Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/uzHJwFmShkgoIUOkxYUDWrosh0s.roa
File:                     uzHJwFmShkgoIUOkxYUDWrosh0s.roa (raw, json)
Hash identifier:          MO2hR5BCPivO2rxBuLtxN62WCu4MPX8EFNXtObj7vb8=
Subject key identifier:   BB:31:C9:C0:59:92:86:48:28:21:43:A4:C5:85:03:5A:BA:2C:87:4B
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       01866F4FAC9918E0E1286ABCA36894ED12BC
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/uzHJwFmShkgoIUOkxYUDWrosh0s.roa
Signing time:             Mon 20 Feb 2023 14:52:17 +0000
ROA not before:           Mon 20 Feb 2023 14:52:17 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     0
IP address blocks:        185.218.84.0/22 maxlen: 24
                          87.121.124.0/23 maxlen: 24
                          45.81.240.0/24 maxlen: 24
                          178.215.236.0/24 maxlen: 24
                          171.22.72.0/22 maxlen: 24
                          185.252.176.0/24 maxlen: 24
                          171.22.19.0/24 maxlen: 24
                          92.119.196.0/23 maxlen: 24
                          185.216.84.0/22 maxlen: 24
                          185.218.137.0/24 maxlen: 24
                          94.154.161.0/24 maxlen: 24
                          94.154.162.0/23 maxlen: 24
                          185.219.126.0/24 maxlen: 24
                          87.121.221.0/24 maxlen: 24
                          45.151.89.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:6f:4f:ac:99:18:e0:e1:28:6a:bc:a3:68:94:ed:12:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Feb 20 14:52:17 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=bb31c9c059928648282143a4c585035aba2c874b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:0d:d5:37:dd:b1:47:1f:b8:20:62:cf:2a:62:
                    8d:4b:e8:a7:f0:41:d8:ee:8f:b8:3d:90:ec:a8:63:
                    fa:70:ea:ec:d2:05:f7:24:57:6e:74:35:43:26:ab:
                    ec:33:3d:69:bd:80:fa:64:8f:4f:91:cd:c1:8d:16:
                    c8:ae:b7:f6:f9:92:d9:fa:8a:ee:e9:d7:15:f8:d8:
                    65:a2:20:eb:74:8d:b8:80:66:92:5f:f6:28:af:97:
                    df:b2:50:94:d9:5e:1a:40:65:59:ec:cb:37:87:10:
                    8d:18:55:fc:c7:e9:58:02:25:3f:b1:ed:b7:cb:cb:
                    d0:2f:ab:cd:37:c9:7f:80:70:60:ee:a2:26:91:e0:
                    47:5b:05:45:66:8a:20:83:85:4f:39:65:3d:51:5b:
                    c8:96:13:70:33:73:15:c6:41:b9:1e:b1:2f:32:47:
                    56:85:bb:4e:37:9c:16:c1:98:5c:53:ea:fc:e4:6b:
                    f4:8c:0c:4f:b4:0d:14:3a:e9:38:23:11:ef:17:8d:
                    4a:ab:e7:0c:1a:5e:54:dd:32:88:a3:1b:ff:60:ea:
                    14:82:b3:e9:94:9e:8e:22:98:c2:f5:1d:db:a6:d6:
                    6a:b4:4b:e6:5a:c7:3a:b6:24:6b:39:7a:a3:49:6c:
                    ce:fa:3a:28:19:07:51:a8:cc:ad:c4:08:40:f7:eb:
                    98:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:31:C9:C0:59:92:86:48:28:21:43:A4:C5:85:03:5A:BA:2C:87:4B
