Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/sf9pa70l4WG33-ghaXM2LtQO0bs.roa
File:                     sf9pa70l4WG33-ghaXM2LtQO0bs.roa (raw, json)
Hash identifier:          BxAhHnXckiJqtAcZt8/WrOtioCS0/5UWdjKZn21w968=
Subject key identifier:   B1:FF:69:6B:BD:25:E1:61:B7:DF:E8:21:69:73:36:2E:D4:0E:D1:BB
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       1D568864
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/sf9pa70l4WG33-ghaXM2LtQO0bs.roa
Signing time:             Fri 04 Mar 2022 11:04:36 +0000
ROA not before:           Fri 04 Mar 2022 11:04:36 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     34224
IP address blocks:        212.73.131.0/24 maxlen: 24
                          212.73.128.0/23 maxlen: 24
                          212.73.130.0/23 maxlen: 24
                          212.73.132.0/24 maxlen: 24
                          87.120.176.0/24 maxlen: 24
                          212.73.135.0/24 maxlen: 24
                          212.73.133.0/24 maxlen: 24
                          212.73.138.0/23 maxlen: 24
                          87.120.177.0/24 maxlen: 24
                          212.73.138.0/24 maxlen: 24
                          212.73.136.0/24 maxlen: 24
                          212.73.134.0/24 maxlen: 24
                          212.73.143.0/24 maxlen: 24
                          212.73.141.0/24 maxlen: 24
                          212.73.145.0/24 maxlen: 24
                          212.73.142.0/24 maxlen: 24
                          212.73.140.0/24 maxlen: 24
                          212.73.144.0/24 maxlen: 24
                          212.73.147.0/24 maxlen: 24
                          212.73.148.0/24 maxlen: 24
                          212.73.146.0/24 maxlen: 24
                          212.73.157.0/24 maxlen: 24
                          212.73.155.0/24 maxlen: 24
                          87.120.195.0/24 maxlen: 24
                          87.120.199.0/24 maxlen: 24
                          87.120.206.0/24 maxlen: 24
                          87.120.200.0/24 maxlen: 24
                          87.120.206.0/23 maxlen: 24
                          87.120.201.0/24 maxlen: 24
                          87.120.207.0/24 maxlen: 24
                          87.120.109.0/24 maxlen: 24
                          87.120.128.0/23 maxlen: 24
                          87.120.132.0/24 maxlen: 24
                          87.120.134.0/24 maxlen: 24
                          87.120.135.0/24 maxlen: 24
                          87.120.133.0/24 maxlen: 24
                          37.60.138.0/24 maxlen: 24
                          87.121.42.0/24 maxlen: 24
                          37.60.139.0/24 maxlen: 24
                          92.249.48.0/24 maxlen: 24
                          87.121.52.0/24 maxlen: 24
                          87.121.54.0/24 maxlen: 24
                          87.121.59.0/24 maxlen: 24
                          87.121.64.0/24 maxlen: 24
                          87.120.217.0/24 maxlen: 24
                          87.120.223.0/24 maxlen: 24
                          87.120.36.100/32 maxlen: 32
                          87.120.253.0/24 maxlen: 24
                          87.121.1.0/24 maxlen: 24
                          87.120.255.0/24 maxlen: 24
                          87.121.0.0/23 maxlen: 24
                          87.121.2.0/24 maxlen: 24
