Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/v-FDVY8vAhadCh2cx-dKIIMz7Mk.roa
File:                     v-FDVY8vAhadCh2cx-dKIIMz7Mk.roa (raw, json)
Hash identifier:          iL1R8zHwc2zzlUEplz7h9HNge87OBLHi1tBLEyREHh4=
Subject key identifier:   BF:E1:43:55:8F:2F:02:16:9D:0A:1D:9C:C7:E7:4A:20:83:33:EC:C9
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       01835A5608A336F742AED3676415B1B70332
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/v-FDVY8vAhadCh2cx-dKIIMz7Mk.roa
Signing time:             Tue 20 Sep 2022 09:58:51 +0000
ROA not before:           Tue 20 Sep 2022 09:58:51 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     43561
IP address blocks:        87.120.192.0/23 maxlen: 23
                          87.120.192.0/24 maxlen: 24
                          87.120.193.0/24 maxlen: 24
                          87.121.38.0/24 maxlen: 24
                          87.121.36.0/24 maxlen: 24
                          87.121.36.0/23 maxlen: 24
                          87.121.37.0/24 maxlen: 24
                          87.121.44.0/22 maxlen: 24
                          87.121.57.0/24 maxlen: 24
                          87.121.56.0/23 maxlen: 24
                          87.121.56.0/24 maxlen: 24
                          87.121.60.0/22 maxlen: 24
                          87.121.63.0/24 maxlen: 24
                          87.121.62.0/24 maxlen: 24
                          87.121.61.0/24 maxlen: 24
                          87.121.60.0/24 maxlen: 24
                          87.120.218.0/23 maxlen: 24
                          87.120.220.0/23 maxlen: 24
                          87.120.64.0/24 maxlen: 24
                          87.120.64.0/23 maxlen: 24
                          87.120.68.0/24 maxlen: 24
                          87.120.68.0/23 maxlen: 24
                          87.120.69.0/24 maxlen: 24
                          87.120.65.0/24 maxlen: 24
                          87.120.72.0/21 maxlen: 21
                          87.120.77.0/24 maxlen: 24
                          87.120.73.0/24 maxlen: 24
                          87.120.76.0/24 maxlen: 24
                          87.120.72.0/24 maxlen: 24
                          87.120.75.0/24 maxlen: 24
                          87.120.78.0/24 maxlen: 24
                          87.120.74.0/24 maxlen: 24
                          87.120.79.0/24 maxlen: 24
                          87.120.89.0/24 maxlen: 24
                          87.120.88.0/23 maxlen: 24
                          87.120.88.0/24 maxlen: 24
                          87.120.97.0/24 maxlen: 24
                          87.120.96.0/23 maxlen: 24
                          87.120.96.0/24 maxlen: 24
                          87.120.100.0/22 maxlen: 24
                          87.120.32.0/24 maxlen: 24
                          87.120.33.0/24 maxlen: 24
                          87.120.34.0/24 maxlen: 24
                          87.120.35.0/24 maxlen: 24
                          87.120.32.0/22 maxlen: 24
                          87.120.46.0/24 maxlen: 24
                          87.120.46.0/23 maxlen: 24
                          87.120.47.0/24 maxlen: 24
                          91.92.8.0/21 maxlen: 24
                          91.92.6.0/24 maxlen: 24
                          91.92.16.0/24 maxlen: 24
