Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/oxmCcivy2wpz9EYfCRHiobTTscM.roa
File:                     oxmCcivy2wpz9EYfCRHiobTTscM.roa (raw, json)
Hash identifier:          +uNJlr8/EvssqWWScMfnNxOvMuiIv/uKZsPlV/9/M10=
Subject key identifier:   A3:19:82:72:2B:F2:DB:0A:73:F4:46:1F:09:11:E2:A1:B4:D3:B1:C3
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018CB0FE3383441DE0B8A35469CBC09D6775
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/oxmCcivy2wpz9EYfCRHiobTTscM.roa
Signing time:             Thu 28 Dec 2023 15:14:58 +0000
ROA not before:           Thu 28 Dec 2023 15:14:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     61302
IP address blocks:        171.22.31.0/24 maxlen: 24
                          87.121.124.0/23 maxlen: 24
                          81.161.239.0/24 maxlen: 24
                          91.200.192.0/22 maxlen: 24
                          94.156.248.0/24 maxlen: 24
                          87.121.162.0/24 maxlen: 24
                          147.78.100.0/24 maxlen: 24
                          45.141.158.0/24 maxlen: 24
                          171.22.17.0/24 maxlen: 24
                          171.22.18.0/24 maxlen: 24
                          79.110.61.0/24 maxlen: 24
                          82.115.210.0/24 maxlen: 24
                          45.129.84.0/24 maxlen: 24
                          193.35.19.0/24 maxlen: 24
                          37.139.130.0/24 maxlen: 24
                          193.25.216.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:b0:fe:33:83:44:1d:e0:b8:a3:54:69:cb:c0:9d:67:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Dec 28 15:14:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a31982722bf2db0a73f4461f0911e2a1b4d3b1c3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:98:6e:ae:83:90:86:86:71:05:f6:77:89:e5:
                    bf:85:9a:2d:8e:20:27:66:27:a9:e9:3f:de:16:66:
                    ca:eb:9d:82:6f:d3:a4:74:e3:82:29:1a:ad:a4:23:
                    07:4a:dc:06:42:90:fb:bd:54:1c:3d:89:45:ee:08:
                    f6:57:fe:1d:01:32:8d:52:8d:85:2b:bd:3d:a4:fb:
                    f9:04:72:c0:f7:2d:a2:9f:44:59:2a:3e:41:07:f8:
                    f7:80:b8:df:d7:11:28:b5:fb:4f:eb:67:49:0c:b4:
                    3f:a4:85:80:df:a7:3b:71:e5:8a:3c:f2:1d:13:5b:
                    69:60:ac:c8:af:0d:1a:60:86:7d:69:43:ef:76:e6:
                    c6:6c:ac:9e:ec:71:70:25:90:32:93:01:9e:cb:e7:
                    ed:69:7f:45:01:35:c7:ab:b0:5b:26:fa:da:67:f1:
                    e4:fb:95:3c:84:35:39:a0:2c:5e:b2:81:5c:10:24:
                    21:65:bb:28:5b:1c:af:3b:71:17:25:cb:b2:f4:c4:
                    91:70:56:33:e9:e9:8a:41:c0:20:b4:61:d6:1a:4b:
                    76:82:0e:68:0a:a4:fb:f2:c4:46:04:ef:41:b2:e1:
                    1f:3a:66:b6:40:9a:35:df:95:84:c4:0c:3d:08:97:
                    77:7f:1d:5f:78:9a:e4:65:d8:12:78:c2:02:c7:3d:
                    95:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:19:82:72:2B:F2:DB:0A:73:F4:46:1F:09:11:E2:A1:B4:D3:B1:C3
