Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/tOtBTcUc9g0HPew2PigEHgw_sNQ.roa
File:                     tOtBTcUc9g0HPew2PigEHgw_sNQ.roa (raw, json)
Hash identifier:          eB44VDffiNs6VCG86CP3gN7g82izm1yNFfVtSBStWV4=
Subject key identifier:   B4:EB:41:4D:C5:1C:F6:0D:07:3D:EC:36:3E:28:04:1E:0C:3F:B0:D4
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       0184E621DB5125A4B144FB30FDC16D522BA2
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/tOtBTcUc9g0HPew2PigEHgw_sNQ.roa
Signing time:             Tue 06 Dec 2022 06:31:29 +0000
ROA not before:           Tue 06 Dec 2022 06:31:29 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     8100
IP address blocks:        87.120.192.0/23 maxlen: 24
                          87.121.36.0/23 maxlen: 24
                          87.121.38.0/24 maxlen: 24
                          87.121.44.0/22 maxlen: 24
                          87.121.56.0/23 maxlen: 24
                          87.121.60.0/22 maxlen: 24
                          87.120.218.0/23 maxlen: 24
                          87.120.220.0/23 maxlen: 24
                          94.154.163.0/24 maxlen: 24
                          94.154.160.0/23 maxlen: 24
                          94.154.173.0/24 maxlen: 24
                          93.123.39.0/24 maxlen: 24
                          94.156.237.0/24 maxlen: 24
                          194.55.226.0/24 maxlen: 24
                          94.156.238.0/24 maxlen: 24
                          93.123.68.0/22 maxlen: 24
                          93.123.76.0/22 maxlen: 24
                          93.123.85.0/24 maxlen: 24
                          93.123.80.0/24 maxlen: 24
                          93.123.86.0/23 maxlen: 24
                          193.42.32.0/24 maxlen: 24
                          94.156.168.0/23 maxlen: 24
                          94.156.176.0/22 maxlen: 24
                          94.156.180.0/23 maxlen: 24
                          93.123.24.0/24 maxlen: 24
                          194.48.249.0/24 maxlen: 24
                          93.123.30.0/23 maxlen: 24
                          194.55.187.0/24 maxlen: 24
                          93.123.26.0/23 maxlen: 24
                          87.120.64.0/23 maxlen: 24
                          87.120.68.0/23 maxlen: 24
                          94.103.126.0/24 maxlen: 24
                          87.120.88.0/23 maxlen: 24
                          87.120.96.0/23 maxlen: 24
                          87.120.100.0/22 maxlen: 24
                          93.123.112.0/22 maxlen: 24
                          93.123.116.0/23 maxlen: 24
                          93.123.119.0/24 maxlen: 24
                          87.120.32.0/22 maxlen: 24
                          193.25.219.0/24 maxlen: 24
                          87.120.46.0/23 maxlen: 24
                          94.156.2.0/24 maxlen: 24
                          94.156.6.0/24 maxlen: 24
                          94.156.8.0/24 maxlen: 24
                          91.92.16.0/24 maxlen: 24
                          91.92.21.0/24 maxlen: 24
                          91.92.24.0/22 maxlen: 24
                          193.58.121.0/24 maxlen: 24
                          193.58.123.0/24 maxlen: 24
                          194.169.172.0/24 maxlen: 24
                          185.246.223.0/24 maxlen: 24
                          94.156.131.0/24 maxlen: 24
                          94.156.152.0/24 maxlen: 24
                          94.156.156.0/23 maxlen: 24
                          94.156.154.0/23 maxlen: 24
                          91.92.67.0/24 maxlen: 24
                          94.156.78.0/23 maxlen: 24
                          37.139.130.0/23 maxlen: 24
                          212.87.205.0/24 maxlen: 24
                          87.121.146.0/23 maxlen: 24
