDGemJ9TAxz5UXU7uvBGMVXJJ/4l8o=
Subject key identifier:   A2:6E:9A:2F:8D:3E:F6:B2:73:B1:8C:8A:82:EC:94:35:C4:79:EF:39
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       01856D820F76BE4B077C5D24A1E8E76A214C
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/om6aL40-9rJzsYyKguyUNcR57zk.roa
Signing time:             Sun 01 Jan 2023 13:25:18 +0000
ROA not before:           Sun 01 Jan 2023 13:25:18 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     209371
IP address blocks:        194.55.224.0/24 maxlen: 24
                          194.55.225.0/24 maxlen: 24
                          178.215.225.0/24 maxlen: 24
                          178.215.227.0/24 maxlen: 24
                          178.215.239.0/24 maxlen: 24
                          45.128.96.0/22 maxlen: 24
                          80.76.48.0/24 maxlen: 24
                          85.31.47.0/24 maxlen: 24
                          45.84.89.0/24 maxlen: 24
                          185.216.70.0/24 maxlen: 24
                          185.216.69.0/24 maxlen: 24
                          87.120.87.0/24 maxlen: 24
                          45.139.107.0/24 maxlen: 24
                          193.35.19.0/24 maxlen: 24
                          94.154.172.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6d:82:0f:76:be:4b:07:7c:5d:24:a1:e8:e7:6a:21:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan  1 13:25:18 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a26e9a2f8d3ef6b273b18c8a82ec9435c479ef39
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:f3:d2:6f:f1:e0:d0:fe:8b:c7:29:61:44:fe:
                    77:12:58:18:09:ca:c1:65:90:bf:d0:4d:a1:23:c3:
                    fe:6a:4e:47:98:52:b0:e5:28:46:8f:d7:d6:99:1c:
                    3d:0f:b4:1e:85:2b:23:3d:df:fa:61:66:8e:32:22:
                    87:9d:bc:24:aa:1a:bf:53:b8:e0:28:55:44:90:03:
                    57:35:05:73:16:5e:20:e1:17:8f:2e:8f:c3:0d:93:
                    40:79:91:05:aa:4e:03:fe:c5:ae:03:e0:ba:8e:77:
                    b3:fb:dc:8f:ad:17:d4:4a:79:7d:fb:fb:cc:ec:09:
                    e5:3e:58:7f:6d:88:1b:49:f1:82:16:75:61:fb:15:
                    5a:c4:3b:b0:fe:b2:c9:aa:37:eb:90:4f:de:c5:ed:
                    c9:2e:b3:c0:9d:55:b4:58:a7:f7:19:49:87:b8:ec:
                    f0:e9:26:9b:50:62:81:c5:7d:93:af:0a:d0:9a:61:
                    ff:18:0d:ca:98:92:ea:cc:b3:58:ac:7a:5e:98:f5:
                    3d:bd:ff:b5:59:a6:40:90:de:7b:26:77:4a:94:f8:
                    9f:f5:6f:4e:00:de:21:79:0f:63:b1:83:e6:80:8e:
                    ec:10:aa:49:36:f7:e3:93:95:8e:11:d4:46:dd:e4:
                    cb:82:ae:b0:39:0a:1a:cd:c1:48:52:77:4c:3e:6d:
                    9d:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:6E:9A:2F:8D:3E:F6:B2:73:B1:8C:8A:82:EC:94:35:C4:79:EF:39
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/om6aL40-9rJzsYyKguyUNcR57zk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.84.89.0/24
