Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/w70DyPZFbR_YA8vIh2NGzGRIxmw.roa
File:                     w70DyPZFbR_YA8vIh2NGzGRIxmw.roa (raw, json)
Hash identifier:          REalEY+z48HV3eC6vy0+hz2+2GwNIwb/68jlVMv4DiY=
Subject key identifier:   C3:BD:03:C8:F6:45:6D:1F:D8:03:CB:C8:87:63:46:CC:64:48:C6:6C
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       0184374D26C661A6F26B0FB761030B8E4B51
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/w70DyPZFbR_YA8vIh2NGzGRIxmw.roa
Signing time:             Wed 02 Nov 2022 07:45:13 +0000
ROA not before:           Wed 02 Nov 2022 07:45:13 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     397423
IP address blocks:        212.87.206.0/24 maxlen: 24
                          178.215.224.0/24 maxlen: 24
                          85.217.144.0/24 maxlen: 24
                          185.252.179.0/24 maxlen: 24
                          193.47.60.0/24 maxlen: 24
                          193.37.44.0/24 maxlen: 24
                          79.110.61.0/24 maxlen: 24
                          92.249.51.0/24 maxlen: 24
                          94.103.127.0/24 maxlen: 24
                          92.249.48.0/24 maxlen: 24
                          83.219.97.0/24 maxlen: 24
                          193.25.216.0/24 maxlen: 24
                          109.206.238.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:37:4d:26:c6:61:a6:f2:6b:0f:b7:61:03:0b:8e:4b:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Nov  2 07:45:13 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=c3bd03c8f6456d1fd803cbc8876346cc6448c66c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:89:95:f3:64:93:83:26:67:15:f0:14:a5:06:
                    fe:bb:46:4b:6c:2b:a6:ae:eb:02:96:ed:8b:8a:b3:
                    67:08:39:5f:f7:c7:be:3b:4a:f7:65:25:a9:3e:50:
                    40:0a:41:c7:c9:94:9b:7c:66:f8:62:bb:76:4a:2e:
                    6c:96:0b:e3:ae:2f:6a:ab:c2:75:89:24:57:74:4d:
                    74:c0:66:90:e6:b8:69:9d:13:37:dc:b2:60:f4:59:
                    8a:51:6e:4f:6f:ed:22:96:a5:ec:7a:a6:90:b0:7e:
                    57:ba:df:31:e4:7c:a6:67:79:95:07:7c:af:c8:4b:
                    87:a2:a5:37:cd:8f:b5:e9:7c:0a:99:98:8e:23:ce:
                    07:56:ea:10:ee:97:0f:be:03:a2:00:3c:75:56:f7:
                    66:7a:37:d1:e4:a9:bd:bc:f6:96:94:c7:35:0c:bc:
                    ff:6d:a7:93:81:8f:e1:4a:70:14:12:5c:83:4f:d9:
                    08:91:37:b1:75:c9:6f:b3:e5:d1:6b:d2:48:df:88:
                    53:16:61:b6:20:7f:73:31:53:84:6b:61:1e:c2:fa:
                    cd:3b:57:64:a4:1c:81:fd:04:cc:e6:a1:47:9d:55:
                    2a:fc:ec:2b:5a:56:07:84:22:04:78:78:32:2c:7e:
                    92:53:22:7e:73:32:49:17:dc:ed:8f:d6:ac:f6:55:
                    e6:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:BD:03:C8:F6:45:6D:1F:D8:03:CB:C8:87:63:46:CC:64:48:C6:6C
