Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/zwXID4ubuwdvM4fQk44EgEkjuB8.roa
File:                     zwXID4ubuwdvM4fQk44EgEkjuB8.roa (raw, json)
Hash identifier:          +vL5Tq+ngAo3a/PPAWNFVtObck8QDp76CguR4+i217o=
Subject key identifier:   CF:05:C8:0F:8B:9B:BB:07:6F:33:87:D0:93:8E:04:80:49:23:B8:1F
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       0186C7B5EF759D3FC3114C644DF8D29F5DFD
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/zwXID4ubuwdvM4fQk44EgEkjuB8.roa
Signing time:             Thu 09 Mar 2023 18:50:34 +0000
ROA not before:           Thu 09 Mar 2023 18:50:34 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     8100
IP address blocks:        87.120.192.0/23 maxlen: 24
                          185.147.100.0/22 maxlen: 24
                          87.121.36.0/23 maxlen: 24
                          87.121.38.0/24 maxlen: 24
                          87.121.60.0/22 maxlen: 24
                          87.120.219.0/24 maxlen: 24
                          94.154.160.0/23 maxlen: 24
                          45.9.208.0/22 maxlen: 24
                          94.154.173.0/24 maxlen: 24
                          93.123.39.0/24 maxlen: 24
                          45.143.100.0/22 maxlen: 24
                          94.156.237.0/24 maxlen: 24
                          194.55.226.0/24 maxlen: 24
                          94.156.238.0/24 maxlen: 24
                          93.123.68.0/22 maxlen: 24
                          93.123.76.0/22 maxlen: 24
                          93.123.80.0/24 maxlen: 24
                          93.123.86.0/23 maxlen: 24
                          94.156.168.0/23 maxlen: 24
                          94.156.176.0/22 maxlen: 24
                          94.156.180.0/23 maxlen: 24
                          93.123.24.0/24 maxlen: 24
                          194.48.249.0/24 maxlen: 24
                          93.123.30.0/23 maxlen: 24
                          93.123.26.0/23 maxlen: 24
                          87.120.64.0/23 maxlen: 24
                          87.120.96.0/23 maxlen: 24
                          93.123.112.0/22 maxlen: 24
                          93.123.116.0/23 maxlen: 24
                          93.123.119.0/24 maxlen: 24
                          87.120.32.0/22 maxlen: 24
                          193.25.219.0/24 maxlen: 24
                          87.120.46.0/23 maxlen: 24
                          94.156.2.0/24 maxlen: 24
                          94.156.8.0/24 maxlen: 24
                          91.92.16.0/24 maxlen: 24
                          91.92.21.0/24 maxlen: 24
                          91.92.26.0/23 maxlen: 24
                          193.58.121.0/24 maxlen: 24
                          193.58.123.0/24 maxlen: 24
                          94.156.131.0/24 maxlen: 24
                          185.207.14.0/23 maxlen: 24
                          94.156.152.0/24 maxlen: 24
                          45.8.95.0/24 maxlen: 24
                          94.156.154.0/23 maxlen: 24
                          91.92.67.0/24 maxlen: 24
                          94.156.78.0/23 maxlen: 24
                          37.139.130.0/23 maxlen: 24
                          212.87.205.0/24 maxlen: 24
                          87.121.146.0/23 maxlen: 24
                          178.215.238.0/24 maxlen: 24
