Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/0wMFkAnP8uqELb_rBWfhKj90Iq0.roa
File:                     0wMFkAnP8uqELb_rBWfhKj90Iq0.roa (raw, json)
Hash identifier:          8cHATJUQBSR0BPNXEaILVrBupaa51bcA9h78or1fU6I=
Subject key identifier:   D3:03:05:90:09:CF:F2:EA:84:2D:BF:EB:05:67:E1:2A:3F:74:22:AD
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018659243EF140CD10EB148E1D7AF9660CD9
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/0wMFkAnP8uqELb_rBWfhKj90Iq0.roa
Signing time:             Thu 16 Feb 2023 07:33:12 +0000
ROA not before:           Thu 16 Feb 2023 07:33:12 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     209371
IP address blocks:        185.216.70.0/24 maxlen: 24
                          194.55.224.0/24 maxlen: 24
                          178.215.239.0/24 maxlen: 24
                          45.128.96.0/22 maxlen: 24
                          85.31.47.0/24 maxlen: 24
                          45.139.107.0/24 maxlen: 24
                          45.84.89.0/24 maxlen: 24
                          193.35.19.0/24 maxlen: 24
                          94.154.172.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:59:24:3e:f1:40:cd:10:eb:14:8e:1d:7a:f9:66:0c:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Feb 16 07:33:12 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d303059009cff2ea842dbfeb0567e12a3f7422ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:94:54:8f:87:fb:db:60:e1:b9:ea:bd:3b:80:
                    3a:d5:a4:8c:f7:5a:44:bb:8e:40:f2:4f:71:d0:55:
                    82:2a:9f:aa:d7:24:d9:15:ea:b3:e7:fc:27:97:86:
                    0f:1c:c7:de:c1:05:c5:55:da:e5:fa:5c:b0:78:50:
                    fd:7e:cc:fb:6b:ae:60:cb:93:7f:ae:ae:ec:0a:42:
                    07:c7:64:7b:77:da:d5:c8:04:47:4b:cb:cd:83:92:
                    f5:24:91:e8:47:49:1c:b4:c2:9f:db:6e:68:f0:31:
                    00:bc:16:f7:f3:4c:ff:1c:cb:00:ac:cc:4c:16:1b:
                    4b:48:5b:ae:f0:75:07:4d:e6:8a:1b:6c:a9:06:79:
                    78:78:1b:2e:a0:16:69:6d:1f:31:08:84:a2:26:13:
                    0d:6b:7a:02:9b:bb:a6:1e:09:47:01:68:15:e2:f1:
                    f7:1d:74:fe:89:3f:d0:d8:a7:5e:0b:b1:0f:76:35:
                    50:84:b4:ef:56:1f:c2:f9:a0:7c:75:62:88:b5:ed:
                    ad:71:40:4f:00:b3:37:09:19:b6:ca:3e:ca:2f:08:
                    bd:c3:bd:1c:18:0f:77:66:be:64:c6:6c:81:1e:5c:
                    cf:fa:2f:32:a8:e0:83:3c:c8:10:7d:18:0d:54:90:
                    e9:e1:6d:ee:dd:95:a5:db:2e:1e:54:1c:7c:2f:34:
                    63:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:03:05:90:09:CF:F2:EA:84:2D:BF:EB:05:67:E1:2A:3F:74:22:AD