                          91.92.21.0/24 maxlen: 24
                          91.92.24.0/22 maxlen: 24
                          91.92.67.0/24 maxlen: 24
                          93.123.39.0/24 maxlen: 24
                          94.156.232.0/22 maxlen: 24
                          94.156.237.0/24 maxlen: 24
                          94.156.238.0/24 maxlen: 24
                          93.123.69.0/24 maxlen: 24
                          93.123.68.0/24 maxlen: 24
                          93.123.71.0/24 maxlen: 24
                          93.123.68.0/22 maxlen: 22
                          93.123.70.0/24 maxlen: 24
                          93.123.77.0/24 maxlen: 24
                          93.123.76.0/24 maxlen: 24
                          93.123.76.0/22 maxlen: 24
                          93.123.78.0/24 maxlen: 24
                          93.123.84.0/22 maxlen: 24
                          93.123.80.0/24 maxlen: 24
                          93.123.79.0/24 maxlen: 24
                          93.123.85.0/24 maxlen: 24
                          93.123.86.0/24 maxlen: 24
                          93.123.87.0/24 maxlen: 24
                          93.123.88.0/21 maxlen: 24
                          94.156.160.0/23 maxlen: 24
                          94.156.169.0/24 maxlen: 24
                          94.156.168.0/24 maxlen: 24
                          94.156.168.0/23 maxlen: 24
                          94.156.176.0/22 maxlen: 24
                          94.156.180.0/23 maxlen: 24
                          93.123.24.0/24 maxlen: 24
                          93.123.22.0/24 maxlen: 24
                          93.123.31.0/24 maxlen: 24
                          93.123.27.0/24 maxlen: 24
                          93.123.30.0/24 maxlen: 24
                          93.123.30.0/23 maxlen: 24
                          93.123.26.0/23 maxlen: 24
                          93.123.26.0/24 maxlen: 24
                          93.123.112.0/22 maxlen: 24
                          93.123.116.0/23 maxlen: 24
                          93.123.119.0/24 maxlen: 24
                          94.156.2.0/24 maxlen: 24
                          94.156.6.0/24 maxlen: 24
                          94.156.8.0/24 maxlen: 24
                          94.156.131.0/24 maxlen: 24
                          94.156.136.0/21 maxlen: 24
                          94.156.152.0/24 maxlen: 24
                          94.156.154.0/23 maxlen: 24
                          94.156.157.0/24 maxlen: 24
                          94.156.156.0/24 maxlen: 24
                          94.156.156.0/23 maxlen: 24
                          94.156.78.0/24 maxlen: 24
                          94.156.78.0/23 maxlen: 24
                          94.156.79.0/24 maxlen: 24
                          87.121.147.0/24 maxlen: 24
                          87.121.146.0/24 maxlen: 24
                          87.121.146.0/23 maxlen: 24
                          87.121.162.0/23 maxlen: 24
                          87.121.69.0/24 maxlen: 24
                          87.121.103.0/24 maxlen: 24
                          87.121.105.0/24 maxlen: 24
                          87.121.101.0/24 maxlen: 24
                          87.121.104.0/24 maxlen: 24
                          87.121.100.0/24 maxlen: 24
                          87.121.104.0/23 maxlen: 24
