Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/qhaBGcZgx1PFhRc8SPKu9gAH4Hc.roa
File:                     qhaBGcZgx1PFhRc8SPKu9gAH4Hc.roa (raw, json)
Hash identifier:          BB0mTKQpqt+N/6AB3sUzf1DcmavEV2m8QGlwCj9E4Tw=
Subject key identifier:   AA:16:81:19:C6:60:C7:53:C5:85:17:3C:48:F2:AE:F6:00:07:E0:77
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       01898CB6F22530D8E10008EA37CFBB862BA9
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/qhaBGcZgx1PFhRc8SPKu9gAH4Hc.roa
Signing time:             Tue 25 Jul 2023 11:02:27 +0000
ROA not before:           Tue 25 Jul 2023 11:02:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     0
IP address blocks:        185.218.84.0/22 maxlen: 24
                          178.215.224.0/24 maxlen: 24
                          91.92.21.0/24 maxlen: 24
                          94.156.239.0/24 maxlen: 24
                          194.113.36.0/22 maxlen: 24
                          178.215.236.0/24 maxlen: 24
                          178.215.239.0/24 maxlen: 24
                          93.123.85.0/24 maxlen: 24
                          171.22.72.0/22 maxlen: 24
                          185.252.176.0/24 maxlen: 24
                          147.78.101.0/24 maxlen: 24
                          147.78.100.0/24 maxlen: 24
                          147.78.102.0/24 maxlen: 24
                          92.119.196.0/23 maxlen: 24
                          45.95.0.0/22 maxlen: 24
                          185.216.84.0/22 maxlen: 24
                          87.121.45.0/24 maxlen: 24
                          185.218.137.0/24 maxlen: 24
                          194.169.174.0/24 maxlen: 24
                          94.154.163.0/24 maxlen: 24
                          94.154.162.0/23 maxlen: 24
                          94.154.161.0/24 maxlen: 24
                          185.219.126.0/24 maxlen: 24
                          45.151.89.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:8c:b6:f2:25:30:d8:e1:00:08:ea:37:cf:bb:86:2b:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jul 25 11:02:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=aa168119c660c753c585173c48f2aef60007e077
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:3a:1a:42:34:17:e2:d1:53:62:75:85:bc:6f:
                    81:b3:99:e6:17:45:36:bd:80:69:3d:56:99:a8:08:
                    fc:39:8e:c2:3a:54:f6:36:ac:cd:b9:01:b9:42:1c:
                    3d:c7:3e:52:05:ba:b7:d8:3b:74:1d:0f:a8:87:f3:
                    1f:ea:21:6f:d7:5e:47:71:a8:bd:ee:f2:6a:be:3a:
                    74:bb:6b:e6:d5:43:c1:b1:23:be:43:4d:f8:f6:84:
                    1e:d8:30:92:4b:fd:a2:7a:8c:7b:7c:47:cd:e2:74:
                    99:b7:0d:a7:47:f2:16:1c:2f:ae:2f:cd:cb:10:ba:
                    02:f5:c3:4d:a6:ec:5e:30:b7:b1:85:fc:36:da:af:
                    20:17:1c:62:a2:a3:74:d6:75:45:4e:ca:1f:88:af:
                    d9:8b:5c:6b:d3:d0:12:8b:b7:05:e7:0e:c1:fb:f3:
                    01:6a:99:bc:07:d6:84:47:5e:23:3b:94:8a:73:37:
                    9a:3b:cb:11:1e:a1:c5:f1:54:06:8e:3a:c7:01:60:
                    1d:df:5c:e3:3c:0a:68:84:a2:de:3b:2d:64:2b:5d:
                    9c:cf:df:51:52:97:45:66:47:10:35:a7:a6:bc:b4:
                    6d:6b:70:96:89:34:63:52:ac:a7:68:a2:3f:d3:bc:
                    23:a0:a1:7c:d8:70:52:26:f3:7c:c6:93:e1:51:5d:
                    4b:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:16:81:19:C6:60:C7:53:C5:85:17:3C:48:F2:AE:F6:00:07:E0:77
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/qhaBGcZgx1PFhRc8SPKu9gAH4Hc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.95.0.0/22
                  45.151.89.0/24
                  87.121.45.0/24
                  91.92.21.0/24
                  92.119.196.0/23
                  93.123.85.0/24
                  94.154.161.0-94.154.163.255
                  94.156.239.0/24
                  147.78.100.0-147.78.102.255
                  171.22.72.0/22
                  178.215.224.0/24
                  178.215.236.0/24
                  178.215.239.0/24
                  185.216.84.0/22
                  185.218.84.0/22
                  185.218.137.0/24
                  185.219.126.0/24
                  185.252.176.0/24
                  194.113.36.0/22
                  194.169.174.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:12:07:3c:fd:4c:ab:46:ff:bd:07:55:4d:02:8b:6c:8e:ff:
         cb:8e:86:18:20:a4:d3:71:dc:03:82:ff:b3:72:7a:e0:0f:74:
         72:e6:ff:7f:27:6c:50:d5:c1:2e:46:40:af:eb:34:7e:c8:bb:
         b4:66:92:fd:67:b4:44:af:ab:2d:f9:1c:b8:4d:22:df:c9:5b:
         17:5b:96:38:02:4f:5d:e1:45:99:1f:3d:e7:e8:33:2c:ae:92:
         6b:03:df:60:76:98:9c:2f:15:2a:46:57:ea:9b:4b:52:75:a3:
         8d:97:22:32:b8:e7:fc:13:cf:b3:ca:8d:7c:cc:f6:f0:79:b6:
         14:0b:67:5d:13:4a:b7:c8:b3:16:cd:ff:8b:39:7e:57:39:32:
         ca:7c:25:08:be:38:8f:be:cf:f3:e5:44:47:26:6c:2f:30:2f:
         7d:9a:57:34:1f:dc:7b:af:05:f5:3a:2e:74:0f:7c:7f:63:e8:
         7f:bd:36:3a:96:b0:bb:3b:81:c1:6a:71:8d:37:33:8b:36:70:
         87:6f:1f:35:53:ee:6a:94:58:d3:be:24:da:cb:1c:d6:2d:37:
         a1:42:b7:cf:28:9a:95:21:9c:2f:26:1a:ad:05:a7:0f:f6:63:
         ba:1c:a5:c6:bc:97:7e:80:8a:5c:5e:43:cf:a6:b4:c7:78:ae:
         79:57:dc:5e
-----BEGIN CERTIFICATE-----
MIIFhDCCBGygAwIBAgISAYmMtvIlMNjhAAjqN8+7hiupMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwNzI1MTEwMjI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTE2ODExOWM2NjBjNzUzYzU4NTE3M2M0OGYyYWVmNjAwMDdlMDc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnjoaQjQX4tFTYnWFvG+Bs5nmF0U2
vYBpPVaZqAj8OY7COlT2NqzNuQG5Qhw9xz5SBbq32Dt0HQ+oh/Mf6iFv115Hcai9
7vJqvjp0u2vm1UPBsSO+Q0349oQe2DCSS/2ieox7fEfN4nSZtw2nR/IWHC+uL83L
ELoC9cNNpuxeMLexhfw22q8gFxxioqN01nVFTsofiK/Zi1xr09ASi7cF5w7B+/MB
apm8B9aER14jO5SKczeaO8sRHqHF8VQGjjrHAWAd31zjPApohKLeOy1kK12cz99R
UpdFZkcQNaemvLRta3CWiTRjUqynaKI/07wjoKF82HBSJvN8xpPhUV1L1wIDAQAB
o4ICkDCCAowwHQYDVR0OBBYEFKoWgRnGYMdTxYUXPEjyrvYAB+B3MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvcWhhQkdjWmd4MVBGaFJjOFNQS3U5Z0FINEhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGlBggrBgEFBQcBBwEB/wSBlTCBkjCBjwQCAAEwgYgDBAIt
XwADBAAtl1kDBABXeS0DBABbXBUDBAFcd8QDBABde1UwDAMEAF6aoQMEAl6aoAME
AF6c7zAMAwQCk05kAwQAk05mAwQCqxZIAwQAstfgAwQAstfsAwQAstfvAwQCudhU
AwQCudpUAwQAudqJAwQAudt+AwQAufywAwQCwnEkAwQAwqmuMA0GCSqGSIb3DQEB
CwUAA4IBAQBQEgc8/UyrRv+9B1VNAotsjv/LjoYYIKTTcdwDgv+zcnrgD3Ry5v9/
J2xQ1cEuRkCv6zR+yLu0ZpL9Z7REr6st+Ry4TSLfyVsXW5Y4Ak9d4UWZHz3n6DMs
rpJrA99gdpicLxUqRlfqm0tSdaONlyIyuOf8E8+zyo18zPbwebYUC2ddE0q3yLMW
zf+LOX5XOTLKfCUIvjiPvs/z5URHJmwvMC99mlc0H9x7rwX1Oi50D3x/Y+h/vTY6
lrC7O4HBanGNNzOLNnCHbx81U+5qlFjTviTayxzWLTehQrfPKJqVIZwvJhqtBacP
9mO6HKXGvJd+gIpcXkPPprTHeK55V9xe
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:17:19 2024 by rpki-client on console-fra.rpki-client.org