Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/rhYXrsi00BIjKvzqIemaU2eeevg.roa
File:                     rhYXrsi00BIjKvzqIemaU2eeevg.roa (raw, json)
Hash identifier:          6TbzrCB+yZxZGPrGpt1utNpTSCwz9WMxYxA82QuruNI=
Subject key identifier:   AE:16:17:AE:C8:B4:D0:12:23:2A:FC:EA:21:E9:9A:53:67:9E:7A:F8
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       0189E4941B66845D1C9EDFEAF554F77F4DB2
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/rhYXrsi00BIjKvzqIemaU2eeevg.roa
Signing time:             Fri 11 Aug 2023 12:30:58 +0000
ROA not before:           Fri 11 Aug 2023 12:30:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     50225
IP address blocks:        91.92.21.0/24 maxlen: 24
                          85.217.145.0/24 maxlen: 24
                          185.222.163.0/24 maxlen: 24
                          178.215.237.0/24 maxlen: 24
                          93.123.85.0/24 maxlen: 24
                          45.128.99.0/24 maxlen: 24
                          193.42.34.0/24 maxlen: 24
                          94.156.176.0/24 maxlen: 24
                          193.47.63.0/24 maxlen: 24
                          193.47.60.0/24 maxlen: 24
                          194.48.249.0/24 maxlen: 24
                          45.84.90.0/24 maxlen: 24
                          194.48.251.0/24 maxlen: 24
                          85.209.132.0/24 maxlen: 24
                          79.110.50.0/24 maxlen: 24
                          176.125.252.0/24 maxlen: 24
                          37.139.131.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:e4:94:1b:66:84:5d:1c:9e:df:ea:f5:54:f7:7f:4d:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Aug 11 12:30:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ae1617aec8b4d012232afcea21e99a53679e7af8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:08:9e:b5:82:56:d7:8d:15:32:06:42:25:5d:
                    83:64:88:f5:70:41:9b:92:fc:bb:82:55:87:79:ac:
                    72:ff:9f:b6:ee:d7:1e:83:34:2d:ad:77:44:97:6a:
                    5a:cf:de:0d:80:b8:37:40:18:2f:a3:f3:f0:a6:d6:
                    72:04:4b:0e:55:bf:9c:31:ea:da:8b:23:91:c3:08:
                    8a:49:08:3f:5f:5f:7a:a1:fa:d5:ba:48:7f:32:46:
                    82:81:f8:f4:18:0c:e0:8a:70:08:c1:a9:c6:cc:76:
                    38:bf:6b:ad:00:21:b7:d9:2c:d8:a2:3a:e8:b2:04:
                    8b:58:b6:1a:bb:e7:68:2b:d6:38:fd:43:91:c9:11:
                    e7:0a:ac:f1:ac:37:5f:73:32:45:ef:21:78:5b:21:
                    97:1e:98:0b:77:0a:61:51:98:f3:c6:d5:cc:2e:42:
                    6a:35:82:cb:79:f0:65:68:9e:4d:22:f7:92:18:83:
                    8d:6f:19:b8:4d:9d:14:fc:a3:98:bc:13:db:3f:68:
                    06:79:df:2a:7e:d6:93:d3:05:01:5d:4f:0c:0b:60:
                    22:61:89:13:0d:3d:f3:e8:e9:cb:6e:8d:ae:16:03:
                    ed:5b:4f:2b:37:84:d4:67:37:05:12:64:c9:43:58:
                    b8:18:95:57:52:cc:7d:a0:a7:a4:98:fb:98:3a:5c:
                    ad:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:16:17:AE:C8:B4:D0:12:23:2A:FC:EA:21:E9:9A:53:67:9E:7A:F8