                          87.121.0.0/24 maxlen: 24
                          87.120.254.0/24 maxlen: 24
                          87.121.6.0/23 maxlen: 24
                          91.92.219.0/24 maxlen: 24
                          91.92.230.0/24 maxlen: 24
                          91.92.198.0/23 maxlen: 24
                          91.92.197.0/24 maxlen: 24
                          185.221.66.0/24 maxlen: 24
                          87.120.61.0/24 maxlen: 24
                          87.120.104.0/24 maxlen: 24
                          87.120.6.0/23 maxlen: 24
                          87.120.8.0/24 maxlen: 24
                          87.120.6.0/24 maxlen: 24
                          87.120.13.0/24 maxlen: 24
                          87.120.37.0/24 maxlen: 24
                          87.120.43.0/24 maxlen: 24
                          87.120.39.0/24 maxlen: 24
                          91.92.2.0/24 maxlen: 24
                          91.92.0.0/24 maxlen: 24
                          91.92.1.0/24 maxlen: 24
                          91.92.109.0/24 maxlen: 24
                          91.92.139.0/24 maxlen: 24
                          91.92.69.0/24 maxlen: 24
                          91.92.65.0/24 maxlen: 24
                          91.92.68.0/24 maxlen: 24
                          91.92.66.0/24 maxlen: 24
                          91.92.105.0/24 maxlen: 24
                          94.156.216.0/21 maxlen: 24
                          94.156.227.0/24 maxlen: 24
                          85.217.145.0/24 maxlen: 24
                          93.123.64.0/24 maxlen: 24
                          94.156.251.0/24 maxlen: 24
                          94.156.249.0/24 maxlen: 24
                          94.156.252.0/24 maxlen: 24
                          94.156.248.0/24 maxlen: 24
                          94.156.172.0/23 maxlen: 24
                          94.156.186.0/24 maxlen: 24
                          94.156.184.0/24 maxlen: 24
                          93.123.8.0/24 maxlen: 24
                          94.156.185.0/24 maxlen: 24
                          94.156.188.0/24 maxlen: 24
                          94.156.190.0/24 maxlen: 24
                          93.123.12.0/24 maxlen: 24
                          94.156.187.0/24 maxlen: 24
                          93.123.18.0/24 maxlen: 24
                          93.123.28.0/23 maxlen: 24
                          93.123.36.0/24 maxlen: 24
                          93.123.32.0/22 maxlen: 24
                          93.123.37.0/24 maxlen: 24
                          93.123.108.0/24 maxlen: 24
                          94.156.10.0/24 maxlen: 24
                          94.156.15.0/24 maxlen: 24
                          94.156.12.0/24 maxlen: 24
                          94.156.44.0/24 maxlen: 24
                          94.156.42.0/24 maxlen: 24
                          94.156.106.0/24 maxlen: 24
                          94.156.129.0/24 maxlen: 24
                          94.156.158.0/24 maxlen: 24
                          94.156.159.0/24 maxlen: 24
                          94.156.153.0/24 maxlen: 24
                          94.156.77.0/24 maxlen: 24
                          94.156.95.0/24 maxlen: 24
                          94.156.98.0/24 maxlen: 24
                          94.156.94.0/24 maxlen: 24