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/w70DyPZFbR_YA8vIh2NGzGRIxmw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.110.61.0/24
                  83.219.97.0/24
                  85.217.144.0/24
                  92.249.48.0/24
                  92.249.51.0/24
                  94.103.127.0/24
                  109.206.238.0/24
                  178.215.224.0/24
                  185.252.179.0/24
                  193.25.216.0/24
                  193.37.44.0/24
                  193.47.60.0/24
                  212.87.206.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:dc:28:d6:fa:df:db:7e:d4:b5:31:d7:b7:13:13:78:02:27:
         22:37:06:fb:74:6d:89:99:fc:ac:6b:6b:83:84:a2:6c:b4:34:
         7b:93:a7:6f:db:fa:54:c8:a5:33:cd:4c:fb:73:6d:9d:95:e3:
         6c:49:c3:0b:60:4c:6e:0e:74:33:f0:56:d6:68:a2:5f:74:0f:
         e7:0c:99:e3:b0:c1:cc:a2:55:47:e5:7a:e1:db:fd:83:d7:78:
         6d:2a:25:b7:10:39:94:7c:82:98:cd:9f:4d:35:10:56:22:93:
         ed:1c:93:e7:c6:70:c5:ac:30:98:eb:b3:b2:9d:85:da:0d:7a:
         e3:ad:6d:7c:8a:ae:aa:5c:15:16:6b:f7:7a:bd:fd:d3:4f:7f:
         50:d2:43:96:90:46:31:2f:84:6c:e2:f4:c2:ab:17:39:f8:9f:
         eb:d8:db:06:b5:36:81:60:3d:bf:1b:3c:07:72:11:6f:5b:51:
         ab:6e:52:cf:43:cb:4c:be:e2:c4:7e:22:d1:55:49:cb:6c:a8:
         be:d2:60:2a:b8:93:14:59:bc:63:d5:6c:73:08:29:2b:25:3e:
         41:78:0a:15:09:24:61:24:ac:5a:c8:96:8f:af:b1:2d:93:9f:
         9a:94:e1:62:1e:63:de:7f:43:e2:eb:97:cd:77:55:39:75:f1:
         b4:c5:fc:94
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgISAYQ3TSbGYabyaw+3YQMLjktRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjIxMTAyMDc0NTEzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjM2JkMDNjOGY2NDU2ZDFmZDgwM2NiYzg4NzYzNDZjYzY0NDhjNjZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi4mV82STgyZnFfAUpQb+u0ZLbCum
rusClu2LirNnCDlf98e+O0r3ZSWpPlBACkHHyZSbfGb4Yrt2Si5slgvjri9qq8J1
iSRXdE10wGaQ5rhpnRM33LJg9FmKUW5Pb+0ilqXseqaQsH5Xut8x5HymZ3mVB3yv
yEuHoqU3zY+16XwKmZiOI84HVuoQ7pcPvgOiADx1VvdmejfR5Km9vPaWlMc1DLz/
baeTgY/hSnAUElyDT9kIkTexdclvs+XRa9JI34hTFmG2IH9zMVOEa2EewvrNO1dk
pByB/QTM5qFHnVUq/OwrWlYHhCIEeHgyLH6SUyJ+czJJF9ztj9as9lXm3QIDAQAB
o4ICUTCCAk0wHQYDVR0OBBYEFMO9A8j2RW0f2APLyIdjRsxkSMZsMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvdzcwRHlQWkZiUl9ZQTh2SWgyTkd6R1JJeG13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGcGCCsGAQUFBwEHAQH/BFgwVjBUBAIAATBOAwQAT249AwQA
U9thAwQAVdmQAwQAXPkwAwQAXPkzAwQAXmd/AwQAbc7uAwQAstfgAwQAufyzAwQA
wRnYAwQAwSUsAwQAwS88AwQA1FfOMA0GCSqGSIb3DQEBCwUAA4IBAQBO3CjW+t/b
ftS1Mde3ExN4AiciNwb7dG2Jmfysa2uDhKJstDR7k6dv2/pUyKUzzUz7c22dleNs
ScMLYExuDnQz8FbWaKJfdA/nDJnjsMHMolVH5Xrh2/2D13htKiW3EDmUfIKYzZ9N
NRBWIpPtHJPnxnDFrDCY67OynYXaDXrjrW18iq6qXBUWa/d6vf3TT39Q0kOWkEYx
L4Rs4vTCqxc5+J/r2NsGtTaBYD2/GzwHchFvW1GrblLPQ8tMvuLEfiLRVUnLbKi+
0mAquJMUWbxj1WxzCCkrJT5BeAoVCSRhJKxayJaPr7Etk5+alOFiHmPef0Pi65fN
d1U5dfG0xfyU
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:46 2024 by rpki-client on console-ams.rpki-client.org