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/0wMFkAnP8uqELb_rBWfhKj90Iq0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.84.89.0/24
                  45.128.96.0/22
                  45.139.107.0/24
                  85.31.47.0/24
                  94.154.172.0/24
                  178.215.239.0/24
                  185.216.70.0/24
                  193.35.19.0/24
                  194.55.224.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:0e:3b:e1:d1:08:22:7c:a6:5d:54:74:86:55:84:aa:52:bf:
         07:9c:23:96:2e:21:c8:49:e9:c7:d2:08:ac:c5:22:a9:71:e2:
         57:3a:37:ec:4e:fa:52:db:bd:96:9c:6e:6c:c0:4b:97:85:78:
         b2:6a:5e:1c:4c:22:ac:d2:cf:6b:01:fb:e4:87:a4:f9:f2:57:
         37:af:84:9c:f9:bf:96:d8:0c:09:11:e3:03:bb:87:6a:e0:90:
         62:2f:b0:2f:2f:68:4b:77:d5:69:d8:42:31:a3:d2:7e:03:c3:
         e7:09:a0:59:a5:67:90:f8:e2:69:d8:90:9c:b7:e2:62:58:94:
         ff:91:42:1f:96:7c:2f:3f:72:90:b2:dd:e1:d1:76:50:6d:ce:
         d8:1d:c2:4c:e7:1b:f2:e4:e0:c8:71:31:78:05:fe:33:cc:c2:
         c5:d2:13:fd:54:b6:c7:b9:28:d8:b7:1d:fe:cc:25:44:4d:db:
         51:5e:50:80:78:ec:f3:2f:0d:5e:ea:70:c6:da:1f:ba:47:ce:
         0b:06:cc:65:de:0c:7a:c5:86:81:04:9a:ae:3b:a0:2a:b2:d8:
         9c:41:60:89:bc:32:28:c1:bb:6d:ca:db:77:c3:8b:3a:24:be:
         8a:67:e6:6e:19:80:12:ce:d6:99:c8:ab:34:03:fd:cf:40:f9:
         c4:b6:31:f8
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYZZJD7xQM0Q6xSOHXr5ZgzZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwMjE2MDczMzEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzAzMDU5MDA5Y2ZmMmVhODQyZGJmZWIwNTY3ZTEyYTNmNzQyMmFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmpRUj4f722Dhueq9O4A61aSM91pE
u45A8k9x0FWCKp+q1yTZFeqz5/wnl4YPHMfewQXFVdrl+lyweFD9fsz7a65gy5N/
rq7sCkIHx2R7d9rVyARHS8vNg5L1JJHoR0kctMKf225o8DEAvBb380z/HMsArMxM
FhtLSFuu8HUHTeaKG2ypBnl4eBsuoBZpbR8xCISiJhMNa3oCm7umHglHAWgV4vH3
HXT+iT/Q2KdeC7EPdjVQhLTvVh/C+aB8dWKIte2tcUBPALM3CRm2yj7KLwi9w70c
GA93Zr5kxmyBHlzP+i8yqOCDPMgQfRgNVJDp4W3u3ZWl2y4eVBx8LzRj+QIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFNMDBZAJz/LqhC2/6wVn4So/dCKtMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvMHdNRmtBblA4dXFFTGJfckJXZmhLajkwSXEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQALVRZAwQC
LYBgAwQALYtrAwQAVR8vAwQAXpqsAwQAstfvAwQAudhGAwQAwSMTAwQAwjfgMA0G
CSqGSIb3DQEBCwUAA4IBAQAUDjvh0QgifKZdVHSGVYSqUr8HnCOWLiHISenH0gis
xSKpceJXOjfsTvpS272WnG5swEuXhXiyal4cTCKs0s9rAfvkh6T58lc3r4Sc+b+W
2AwJEeMDu4dq4JBiL7AvL2hLd9Vp2EIxo9J+A8PnCaBZpWeQ+OJp2JCct+JiWJT/
kUIflnwvP3KQst3h0XZQbc7YHcJM5xvy5ODIcTF4Bf4zzMLF0hP9VLbHuSjYtx3+
zCVETdtRXlCAeOzzLw1e6nDG2h+6R84LBsxl3gx6xYaBBJquO6AqsticQWCJvDIo
wbttytt3w4s6JL6KZ+ZuGYASztaZyKs0A/3PQPnEtjH4
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:16:55 2024 by rpki-client on console-fra.rpki-client.org