Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/qALsqHFeT-e6FTastI6jTxV6guU.roa
File:                     qALsqHFeT-e6FTastI6jTxV6guU.roa (raw, json)
Hash identifier:          jxn9xQoTdIRCGLOIvXJU0CsMRNPs6ySgwB68cPiActk=
Subject key identifier:   A8:02:EC:A8:71:5E:4F:E7:BA:15:36:AC:B4:8E:A3:4F:15:7A:82:E5
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       0187709A890448B5CFB93CB8A6AB6345504A
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/qALsqHFeT-e6FTastI6jTxV6guU.roa
Signing time:             Tue 11 Apr 2023 13:56:28 +0000
ROA not before:           Tue 11 Apr 2023 13:56:28 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     43260
IP address blocks:        87.121.124.0/23 maxlen: 24
                          91.92.24.0/23 maxlen: 24
                          93.123.74.0/23 maxlen: 24
                          87.121.46.0/23 maxlen: 24
                          37.221.120.0/22 maxlen: 24
                          82.115.210.0/23 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:70:9a:89:04:48:b5:cf:b9:3c:b8:a6:ab:63:45:50:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Apr 11 13:56:28 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a802eca8715e4fe7ba1536acb48ea34f157a82e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:46:08:88:1f:ce:24:32:73:20:c2:9d:32:e4:
                    b8:06:bc:a8:88:b0:7e:88:50:49:b1:eb:d8:a9:b6:
                    e9:f5:30:c3:94:dc:7c:8d:e1:a5:73:f7:4d:d9:07:
                    69:9f:f9:a7:77:18:56:61:62:c1:34:d4:e3:d0:2d:
                    a2:4e:e9:ec:41:59:49:35:53:4f:94:cc:e7:b0:01:
                    b9:12:1c:3f:c8:54:fa:d1:8f:b7:0d:ca:b8:21:a5:
                    6f:d7:00:57:a3:bd:b1:91:18:70:36:c0:dd:72:71:
                    e0:01:88:b7:76:e9:fe:d5:d7:cf:1b:88:75:86:54:
                    5c:5d:05:10:d1:61:ab:b2:ba:c4:cc:38:01:bb:46:
                    15:d9:75:06:dd:58:17:95:3d:54:e1:7c:85:d7:9f:
                    54:e3:3d:e0:ed:ab:3d:3f:1a:aa:51:f0:22:c2:c8:
                    3d:0a:98:db:24:99:21:42:29:5f:10:55:d9:72:b8:
                    fd:47:a2:2e:e9:d9:7b:98:55:03:51:8b:60:80:14:
                    3d:68:d3:ea:36:02:09:6f:b5:bd:38:5c:31:b3:72:
                    9d:06:96:46:a3:6d:f2:fb:ff:54:13:bd:33:44:34:
                    fc:67:c7:b6:09:2f:5e:e1:20:6f:07:06:51:aa:6e:
                    50:7a:28:35:c1:26:81:f1:5d:06:b4:8b:97:26:cd:
                    ea:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:02:EC:A8:71:5E:4F:E7:BA:15:36:AC:B4:8E:A3:4F:15:7A:82:E5
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/qALsqHFeT-e6FTastI6jTxV6guU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.221.120.0/22
                  82.115.210.0/23
                  87.121.46.0/23
                  87.121.124.0/23
                  91.92.24.0/23
                  93.123.74.0/23

    Signature Algorithm: sha256WithRSAEncryption
         78:50:4a:52:18:7c:9e:ec:12:75:b3:c7:8a:8f:c7:de:3e:f3:
         e9:e2:59:e1:34:3a:1d:ee:ea:e2:7e:01:87:dd:91:6b:5d:04:
         8e:68:e3:bc:15:2c:af:1f:50:d3:2b:44:86:fe:5d:c2:3f:92:
         bc:7f:21:9d:bf:64:13:d1:87:38:a1:04:95:24:ba:86:3b:94:
         2c:18:9f:34:15:ab:60:34:c8:dc:b0:ed:c2:20:8b:13:27:ce:
         f5:e7:8c:c9:d9:d2:1e:7f:bc:d5:bd:06:61:83:46:c9:f8:bd:
         02:b0:ab:e6:e4:1c:15:75:7c:85:f0:1d:c1:9b:ea:0b:f3:b5:
         cc:93:f4:c8:b5:21:18:55:e1:7f:45:f5:9e:2e:48:3c:05:7e:
         cb:76:4a:63:47:3b:b3:45:6d:11:b8:29:af:a8:14:5a:92:1c:
         77:5e:be:bd:df:31:bd:55:a0:6c:f3:c2:52:f1:95:47:06:50:
         60:7f:f3:3a:f6:bf:27:ab:de:68:f6:3c:22:d5:22:33:ad:5e:
         44:e0:be:ff:b2:41:4b:a9:7d:d4:44:30:85:e3:d6:b2:a7:4d:
         bd:ae:49:fd:e8:c4:0e:cf:2f:21:aa:dd:11:8b:04:82:c6:ad:
         51:2d:21:5b:aa:35:9c:fc:8e:86:18:a4:79:b7:a4:8d:9a:7e:
         c1:f8:87:e0
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYdwmokESLXPuTy4pqtjRVBKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwNDExMTM1NjI4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODAyZWNhODcxNWU0ZmU3YmExNTM2YWNiNDhlYTM0ZjE1N2E4MmU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo0YIiB/OJDJzIMKdMuS4BryoiLB+
iFBJsevYqbbp9TDDlNx8jeGlc/dN2Qdpn/mndxhWYWLBNNTj0C2iTunsQVlJNVNP
lMznsAG5Ehw/yFT60Y+3Dcq4IaVv1wBXo72xkRhwNsDdcnHgAYi3dun+1dfPG4h1
hlRcXQUQ0WGrsrrEzDgBu0YV2XUG3VgXlT1U4XyF159U4z3g7as9PxqqUfAiwsg9
CpjbJJkhQilfEFXZcrj9R6Iu6dl7mFUDUYtggBQ9aNPqNgIJb7W9OFwxs3KdBpZG
o23y+/9UE70zRDT8Z8e2CS9e4SBvBwZRqm5Qeig1wSaB8V0GtIuXJs3q8QIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFKgC7KhxXk/nuhU2rLSOo08VeoLlMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvcUFMc3FIRmVULWU2RlRhc3RJNmpUeFY2Z3VVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQCJd14AwQB
UnPSAwQBV3kuAwQBV3l8AwQBW1wYAwQBXXtKMA0GCSqGSIb3DQEBCwUAA4IBAQB4
UEpSGHye7BJ1s8eKj8fePvPp4lnhNDod7urifgGH3ZFrXQSOaOO8FSyvH1DTK0SG
/l3CP5K8fyGdv2QT0Yc4oQSVJLqGO5QsGJ80FatgNMjcsO3CIIsTJ87154zJ2dIe
f7zVvQZhg0bJ+L0CsKvm5BwVdXyF8B3Bm+oL87XMk/TItSEYVeF/RfWeLkg8BX7L
dkpjRzuzRW0RuCmvqBRakhx3Xr693zG9VaBs88JS8ZVHBlBgf/M69r8nq95o9jwi
1SIzrV5E4L7/skFLqX3URDCF49ayp029rkn96MQOzy8hqt0RiwSCxq1RLSFbqjWc
/I6GGKR5t6SNmn7B+Ifg
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:44 2024 by rpki-client on console-ams.rpki-client.org