                          178.215.236.0/24 maxlen: 24
                          178.215.238.0/24 maxlen: 24
                          87.121.162.0/23 maxlen: 24
                          87.121.69.0/24 maxlen: 24
                          185.252.177.0/24 maxlen: 24
                          193.222.97.0/24 maxlen: 24
                          193.47.62.0/24 maxlen: 24
                          193.37.42.0/24 maxlen: 24
                          87.121.100.0/23 maxlen: 24
                          87.121.103.0/24 maxlen: 24
                          193.37.47.0/24 maxlen: 24
                          87.121.114.0/23 maxlen: 24
                          31.13.252.0/22 maxlen: 24
                          87.121.221.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:e6:21:db:51:25:a4:b1:44:fb:30:fd:c1:6d:52:2b:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Dec  6 06:31:29 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=b4eb414dc51cf60d073dec363e28041e0c3fb0d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:fc:82:9c:21:8e:fe:96:c4:2f:bf:fd:10:41:
                    fc:04:a8:fc:d7:d8:a2:e2:44:d5:5c:2a:5f:40:d8:
                    c2:2d:7c:e2:36:ce:3e:bb:65:b0:7b:95:22:5a:7e:
                    1a:41:f6:1f:2e:90:aa:18:78:a3:67:60:51:d3:cb:
                    11:d6:60:48:58:c9:a2:66:9d:40:7c:a1:73:27:0a:
                    4f:c4:7f:31:f9:fc:ae:c1:ed:41:ee:49:f7:2a:87:
                    de:a8:08:d6:66:42:c1:d5:99:b2:24:bc:4c:c7:0c:
                    80:45:9f:e9:d1:6d:d3:d1:95:3c:c0:c3:32:28:79:
                    49:e5:6a:c6:99:66:d8:fc:68:9e:7a:69:dd:4c:10:
                    5c:ee:fb:fb:77:9e:c0:fc:cc:49:4f:90:59:fa:2d:
                    77:b1:9b:56:6b:3d:ec:a8:e6:88:77:12:cb:c6:e1:
                    d1:53:29:0c:ca:b6:86:46:72:a4:0c:d9:cd:99:a6:
                    38:6a:2c:4c:63:92:6f:58:20:8e:65:f4:92:28:19:
                    ad:b9:81:0b:7b:06:1c:e4:85:1d:c5:4b:f7:73:10:
                    f4:04:fa:42:64:5f:5f:f3:d3:76:cd:90:f4:a9:24:
                    78:62:8b:22:e4:fb:e0:e7:c8:39:14:7a:32:be:66:
                    5e:fb:98:58:2d:28:db:b9:39:e8:db:79:e6:e3:3b:
                    3c:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:EB:41:4D:C5:1C:F6:0D:07:3D:EC:36:3E:28:04:1E:0C:3F:B0:D4
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/tOtBTcUc9g0HPew2PigEHgw_sNQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.13.252.0/22
                  37.139.130.0/23
                  87.120.32.0/22
                  87.120.46.0/23
                  87.120.64.0/23
                  87.120.68.0/23
                  87.120.88.0/23
                  87.120.96.0/23
                  87.120.100.0/22
                  87.120.192.0/23
                  87.120.218.0-87.120.221.255
                  87.121.36.0-87.121.38.255
                  87.121.44.0/22
                  87.121.56.0/23
                  87.121.60.0/22
                  87.121.69.0/24
                  87.121.100.0/23
                  87.121.103.0/24
                  87.121.114.0/23
                  87.121.146.0/23
                  87.121.162.0/23
                  87.121.221.0/24
                  91.92.16.0/24
                  91.92.21.0/24
                  91.92.24.0/22
                  91.92.67.0/24
                  93.123.24.0/24
                  93.123.26.0/23
                  93.123.30.0/23
                  93.123.39.0/24
                  93.123.68.0/22
                  93.123.76.0-93.123.80.255
                  93.123.85.0-93.123.87.255
                  93.123.112.0-93.123.117.255
                  93.123.119.0/24
                  94.103.126.0/24
                  94.154.160.0/23
                  94.154.163.0/24
                  94.154.173.0/24
                  94.156.2.0/24
                  94.156.6.0/24
                  94.156.8.0/24