                  45.128.96.0/22
                  45.139.107.0/24
                  80.76.48.0/24
                  85.31.47.0/24
                  87.120.87.0/24
                  94.154.172.0/24
                  178.215.225.0/24
                  178.215.227.0/24
                  178.215.239.0/24
                  185.216.69.0-185.216.70.255
                  193.35.19.0/24
                  194.55.224.0/23

    Signature Algorithm: sha256WithRSAEncryption
         38:14:30:46:35:dd:93:b6:a6:f4:5a:08:29:9a:40:b1:6c:cb:
         90:40:d2:ab:9d:45:42:34:db:e7:f7:d8:e0:ee:ff:0a:47:fd:
         40:0d:e5:f9:53:bc:07:47:f0:0d:17:b0:85:c9:b8:79:87:f2:
         bb:eb:b4:51:65:30:1e:4c:0e:30:b9:df:33:49:49:1b:7c:4f:
         7a:96:b1:6a:db:1e:58:ce:ac:2b:f8:be:50:d1:61:2e:2e:a4:
         92:cc:1f:4b:6e:f2:84:27:9b:88:31:7b:c9:87:16:cd:4f:8b:
         b3:03:96:d3:df:3d:c3:95:4a:6a:b1:e7:71:5c:de:76:00:3e:
         c2:3f:53:10:46:e7:8d:91:38:e6:52:73:25:26:19:42:ae:06:
         0b:4e:35:13:20:55:9d:4f:a9:63:12:b3:f8:31:5c:78:55:e7:
         54:bf:3e:70:59:0e:9f:1d:43:08:2c:01:b9:76:67:69:a9:19:
         23:d5:c5:6a:b8:5c:d7:98:c6:fa:a4:cd:f3:db:5b:dc:56:58:
         3d:1c:7f:74:f5:15:a8:b1:23:5e:bd:03:94:e9:b4:e1:32:75:
         15:e2:e8:5a:ae:2a:2a:92:6b:2f:60:23:ec:ed:4a:7f:55:11:
         1d:a5:72:ca:e4:3a:18:17:25:36:30:2f:bc:95:01:83:d8:69:
         e3:e9:fc:b7
-----BEGIN CERTIFICATE-----
MIIFTTCCBDWgAwIBAgISAYVtgg92vksHfF0koejnaiFMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwMTAxMTMyNTE4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjZlOWEyZjhkM2VmNmIyNzNiMThjOGE4MmVjOTQzNWM0NzllZjM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnvPSb/Hg0P6LxylhRP53ElgYCcrB
ZZC/0E2hI8P+ak5HmFKw5ShGj9fWmRw9D7QehSsjPd/6YWaOMiKHnbwkqhq/U7jg
KFVEkANXNQVzFl4g4RePLo/DDZNAeZEFqk4D/sWuA+C6jnez+9yPrRfUSnl9+/vM
7AnlPlh/bYgbSfGCFnVh+xVaxDuw/rLJqjfrkE/exe3JLrPAnVW0WKf3GUmHuOzw
6SabUGKBxX2TrwrQmmH/GA3KmJLqzLNYrHpemPU9vf+1WaZAkN57JndKlPif9W9O
AN4heQ9jsYPmgI7sEKpJNvfjk5WOEdRG3eTLgq6wOQoazcFIUndMPm2dsQIDAQAB
o4ICWTCCAlUwHQYDVR0OBBYEFKJumi+NPvayc7GMioLslDXEee85MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvb202YUw0MC05ckp6c1l5S2d1eVVOY1I1N3prLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG8GCCsGAQUFBwEHAQH/BGAwXjBcBAIAATBWAwQALVRZAwQC
LYBgAwQALYtrAwQAUEwwAwQAVR8vAwQAV3hXAwQAXpqsAwQAstfhAwQAstfjAwQA
stfvMAwDBAC52EUDBAC52EYDBADBIxMDBAHCN+AwDQYJKoZIhvcNAQELBQADggEB
ADgUMEY13ZO2pvRaCCmaQLFsy5BA0qudRUI02+f32ODu/wpH/UAN5flTvAdH8A0X
sIXJuHmH8rvrtFFlMB5MDjC53zNJSRt8T3qWsWrbHljOrCv4vlDRYS4upJLMH0tu
8oQnm4gxe8mHFs1Pi7MDltPfPcOVSmqx53Fc3nYAPsI/UxBG542ROOZScyUmGUKu
BgtONRMgVZ1PqWMSs/gxXHhV51S/PnBZDp8dQwgsAbl2Z2mpGSPVxWq4XNeYxvqk
zfPbW9xWWD0cf3T1FaixI169A5TptOEydRXi6FquKiqSay9gI+ztSn9VER2lcsrk
OhgXJTYwL7yVAYPYaePp/Lc=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:17:19 2024 by rpki-client on console-fra.rpki-client.org