Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/smbNQWsDflQkphmiefgae4VoMdQ.roa
File:                     smbNQWsDflQkphmiefgae4VoMdQ.roa (raw, json)
Hash identifier:          c4zfXzsctumM8qEwxgIoz4wEUNaaW6cDSI3XPRFPP04=
Subject key identifier:   B2:66:CD:41:6B:03:7E:54:24:A6:19:A2:79:F8:1A:7B:85:68:31:D4
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       1E0597EC
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/smbNQWsDflQkphmiefgae4VoMdQ.roa
Signing time:             Fri 15 Apr 2022 10:08:34 +0000
ROA not before:           Fri 15 Apr 2022 10:08:34 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     209371
IP address blocks:        178.215.226.0/24 maxlen: 24
                          178.215.224.0/24 maxlen: 24
                          178.215.225.0/24 maxlen: 24
                          178.215.227.0/24 maxlen: 24
                          193.47.63.0/24 maxlen: 24
                          193.47.62.0/24 maxlen: 24
                          193.47.60.0/24 maxlen: 24
                          194.55.184.0/24 maxlen: 24
                          194.48.248.0/24 maxlen: 24
                          194.55.185.0/24 maxlen: 24
                          194.48.251.0/24 maxlen: 24
                          194.48.249.0/24 maxlen: 24
                          79.110.50.0/24 maxlen: 24
                          79.110.48.0/24 maxlen: 24
                          79.110.49.0/24 maxlen: 24
                          194.180.50.0/24 maxlen: 24
                          83.219.97.0/24 maxlen: 24
                          83.219.98.0/24 maxlen: 24
                          83.219.96.0/24 maxlen: 24
                          83.219.99.0/24 maxlen: 24
                          37.139.131.0/24 maxlen: 24
                          37.139.130.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 503683052 (0x1e0597ec)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Apr 15 10:08:34 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=b266cd416b037e5424a619a279f81a7b856831d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:b4:4e:9d:58:a3:6e:86:72:10:93:93:7e:4c:
                    ab:12:6c:45:72:d0:05:7a:f8:a8:29:4b:16:3c:0a:
                    0d:c3:1d:b1:4c:0d:84:9b:d6:f6:e6:e9:1f:b0:70:
                    86:e6:23:5b:b0:11:bb:c8:10:4f:4d:95:b0:89:39:
                    6c:14:65:db:d4:f1:12:55:ad:c7:5d:f3:e3:ca:bc:
                    f5:30:d0:e6:e9:ae:cc:40:1c:f3:7c:6b:9c:3e:c4:
                    85:8c:f9:9c:a5:6c:c1:b0:00:52:a5:22:bf:15:71:
                    20:3d:72:10:ab:d7:a0:93:51:4b:49:d2:7f:d2:eb:
                    a1:67:2d:40:a5:f0:41:81:db:bf:23:7a:ad:48:da:
                    c2:39:bf:24:d0:49:bc:a5:e4:16:22:3a:36:94:62:
                    36:b4:79:86:ad:fc:51:1d:f4:73:0d:c6:1f:3f:61:
                    61:7d:1e:52:6a:3b:d6:c1:ce:3d:7f:cf:6a:0b:23:
                    51:aa:ab:d6:70:42:7c:08:3f:38:71:25:70:02:46:
                    42:20:68:06:cd:fa:4b:5d:cd:ae:4c:88:46:e1:81:
                    09:4e:1b:68:60:13:75:73:d4:d9:ed:5f:a2:1c:1a:
                    86:c4:70:60:f9:4f:5b:44:fa:56:da:35:99:63:02:
                    39:4f:6d:57:a3:a4:a4:ad:1a:d5:e6:59:2b:ec:2a:
                    c3:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:66:CD:41:6B:03:7E:54:24:A6:19:A2:79:F8:1A:7B:85:68:31:D4
