Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/qq54gWlaADwcqXuldhh_ABve1Pg.roa
File:                     qq54gWlaADwcqXuldhh_ABve1Pg.roa (raw, json)
Hash identifier:          kP4j/hyIrUpECjTB8AASsaVaB2uNH3FLMDiWfTqHACA=
Subject key identifier:   AA:AE:78:81:69:5A:00:3C:1C:A9:7B:A5:76:18:7F:00:1B:DE:D4:F8
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       01882F4E836696F66C8CBAC84FCE40A7F8B8
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/qq54gWlaADwcqXuldhh_ABve1Pg.roa
Signing time:             Thu 18 May 2023 14:40:54 +0000
ROA not before:           Thu 18 May 2023 14:40:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     206003
IP address blocks:        45.9.156.0/24 maxlen: 24
                          45.66.228.0/24 maxlen: 24
                          45.12.255.0/24 maxlen: 24
                          87.120.130.0/24 maxlen: 24
                          147.78.100.0/23 maxlen: 24
                          185.246.223.0/24 maxlen: 24
                          194.180.39.0/24 maxlen: 24
                          82.115.210.0/23 maxlen: 24
                          45.139.104.0/24 maxlen: 24
                          45.129.84.0/24 maxlen: 24
                          45.129.86.0/24 maxlen: 24
                          193.35.19.0/24 maxlen: 24
                          94.154.172.0/24 maxlen: 24
                          171.22.31.0/24 maxlen: 24
                          87.121.124.0/23 maxlen: 24
                          93.123.39.0/24 maxlen: 24
                          81.161.230.0/24 maxlen: 24
                          81.161.239.0/24 maxlen: 24
                          178.215.226.0/24 maxlen: 24
                          91.200.192.0/22 maxlen: 24
                          94.156.248.0/24 maxlen: 24
                          94.156.250.0/24 maxlen: 24
                          87.121.162.0/24 maxlen: 24
                          94.156.160.0/24 maxlen: 24
                          45.141.158.0/24 maxlen: 24
                          171.22.17.0/24 maxlen: 24
                          171.22.18.0/24 maxlen: 24
                          83.219.97.0/24 maxlen: 24
                          87.121.220.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:2f:4e:83:66:96:f6:6c:8c:ba:c8:4f:ce:40:a7:f8:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: May 18 14:40:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=aaae7881695a003c1ca97ba576187f001bded4f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:57:27:82:a4:33:13:9d:10:56:d8:62:39:a4:
                    86:84:12:12:d6:d7:7a:cd:a8:10:17:fb:01:12:b4:
                    d3:c4:bb:0c:52:4d:de:0b:51:45:69:69:61:de:bc:
                    30:be:17:7c:47:13:b9:56:35:ab:e0:ba:f4:04:c9:
                    0e:32:d2:90:95:a1:74:0c:79:e1:fd:9e:54:49:46:
                    ca:e2:17:5a:a1:d0:71:df:1e:cd:f9:af:ab:21:44:
                    77:fa:47:54:42:80:0a:e6:89:6e:fe:cc:c9:68:e7:
                    99:12:15:7c:50:41:b2:87:7d:b6:19:47:c0:25:f2:
                    47:23:56:25:c7:99:e5:72:0c:13:6b:5a:b8:64:ad:
                    78:f6:bd:13:8b:23:04:a5:72:3f:a3:ba:6c:8d:ec:
                    5f:bf:98:eb:18:2e:49:1b:01:ef:5c:31:11:d5:45:
                    24:8b:5a:ea:a3:7b:01:07:e4:4e:a2:09:66:ef:20:
                    ac:23:a5:6c:78:72:1b:ca:6c:7b:ec:e5:39:57:b0:
                    1a:f1:5b:9e:6e:9d:0c:a5:3b:18:79:84:bb:e8:9e:
                    3a:aa:af:a1:87:0b:4c:98:4d:7b:7a:2b:66:34:00:
                    63:56:e8:77:28:9e:39:37:56:eb:c7:c8:ac:69:a8:
                    58:a0:4d:86:4c:d1:0c:8f:99:e0:d8:68:78:71:be:
                    73:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:AE:78:81:69:5A:00:3C:1C:A9:7B:A5:76:18:7F:00:1B:DE:D4:F8
