Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/sY56qATlivKGnn-EowkhOjlqykw.roa
File:                     sY56qATlivKGnn-EowkhOjlqykw.roa (raw, json)
Hash identifier:          gpRbBONNdxzdgtyziC7rKr/+J4Ggg9+zLH09r4c1yg0=
Subject key identifier:   B1:8E:7A:A8:04:E5:8A:F2:86:9E:7F:84:A3:09:21:3A:39:6A:CA:4C
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018793D2DA4EC51B954B6ECF85A3B6665B21
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/sY56qATlivKGnn-EowkhOjlqykw.roa
Signing time:             Tue 18 Apr 2023 10:04:41 +0000
ROA not before:           Tue 18 Apr 2023 10:04:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     34224
IP address blocks:        212.73.131.0/24 maxlen: 24
                          212.73.128.0/23 maxlen: 24
                          212.73.132.0/24 maxlen: 24
                          212.73.130.0/23 maxlen: 24
                          212.73.136.0/24 maxlen: 24
                          87.120.176.0/24 maxlen: 24
                          212.73.133.0/24 maxlen: 24
                          212.73.138.0/23 maxlen: 24
                          212.73.138.0/24 maxlen: 24
                          212.73.134.0/24 maxlen: 24
                          212.73.143.0/24 maxlen: 24
                          212.73.140.0/24 maxlen: 24
                          212.73.144.0/24 maxlen: 24
                          212.73.141.0/24 maxlen: 24
                          212.73.145.0/24 maxlen: 24
                          212.73.142.0/24 maxlen: 24
                          212.73.147.0/24 maxlen: 24
                          212.73.148.0/24 maxlen: 24
                          212.73.146.0/24 maxlen: 24
                          212.73.155.0/24 maxlen: 24
                          212.73.157.0/24 maxlen: 24
                          87.120.195.0/24 maxlen: 24
                          87.120.199.0/24 maxlen: 24
                          87.120.206.0/24 maxlen: 24
                          87.120.206.0/23 maxlen: 24
                          87.120.201.0/24 maxlen: 24
                          87.120.200.0/24 maxlen: 24
                          87.120.207.0/24 maxlen: 24
                          87.120.109.0/24 maxlen: 24
                          87.120.128.0/23 maxlen: 24
                          87.120.132.0/24 maxlen: 24
                          87.120.134.0/24 maxlen: 24
                          87.120.133.0/24 maxlen: 24
                          87.120.135.0/24 maxlen: 24
                          37.60.138.0/24 maxlen: 24
                          87.121.42.0/24 maxlen: 24
                          37.60.139.0/24 maxlen: 24
                          92.249.49.0/24 maxlen: 24
                          87.121.52.0/24 maxlen: 24
                          87.121.64.0/24 maxlen: 24
                          87.120.217.0/24 maxlen: 24
                          87.120.223.0/24 maxlen: 24
                          87.120.36.100/32 maxlen: 32
                          87.120.253.0/24 maxlen: 24
                          87.120.255.0/24 maxlen: 24
                          87.121.0.0/23 maxlen: 24
                          87.121.0.0/24 maxlen: 24
                          87.121.1.0/24 maxlen: 24
                          87.121.2.0/24 maxlen: 24
                          87.120.254.0/24 maxlen: 24
                          87.121.6.0/23 maxlen: 24
                          91.92.219.0/24 maxlen: 24
                          91.92.230.0/24 maxlen: 24
                          91.92.198.0/23 maxlen: 24
                          91.92.197.0/24 maxlen: 24
                          87.120.61.0/24 maxlen: 24
                          87.120.104.0/24 maxlen: 24
                          87.120.6.0/23 maxlen: 24
                          87.120.6.0/24 maxlen: 24
                          87.120.8.0/24 maxlen: 24
                          87.120.13.0/24 maxlen: 24
                          87.120.37.0/24 maxlen: 24