                          94.156.102.0/24 maxlen: 24
                          94.156.100.0/24 maxlen: 24
                          31.13.194.0/24 maxlen: 24
                          31.13.197.0/24 maxlen: 24
                          31.13.195.0/24 maxlen: 24
                          87.121.150.0/23 maxlen: 24
                          31.13.217.0/24 maxlen: 24
                          87.121.161.0/24 maxlen: 24
                          31.13.216.0/21 maxlen: 24
                          31.13.223.0/24 maxlen: 24
                          31.13.221.0/24 maxlen: 24
                          87.121.82.0/24 maxlen: 24
                          87.121.79.0/24 maxlen: 24
                          87.121.83.0/24 maxlen: 24
                          87.121.90.0/23 maxlen: 24
                          87.121.112.0/24 maxlen: 24
                          87.121.111.0/24 maxlen: 24
                          87.121.118.0/24 maxlen: 24
                          87.121.113.0/24 maxlen: 24
                          31.13.230.0/23 maxlen: 24
                          31.13.236.0/22 maxlen: 24
                          31.13.245.0/24 maxlen: 24
                          31.13.241.0/24 maxlen: 24
                          31.13.248.0/22 maxlen: 24
                          2a00:1728:35::/48 maxlen: 48
                          2a00:1728:27::/48 maxlen: 48
                          2a00:1728:21::/48 maxlen: 48
                          2a00:1728:0:d::/64 maxlen: 64
                          2a00:1728:1b::/48 maxlen: 48
                          2a00:1728:34::/48 maxlen: 48
                          2a00:1728:23::/48 maxlen: 48
                          2a00:1728:31::/48 maxlen: 48
                          2a00:1728:25::/48 maxlen: 48
                          2a00:1728:3::/48 maxlen: 48
                          2a00:1728:1f::/48 maxlen: 48
                          2a00:1728::/32 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 492210276 (0x1d568864)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Mar  4 11:04:36 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=b1ff696bbd25e161b7dfe8216973362ed40ed1bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:74:fe:43:76:7b:8c:22:5e:38:f7:28:38:8f:
                    81:01:b0:ab:a9:96:7a:0a:53:9f:5c:7f:a9:45:de:
                    f6:8d:de:2b:4f:16:c4:11:e6:fb:4e:b7:76:a1:7c:
                    51:f3:4c:13:22:4c:98:52:96:7e:94:d8:b9:72:d4:
                    0b:c5:db:ee:df:fb:c8:72:ea:2a:97:95:e2:df:c8:
                    1d:8d:5e:24:92:0e:38:62:03:b6:3d:c5:93:3c:11:
                    d0:8b:5d:b4:b8:f4:61:fc:a7:79:14:bc:49:92:43:
                    99:f0:9a:d1:d5:0b:da:d8:13:2d:ad:81:7a:56:70:
                    41:7a:f7:4b:bd:f5:23:02:94:06:49:f7:65:37:9a:
                    3e:18:06:1c:13:e8:91:ce:0b:f0:7f:9b:40:fb:52:
                    30:55:a4:37:49:7d:cb:54:96:31:21:d1:eb:d2:31:
                    86:48:c6:d6:ca:e1:3b:a1:d5:23:f1:89:58:c1:c1:
                    b6:33:77:8e:a2:c7:b9:d8:69:84:c8:e5:2e:b5:6c:
                    e0:9e:4c:25:02:f3:72:b5:af:e9:0d:b2:af:35:d1:
                    a4:ad:21:4e:37:d9:ee:fd:bd:c1:3e:3a:ea:83:79:
                    6e:70:93:2d:b0:42:dd:2c:b2:4c:d5:57:33:bf:1f:
                    36:2a:3e:bc:c0:5d:0c:be:94:eb:7a:0a:69:61:98:
                    5e:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:FF:69:6B:BD:25:E1:61:B7:DF:E8:21:69:73:36:2E:D4:0E:D1:BB
