Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/xML7XBgeCBCeHBQNVXnlPu5ZgmY.roa
File:                     xML7XBgeCBCeHBQNVXnlPu5ZgmY.roa (raw, json)
Hash identifier:          jJOzHSx5mwFp9gURFfdSFb+GtZ0FtXhBiG7XqBkpYJg=
Subject key identifier:   C4:C2:FB:5C:18:1E:08:10:9E:1C:14:0D:55:79:E5:3E:EE:59:82:66
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       01850BED36C7525BA292AC7C72E434890D54
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/xML7XBgeCBCeHBQNVXnlPu5ZgmY.roa
Signing time:             Tue 13 Dec 2022 14:39:33 +0000
ROA not before:           Tue 13 Dec 2022 14:39:33 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     211252
IP address blocks:        85.217.145.0/24 maxlen: 24
                          45.81.39.0/24 maxlen: 24
                          45.66.230.0/24 maxlen: 24
                          80.76.51.0/24 maxlen: 24
                          85.31.44.0/24 maxlen: 24
                          85.31.46.0/24 maxlen: 24
                          185.252.178.0/24 maxlen: 24
                          193.47.61.0/24 maxlen: 24
                          194.55.186.0/24 maxlen: 24
                          185.246.221.0/24 maxlen: 24
                          185.246.220.0/24 maxlen: 24
                          109.206.241.0/24 maxlen: 24
                          109.206.243.0/24 maxlen: 24
                          185.254.37.0/24 maxlen: 24
                          185.216.71.0/24 maxlen: 24
                          79.110.62.0/24 maxlen: 24
                          79.110.63.0/24 maxlen: 24
                          194.180.48.0/24 maxlen: 24
                          185.225.73.0/24 maxlen: 24
                          37.139.128.0/24 maxlen: 24
                          37.139.129.0/24 maxlen: 24
                          84.21.172.0/24 maxlen: 24
                          109.206.240.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:0b:ed:36:c7:52:5b:a2:92:ac:7c:72:e4:34:89:0d:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Dec 13 14:39:33 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=c4c2fb5c181e08109e1c140d5579e53eee598266
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:9a:2e:e9:39:ff:22:c9:be:5e:5f:8a:df:19:
                    56:09:55:4f:ab:c2:f9:5a:34:e7:32:76:f5:4a:21:
                    be:5d:10:05:46:3e:81:29:51:29:2d:ed:1c:eb:ce:
                    51:a9:34:cf:1e:cd:ea:f7:b8:5e:38:20:62:52:42:
                    4a:3d:91:5f:3b:c6:11:69:17:a8:9b:44:09:6a:68:
                    62:5e:fc:67:b9:c2:d6:8f:b4:76:fd:d1:b2:00:a2:
                    86:1c:44:8c:a0:fb:d4:f0:74:55:d1:d0:1e:36:ee:
                    12:43:a8:7d:65:e0:42:b8:5c:33:8e:f1:d5:0f:09:
                    38:6f:8b:c5:52:e7:bb:7b:21:a7:d2:ab:4a:df:84:
                    e2:d1:0e:7a:b7:63:e8:84:00:df:79:ce:c2:f0:b6:
                    7c:a7:e2:25:52:70:36:e2:e0:44:51:11:89:ee:40:
                    a5:5a:b8:c0:49:e4:ab:a8:73:6d:a9:ea:dd:a4:79:
                    ab:c5:39:45:ab:3b:1a:b2:59:da:2d:cf:3d:55:09:
                    c5:43:1f:ba:7f:c4:16:4e:0f:d7:e3:cb:e8:9f:1e:
                    15:c7:d8:3a:a5:5b:60:9f:73:10:c6:41:59:b4:46:
                    c9:35:63:ab:f8:cd:8e:99:23:06:35:cd:9b:00:12:
                    8c:c4:0f:3e:9f:26:99:80:de:05:b2:d5:0c:f6:e3:
