Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/ytCMX-Rsm076bPga9gldUo4089Y.roa
File:                     ytCMX-Rsm076bPga9gldUo4089Y.roa (raw, json)
Hash identifier:          oRaNZ4q9ETjVlG7foSLPHMuzXm/KBe5q45NhhpQwA/0=
Subject key identifier:   CA:D0:8C:5F:E4:6C:9B:4E:FA:6C:F8:1A:F6:09:5D:52:8E:34:F3:D6
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       01853EECC41EB9A0044BA6F2555AF004819A
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/ytCMX-Rsm076bPga9gldUo4089Y.roa
Signing time:             Fri 23 Dec 2022 12:19:42 +0000
ROA not before:           Fri 23 Dec 2022 12:19:42 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     50225
IP address blocks:        194.55.224.0/24 maxlen: 24
                          84.54.50.0/24 maxlen: 24
                          178.215.226.0/24 maxlen: 24
                          194.55.225.0/24 maxlen: 24
                          185.222.161.0/24 maxlen: 24
                          45.12.255.0/24 maxlen: 24
                          193.42.34.0/24 maxlen: 24
                          193.47.63.0/24 maxlen: 24
                          193.47.60.0/24 maxlen: 24
                          45.84.91.0/24 maxlen: 24
                          45.88.64.0/24 maxlen: 24
                          45.88.65.0/24 maxlen: 24
                          194.180.38.0/24 maxlen: 24
                          194.180.39.0/24 maxlen: 24
                          83.219.96.0/24 maxlen: 24
                          94.154.162.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:3e:ec:c4:1e:b9:a0:04:4b:a6:f2:55:5a:f0:04:81:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Dec 23 12:19:42 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=cad08c5fe46c9b4efa6cf81af6095d528e34f3d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:9a:d0:d2:66:8e:c6:8b:57:8e:9e:35:7d:48:
                    a4:fa:7c:4d:e0:36:89:7e:49:79:eb:ec:ab:b9:2e:
                    7a:81:d7:1c:9c:6e:ad:67:f2:a2:ab:ee:51:15:e6:
                    16:7f:60:fa:95:66:27:63:ed:a5:f7:dd:77:02:7c:
                    ad:8f:ff:54:ed:fd:43:f5:99:b2:72:dc:52:92:2b:
                    85:b8:ac:bd:08:53:5b:5e:ff:a8:4c:12:56:86:3d:
                    fd:98:09:f3:9a:7e:a5:f0:72:db:30:4f:79:de:ce:
                    a9:37:7a:69:2b:44:f8:08:c7:5b:4b:b9:d7:eb:76:
                    d5:88:01:08:97:f0:eb:52:c0:20:8c:e1:cd:92:4b:
                    23:23:1c:ac:cf:eb:62:82:d6:99:42:24:f5:3e:15:
                    1d:1b:1b:e6:90:3a:be:cd:a6:d1:a2:e5:73:14:78:
                    20:e1:0b:d1:c0:e5:b9:56:bb:8b:5a:ab:cb:8e:bd:
                    2b:3a:52:8f:50:55:6e:de:a8:a7:4d:df:4e:ae:43:
                    53:08:ba:ae:58:e0:19:56:97:63:b7:96:be:73:22:
                    f8:2b:6e:71:bc:64:b6:7f:d8:88:b5:17:f3:59:30:
                    51:04:d9:b6:23:53:5a:f2:7b:21:22:c9:d7:7c:ef:
                    61:42:fe:25:7d:87:a6:fd:6e:0c:7b:fe:35:e5:5b:
                    86:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:D0:8C:5F:E4:6C:9B:4E:FA:6C:F8:1A:F6:09:5D:52:8E:34:F3:D6