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/uzHJwFmShkgoIUOkxYUDWrosh0s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.81.240.0/24
                  45.151.89.0/24
                  87.121.124.0/23
                  87.121.221.0/24
                  92.119.196.0/23
                  94.154.161.0-94.154.163.255
                  171.22.19.0/24
                  171.22.72.0/22
                  178.215.236.0/24
                  185.216.84.0/22
                  185.218.84.0/22
                  185.218.137.0/24
                  185.219.126.0/24
                  185.252.176.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:7f:46:be:01:dd:51:90:49:83:70:9e:27:ab:6e:54:5f:a3:
         c4:27:09:04:58:fe:35:2f:9e:4b:3d:a4:22:53:68:4d:26:85:
         44:63:03:77:f5:b9:21:81:75:d9:06:b0:c0:73:a7:25:e5:1e:
         83:2c:61:ce:1e:0b:f2:e6:42:26:fa:6d:46:36:57:84:8b:4e:
         56:69:9e:0c:b4:a7:4d:e8:17:35:20:fd:b5:60:a8:65:52:73:
         73:58:1b:1e:19:9e:67:63:1d:31:54:98:b6:fc:8b:6e:cb:70:
         98:68:3b:a4:32:19:86:b2:c9:b1:06:1c:f4:4c:e6:f2:4f:f3:
         3b:ff:69:03:44:06:e5:5b:ef:35:a3:62:c4:08:6e:ad:c6:09:
         dc:fa:47:06:b8:a8:fe:78:ea:da:c2:f9:db:f6:14:fc:9f:b2:
         d9:16:d7:97:eb:d6:73:79:63:6c:3e:8f:2f:39:9e:ca:3d:81:
         d6:af:c8:19:c6:71:91:7e:2a:22:4f:81:97:84:b1:26:5a:0b:
         8b:da:b6:83:ab:c3:da:da:e2:b3:c1:1a:28:29:d9:d1:cd:a2:
         88:cc:66:2c:23:5e:c8:bb:ff:38:58:2b:32:d8:39:69:8d:6c:
         a7:a7:ec:9e:3c:10:f8:6b:b1:b5:9b:58:20:eb:4c:98:e1:a5:
         ae:12:e1:3f
-----BEGIN CERTIFICATE-----
MIIFUzCCBDugAwIBAgISAYZvT6yZGODhKGq8o2iU7RK8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwMjIwMTQ1MjE3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjMxYzljMDU5OTI4NjQ4MjgyMTQzYTRjNTg1MDM1YWJhMmM4NzRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxA3VN92xRx+4IGLPKmKNS+in8EHY
7o+4PZDsqGP6cOrs0gX3JFdudDVDJqvsMz1pvYD6ZI9Pkc3BjRbIrrf2+ZLZ+oru
6dcV+NhloiDrdI24gGaSX/Yor5ffslCU2V4aQGVZ7Ms3hxCNGFX8x+lYAiU/se23
y8vQL6vNN8l/gHBg7qImkeBHWwVFZoogg4VPOWU9UVvIlhNwM3MVxkG5HrEvMkdW
hbtON5wWwZhcU+r85Gv0jAxPtA0UOuk4IxHvF41Kq+cMGl5U3TKIoxv/YOoUgrPp
lJ6OIpjC9R3bptZqtEvmWsc6tiRrOXqjSWzO+jooGQdRqMytxAhA9+uY9wIDAQAB
o4ICXzCCAlswHQYDVR0OBBYEFLsxycBZkoZIKCFDpMWFA1q6LIdLMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvdXpISndGbVNoa2dvSVVPa3hZVURXcm9zaDBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHUGCCsGAQUFBwEHAQH/BGYwZDBiBAIAATBcAwQALVHwAwQA
LZdZAwQBV3l8AwQAV3ndAwQBXHfEMAwDBABemqEDBAJemqADBACrFhMDBAKrFkgD
BACy1+wDBAK52FQDBAK52lQDBAC52okDBAC5234DBAC5/LAwDQYJKoZIhvcNAQEL
BQADggEBAIF/Rr4B3VGQSYNwnierblRfo8QnCQRY/jUvnks9pCJTaE0mhURjA3f1
uSGBddkGsMBzpyXlHoMsYc4eC/LmQib6bUY2V4SLTlZpngy0p03oFzUg/bVgqGVS
c3NYGx4ZnmdjHTFUmLb8i27LcJhoO6QyGYayybEGHPRM5vJP8zv/aQNEBuVb7zWj
YsQIbq3GCdz6Rwa4qP546trC+dv2FPyfstkW15fr1nN5Y2w+jy85nso9gdavyBnG
cZF+KiJPgZeEsSZaC4vatoOrw9ra4rPBGigp2dHNoojMZiwjXsi7/zhYKzLYOWmN
bKen7J48EPhrsbWbWCDrTJjhpa4S4T8=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:45 2024 by rpki-client on console-ams.rpki-client.org