Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/52b634-6148-4e2e-b8f3-0c98c570a6e0/1/3D3KLzL5iMP6sUm0Xcue_Vdtv6M.roa
File:                     3D3KLzL5iMP6sUm0Xcue_Vdtv6M.roa (raw, json)
Hash identifier:          6dyvxuaSmqbJ1rB4UqD68RzF7HQlyXsnNm3VfmOLCzk=
Subject key identifier:   DC:3D:CA:2F:32:F9:88:C3:FA:B1:49:B4:5D:CB:9E:FD:57:6D:BF:A3
Certificate issuer:       /CN=607548c37abebc58b928ed285433d69e95df9c3b
Certificate serial:       0185E4F316798B991C13ADE0D179FD77DC21
Authority key identifier: 60:75:48:C3:7A:BE:BC:58:B9:28:ED:28:54:33:D6:9E:95:DF:9C:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YHVIw3q-vFi5KO0oVDPWnpXfnDs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/52b634-6148-4e2e-b8f3-0c98c570a6e0/1/3D3KLzL5iMP6sUm0Xcue_Vdtv6M.roa
Signing time:             Tue 24 Jan 2023 18:03:34 +0000
ROA not before:           Tue 24 Jan 2023 18:03:34 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     31294
IP address blocks:        83.220.160.0/22 maxlen: 22
                          83.220.164.0/23 maxlen: 23

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:e4:f3:16:79:8b:99:1c:13:ad:e0:d1:79:fd:77:dc:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=607548c37abebc58b928ed285433d69e95df9c3b
        Validity
            Not Before: Jan 24 18:03:34 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=dc3dca2f32f988c3fab149b45dcb9efd576dbfa3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:97:14:8c:61:1c:0a:ee:ad:ce:ce:49:d4:10:
                    ef:b6:09:dd:7a:3d:90:8f:2c:4b:0b:46:cf:7c:67:
                    21:ae:e8:68:ad:9b:32:be:8c:63:f2:44:39:11:22:
                    89:b0:90:2b:f5:76:4f:66:f0:13:0a:22:f0:2f:84:
                    c2:e4:34:f4:30:3c:af:ee:42:7c:6a:ac:43:16:ba:
                    01:5c:2e:c2:4b:fb:b3:e7:8b:3f:b9:d3:6d:df:96:
                    4c:20:97:10:15:27:8a:72:bb:8d:b5:e8:57:4e:85:
                    a9:25:c4:eb:45:d2:66:d9:77:f0:1d:99:b1:de:92:
                    af:c4:4f:1e:d4:8f:5d:9d:50:ca:6d:04:0a:d6:13:
                    39:58:71:b5:ad:eb:39:e2:81:f1:01:fc:76:5a:48:
                    81:c7:4a:bc:90:2f:ab:a1:f9:b3:35:30:43:7b:ff:
                    47:10:af:78:05:54:02:5d:ea:c5:dc:c8:a2:29:d2:
                    77:ad:70:d7:6e:5f:d9:2a:bd:59:a4:b8:c3:c6:2a:
                    a1:bd:db:6d:a2:d1:4a:a2:0d:00:2a:72:96:bc:a8:
                    b3:ad:25:22:1a:3b:41:30:8a:27:26:36:bd:a9:35:
                    3c:37:af:74:a3:44:1b:5d:58:bf:3e:dc:db:b7:e4:
                    77:a7:0f:57:b8:ff:de:3b:5c:10:65:81:24:7b:ff:
                    ff:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:3D:CA:2F:32:F9:88:C3:FA:B1:49:B4:5D:CB:9E:FD:57:6D:BF:A3
            X509v3 Authority Key Identifier:
                keyid:60:75:48:C3:7A:BE:BC:58:B9:28:ED:28:54:33:D6:9E:95:DF:9C:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YHVIw3q-vFi5KO0oVDPWnpXfnDs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/52b634-6148-4e2e-b8f3-0c98c570a6e0/1/3D3KLzL5iMP6sUm0Xcue_Vdtv6M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/52b634-6148-4e2e-b8f3-0c98c570a6e0/1/YHVIw3q-vFi5KO0oVDPWnpXfnDs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.220.160.0-83.220.165.255

    Signature Algorithm: sha256WithRSAEncryption
         a8:f2:17:35:16:66:00:20:81:6a:e7:c2:a4:28:fc:4f:0b:1e:
         ec:f4:66:30:82:2d:da:a9:12:99:fe:9e:7f:86:a0:7d:ba:17:
         61:cf:19:d7:6c:7e:db:eb:94:51:dd:69:a4:a3:cf:07:82:6a:
         4b:80:19:37:0a:1f:44:10:c1:7d:aa:14:9a:74:3e:48:71:af:
         88:22:48:8b:43:cd:a1:25:6a:06:29:30:1f:19:16:99:9f:4f:
         a4:1a:23:33:69:44:7b:73:ee:77:67:c7:6f:4a:fa:84:a2:c6:
         cd:d4:45:25:b7:5c:4e:50:17:98:b1:90:74:3f:72:4a:07:09:
         70:12:29:62:5b:b5:ed:3c:f6:40:5c:7f:58:d3:9c:d2:3e:17:
         e1:4c:37:32:9a:f5:a8:91:05:6c:db:cf:5c:27:62:13:92:0f:
         4d:de:8a:f6:6b:bc:01:d9:12:25:a2:0a:b4:7e:df:bc:72:fe:
         a2:45:44:88:25:07:f1:57:de:0d:aa:7a:c9:0e:4b:e5:70:09:
         c8:69:54:86:9a:21:69:20:2c:d4:c3:8f:1b:eb:37:a2:e2:34:
         fc:ec:27:ce:4b:2f:2a:76:4e:d6:99:7e:af:b7:5d:f4:9a:8e:
         a2:52:d7:71:64:77:68:1a:d1:20:f6:c2:00:40:27:48:85:fe:
         37:c3:58:fa
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYXk8xZ5i5kcE63g0Xn9d9whMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNzU0OGMzN2FiZWJjNThiOTI4ZWQyODU0MzNkNjllOTVk
ZjljM2IwHhcNMjMwMTI0MTgwMzM0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzNkY2EyZjMyZjk4OGMzZmFiMTQ5YjQ1ZGNiOWVmZDU3NmRiZmEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwZcUjGEcCu6tzs5J1BDvtgndej2Q
jyxLC0bPfGchruhorZsyvoxj8kQ5ESKJsJAr9XZPZvATCiLwL4TC5DT0MDyv7kJ8
aqxDFroBXC7CS/uz54s/udNt35ZMIJcQFSeKcruNtehXToWpJcTrRdJm2XfwHZmx
3pKvxE8e1I9dnVDKbQQK1hM5WHG1res54oHxAfx2WkiBx0q8kC+rofmzNTBDe/9H
EK94BVQCXerF3MiiKdJ3rXDXbl/ZKr1ZpLjDxiqhvdttotFKog0AKnKWvKizrSUi
GjtBMIonJja9qTU8N690o0QbXVi/Ptzbt+R3pw9XuP/eO1wQZYEke///LwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFNw9yi8y+YjD+rFJtF3Lnv1Xbb+jMB8GA1UdIwQY
MBaAFGB1SMN6vrxYuSjtKFQz1p6V35w7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUhWSXczcS12Rmk1S08wb1ZEUFducFhmbkRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi81MmI2MzQtNjE0OC00ZTJlLWI4ZjMt
MGM5OGM1NzBhNmUwLzEvM0QzS0x6TDVpTVA2c1VtMFhjdWVfVmR0djZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi81MmI2MzQtNjE0OC00ZTJlLWI4ZjMtMGM5OGM1NzBhNmUw
LzEvWUhWSXczcS12Rmk1S08wb1ZEUFducFhmbkRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAVT3KAD
BAFT3KQwDQYJKoZIhvcNAQELBQADggEBAKjyFzUWZgAggWrnwqQo/E8LHuz0ZjCC
LdqpEpn+nn+GoH26F2HPGddsftvrlFHdaaSjzweCakuAGTcKH0QQwX2qFJp0Pkhx
r4giSItDzaElagYpMB8ZFpmfT6QaIzNpRHtz7ndnx29K+oSixs3URSW3XE5QF5ix
kHQ/ckoHCXASKWJbte089kBcf1jTnNI+F+FMNzKa9aiRBWzbz1wnYhOSD03eivZr
vAHZEiWiCrR+37xy/qJFRIglB/FX3g2qeskOS+VwCchpVIaaIWkgLNTDjxvrN6Li
NPzsJ85LLyp2TtaZfq+3XfSajqJS13Fkd2ga0SD2wgBAJ0iF/jfDWPo=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:09:45 2024 by rpki-client on console-ams.rpki-client.org