                          87.121.163.0/24 maxlen: 24
                          185.252.177.0/24 maxlen: 24
                          193.47.62.0/24 maxlen: 24
                          87.121.104.0/24 maxlen: 24
                          87.121.103.0/24 maxlen: 24
                          87.121.114.0/23 maxlen: 24
                          31.13.252.0/22 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:c7:b5:ef:75:9d:3f:c3:11:4c:64:4d:f8:d2:9f:5d:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Mar  9 18:50:34 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=cf05c80f8b9bbb076f3387d0938e04804923b81f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:0b:ac:d6:3c:7d:36:97:ce:08:7b:64:2f:91:
                    a6:69:8a:a8:ac:ca:28:bb:cb:79:8b:4a:77:66:f1:
                    ec:a1:58:98:67:93:b5:14:24:ad:dc:4c:b8:20:62:
                    38:fa:f0:25:4d:dd:d4:b8:75:01:89:dc:84:03:bc:
                    74:6f:1d:91:3c:70:4c:15:4b:5c:fc:c4:1f:c7:49:
                    40:85:60:09:f7:0a:0f:89:e4:1f:09:e4:ac:f6:f1:
                    5a:30:e3:16:67:bb:73:d5:72:94:ee:3b:d9:a4:d7:
                    a3:11:58:87:24:b3:e9:1e:b5:d9:ff:f3:66:fe:0d:
                    14:f6:72:e5:45:e2:a8:33:55:10:d2:85:1c:65:e5:
                    bb:4a:3e:e5:91:c0:ea:b6:80:58:e5:78:1b:6d:36:
                    36:a3:4e:40:e9:fb:b2:9a:e8:e7:8a:24:df:0d:53:
                    df:62:51:b1:2c:24:92:12:0b:12:f8:38:e7:1d:61:
                    c5:09:d8:be:36:79:dc:1e:b9:c5:3d:09:49:a8:b0:
                    6d:01:75:c2:2f:43:83:fc:2a:d0:6c:cf:1f:69:55:
                    c3:06:f5:c3:37:d5:d8:50:7f:93:5f:84:f3:62:16:
                    37:0f:45:bd:f5:1b:f1:73:39:4b:1b:c9:bb:63:ab:
                    98:00:4b:08:80:58:be:cb:b7:37:9d:39:ee:28:9c:
                    63:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:05:C8:0F:8B:9B:BB:07:6F:33:87:D0:93:8E:04:80:49:23:B8:1F
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/zwXID4ubuwdvM4fQk44EgEkjuB8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.13.252.0/22
                  37.139.130.0/23
                  45.8.95.0/24
                  45.9.208.0/22
                  45.143.100.0/22
                  87.120.32.0/22
                  87.120.46.0/23
                  87.120.64.0/23
                  87.120.96.0/23
                  87.120.192.0/23
                  87.120.219.0/24
                  87.121.36.0-87.121.38.255
                  87.121.60.0/22
                  87.121.103.0-87.121.104.255
                  87.121.114.0/23
                  87.121.146.0/23
                  87.121.163.0/24
                  91.92.16.0/24
                  91.92.21.0/24
                  91.92.26.0/23
                  91.92.67.0/24
                  93.123.24.0/24
                  93.123.26.0/23
                  93.123.30.0/23
                  93.123.39.0/24
                  93.123.68.0/22
                  93.123.76.0-93.123.80.255
                  93.123.86.0/23
                  93.123.112.0-93.123.117.255
                  93.123.119.0/24
                  94.154.160.0/23
                  94.154.173.0/24
                  94.156.2.0/24
                  94.156.8.0/24
                  94.156.78.0/23
                  94.156.131.0/24
                  94.156.152.0/24
                  94.156.154.0/23