                          87.120.43.0/24 maxlen: 24
                          87.120.39.0/24 maxlen: 24
                          91.92.0.0/24 maxlen: 24
                          91.92.2.0/24 maxlen: 24
                          91.92.1.0/24 maxlen: 24
                          91.92.109.0/24 maxlen: 24
                          91.92.139.0/24 maxlen: 24
                          91.92.69.0/24 maxlen: 24
                          91.92.65.0/24 maxlen: 24
                          91.92.66.0/24 maxlen: 24
                          91.92.68.0/24 maxlen: 24
                          91.92.105.0/24 maxlen: 24
                          94.156.216.0/21 maxlen: 24
                          94.156.233.0/24 maxlen: 24
                          94.156.227.0/24 maxlen: 24
                          94.156.232.0/22 maxlen: 22
                          94.156.232.0/24 maxlen: 24
                          93.123.64.0/24 maxlen: 24
                          94.156.249.0/24 maxlen: 24
                          94.156.251.0/24 maxlen: 24
                          94.156.252.0/24 maxlen: 24
                          94.156.248.0/24 maxlen: 24
                          94.156.172.0/23 maxlen: 24
                          93.123.8.0/24 maxlen: 24
                          94.156.185.0/24 maxlen: 24
                          94.156.188.0/24 maxlen: 24
                          94.156.190.0/24 maxlen: 24
                          93.123.12.0/24 maxlen: 24
                          93.123.18.0/24 maxlen: 24
                          93.123.28.0/23 maxlen: 24
                          93.123.37.0/24 maxlen: 24
                          93.123.36.0/24 maxlen: 24
                          93.123.32.0/22 maxlen: 24
                          94.156.15.0/24 maxlen: 24
                          94.156.12.0/24 maxlen: 24
                          94.156.44.0/24 maxlen: 24
                          94.156.42.0/24 maxlen: 24
                          94.156.106.0/24 maxlen: 24
                          94.156.129.0/24 maxlen: 24
                          94.156.159.0/24 maxlen: 24
                          94.156.158.0/24 maxlen: 24
                          94.156.153.0/24 maxlen: 24
                          94.156.77.0/24 maxlen: 24
                          94.156.98.0/24 maxlen: 24
                          94.156.94.0/24 maxlen: 24
                          94.156.100.0/24 maxlen: 24
                          31.13.195.0/24 maxlen: 24
                          31.13.197.0/24 maxlen: 24
                          87.121.150.0/23 maxlen: 24
                          31.13.217.0/24 maxlen: 24
                          87.121.161.0/24 maxlen: 24
                          31.13.216.0/21 maxlen: 24
                          31.13.223.0/24 maxlen: 24
                          31.13.221.0/24 maxlen: 24
                          87.121.79.0/24 maxlen: 24
                          87.121.83.0/24 maxlen: 24
                          87.121.82.0/24 maxlen: 24
                          87.121.90.0/23 maxlen: 24
                          87.121.112.0/24 maxlen: 24
                          87.121.111.0/24 maxlen: 24
                          87.121.118.0/24 maxlen: 24
                          87.121.113.0/24 maxlen: 24
                          31.13.230.0/23 maxlen: 24
                          31.13.236.0/22 maxlen: 24
                          31.13.245.0/24 maxlen: 24
                          31.13.241.0/24 maxlen: 24
                          2a00:1728:35::/48 maxlen: 48
                          2a00:1728:27::/48 maxlen: 48
                          2a00:1728:21::/48 maxlen: 48
                          2a00:1728:0:d::/64 maxlen: 64
                          2a00:1728:1b::/48 maxlen: 48
                          2a00:1728:34::/48 maxlen: 48
                          2a00:1728:23::/48 maxlen: 48
                          2a00:1728:31::/48 maxlen: 48