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/ytCMX-Rsm076bPga9gldUo4089Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.12.255.0/24
                  45.84.91.0/24
                  45.88.64.0/23
                  83.219.96.0/24
                  84.54.50.0/24
                  94.154.162.0/24
                  178.215.226.0/24
                  185.222.161.0/24
                  193.42.34.0/24
                  193.47.60.0/24
                  193.47.63.0/24
                  194.55.224.0/23
                  194.180.38.0/23

    Signature Algorithm: sha256WithRSAEncryption
         47:25:26:cf:51:de:ed:c7:d3:14:c6:59:29:8b:6f:42:d3:9f:
         29:e3:fd:63:b1:7a:08:92:a7:3b:64:c8:68:a0:64:4c:5b:12:
         23:4e:08:03:7e:84:52:43:c8:ba:09:56:71:40:dc:a9:ba:b5:
         2f:6e:16:22:9d:11:43:d4:bd:06:63:f2:96:54:2b:86:33:70:
         fd:ad:38:f7:47:09:27:9a:e2:79:0e:ac:f9:64:eb:4c:2b:5a:
         ee:9a:5d:cb:aa:52:77:7c:8c:3a:c9:09:7e:b6:3b:c7:04:5a:
         7a:15:64:ef:f7:50:f6:00:dc:88:9a:cc:c5:f4:d5:53:7d:6a:
         2c:6a:c0:3a:00:da:e0:18:02:fd:f8:99:14:71:d5:95:c6:4a:
         a9:8e:6e:03:3a:5d:ac:02:04:e9:18:7b:10:78:1f:73:0e:db:
         8b:fb:4a:12:89:3e:f8:92:40:aa:7f:e8:1c:32:75:da:b5:94:
         2c:1e:65:38:d7:90:0c:e9:98:0c:79:bb:f5:9d:42:1b:07:0a:
         b9:9b:9f:c2:06:eb:14:23:5f:73:ff:3a:51:d4:07:f5:07:7d:
         c4:e1:57:44:99:8f:46:25:6e:9a:3a:e7:3a:6c:c2:47:28:50:
         f0:76:ec:fa:ae:a2:2f:ce:98:9b:f1:ef:81:58:71:7a:c7:e1:
         8d:17:9b:b4
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgISAYU+7MQeuaAES6byVVrwBIGaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjIxMjIzMTIxOTQyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYWQwOGM1ZmU0NmM5YjRlZmE2Y2Y4MWFmNjA5NWQ1MjhlMzRmM2Q2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlZrQ0maOxotXjp41fUik+nxN4DaJ
fkl56+yruS56gdccnG6tZ/Kiq+5RFeYWf2D6lWYnY+2l9913Anytj/9U7f1D9Zmy
ctxSkiuFuKy9CFNbXv+oTBJWhj39mAnzmn6l8HLbME953s6pN3ppK0T4CMdbS7nX
63bViAEIl/DrUsAgjOHNkksjIxysz+tigtaZQiT1PhUdGxvmkDq+zabRouVzFHgg
4QvRwOW5VruLWqvLjr0rOlKPUFVu3qinTd9OrkNTCLquWOAZVpdjt5a+cyL4K25x
vGS2f9iItRfzWTBRBNm2I1Na8nshIsnXfO9hQv4lfYem/W4Me/415VuGvwIDAQAB
o4ICUTCCAk0wHQYDVR0OBBYEFMrQjF/kbJtO+mz4GvYJXVKONPPWMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEveXRDTVgtUnNtMDc2YlBnYTlnbGRVbzQwODlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGcGCCsGAQUFBwEHAQH/BFgwVjBUBAIAATBOAwQALQz/AwQA
LVRbAwQBLVhAAwQAU9tgAwQAVDYyAwQAXpqiAwQAstfiAwQAud6hAwQAwSoiAwQA
wS88AwQAwS8/AwQBwjfgAwQBwrQmMA0GCSqGSIb3DQEBCwUAA4IBAQBHJSbPUd7t
x9MUxlkpi29C058p4/1jsXoIkqc7ZMhooGRMWxIjTggDfoRSQ8i6CVZxQNypurUv
bhYinRFD1L0GY/KWVCuGM3D9rTj3RwknmuJ5Dqz5ZOtMK1ruml3LqlJ3fIw6yQl+
tjvHBFp6FWTv91D2ANyImszF9NVTfWosasA6ANrgGAL9+JkUcdWVxkqpjm4DOl2s
AgTpGHsQeB9zDtuL+0oSiT74kkCqf+gcMnXatZQsHmU415AM6ZgMebv1nUIbBwq5
m5/CBusUI19z/zpR1Af1B33E4VdEmY9GJW6aOuc6bMJHKFDwduz6rqIvzpib8e+B
WHF6x+GNF5u0
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:17:22 2024 by rpki-client on console-fra.rpki-client.org