Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/45b23f-302b-41f2-9496-9ccbb08428fa/1/fJMppbOJSdzpf45VaQ1TXCnTSdA.roa
File:                     fJMppbOJSdzpf45VaQ1TXCnTSdA.roa (raw, json)
Hash identifier:          0+y0jXNWWNI9Q5XtJy3GfCVNDo1625wzL5dt2k7UVL4=
Subject key identifier:   7C:93:29:A5:B3:89:49:DC:E9:7F:8E:55:69:0D:53:5C:29:D3:49:D0
Certificate issuer:       /CN=a849204ca4f0eb4e56e08e099fe3785ce06ffeaa
Certificate serial:       0AC3BBE0
Authority key identifier: A8:49:20:4C:A4:F0:EB:4E:56:E0:8E:09:9F:E3:78:5C:E0:6F:FE:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qEkgTKTw605W4I4Jn-N4XOBv_qo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/45b23f-302b-41f2-9496-9ccbb08428fa/1/fJMppbOJSdzpf45VaQ1TXCnTSdA.roa
Signing time:             Thu 24 Mar 2022 07:24:15 +0000
ROA not before:           Thu 24 Mar 2022 07:24:15 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     204175
IP address blocks:        185.228.118.0/24 maxlen: 24
                          185.228.117.0/24 maxlen: 24
                          185.228.116.0/24 maxlen: 24
                          185.228.116.0/22 maxlen: 22
                          185.228.119.0/24 maxlen: 24
                          185.177.43.0/24 maxlen: 24
                          185.177.42.0/24 maxlen: 24
                          185.226.231.0/24 maxlen: 24
                          185.220.166.0/24 maxlen: 24
                          185.220.167.0/24 maxlen: 24
                          185.220.166.0/23 maxlen: 23
                          185.232.132.0/24 maxlen: 24
                          185.232.133.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 180599776 (0xac3bbe0)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a849204ca4f0eb4e56e08e099fe3785ce06ffeaa
        Validity
            Not Before: Mar 24 07:24:15 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=7c9329a5b38949dce97f8e55690d535c29d349d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:60:10:e1:18:ef:3e:46:2b:3f:5e:5c:6e:c0:
                    31:de:8c:77:fe:a8:b5:9d:b7:38:7c:74:95:b0:31:
                    ca:70:54:f5:9a:d9:dc:cd:b4:25:a8:3b:67:7e:ac:
                    8b:ac:1b:ad:66:43:b6:23:ac:01:1b:4b:4c:12:5c:
                    c5:61:98:8a:c7:8c:0f:b4:96:42:ec:38:1f:43:22:
                    37:fc:65:2b:61:44:b8:60:71:e5:55:04:c7:02:43:
                    f4:39:18:c9:69:34:8c:5d:b1:2a:fc:a2:ce:aa:4b:
                    5c:dd:41:30:4c:2d:77:9e:ef:11:2f:52:65:bc:7b:
                    cd:20:c2:95:8d:cb:ae:5c:04:6d:9e:67:b0:d2:6e:
                    b9:4f:28:c4:60:d3:0a:ef:a6:81:2e:27:72:30:0c:
                    6b:a1:55:cb:46:01:19:73:7f:10:e6:34:ed:44:47:
                    f8:90:48:d7:63:35:23:2d:52:c0:fe:b9:04:91:a3:
                    70:bf:f2:85:8e:af:06:df:ae:81:7c:84:be:30:d2:
                    d1:1a:55:de:f9:8a:cb:48:f0:c8:f8:a1:93:77:32:
                    35:b5:1d:08:bb:9d:2d:a9:85:ca:ff:f4:33:bb:62:
                    7a:ec:c4:b5:4a:45:c4:2a:23:4c:9e:08:39:09:f5:
                    9d:5b:2c:05:1f:ab:cd:1c:e1:88:83:d1:16:08:88:
                    86:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:93:29:A5:B3:89:49:DC:E9:7F:8E:55:69:0D:53:5C:29:D3:49:D0
            X509v3 Authority Key Identifier:
                keyid:A8:49:20:4C:A4:F0:EB:4E:56:E0:8E:09:9F:E3:78:5C:E0:6F:FE:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qEkgTKTw605W4I4Jn-N4XOBv_qo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/45b23f-302b-41f2-9496-9ccbb08428fa/1/fJMppbOJSdzpf45VaQ1TXCnTSdA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/45b23f-302b-41f2-9496-9ccbb08428fa/1/qEkgTKTw605W4I4Jn-N4XOBv_qo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.177.42.0/23
                  185.220.166.0/23
                  185.226.231.0/24
                  185.228.116.0/22
                  185.232.132.0/23

    Signature Algorithm: sha256WithRSAEncryption
         13:ae:a2:44:ed:af:46:94:33:7e:a1:68:91:2a:60:ab:65:2e:
         07:52:36:64:f5:4d:8e:2f:ce:29:56:1f:bf:c9:e3:cf:91:86:
         18:f6:5f:90:9f:1b:1f:eb:5b:40:65:bb:7d:02:fb:0e:77:d1:
         4d:aa:b5:7d:6c:b6:51:75:2c:6e:5e:85:4a:db:7f:18:75:fb:
         d8:25:0c:3e:06:4c:d0:09:1f:0a:08:1c:9d:60:4f:28:5b:a2:
         2b:75:01:1e:f8:da:71:64:24:9c:75:38:98:57:a3:00:61:76:
         9a:5e:62:7c:71:4c:09:97:6f:b9:07:dd:81:ea:15:80:17:ca:
         65:01:75:d5:71:9b:4f:83:bc:4f:d8:f8:d0:83:50:c8:bc:ab:
         13:70:a8:2a:2a:73:68:4c:bc:59:e5:61:54:ba:78:5c:cd:52:
         81:b0:eb:62:52:55:c3:57:fc:8f:73:41:79:9a:52:ea:7e:10:
         fe:b5:3e:9b:6c:d6:f3:a6:60:45:01:7a:8c:01:36:2a:f7:ea:
         19:3d:bb:6d:25:54:4f:9e:3b:d4:e3:f8:63:50:9d:80:57:07:
         34:39:68:65:c4:7c:0a:fa:b7:41:9a:76:81:b6:a1:97:f9:76:
         c7:78:ec:d7:5d:21:72:1d:fc:85:86:41:4e:df:4b:34:75:4d:
         35:c0:34:6a
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgIECsO74DANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhh
ODQ5MjA0Y2E0ZjBlYjRlNTZlMDhlMDk5ZmUzNzg1Y2UwNmZmZWFhMB4XDTIyMDMy
NDA3MjQxNVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoN2M5MzI5YTViMzg5
NDlkY2U5N2Y4ZTU1NjkwZDUzNWMyOWQzNDlkMDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALhgEOEY7z5GKz9eXG7AMd6Md/6otZ23OHx0lbAxynBU9ZrZ
3M20Jag7Z36si6wbrWZDtiOsARtLTBJcxWGYiseMD7SWQuw4H0MiN/xlK2FEuGBx
5VUExwJD9DkYyWk0jF2xKvyizqpLXN1BMEwtd57vES9SZbx7zSDClY3LrlwEbZ5n
sNJuuU8oxGDTCu+mgS4ncjAMa6FVy0YBGXN/EOY07URH+JBI12M1Iy1SwP65BJGj
cL/yhY6vBt+ugXyEvjDS0RpV3vmKy0jwyPihk3cyNbUdCLudLamFyv/0M7tieuzE
tUpFxCojTJ4IOQn1nVssBR+rzRzhiIPRFgiIhscCAwEAAaOCAiEwggIdMB0GA1Ud
DgQWBBR8kymls4lJ3Ol/jlVpDVNcKdNJ0DAfBgNVHSMEGDAWgBSoSSBMpPDrTlbg
jgmf43hc4G/+qjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3FFa2dUS1R3NjA1VzRJNEpuLU40WE9Cdl9xby5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYTIvNDViMjNmLTMwMmItNDFmMi05NDk2LTljY2JiMDg0MjhmYS8x
L2ZKTXBwYk9KU2R6cGY0NVZhUTFUWENuVFNkQS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYTIv
NDViMjNmLTMwMmItNDFmMi05NDk2LTljY2JiMDg0MjhmYS8xL3FFa2dUS1R3NjA1
VzRJNEpuLU40WE9Cdl9xby5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA3
BggrBgEFBQcBBwEB/wQoMCYwJAQCAAEwHgMEAbmxKgMEAbncpgMEALni5wMEArnk
dAMEAbnohDANBgkqhkiG9w0BAQsFAAOCAQEAE66iRO2vRpQzfqFokSpgq2UuB1I2
ZPVNji/OKVYfv8njz5GGGPZfkJ8bH+tbQGW7fQL7DnfRTaq1fWy2UXUsbl6FStt/
GHX72CUMPgZM0AkfCggcnWBPKFuiK3UBHvjacWQknHU4mFejAGF2ml5ifHFMCZdv
uQfdgeoVgBfKZQF11XGbT4O8T9j40INQyLyrE3CoKipzaEy8WeVhVLp4XM1SgbDr
YlJVw1f8j3NBeZpS6n4Q/rU+m2zW86ZgRQF6jAE2KvfqGT27bSVUT5471OP4Y1Cd
gFcHNDloZcR8Cvq3QZp2gbahl/l2x3js110hch38hYZBTt9LNHVNNcA0ag==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:48:02 2024 by rpki-client on console-fra.rpki-client.org