                  94.156.78.0/23
                  94.156.131.0/24
                  94.156.152.0/24
                  94.156.154.0-94.156.157.255
                  94.156.168.0/23
                  94.156.176.0-94.156.181.255
                  94.156.237.0-94.156.238.255
                  178.215.236.0/24
                  178.215.238.0/24
                  185.246.223.0/24
                  185.252.177.0/24
                  193.25.219.0/24
                  193.37.42.0/24
                  193.37.47.0/24
                  193.42.32.0/24
                  193.47.62.0/24
                  193.58.121.0/24
                  193.58.123.0/24
                  193.222.97.0/24
                  194.48.249.0/24
                  194.55.187.0/24
                  194.55.226.0/24
                  194.169.172.0/24
                  212.87.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:a8:2a:55:2b:d3:bb:08:50:81:f9:59:af:14:92:4e:2b:65:
         55:0b:20:52:bb:9e:49:46:53:6a:2a:8d:e5:59:4d:5f:32:9f:
         f1:05:7d:7d:23:c8:56:66:a9:62:c6:8a:4b:1d:38:a3:4b:78:
         35:52:68:47:34:e4:a6:e0:b5:ee:1a:e9:48:42:1a:15:a4:a0:
         c3:0f:98:30:67:bc:2b:6e:fb:78:dd:13:8a:7e:96:13:cb:40:
         39:69:36:41:a9:e5:f8:1f:ae:78:58:a1:d4:ca:a3:4f:9f:62:
         c6:6b:5f:59:2d:d8:4b:d4:21:be:56:c7:95:8e:4c:12:a0:2d:
         08:9b:a2:1e:21:52:eb:17:22:a1:83:cb:dd:9a:df:8e:97:78:
         56:25:bd:cc:25:78:b2:54:99:bd:8e:bd:40:6f:42:b2:40:b8:
         62:43:f4:6e:4c:a1:22:c9:58:6c:97:80:42:31:78:72:1f:ac:
         b8:39:17:77:2c:07:73:b8:35:fb:5f:bf:05:f4:42:39:54:94:
         55:8a:29:83:12:1b:10:ab:ab:ee:fc:7d:19:ac:f0:6c:ad:65:
         86:95:73:ea:a1:64:ee:14:27:0b:5c:6e:68:d5:11:1f:f3:6e:
         2a:b3:2b:3e:ab:8d:8f:be:18:1f:23:39:09:1f:aa:ac:8f:ea:
         39:4d:f1:cb
-----BEGIN CERTIFICATE-----
MIIGzTCCBbWgAwIBAgISAYTmIdtRJaSxRPsw/cFtUiuiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjIxMjA2MDYzMTI5WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNGViNDE0ZGM1MWNmNjBkMDczZGVjMzYzZTI4MDQxZTBjM2ZiMGQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkfyCnCGO/pbEL7/9EEH8BKj819ii
4kTVXCpfQNjCLXziNs4+u2Wwe5UiWn4aQfYfLpCqGHijZ2BR08sR1mBIWMmiZp1A
fKFzJwpPxH8x+fyuwe1B7kn3KofeqAjWZkLB1ZmyJLxMxwyARZ/p0W3T0ZU8wMMy
KHlJ5WrGmWbY/GieemndTBBc7vv7d57A/MxJT5BZ+i13sZtWaz3sqOaIdxLLxuHR
UykMyraGRnKkDNnNmaY4aixMY5JvWCCOZfSSKBmtuYELewYc5IUdxUv3cxD0BPpC
ZF9f89N2zZD0qSR4Yosi5Pvg58g5FHoyvmZe+5hYLSjbuTno23nm4zs8twIDAQAB
o4ID2TCCA9UwHQYDVR0OBBYEFLTrQU3FHPYNBz3sNj4oBB4MP7DUMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvdE90QlRjVWM5ZzBIUGV3MlBpZ0VIZ3dfc05RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIB7QYIKwYBBQUHAQcBAf8EggHcMIIB2DCCAdQEAgABMIIB
zAMEAh8N/AMEASWLggMEAld4IAMEAVd4LgMEAVd4QAMEAVd4RAMEAVd4WAMEAVd4
YAMEAld4ZAMEAVd4wDAMAwQBV3jaAwQBV3jcMAwDBAJXeSQDBABXeSYDBAJXeSwD
BAFXeTgDBAJXeTwDBABXeUUDBAFXeWQDBABXeWcDBAFXeXIDBAFXeZIDBAFXeaID
BABXed0DBABbXBADBABbXBUDBAJbXBgDBABbXEMDBABdexgDBAFdexoDBAFdex4D
BABdeycDBAJde0QwDAMEAl17TAMEAF17UDAMAwQAXXtVAwQDXXtQMAwDBARde3AD
BAFde3QDBABde3cDBABeZ34DBAFemqADBABemqMDBABemq0DBABenAIDBABenAYD
BABenAgDBAFenE4DBABenIMDBABenJgwDAMEAV6cmgMEAV6cnAMEAV6cqDAMAwQE
XpywAwQBXpy0MAwDBABenO0DBABenO4DBACy1+wDBACy1+4DBAC59t8DBAC5/LED
BADBGdsDBADBJSoDBADBJS8DBADBKiADBADBLz4DBADBOnkDBADBOnsDBADB3mED
BADCMPkDBADCN7sDBADCN+IDBADCqawDBADUV80wDQYJKoZIhvcNAQELBQADggEB
AAWoKlUr07sIUIH5Wa8Ukk4rZVULIFK7nklGU2oqjeVZTV8yn/EFfX0jyFZmqWLG
iksdOKNLeDVSaEc05Kbgte4a6UhCGhWkoMMPmDBnvCtu+3jdE4p+lhPLQDlpNkGp
5fgfrnhYodTKo0+fYsZrX1kt2EvUIb5Wx5WOTBKgLQiboh4hUusXIqGDy92a346X
eFYlvcwleLJUmb2OvUBvQrJAuGJD9G5MoSLJWGyXgEIxeHIfrLg5F3csB3O4Nftf
vwX0QjlUlFWKKYMSGxCrq+78fRms8GytZYaVc+qhZO4UJwtcbmjVER/zbiqzKz6r
jY++GB8jOQkfqqyP6jlN8cs=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:17:20 2024 by rpki-client on console-fra.rpki-client.org