                          2a00:1728:25::/48 maxlen: 48
                          2a00:1728:3::/48 maxlen: 48
                          2a00:1728:1f::/48 maxlen: 48
                          2a00:1728::/32 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:93:d2:da:4e:c5:1b:95:4b:6e:cf:85:a3:b6:66:5b:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Apr 18 10:04:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=b18e7aa804e58af2869e7f84a309213a396aca4c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:89:62:d5:9c:09:71:f9:7d:f3:3d:f5:4a:dd:
                    12:b1:46:8a:0b:e4:b3:a6:64:73:5b:e1:a3:15:05:
                    b3:8f:ea:49:72:cf:25:ac:6d:94:ae:68:c4:c8:16:
                    4d:d0:31:d8:49:44:82:0d:c9:ff:81:88:a5:35:ff:
                    1e:97:48:c0:96:95:e7:30:58:44:7d:e8:09:36:5d:
                    9a:9f:6c:36:07:33:cf:67:b7:dc:68:eb:2c:7f:f3:
                    cb:c6:e6:17:08:7d:4c:34:d5:ac:9a:fe:ed:3e:b9:
                    d8:05:b9:1a:9f:97:a1:f0:52:00:a7:bc:c9:40:36:
                    59:44:d7:f9:7d:d6:58:14:6a:12:d1:ce:e1:95:d4:
                    92:f5:20:44:6c:c4:3b:8f:ec:67:f7:fa:31:bb:3c:
                    bc:f4:5a:5e:1b:02:5e:84:49:fa:f8:2b:3a:38:de:
                    9a:fa:bb:b3:28:1c:22:89:d9:87:44:98:b4:4c:e8:
                    d9:43:16:c4:f2:e0:d5:cc:cb:77:89:58:79:65:a5:
                    91:06:2a:3a:a5:0c:56:4f:46:63:84:68:d3:2e:88:
                    0b:50:a7:b4:75:92:d6:ad:4a:0e:90:d9:d4:ac:64:
                    80:43:88:f2:7c:59:a2:55:6d:6f:f5:82:2a:fa:df:
                    77:dd:0c:42:f7:a0:94:58:e0:a5:e1:b5:9f:2d:bd:
                    a6:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:8E:7A:A8:04:E5:8A:F2:86:9E:7F:84:A3:09:21:3A:39:6A:CA:4C
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/sY56qATlivKGnn-EowkhOjlqykw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.13.195.0/24
                  31.13.197.0/24
                  31.13.216.0/21
                  31.13.230.0/23
                  31.13.236.0/22
                  31.13.241.0/24
                  31.13.245.0/24
                  37.60.138.0/23
                  87.120.6.0-87.120.8.255
                  87.120.13.0/24
                  87.120.36.100/32
                  87.120.37.0/24
                  87.120.39.0/24
                  87.120.43.0/24
                  87.120.61.0/24
                  87.120.104.0/24
                  87.120.109.0/24
                  87.120.128.0/23
                  87.120.132.0/22
                  87.120.176.0/24
                  87.120.195.0/24
                  87.120.199.0-87.120.201.255
                  87.120.206.0/23
                  87.120.217.0/24
                  87.120.223.0/24
                  87.120.253.0-87.121.2.255
                  87.121.6.0/23
                  87.121.42.0/24
                  87.121.52.0/24
                  87.121.64.0/24
                  87.121.79.0/24
                  87.121.82.0/23
                  87.121.90.0/23
                  87.121.111.0-87.121.113.255
                  87.121.118.0/24
                  87.121.150.0/23
                  87.121.161.0/24
                  91.92.0.0-91.92.2.255
                  91.92.65.0-91.92.66.255
                  91.92.68.0/23
                  91.92.105.0/24
                  91.92.109.0/24
                  91.92.139.0/24
                  91.92.197.0-91.92.199.255
                  91.92.219.0/24
                  91.92.230.0/24
                  92.249.49.0/24
                  93.123.8.0/24
                  93.123.12.0/24
                  93.123.18.0/24
                  93.123.28.0/23
                  93.123.32.0-93.123.37.255
                  93.123.64.0/24
                  94.156.12.0/24
                  94.156.15.0/24
                  94.156.42.0/24
                  94.156.44.0/24
                  94.156.77.0/24
                  94.156.94.0/24
