Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/u9SU9QASiC81Y0sufn3BIYcKDL8.roa
File:                     u9SU9QASiC81Y0sufn3BIYcKDL8.roa (raw, json)
Hash identifier:          v6YjbBEDG93YCHPbEpupCFKAWycQ5VsSsTkZ1pAhRDA=
Subject key identifier:   BB:D4:94:F5:00:12:88:2F:35:63:4B:2E:7E:7D:C1:21:87:0A:0C:BF
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       0187DB3A49C28A6A1A0413856BE19DBBF2B2
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/u9SU9QASiC81Y0sufn3BIYcKDL8.roa
Signing time:             Tue 02 May 2023 06:50:42 +0000
ROA not before:           Tue 02 May 2023 06:50:42 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     0
IP address blocks:        185.218.84.0/22 maxlen: 24
                          178.215.236.0/24 maxlen: 24
                          171.22.72.0/22 maxlen: 24
                          147.78.101.0/24 maxlen: 24
                          147.78.100.0/24 maxlen: 24
                          92.119.196.0/23 maxlen: 24
                          87.120.64.0/23 maxlen: 24
                          185.216.84.0/22 maxlen: 24
                          94.103.126.0/24 maxlen: 24
                          185.218.137.0/24 maxlen: 24
                          94.154.162.0/23 maxlen: 24
                          94.154.161.0/24 maxlen: 24
                          185.219.126.0/24 maxlen: 24
                          45.151.89.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:db:3a:49:c2:8a:6a:1a:04:13:85:6b:e1:9d:bb:f2:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: May  2 06:50:42 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=bbd494f50012882f35634b2e7e7dc121870a0cbf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:95:d9:f6:20:a9:df:b7:84:1f:3d:18:8e:6e:
                    e6:d9:b5:4a:e0:e9:75:c6:68:9d:16:70:37:a0:8f:
                    09:0d:0c:98:9d:33:ba:63:7c:68:cc:4f:70:b3:24:
                    bc:06:9a:e5:b2:ac:c7:eb:fe:60:0e:76:52:1b:62:
                    a6:97:6c:ca:05:81:cf:ef:d4:6f:e8:f2:33:ef:17:
                    1c:e0:f0:89:d3:a9:77:57:2a:9c:5a:87:19:a8:d3:
                    f4:d4:7f:f1:9c:ba:cd:b7:de:c9:82:e6:94:33:96:
                    73:6b:75:74:cf:75:e5:d7:5f:39:4d:1c:80:4b:5b:
                    6d:47:f8:5a:8b:cb:9e:e8:91:e0:a3:e4:41:39:d6:
                    5a:a7:92:38:43:86:9f:81:9b:1f:be:e5:ab:be:93:
                    5e:ec:f9:af:7d:66:2f:38:59:9c:55:11:19:04:b2:
                    0e:bd:2f:37:74:e2:32:5f:df:3a:00:85:5f:a7:6e:
                    c0:f7:cd:c4:d5:d8:47:eb:a5:59:24:21:81:1a:cd:
                    86:27:e8:24:12:83:8e:7a:0c:89:3c:ba:6d:e7:b5:
                    da:3f:95:f1:b5:b7:fb:ce:8b:8d:e3:ff:0c:3f:79:
                    6b:56:6a:85:a1:a7:7a:3d:5d:7d:a1:a3:26:0a:2c:
                    fd:33:b5:64:70:49:fc:05:5b:0f:d4:c4:4b:bc:50:
                    74:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:D4:94:F5:00:12:88:2F:35:63:4B:2E:7E:7D:C1:21:87:0A:0C:BF