                          87.121.100.0/23 maxlen: 24
                          87.121.115.0/24 maxlen: 24
                          87.121.114.0/24 maxlen: 24
                          87.121.114.0/23 maxlen: 24
                          31.13.252.0/24 maxlen: 24
                          31.13.253.0/24 maxlen: 24
                          31.13.252.0/22 maxlen: 22
                          31.13.254.0/24 maxlen: 24
                          31.13.255.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:5a:56:08:a3:36:f7:42:ae:d3:67:64:15:b1:b7:03:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Sep 20 09:58:51 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=bfe143558f2f02169d0a1d9cc7e74a208333ecc9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:4c:12:4b:cc:5e:1f:28:69:7a:9d:b6:3b:ac:
                    a7:9b:5e:4a:35:11:07:4f:5a:66:aa:26:53:a8:fe:
                    c9:57:48:7a:18:73:55:1b:de:34:53:9f:11:19:5d:
                    3b:21:fa:9a:23:e9:2d:54:2c:27:cc:c7:f0:bf:d3:
                    1a:5a:a2:6e:cc:77:a2:9b:49:f0:02:45:90:3e:fa:
                    dc:59:3d:3b:ed:a6:7f:0c:3b:0f:18:06:9c:9f:6f:
                    95:58:e4:73:bf:a4:b6:2e:45:d3:48:c0:70:08:68:
                    fb:6c:63:d2:cd:f5:80:93:bb:d4:84:48:2e:c9:f1:
                    d6:07:d8:7f:a7:3c:76:66:fd:55:24:98:e5:0e:f8:
                    84:dd:78:24:40:72:6a:24:c1:a5:59:db:1c:49:da:
                    f0:8f:c7:ce:25:27:02:e0:cb:f9:48:8f:28:33:c6:
                    e2:bb:b2:58:c9:d5:82:98:9a:58:03:35:24:36:5c:
                    ba:2b:e7:7b:c7:21:40:38:f9:ca:79:13:bf:91:5a:
                    80:e0:5a:ff:6b:8e:0f:3a:7d:aa:46:0f:41:6f:33:
                    77:43:32:73:22:9d:32:ac:4f:fc:c0:02:6f:c8:50:
                    46:a6:67:47:7e:e4:8b:6d:c9:d1:c5:2b:90:0e:f9:
                    90:c5:0f:b5:5b:40:46:b9:38:35:f3:3a:fb:71:f1:
                    f4:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:E1:43:55:8F:2F:02:16:9D:0A:1D:9C:C7:E7:4A:20:83:33:EC:C9
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/v-FDVY8vAhadCh2cx-dKIIMz7Mk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.13.252.0/22
                  87.120.32.0/22
                  87.120.46.0/23
                  87.120.64.0/23
                  87.120.68.0/23
                  87.120.72.0/21
                  87.120.88.0/23
                  87.120.96.0/23
                  87.120.100.0/22
                  87.120.192.0/23
                  87.120.218.0-87.120.221.255
                  87.121.36.0-87.121.38.255
                  87.121.44.0/22
                  87.121.56.0/23
                  87.121.60.0/22
                  87.121.69.0/24
                  87.121.100.0/23
                  87.121.103.0-87.121.105.255
                  87.121.114.0/23
                  87.121.146.0/23
                  87.121.162.0/23
                  91.92.6.0/24
                  91.92.8.0-91.92.16.255
                  91.92.21.0/24
                  91.92.24.0/22
                  91.92.67.0/24
                  93.123.22.0/24
                  93.123.24.0/24
                  93.123.26.0/23
                  93.123.30.0/23
                  93.123.39.0/24
                  93.123.68.0/22
                  93.123.76.0-93.123.80.255
                  93.123.84.0-93.123.95.255
                  93.123.112.0-93.123.117.255