                  94.156.168.0/23
                  94.156.176.0-94.156.181.255
                  94.156.237.0-94.156.238.255
                  178.215.238.0/24
                  185.147.100.0/22
                  185.207.14.0/23
                  185.252.177.0/24
                  193.25.219.0/24
                  193.47.62.0/24
                  193.58.121.0/24
                  193.58.123.0/24
                  194.48.249.0/24
                  194.55.226.0/24
                  212.87.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:f4:a2:a3:8e:a3:5c:80:7d:1c:86:67:2a:19:80:5e:98:39:
         d6:71:61:1f:d3:e0:b9:5e:94:a6:4f:5e:02:cf:db:0a:b5:fb:
         c0:22:b5:db:cc:bd:ee:9b:b8:74:31:b3:ac:03:48:c4:a4:3f:
         01:17:5e:ab:b9:54:fe:53:ca:8f:dc:b8:ee:5d:14:62:77:cf:
         fa:87:f1:f2:c4:ab:c5:22:7f:87:de:70:14:4c:a8:18:90:b0:
         0e:e9:40:63:50:87:43:44:30:b9:86:61:44:d0:ba:0f:5a:e3:
         b9:9c:0b:5c:ff:8e:65:a7:45:52:1a:60:af:25:ed:11:9d:a0:
         22:39:54:68:cd:09:67:bd:20:4d:db:4b:d8:20:0f:ad:4e:c4:
         a9:69:3a:87:2f:18:63:d2:5d:fd:33:46:ca:b6:5b:ea:15:68:
         1b:38:25:00:64:63:d8:0b:36:62:69:26:7d:68:cb:cd:9a:4e:
         40:3a:0d:0f:c9:9a:fe:7f:ba:1c:52:b8:f4:03:a0:26:72:3b:
         68:4e:36:2f:90:47:74:9c:74:ec:0a:02:a8:ce:79:b6:28:53:
         95:fb:b8:ce:91:62:fa:ba:ae:b1:fa:9a:02:f9:64:b8:19:9f:
         62:4a:25:e2:91:7c:a0:75:34:22:c6:2c:50:8d:84:45:32:71:
         b8:fa:30:03
-----BEGIN CERTIFICATE-----
MIIGaTCCBVGgAwIBAgISAYbHte91nT/DEUxkTfjSn139MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwMzA5MTg1MDM0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjA1YzgwZjhiOWJiYjA3NmYzMzg3ZDA5MzhlMDQ4MDQ5MjNiODFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvgus1jx9NpfOCHtkL5GmaYqorMoo
u8t5i0p3ZvHsoViYZ5O1FCSt3Ey4IGI4+vAlTd3UuHUBidyEA7x0bx2RPHBMFUtc
/MQfx0lAhWAJ9woPieQfCeSs9vFaMOMWZ7tz1XKU7jvZpNejEViHJLPpHrXZ//Nm
/g0U9nLlReKoM1UQ0oUcZeW7Sj7lkcDqtoBY5XgbbTY2o05A6fuymujniiTfDVPf
YlGxLCSSEgsS+DjnHWHFCdi+NnncHrnFPQlJqLBtAXXCL0OD/CrQbM8faVXDBvXD
N9XYUH+TX4TzYhY3D0W99RvxczlLG8m7Y6uYAEsIgFi+y7c3nTnuKJxjWQIDAQAB
o4IDdTCCA3EwHQYDVR0OBBYEFM8FyA+Lm7sHbzOH0JOOBIBJI7gfMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvendYSUQ0dWJ1d2R2TTRmUWs0NEVnRWtqdUI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBiQYIKwYBBQUHAQcBAf8EggF4MIIBdDCCAXAEAgABMIIB
aAMEAh8N/AMEASWLggMEAC0IXwMEAi0J0AMEAi2PZAMEAld4IAMEAVd4LgMEAVd4
QAMEAVd4YAMEAVd4wAMEAFd42zAMAwQCV3kkAwQAV3kmAwQCV3k8MAwDBABXeWcD
BABXeWgDBAFXeXIDBAFXeZIDBABXeaMDBABbXBADBABbXBUDBAFbXBoDBABbXEMD
BABdexgDBAFdexoDBAFdex4DBABdeycDBAJde0QwDAMEAl17TAMEAF17UAMEAV17
VjAMAwQEXXtwAwQBXXt0AwQAXXt3AwQBXpqgAwQAXpqtAwQAXpwCAwQAXpwIAwQB
XpxOAwQAXpyDAwQAXpyYAwQBXpyaAwQBXpyoMAwDBARenLADBAFenLQwDAMEAF6c
7QMEAF6c7gMEALLX7gMEArmTZAMEAbnPDgMEALn8sQMEAMEZ2wMEAMEvPgMEAME6
eQMEAME6ewMEAMIw+QMEAMI34gMEANRXzTANBgkqhkiG9w0BAQsFAAOCAQEAiPSi
o46jXIB9HIZnKhmAXpg51nFhH9PguV6Upk9eAs/bCrX7wCK128y97pu4dDGzrANI
xKQ/ARdeq7lU/lPKj9y47l0UYnfP+ofx8sSrxSJ/h95wFEyoGJCwDulAY1CHQ0Qw
uYZhRNC6D1rjuZwLXP+OZadFUhpgryXtEZ2gIjlUaM0JZ70gTdtL2CAPrU7EqWk6
hy8YY9Jd/TNGyrZb6hVoGzglAGRj2As2YmkmfWjLzZpOQDoND8ma/n+6HFK49AOg
JnI7aE42L5BHdJx07AoCqM55tihTlfu4zpFi+rqusfqaAvlkuBmfYkol4pF8oHU0
IsYsUI2ERTJxuPowAw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:17:22 2024 by rpki-client on console-fra.rpki-client.org