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/qq54gWlaADwcqXuldhh_ABve1Pg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.9.156.0/24
                  45.12.255.0/24
                  45.66.228.0/24
                  45.129.84.0/24
                  45.129.86.0/24
                  45.139.104.0/24
                  45.141.158.0/24
                  81.161.230.0/24
                  81.161.239.0/24
                  82.115.210.0/23
                  83.219.97.0/24
                  87.120.130.0/24
                  87.121.124.0/23
                  87.121.162.0/24
                  87.121.220.0/24
                  91.200.192.0/22
                  93.123.39.0/24
                  94.154.172.0/24
                  94.156.160.0/24
                  94.156.248.0/24
                  94.156.250.0/24
                  147.78.100.0/23
                  171.22.17.0-171.22.18.255
                  171.22.31.0/24
                  178.215.226.0/24
                  185.246.223.0/24
                  193.35.19.0/24
                  194.180.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:77:ee:ce:fb:0c:35:96:bb:90:9c:ce:20:3a:b2:a0:d3:86:
         09:d6:a1:56:eb:c0:76:4c:7a:0a:89:1e:1f:a8:74:f9:6b:d5:
         90:d4:d9:55:cd:9f:57:2f:ec:95:17:38:50:a7:9e:4a:b6:36:
         b2:fe:4c:7b:11:79:d2:95:b7:4a:90:3e:2f:1c:da:31:ae:7e:
         bd:84:c3:33:bd:19:f7:51:3b:08:0f:86:ec:88:f7:c7:34:29:
         7b:52:fd:d3:4d:de:8a:65:df:4d:da:5b:c4:f3:27:0d:d7:9d:
         7d:b9:1b:e2:c0:a6:40:38:c2:92:19:58:28:09:40:2f:67:32:
         c4:8b:e8:16:8c:72:c2:c2:f2:a2:a6:25:b2:33:e1:51:c8:f2:
         c5:47:1b:7e:06:b6:d9:bf:9a:bf:12:45:ce:5d:a2:de:3d:62:
         d5:a9:ab:4a:ec:9a:90:40:2c:85:cd:57:92:95:08:55:95:cc:
         81:71:f1:1b:56:36:00:f9:c8:96:97:e7:7b:f8:e1:22:e7:dc:
         a7:f5:e2:b0:64:5a:dc:e1:18:21:f2:30:61:cf:08:b0:81:05:
         a9:f1:2c:27:23:09:9d:c7:9a:fe:d2:43:45:58:bc:dd:37:92:
         66:82:5d:8c:d6:fc:67:44:5f:db:0a:b6:30:f5:2c:16:9a:14:
         ff:8d:a1:ed
-----BEGIN CERTIFICATE-----
MIIFrDCCBJSgAwIBAgISAYgvToNmlvZsjLrIT85Ap/i4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwNTE4MTQ0MDU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYWFlNzg4MTY5NWEwMDNjMWNhOTdiYTU3NjE4N2YwMDFiZGVkNGY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqFcngqQzE50QVthiOaSGhBIS1td6
zagQF/sBErTTxLsMUk3eC1FFaWlh3rwwvhd8RxO5VjWr4Lr0BMkOMtKQlaF0DHnh
/Z5USUbK4hdaodBx3x7N+a+rIUR3+kdUQoAK5olu/szJaOeZEhV8UEGyh322GUfA
JfJHI1Ylx5nlcgwTa1q4ZK149r0TiyMEpXI/o7psjexfv5jrGC5JGwHvXDER1UUk
i1rqo3sBB+ROoglm7yCsI6VseHIbymx77OU5V7Aa8Vuebp0MpTsYeYS76J46qq+h
hwtMmE17eitmNABjVuh3KJ45N1brx8isaahYoE2GTNEMj5ng2Gh4cb5zMwIDAQAB
o4ICuDCCArQwHQYDVR0OBBYEFKqueIFpWgA8HKl7pXYYfwAb3tT4MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvcXE1NGdXbGFBRHdjcVh1bGRoaF9BQnZlMVBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHNBggrBgEFBQcBBwEB/wSBvTCBujCBtwQCAAEwgbADBAAt
CZwDBAAtDP8DBAAtQuQDBAAtgVQDBAAtgVYDBAAti2gDBAAtjZ4DBABRoeYDBABR
oe8DBAFSc9IDBABT22EDBABXeIIDBAFXeXwDBABXeaIDBABXedwDBAJbyMADBABd
eycDBABemqwDBABenKADBABenPgDBABenPoDBAGTTmQwDAMEAKsWEQMEAKsWEgME
AKsWHwMEALLX4gMEALn23wMEAMEjEwMEAMK0JzANBgkqhkiG9w0BAQsFAAOCAQEA
hnfuzvsMNZa7kJzOIDqyoNOGCdahVuvAdkx6CokeH6h0+WvVkNTZVc2fVy/slRc4
UKeeSrY2sv5MexF50pW3SpA+LxzaMa5+vYTDM70Z91E7CA+G7Ij3xzQpe1L9003e
imXfTdpbxPMnDdedfbkb4sCmQDjCkhlYKAlAL2cyxIvoFoxywsLyoqYlsjPhUcjy
xUcbfga22b+avxJFzl2i3j1i1amrSuyakEAshc1XkpUIVZXMgXHxG1Y2APnIlpfn
e/jhIufcp/XisGRa3OEYIfIwYc8IsIEFqfEsJyMJncea/tJDRVi83TeSZoJdjNb8
Z0Rf2wq2MPUsFpoU/42h7Q==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:44 2024 by rpki-client on console-ams.rpki-client.org