                    1d:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:C2:FB:5C:18:1E:08:10:9E:1C:14:0D:55:79:E5:3E:EE:59:82:66
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/xML7XBgeCBCeHBQNVXnlPu5ZgmY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.139.128.0/23
                  45.66.230.0/24
                  45.81.39.0/24
                  79.110.62.0/23
                  80.76.51.0/24
                  84.21.172.0/24
                  85.31.44.0/24
                  85.31.46.0/24
                  85.217.145.0/24
                  109.206.240.0/23
                  109.206.243.0/24
                  185.216.71.0/24
                  185.225.73.0/24
                  185.246.220.0/23
                  185.252.178.0/24
                  185.254.37.0/24
                  193.47.61.0/24
                  194.55.186.0/24
                  194.180.48.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:0d:9b:1d:f3:93:0d:03:08:95:a5:60:ff:85:6e:05:d6:6f:
         a5:b1:5a:1b:d4:df:d9:0b:e7:37:63:57:5a:6f:6e:9a:ac:f4:
         10:7c:4a:1a:f2:4f:19:58:1a:83:34:c1:e5:a0:c1:ea:eb:a4:
         9d:7f:38:4c:04:71:53:13:fb:1b:5b:18:93:a6:60:8f:08:9f:
         d9:97:30:53:b5:0a:22:51:a5:e6:c5:11:e9:1f:68:39:ec:10:
         89:26:fe:ab:86:65:78:52:c3:d7:c5:95:43:85:e9:15:01:0a:
         21:b4:70:c6:3a:ad:9f:12:51:6a:09:d2:5d:95:a0:4f:32:e0:
         ad:ed:58:3e:e1:14:ea:43:70:9f:da:3a:ed:fc:9b:20:24:d0:
         42:df:ac:9d:8d:92:fe:6b:63:8d:99:fa:7b:12:8f:af:b8:d8:
         d5:6d:16:7a:ed:2a:16:33:dc:c3:57:e1:c3:d8:69:e0:17:e5:
         dd:07:94:e2:25:65:6c:fe:db:91:01:5e:56:7a:aa:89:c4:00:
         45:10:30:d3:80:df:e6:d4:36:2b:01:b2:67:03:a2:c8:99:9e:
         0b:12:4b:80:4b:a3:f2:8b:24:b5:12:7d:c1:ec:d1:93:12:3e:
         09:96:70:e8:d5:b0:a8:e7:8a:eb:d9:65:ec:57:50:11:e1:3d:
         8c:a8:82:8f
-----BEGIN CERTIFICATE-----
MIIFajCCBFKgAwIBAgISAYUL7TbHUluikqx8cuQ0iQ1UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjIxMjEzMTQzOTMzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNGMyZmI1YzE4MWUwODEwOWUxYzE0MGQ1NTc5ZTUzZWVlNTk4MjY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwJou6Tn/Ism+Xl+K3xlWCVVPq8L5
WjTnMnb1SiG+XRAFRj6BKVEpLe0c685RqTTPHs3q97heOCBiUkJKPZFfO8YRaReo
m0QJamhiXvxnucLWj7R2/dGyAKKGHESMoPvU8HRV0dAeNu4SQ6h9ZeBCuFwzjvHV
Dwk4b4vFUue7eyGn0qtK34Ti0Q56t2PohADfec7C8LZ8p+IlUnA24uBEURGJ7kCl
WrjASeSrqHNtqerdpHmrxTlFqzsaslnaLc89VQnFQx+6f8QWTg/X48vonx4Vx9g6
pVtgn3MQxkFZtEbJNWOr+M2OmSMGNc2bABKMxA8+nyaZgN4FstUM9uMdOQIDAQAB
o4ICdjCCAnIwHQYDVR0OBBYEFMTC+1wYHggQnhwUDVV55T7uWYJmMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEveE1MN1hCZ2VDQkNlSEJRTlZYbmxQdTVaZ21ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGLBggrBgEFBQcBBwEB/wR8MHoweAQCAAEwcgMEASWLgAME
AC1C5gMEAC1RJwMEAU9uPgMEAFBMMwMEAFQVrAMEAFUfLAMEAFUfLgMEAFXZkQME
AW3O8AMEAG3O8wMEALnYRwMEALnhSQMEAbn23AMEALn8sgMEALn+JQMEAMEvPQME
AMI3ugMEAMK0MDANBgkqhkiG9w0BAQsFAAOCAQEAjA2bHfOTDQMIlaVg/4VuBdZv
pbFaG9Tf2QvnN2NXWm9umqz0EHxKGvJPGVgagzTB5aDB6uuknX84TARxUxP7G1sY
k6Zgjwif2ZcwU7UKIlGl5sUR6R9oOewQiSb+q4ZleFLD18WVQ4XpFQEKIbRwxjqt
nxJRagnSXZWgTzLgre1YPuEU6kNwn9o67fybICTQQt+snY2S/mtjjZn6exKPr7jY
1W0Weu0qFjPcw1fhw9hp4Bfl3QeU4iVlbP7bkQFeVnqqicQARRAw04Df5tQ2KwGy
ZwOiyJmeCxJLgEuj8osktRJ9wezRkxI+CZZw6NWwqOeK69ll7FdQEeE9jKiCjw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:46 2024 by rpki-client on console-ams.rpki-client.org