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/oxmCcivy2wpz9EYfCRHiobTTscM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.139.130.0/24
                  45.129.84.0/24
                  45.141.158.0/24
                  79.110.61.0/24
                  81.161.239.0/24
                  82.115.210.0/24
                  87.121.124.0/23
                  87.121.162.0/24
                  91.200.192.0/22
                  94.156.248.0/24
                  147.78.100.0/24
                  171.22.17.0-171.22.18.255
                  171.22.31.0/24
                  193.25.216.0/24
                  193.35.19.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:f0:c6:aa:c9:2b:3b:69:40:67:f0:87:95:d2:f4:8d:46:2e:
         d2:92:c2:6b:72:4a:c0:ef:53:d2:c7:16:e5:27:67:a2:6a:fe:
         e7:b3:4c:58:2f:98:9a:d6:5f:b6:0f:29:d7:f8:0b:c5:fa:7a:
         b6:62:6d:66:3c:50:94:fb:d8:f5:7b:06:94:ca:83:cb:09:22:
         77:34:af:04:0d:0b:3c:2f:5b:d8:c1:dd:90:31:a9:56:4b:98:
         21:e8:26:16:b2:58:57:ef:64:e7:72:fc:b6:90:4a:99:bf:d6:
         78:8f:53:50:58:7b:9d:0a:76:e7:ee:96:ce:89:1e:d2:cb:b0:
         c9:ae:90:49:b2:ad:4f:39:ee:cd:47:8a:93:38:07:6e:64:f6:
         0a:3b:5f:5d:53:06:48:ff:bf:85:91:33:b3:e9:66:74:94:cf:
         e5:56:07:5d:73:62:7e:f7:f7:b2:ba:b4:47:9a:40:e4:8a:a9:
         0c:c4:90:98:9e:de:2c:b7:3c:d5:af:50:1d:59:25:6e:af:c9:
         68:f6:47:d4:2a:46:cb:2b:2a:4f:e3:b7:ba:c4:08:65:70:79:
         c0:75:cb:c8:b0:2b:ea:7e:16:44:2e:47:5b:69:59:47:a2:26:
         4e:56:33:c4:57:d1:9e:7f:ed:9d:df:c1:3f:01:d5:4c:ef:b4:
         8b:5c:d6:cf
-----BEGIN CERTIFICATE-----
MIIFWTCCBEGgAwIBAgISAYyw/jODRB3guKNUacvAnWd1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMxMjI4MTUxNDU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzE5ODI3MjJiZjJkYjBhNzNmNDQ2MWYwOTExZTJhMWI0ZDNiMWMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoJhuroOQhoZxBfZ3ieW/hZotjiAn
Ziep6T/eFmbK652Cb9OkdOOCKRqtpCMHStwGQpD7vVQcPYlF7gj2V/4dATKNUo2F
K709pPv5BHLA9y2in0RZKj5BB/j3gLjf1xEotftP62dJDLQ/pIWA36c7ceWKPPId
E1tpYKzIrw0aYIZ9aUPvdubGbKye7HFwJZAykwGey+ftaX9FATXHq7BbJvraZ/Hk
+5U8hDU5oCxesoFcECQhZbsoWxyvO3EXJcuy9MSRcFYz6emKQcAgtGHWGkt2gg5o
CqT78sRGBO9BsuEfOma2QJo135WExAw9CJd3fx1feJrkZdgSeMICxz2VXwIDAQAB
o4ICZTCCAmEwHQYDVR0OBBYEFKMZgnIr8tsKc/RGHwkR4qG007HDMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvb3htQ2Npdnkyd3B6OUVZZkNSSGlvYlRUc2NNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHsGCCsGAQUFBwEHAQH/BGwwajBoBAIAATBiAwQAJYuCAwQA
LYFUAwQALY2eAwQAT249AwQAUaHvAwQAUnPSAwQBV3l8AwQAV3miAwQCW8jAAwQA
Xpz4AwQAk05kMAwDBACrFhEDBACrFhIDBACrFh8DBADBGdgDBADBIxMwDQYJKoZI
hvcNAQELBQADggEBABbwxqrJKztpQGfwh5XS9I1GLtKSwmtySsDvU9LHFuUnZ6Jq
/uezTFgvmJrWX7YPKdf4C8X6erZibWY8UJT72PV7BpTKg8sJInc0rwQNCzwvW9jB
3ZAxqVZLmCHoJhayWFfvZOdy/LaQSpm/1niPU1BYe50Kdufuls6JHtLLsMmukEmy
rU857s1HipM4B25k9go7X11TBkj/v4WRM7PpZnSUz+VWB11zYn7397K6tEeaQOSK
qQzEkJie3iy3PNWvUB1ZJW6vyWj2R9QqRssrKk/jt7rECGVwecB1y8iwK+p+FkQu
R1tpWUeiJk5WM8RX0Z5/7Z3fwT8B1UzvtItc1s8=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:17:19 2024 by rpki-client on console-fra.rpki-client.org