                  94.156.98.0/24
                  94.156.100.0/24
                  94.156.106.0/24
                  94.156.129.0/24
                  94.156.153.0/24
                  94.156.158.0/23
                  94.156.172.0/23
                  94.156.185.0/24
                  94.156.188.0/24
                  94.156.190.0/24
                  94.156.216.0/21
                  94.156.227.0/24
                  94.156.232.0/22
                  94.156.248.0/23
                  94.156.251.0-94.156.252.255
                  212.73.128.0-212.73.134.255
                  212.73.136.0/24
                  212.73.138.0-212.73.148.255
                  212.73.155.0/24
                  212.73.157.0/24
                IPv6:
                  2a00:1728::/32

    Signature Algorithm: sha256WithRSAEncryption
         82:fa:d3:b0:2f:95:cb:a9:82:55:c3:6b:c8:ef:36:55:4d:ab:
         a1:73:cb:76:6b:c1:37:a7:65:1a:8d:d3:4b:c4:5f:f3:b7:a6:
         ea:ba:c2:ab:e5:18:d4:a6:43:36:29:a9:38:b4:ad:a1:93:55:
         36:69:66:5a:b6:25:88:18:eb:f4:f7:e3:7d:de:84:4b:c8:48:
         9f:1e:97:3d:27:c4:ba:f3:dc:25:26:c0:39:b2:99:ef:b9:53:
         2e:6e:f9:e7:a3:32:eb:7e:69:8c:34:5a:74:3d:e2:9a:7c:d4:
         5e:6c:7b:e9:bb:72:26:6b:0c:7e:7e:26:21:bc:89:58:23:06:
         3c:6b:6a:0d:db:c9:47:f2:84:1a:2c:2a:62:e7:83:bd:05:f9:
         fb:75:d2:8b:47:e1:08:d9:a3:ca:b8:ed:dd:04:78:24:f1:2e:
         ff:75:0e:85:ab:84:1a:cf:bd:37:4c:c3:51:9a:d4:4a:07:90:
         c4:e4:bf:f3:83:97:ed:1c:41:d3:54:4a:dc:52:c0:38:f1:78:
         23:e2:b8:58:5a:b9:d7:7d:68:11:5c:29:5f:52:86:ca:48:47:
         89:21:15:ad:bb:b2:c5:ca:c0:1d:fd:f0:07:e4:58:ed:51:0c:
         39:77:e6:bc:f6:95:76:e0:f8:f9:d9:21:90:24:db:8c:37:de:
         02:d8:08:00
-----BEGIN CERTIFICATE-----
MIIHQjCCBiqgAwIBAgISAYeT0tpOxRuVS27PhaO2ZlshMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwNDE4MTAwNDQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMThlN2FhODA0ZTU4YWYyODY5ZTdmODRhMzA5MjEzYTM5NmFjYTRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnYli1ZwJcfl98z31St0SsUaKC+Sz
pmRzW+GjFQWzj+pJcs8lrG2UrmjEyBZN0DHYSUSCDcn/gYilNf8el0jAlpXnMFhE
fegJNl2an2w2BzPPZ7fcaOssf/PLxuYXCH1MNNWsmv7tPrnYBbkan5eh8FIAp7zJ
QDZZRNf5fdZYFGoS0c7hldSS9SBEbMQ7j+xn9/oxuzy89FpeGwJehEn6+Cs6ON6a
+ruzKBwiidmHRJi0TOjZQxbE8uDVzMt3iVh5ZaWRBio6pQxWT0ZjhGjTLogLUKe0
dZLWrUoOkNnUrGSAQ4jyfFmiVW1v9YIq+t933QxC96CUWOCl4bWfLb2m4QIDAQAB
o4IETjCCBEowHQYDVR0OBBYEFLGOeqgE5Yryhp5/hKMJITo5aspMMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvc1k1NnFBVGxpdktHbm4tRW93a2hPamxxeWt3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIICYgYIKwYBBQUHAQcBAf8EggJRMIICTTCCAjoEAgABMIIC
MgMEAB8NwwMEAB8NxQMEAx8N2AMEAR8N5gMEAh8N7AMEAB8N8QMEAB8N9QMEASU8
ijAMAwQBV3gGAwQAV3gIAwQAV3gNAwUAV3gkZAMEAFd4JQMEAFd4JwMEAFd4KwME
AFd4PQMEAFd4aAMEAFd4bQMEAVd4gAMEAld4hAMEAFd4sAMEAFd4wzAMAwQAV3jH
AwQBV3jIAwQBV3jOAwQAV3jZAwQAV3jfMAwDBABXeP0DBABXeQIDBAFXeQYDBABX
eSoDBABXeTQDBABXeUADBABXeU8DBAFXeVIDBAFXeVowDAMEAFd5bwMEAVd5cAME
AFd5dgMEAVd5lgMEAFd5oTALAwMCW1wDBABbXAIwDAMEAFtcQQMEAFtcQgMEAVtc
RAMEAFtcaQMEAFtcbQMEAFtcizAMAwQAW1zFAwQDW1zAAwQAW1zbAwQAW1zmAwQA
XPkxAwQAXXsIAwQAXXsMAwQAXXsSAwQBXXscMAwDBAVdeyADBAFdeyQDBABde0AD
BABenAwDBABenA8DBABenCoDBABenCwDBABenE0DBABenF4DBABenGIDBABenGQD
BABenGoDBABenIEDBABenJkDBAFenJ4DBAFenKwDBABenLkDBABenLwDBABenL4D
BANenNgDBABenOMDBAJenOgDBAFenPgwDAMEAF6c+wMEAF6c/DAMAwQH1EmAAwQA
1EmGAwQA1EmIMAwDBAHUSYoDBADUSZQDBADUSZsDBADUSZ0wDQQCAAIwBwMFACoA
FygwDQYJKoZIhvcNAQELBQADggEBAIL607AvlcupglXDa8jvNlVNq6Fzy3ZrwTen
ZRqN00vEX/O3puq6wqvlGNSmQzYpqTi0raGTVTZpZlq2JYgY6/T3433ehEvISJ8e
lz0nxLrz3CUmwDmyme+5Uy5u+eejMut+aYw0WnQ94pp81F5se+m7ciZrDH5+JiG8
iVgjBjxrag3byUfyhBosKmLng70F+ft10otH4QjZo8q47d0EeCTxLv91DoWrhBrP
vTdMw1Ga1EoHkMTkv/ODl+0cQdNUStxSwDjxeCPiuFhaudd9aBFcKV9ShspIR4kh
Fa27ssXKwB398AfkWO1RDDl35rz2lXbg+PnZIZAk24w33gLYCAA=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:44 2024 by rpki-client on console-ams.rpki-client.org