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/u9SU9QASiC81Y0sufn3BIYcKDL8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.151.89.0/24
                  87.120.64.0/23
                  92.119.196.0/23
                  94.103.126.0/24
                  94.154.161.0-94.154.163.255
                  147.78.100.0/23
                  171.22.72.0/22
                  178.215.236.0/24
                  185.216.84.0/22
                  185.218.84.0/22
                  185.218.137.0/24
                  185.219.126.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:44:90:f6:5e:d0:1b:9d:0f:98:9e:30:83:60:ec:07:d2:82:
         ab:ef:99:7c:3c:c7:54:c8:08:ce:e3:02:8e:18:d4:51:bb:69:
         40:88:34:51:4a:27:f8:1b:cb:83:3c:99:7b:9e:28:00:20:93:
         de:29:41:99:b9:a1:5a:95:20:fd:40:d0:62:84:c1:41:2a:26:
         77:a6:6d:86:ce:43:76:2a:d2:23:9b:75:48:a6:22:63:42:b3:
         04:07:25:22:77:31:24:3a:a2:74:38:ff:cd:6b:3c:e9:1c:8b:
         2a:00:43:d0:c6:26:83:71:10:90:c3:7a:42:e0:87:b8:f4:dc:
         ba:05:21:75:d2:f1:47:08:7c:dc:7e:cb:a9:ee:c2:b4:8d:1b:
         0a:97:9e:87:68:d2:47:4e:85:68:e3:24:0f:94:87:c7:e7:45:
         32:98:4d:11:c6:3b:73:7a:eb:77:93:70:73:27:b6:ce:ab:32:
         bc:22:c4:75:64:67:fd:bc:dc:bb:57:26:fd:ec:f9:49:f6:c3:
         03:75:d8:0f:bd:d0:d0:98:e5:61:f2:b6:d9:b4:ae:41:f9:30:
         06:44:dd:48:0d:fc:7e:d9:72:55:75:7e:ab:1d:1d:bf:be:49:
         3c:08:92:47:37:5c:57:6a:7e:22:55:23:59:cd:9d:99:cb:4f:
         90:b0:05:00
-----BEGIN CERTIFICATE-----
MIIFRzCCBC+gAwIBAgISAYfbOknCimoaBBOFa+Gdu/KyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwNTAyMDY1MDQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYmQ0OTRmNTAwMTI4ODJmMzU2MzRiMmU3ZTdkYzEyMTg3MGEwY2JmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqZXZ9iCp37eEHz0Yjm7m2bVK4Ol1
xmidFnA3oI8JDQyYnTO6Y3xozE9wsyS8BprlsqzH6/5gDnZSG2Kml2zKBYHP79Rv
6PIz7xcc4PCJ06l3VyqcWocZqNP01H/xnLrNt97JguaUM5Zza3V0z3Xl1185TRyA
S1ttR/hai8ue6JHgo+RBOdZap5I4Q4afgZsfvuWrvpNe7PmvfWYvOFmcVREZBLIO
vS83dOIyX986AIVfp27A983E1dhH66VZJCGBGs2GJ+gkEoOOegyJPLpt57XaP5Xx
tbf7zouN4/8MP3lrVmqFoad6PV19oaMmCiz9M7VkcEn8BVsP1MRLvFB0BwIDAQAB
o4ICUzCCAk8wHQYDVR0OBBYEFLvUlPUAEogvNWNLLn59wSGHCgy/MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvdTlTVTlRQVNpQzgxWTBzdWZuM0JJWWNLREw4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGkGCCsGAQUFBwEHAQH/BFowWDBWBAIAATBQAwQALZdZAwQB
V3hAAwQBXHfEAwQAXmd+MAwDBABemqEDBAJemqADBAGTTmQDBAKrFkgDBACy1+wD
BAK52FQDBAK52lQDBAC52okDBAC5234wDQYJKoZIhvcNAQELBQADggEBAA5EkPZe
0BudD5ieMINg7AfSgqvvmXw8x1TICM7jAo4Y1FG7aUCINFFKJ/gby4M8mXueKAAg
k94pQZm5oVqVIP1A0GKEwUEqJnembYbOQ3Yq0iObdUimImNCswQHJSJ3MSQ6onQ4
/81rPOkciyoAQ9DGJoNxEJDDekLgh7j03LoFIXXS8UcIfNx+y6nuwrSNGwqXnodo
0kdOhWjjJA+Uh8fnRTKYTRHGO3N663eTcHMnts6rMrwixHVkZ/283LtXJv3s+Un2
wwN12A+90NCY5WHyttm0rkH5MAZE3UgN/H7ZclV1fqsdHb++STwIkkc3XFdqfiJV
I1nNnZnLT5CwBQA=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:17:20 2024 by rpki-client on console-fra.rpki-client.org