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/rhYXrsi00BIjKvzqIemaU2eeevg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.139.131.0/24
                  45.84.90.0/24
                  45.128.99.0/24
                  79.110.50.0/24
                  85.209.132.0/24
                  85.217.145.0/24
                  91.92.21.0/24
                  93.123.85.0/24
                  94.156.176.0/24
                  176.125.252.0/24
                  178.215.237.0/24
                  185.222.163.0/24
                  193.42.34.0/24
                  193.47.60.0/24
                  193.47.63.0/24
                  194.48.249.0/24
                  194.48.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:c3:a2:71:b1:26:26:ea:d0:33:46:29:0e:0f:7d:04:db:0a:
         99:65:d6:93:ff:e7:df:23:4d:df:c8:49:bb:fe:60:c2:7b:67:
         3d:38:4f:1e:78:43:42:78:bd:3b:d9:cf:99:77:98:34:a3:5d:
         59:bc:98:44:f5:f5:be:27:e6:31:c3:79:f0:5f:2c:62:9b:c3:
         cc:0b:44:19:c9:4b:86:03:b9:44:4e:9d:07:bd:ac:36:ca:07:
         bd:72:05:99:00:de:b8:72:24:85:5b:db:4c:2b:be:e6:96:7f:
         e4:19:4c:2d:47:cf:55:29:8a:4e:46:86:c6:3e:a0:00:b4:18:
         a2:e2:e4:6b:43:57:04:7f:2c:fd:a0:c0:72:e7:db:f6:8e:79:
         8d:07:03:00:4c:f4:9e:ba:be:bb:47:6c:17:c5:d2:74:b8:8d:
         7e:6c:06:c7:73:1a:b5:8f:ea:f8:d3:88:a8:5d:21:ec:d5:50:
         4d:c0:27:ea:7a:cd:f8:9f:df:58:5f:47:b3:a5:71:9b:b7:6d:
         e5:c9:c4:4e:33:68:2a:69:8d:4d:80:a6:b4:ee:5a:d5:1c:84:
         0a:d2:5e:29:5a:c7:df:5e:86:17:2c:38:2a:79:1f:6b:a5:4c:
         1a:45:0a:09:c8:99:16:d8:2d:7c:7c:62:30:43:ae:93:0b:29:
         05:4d:53:52
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgISAYnklBtmhF0cnt/q9VT3f02yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwODExMTIzMDU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTE2MTdhZWM4YjRkMDEyMjMyYWZjZWEyMWU5OWE1MzY3OWU3YWY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgQietYJW140VMgZCJV2DZIj1cEGb
kvy7glWHeaxy/5+27tcegzQtrXdEl2paz94NgLg3QBgvo/PwptZyBEsOVb+cMera
iyORwwiKSQg/X196ofrVukh/MkaCgfj0GAzginAIwanGzHY4v2utACG32SzYojro
sgSLWLYau+doK9Y4/UORyRHnCqzxrDdfczJF7yF4WyGXHpgLdwphUZjzxtXMLkJq
NYLLefBlaJ5NIveSGIONbxm4TZ0U/KOYvBPbP2gGed8qftaT0wUBXU8MC2AiYYkT
DT3z6OnLbo2uFgPtW08rN4TUZzcFEmTJQ1i4GJVXUsx9oKekmPuYOlyt3QIDAQAB
o4ICaTCCAmUwHQYDVR0OBBYEFK4WF67ItNASIyr86iHpmlNnnnr4MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvcmhZWHJzaTAwQklqS3Z6cUllbWFVMmVlZXZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMH8GCCsGAQUFBwEHAQH/BHAwbjBsBAIAATBmAwQAJYuDAwQA
LVRaAwQALYBjAwQAT24yAwQAVdGEAwQAVdmRAwQAW1wVAwQAXXtVAwQAXpywAwQA
sH38AwQAstftAwQAud6jAwQAwSoiAwQAwS88AwQAwS8/AwQAwjD5AwQAwjD7MA0G
CSqGSIb3DQEBCwUAA4IBAQCTw6JxsSYm6tAzRikOD30E2wqZZdaT/+ffI03fyEm7
/mDCe2c9OE8eeENCeL072c+Zd5g0o11ZvJhE9fW+J+Yxw3nwXyxim8PMC0QZyUuG
A7lETp0Hvaw2yge9cgWZAN64ciSFW9tMK77mln/kGUwtR89VKYpORobGPqAAtBii
4uRrQ1cEfyz9oMBy59v2jnmNBwMATPSeur67R2wXxdJ0uI1+bAbHcxq1j+r404io
XSHs1VBNwCfqes34n99YX0ezpXGbt23lycROM2gqaY1NgKa07lrVHIQK0l4pWsff
XoYXLDgqeR9rpUwaRQoJyJkW2C18fGIwQ66TCykFTVNS
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:44 2024 by rpki-client on console-ams.rpki-client.org