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/smbNQWsDflQkphmiefgae4VoMdQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.139.130.0/23
                  79.110.48.0-79.110.50.255
                  83.219.96.0/22
                  178.215.224.0/22
                  193.47.60.0/24
                  193.47.62.0/23
                  194.48.248.0/23
                  194.48.251.0/24
                  194.55.184.0/23
                  194.180.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:66:88:64:b7:9a:89:af:96:89:b1:f4:d9:63:51:ec:44:20:
         69:87:79:fb:7d:89:19:a1:66:67:7a:bf:d4:77:40:ae:d6:b0:
         6e:24:53:53:34:84:ab:b6:6c:80:f5:3c:3f:e8:2b:ef:19:e9:
         03:5f:d7:23:39:03:1f:67:25:37:ea:8b:83:83:5e:23:69:fb:
         a4:00:93:1b:8e:b8:4c:c1:af:80:ed:3d:e7:82:a2:74:9f:be:
         c0:8e:a0:42:35:1b:00:58:33:9c:e3:6e:83:e2:84:73:fb:73:
         91:fa:08:85:f6:0b:ec:cb:af:74:80:68:ac:18:d6:80:4d:90:
         7b:c3:8d:91:35:dc:c9:84:32:a6:07:01:56:43:5f:3e:1f:6e:
         c6:a7:08:7f:da:33:43:31:07:a8:f2:74:c8:ab:39:79:f6:0c:
         4a:26:35:58:be:e9:cc:80:9e:40:9f:bd:5b:fa:6f:15:e1:6f:
         15:e0:0d:83:a7:a9:64:ab:e0:6c:25:75:12:61:98:0b:10:d7:
         2c:39:ca:45:09:d0:33:9b:d3:b1:88:53:ee:7e:99:2b:c4:ce:
         a1:cb:9c:97:24:ea:b6:60:a8:bf:09:1a:76:8f:f6:bd:8f:81:
         3e:47:23:ed:96:ac:ee:2e:85:3c:f5:d8:79:97:ec:c9:a4:d8:
         0e:3e:fa:db
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIEHgWX7DANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygy
MmM0YWMzZTNjNDNkNzBkMDUzNDljODE1YmFhZGQzOGFkNzc1ZTlkMB4XDTIyMDQx
NTEwMDgzNFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYjI2NmNkNDE2YjAz
N2U1NDI0YTYxOWEyNzlmODFhN2I4NTY4MzFkNDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALe0Tp1Yo26GchCTk35MqxJsRXLQBXr4qClLFjwKDcMdsUwN
hJvW9ubpH7BwhuYjW7ARu8gQT02VsIk5bBRl29TxElWtx13z48q89TDQ5umuzEAc
83xrnD7EhYz5nKVswbAAUqUivxVxID1yEKvXoJNRS0nSf9LroWctQKXwQYHbvyN6
rUjawjm/JNBJvKXkFiI6NpRiNrR5hq38UR30cw3GHz9hYX0eUmo71sHOPX/Pagsj
Uaqr1nBCfAg/OHElcAJGQiBoBs36S13NrkyIRuGBCU4baGATdXPU2e1fohwahsRw
YPlPW0T6Vto1mWMCOU9tV6OkpK0a1eZZK+wqw7kCAwEAAaOCAkcwggJDMB0GA1Ud
DgQWBBSyZs1BawN+VCSmGaJ5+Bp7hWgx1DAfBgNVHSMEGDAWgBQixKw+PEPXDQU0
nIFbqt04rXdenTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0lzU3NQanhEMXcwRk5KeUJXNnJkT0sxM1hwMC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMDMvOTEzYTNhLWY1NTAtNDZmMC1hY2M3LWNkM2NhNTk3NTcxMi8x
L3NtYk5RV3NEZmxRa3BobWllZmdhZTRWb01kUS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDMv
OTEzYTNhLWY1NTAtNDZmMC1hY2M3LWNkM2NhNTk3NTcxMi8xL0lzU3NQanhEMXcw
Rk5KeUJXNnJkT0sxM1hwMC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBd
BggrBgEFBQcBBwEB/wROMEwwSgQCAAEwRAMEASWLgjAMAwQET24wAwQAT24yAwQC
U9tgAwQCstfgAwQAwS88AwQBwS8+AwQBwjD4AwQAwjD7AwQBwje4AwQAwrQyMA0G
CSqGSIb3DQEBCwUAA4IBAQBtZohkt5qJr5aJsfTZY1HsRCBph3n7fYkZoWZner/U
d0Cu1rBuJFNTNISrtmyA9Tw/6CvvGekDX9cjOQMfZyU36ouDg14jafukAJMbjrhM
wa+A7T3ngqJ0n77AjqBCNRsAWDOc426D4oRz+3OR+giF9gvsy690gGisGNaATZB7
w42RNdzJhDKmBwFWQ18+H27Gpwh/2jNDMQeo8nTIqzl59gxKJjVYvunMgJ5An71b
+m8V4W8V4A2Dp6lkq+BsJXUSYZgLENcsOcpFCdAzm9OxiFPufpkrxM6hy5yXJOq2
YKi/CRp2j/a9j4E+RyPtlqzuLoU89dh5l+zJpNgOPvrb
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:44 2024 by rpki-client on console-ams.rpki-client.org