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/sf9pa70l4WG33-ghaXM2LtQO0bs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.13.194.0/23
                  31.13.197.0/24
                  31.13.216.0/21
                  31.13.230.0/23
                  31.13.236.0/22
                  31.13.241.0/24
                  31.13.245.0/24
                  31.13.248.0/22
                  37.60.138.0/23
                  85.217.145.0/24
                  87.120.6.0-87.120.8.255
                  87.120.13.0/24
                  87.120.36.100/32
                  87.120.37.0/24
                  87.120.39.0/24
                  87.120.43.0/24
                  87.120.61.0/24
                  87.120.104.0/24
                  87.120.109.0/24
                  87.120.128.0/23
                  87.120.132.0/22
                  87.120.176.0/23
                  87.120.195.0/24
                  87.120.199.0-87.120.201.255
                  87.120.206.0/23
                  87.120.217.0/24
                  87.120.223.0/24
                  87.120.253.0-87.121.2.255
                  87.121.6.0/23
                  87.121.42.0/24
                  87.121.52.0/24
                  87.121.54.0/24
                  87.121.59.0/24
                  87.121.64.0/24
                  87.121.79.0/24
                  87.121.82.0/23
                  87.121.90.0/23
                  87.121.111.0-87.121.113.255
                  87.121.118.0/24
                  87.121.150.0/23
                  87.121.161.0/24
                  91.92.0.0-91.92.2.255
                  91.92.65.0-91.92.66.255
                  91.92.68.0/23
                  91.92.105.0/24
                  91.92.109.0/24
                  91.92.139.0/24
                  91.92.197.0-91.92.199.255
                  91.92.219.0/24
                  91.92.230.0/24
                  92.249.48.0/24
                  93.123.8.0/24
                  93.123.12.0/24
                  93.123.18.0/24
                  93.123.28.0/23
                  93.123.32.0-93.123.37.255
                  93.123.64.0/24
                  93.123.108.0/24
                  94.156.10.0/24
                  94.156.12.0/24
                  94.156.15.0/24
                  94.156.42.0/24
                  94.156.44.0/24
                  94.156.77.0/24
                  94.156.94.0/23
                  94.156.98.0/24
                  94.156.100.0/24
                  94.156.102.0/24
                  94.156.106.0/24
                  94.156.129.0/24
                  94.156.153.0/24
                  94.156.158.0/23
                  94.156.172.0/23
                  94.156.184.0-94.156.188.255
                  94.156.190.0/24
                  94.156.216.0/21
                  94.156.227.0/24
                  94.156.248.0/23
                  94.156.251.0-94.156.252.255
                  185.221.66.0/24
                  212.73.128.0-212.73.136.255
                  212.73.138.0-212.73.148.255
                  212.73.155.0/24
                  212.73.157.0/24
                IPv6:
                  2a00:1728::/32

    Signature Algorithm: sha256WithRSAEncryption
         07:8f:31:ee:06:71:fe:ff:2f:dc:39:fd:fb:40:96:df:4d:37:
         9b:d1:b2:51:8d:71:f8:c7:05:32:71:01:00:12:3d:10:89:c3:
         63:b5:26:73:b4:d6:57:fa:4f:b8:c1:19:df:a4:03:cd:52:97:
         07:ad:d1:50:90:a6:77:85:0e:7d:a5:24:7a:ac:e6:cb:5f:b7:
         cf:95:bb:9f:2a:52:46:e0:a0:42:b8:6b:16:fe:8e:6d:51:2f:
         86:04:00:3a:2f:42:5c:18:48:ca:5a:66:42:16:6b:61:ce:a2:
         47:f1:dc:f0:3c:e1:b8:26:fa:64:e0:76:fb:e0:f1:c3:86:25:
         c4:59:f4:34:45:02:d4:13:0e:99:28:a4:19:e7:8a:61:29:05:
         4e:c4:4e:d4:7e:63:dd:21:35:58:19:78:b4:a0:29:46:45:ed:
         97:a5:0c:ca:2c:1d:63:ca:41:d8:03:ac:e2:0c:8c:77:11:b4:
         d3:7d:2a:db:f4:ea:75:28:13:39:62:11:2c:f1:93:2d:78:b7:
         a5:dc:a9:e6:26:3e:ca:7a:d7:67:9f:3f:f2:a3:91:1d:89:5e:
         d7:88:98:8a:e3:e7:d3:73:c1:bb:36:77:13:ff:15:51:e4:a7:
         fd:00:c3:36:9f:fe:8b:c4:ad:b7:7b:fb:c8:f4:66:3c:e9:dd:
         5c:cd:1c:0e
-----BEGIN CERTIFICATE-----
MIIHWjCCBkKgAwIBAgIEHVaIZDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygy
MmM0YWMzZTNjNDNkNzBkMDUzNDljODE1YmFhZGQzOGFkNzc1ZTlkMB4XDTIyMDMw
NDExMDQzNloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYjFmZjY5NmJiZDI1
ZTE2MWI3ZGZlODIxNjk3MzM2MmVkNDBlZDFiYjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALZ0/kN2e4wiXjj3KDiPgQGwq6mWegpTn1x/qUXe9o3eK08W
xBHm+063dqF8UfNMEyJMmFKWfpTYuXLUC8Xb7t/7yHLqKpeV4t/IHY1eJJIOOGID
tj3FkzwR0ItdtLj0YfyneRS8SZJDmfCa0dUL2tgTLa2BelZwQXr3S731IwKUBkn3
ZTeaPhgGHBPokc4L8H+bQPtSMFWkN0l9y1SWMSHR69IxhkjG1srhO6HVI/GJWMHB
tjN3jqLHudhphMjlLrVs4J5MJQLzcrWv6Q2yrzXRpK0hTjfZ7v29wT466oN5bnCT
LbBC3SyyTNVXM78fNio+vMBdDL6U63oKaWGYXs8CAwEAAaOCBHQwggRwMB0GA1Ud
DgQWBBSx/2lrvSXhYbff6CFpczYu1A7RuzAfBgNVHSMEGDAWgBQixKw+PEPXDQU0
nIFbqt04rXdenTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0lzU3NQanhEMXcwRk5KeUJXNnJkT0sxM1hwMC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMDMvOTEzYTNhLWY1NTAtNDZmMC1hY2M3LWNkM2NhNTk3NTcxMi8x
L3NmOXBhNzBsNFdHMzMtZ2hhWE0yTHRRTzBicy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDMv
OTEzYTNhLWY1NTAtNDZmMC1hY2M3LWNkM2NhNTk3NTcxMi8xL0lzU3NQanhEMXcw
Rk5KeUJXNnJkT0sxM1hwMC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjCC
AogGCCsGAQUFBwEHAQH/BIICdzCCAnMwggJgBAIAATCCAlgDBAEfDcIDBAAfDcUD
BAMfDdgDBAEfDeYDBAIfDewDBAAfDfEDBAAfDfUDBAIfDfgDBAElPIoDBABV2ZEw
DAMEAVd4BgMEAFd4CAMEAFd4DQMFAFd4JGQDBABXeCUDBABXeCcDBABXeCsDBABX
eD0DBABXeGgDBABXeG0DBAFXeIADBAJXeIQDBAFXeLADBABXeMMwDAMEAFd4xwME
AVd4yAMEAVd4zgMEAFd42QMEAFd43zAMAwQAV3j9AwQAV3kCAwQBV3kGAwQAV3kq
AwQAV3k0AwQAV3k2AwQAV3k7AwQAV3lAAwQAV3lPAwQBV3lSAwQBV3laMAwDBABX
eW8DBAFXeXADBABXeXYDBAFXeZYDBABXeaEwCwMDAltcAwQAW1wCMAwDBABbXEED
BABbXEIDBAFbXEQDBABbXGkDBABbXG0DBABbXIswDAMEAFtcxQMEA1tcwAMEAFtc
2wMEAFtc5gMEAFz5MAMEAF17CAMEAF17DAMEAF17EgMEAV17HDAMAwQFXXsgAwQB
XXskAwQAXXtAAwQAXXtsAwQAXpwKAwQAXpwMAwQAXpwPAwQAXpwqAwQAXpwsAwQA
XpxNAwQBXpxeAwQAXpxiAwQAXpxkAwQAXpxmAwQAXpxqAwQAXpyBAwQAXpyZAwQB
XpyeAwQBXpysMAwDBANenLgDBABenLwDBABenL4DBANenNgDBABenOMDBAFenPgw
DAMEAF6c+wMEAF6c/AMEALndQjAMAwQH1EmAAwQA1EmIMAwDBAHUSYoDBADUSZQD
BADUSZsDBADUSZ0wDQQCAAIwBwMFACoAFygwDQYJKoZIhvcNAQELBQADggEBAAeP
Me4Gcf7/L9w5/ftAlt9NN5vRslGNcfjHBTJxAQASPRCJw2O1JnO01lf6T7jBGd+k
A81Slwet0VCQpneFDn2lJHqs5stft8+Vu58qUkbgoEK4axb+jm1RL4YEADovQlwY
SMpaZkIWa2HOokfx3PA84bgm+mTgdvvg8cOGJcRZ9DRFAtQTDpkopBnnimEpBU7E
TtR+Y90hNVgZeLSgKUZF7ZelDMosHWPKQdgDrOIMjHcRtNN9Ktv06nUoEzliESzx
ky14t6XcqeYmPsp612efP/KjkR2JXteImIrj59Nzwbs2dxP/FVHkp/0Awzaf/ovE
rbd7+8j0Zjzp3VzNHA4=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:44 2024 by rpki-client on console-ams.rpki-client.org