                  93.123.119.0/24
                  94.156.2.0/24
                  94.156.6.0/24
                  94.156.8.0/24
                  94.156.78.0/23
                  94.156.131.0/24
                  94.156.136.0/21
                  94.156.152.0/24
                  94.156.154.0-94.156.157.255
                  94.156.160.0/23
                  94.156.168.0/23
                  94.156.176.0-94.156.181.255
                  94.156.232.0/22
                  94.156.237.0-94.156.238.255

    Signature Algorithm: sha256WithRSAEncryption
         57:20:d3:01:94:85:1c:c2:ee:57:c1:e6:6a:4e:8c:80:cd:2e:
         db:8d:49:d3:05:32:4c:0a:05:a0:6b:35:c1:c5:a0:48:e4:b0:
         4c:52:a6:21:b8:bb:18:e6:8f:c0:95:17:59:72:33:77:76:f3:
         19:aa:68:b0:46:85:5a:85:5c:02:8f:c4:64:6e:35:3a:90:8f:
         67:30:c0:49:65:b6:da:9d:cf:53:42:61:c5:95:df:08:49:c9:
         ff:67:e2:4e:d7:e4:a2:44:c9:7f:79:fc:7e:53:86:86:3b:3e:
         07:15:30:1d:8e:a1:78:ca:79:c1:3d:94:5f:4e:29:ba:97:43:
         73:b7:b3:2f:b4:37:3c:e2:47:00:8c:af:cb:26:82:10:90:cf:
         bd:f6:4d:93:b2:b8:ae:10:cb:bc:8c:17:ec:85:9a:86:cd:49:
         2c:2b:7e:aa:27:8b:9d:69:16:5e:9a:76:0d:0b:26:86:45:0a:
         79:d6:41:9b:6d:0b:19:4c:a1:be:77:eb:cb:a4:1c:cc:26:41:
         8a:e3:59:00:e6:55:32:40:f8:ad:d9:c9:d0:8b:84:ef:9c:38:
         31:20:f8:87:ab:42:a2:74:35:df:51:b3:9e:c7:56:83:a0:56:
         34:c3:09:25:fe:10:f5:78:fb:86:50:6c:fe:44:b7:4e:7a:21:
         1d:11:cc:22
-----BEGIN CERTIFICATE-----
MIIGdzCCBV+gAwIBAgISAYNaVgijNvdCrtNnZBWxtwMyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjIwOTIwMDk1ODUxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZmUxNDM1NThmMmYwMjE2OWQwYTFkOWNjN2U3NGEyMDgzMzNlY2M5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApUwSS8xeHyhpep22O6ynm15KNREH
T1pmqiZTqP7JV0h6GHNVG940U58RGV07IfqaI+ktVCwnzMfwv9MaWqJuzHeim0nw
AkWQPvrcWT077aZ/DDsPGAacn2+VWORzv6S2LkXTSMBwCGj7bGPSzfWAk7vUhEgu
yfHWB9h/pzx2Zv1VJJjlDviE3XgkQHJqJMGlWdscSdrwj8fOJScC4Mv5SI8oM8bi
u7JYydWCmJpYAzUkNly6K+d7xyFAOPnKeRO/kVqA4Fr/a44POn2qRg9BbzN3QzJz
Ip0yrE/8wAJvyFBGpmdHfuSLbcnRxSuQDvmQxQ+1W0BGuTg18zr7cfH0JQIDAQAB
o4IDgzCCA38wHQYDVR0OBBYEFL/hQ1WPLwIWnQodnMfnSiCDM+zJMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvdi1GRFZZOHZBaGFkQ2gyY3gtZEtJSU16N01rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBlwYIKwYBBQUHAQcBAf8EggGGMIIBgjCCAX4EAgABMIIB
dgMEAh8N/AMEAld4IAMEAVd4LgMEAVd4QAMEAVd4RAMEA1d4SAMEAVd4WAMEAVd4
YAMEAld4ZAMEAVd4wDAMAwQBV3jaAwQBV3jcMAwDBAJXeSQDBABXeSYDBAJXeSwD
BAFXeTgDBAJXeTwDBABXeUUDBAFXeWQwDAMEAFd5ZwMEAVd5aAMEAVd5cgMEAVd5
kgMEAVd5ogMEAFtcBjAMAwQDW1wIAwQAW1wQAwQAW1wVAwQCW1wYAwQAW1xDAwQA
XXsWAwQAXXsYAwQBXXsaAwQBXXseAwQAXXsnAwQCXXtEMAwDBAJde0wDBABde1Aw
DAMEAl17VAMEBV17QDAMAwQEXXtwAwQBXXt0AwQAXXt3AwQAXpwCAwQAXpwGAwQA
XpwIAwQBXpxOAwQAXpyDAwQDXpyIAwQAXpyYMAwDBAFenJoDBAFenJwDBAFenKAD
BAFenKgwDAMEBF6csAMEAV6ctAMEAl6c6DAMAwQAXpztAwQAXpzuMA0GCSqGSIb3
DQEBCwUAA4IBAQBXINMBlIUcwu5XweZqToyAzS7bjUnTBTJMCgWgazXBxaBI5LBM
UqYhuLsY5o/AlRdZcjN3dvMZqmiwRoVahVwCj8RkbjU6kI9nMMBJZbbanc9TQmHF
ld8IScn/Z+JO1+SiRMl/efx+U4aGOz4HFTAdjqF4ynnBPZRfTim6l0Nzt7MvtDc8
4kcAjK/LJoIQkM+99k2TsriuEMu8jBfshZqGzUksK36qJ4udaRZemnYNCyaGRQp5
1kGbbQsZTKG+d+vLpBzMJkGK41kA5lUyQPit2cnQi4TvnDgxIPiHq0KidDXfUbOe
x1aDoFY0wwkl/hD1ePuGUGz+RLdOeiEdEcwi
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:45 2024 by rpki-client on console-ams.rpki-client.org