Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/C1kt5FCfte_KOeH0Ef698K_7jhM.roa
File:                     C1kt5FCfte_KOeH0Ef698K_7jhM.roa (raw, json)
Hash identifier:          kZa92rvms3y7yZS/cg9zgZq3kmGO7UjiwXg3PhKxj9A=
Subject key identifier:   0B:59:2D:E4:50:9F:B5:EF:CA:39:E1:F4:11:FE:BD:F0:AF:FB:8E:13
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018DEE6CF8D970DBFFB4C7159F5BF0CB0F02
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/C1kt5FCfte_KOeH0Ef698K_7jhM.roa
Signing time:             Wed 28 Feb 2024 06:35:35 +0000
ROA not before:           Wed 28 Feb 2024 06:35:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50738
IP address blocks:        45.129.84.0/24 maxlen: 24
                          45.141.158.0/24 maxlen: 24
                          81.161.239.0/24 maxlen: 24
                          87.121.124.0/23 maxlen: 24
                          87.121.162.0/24 maxlen: 24
                          91.200.192.0/22 maxlen: 24
                          171.22.17.0/24 maxlen: 24
                          171.22.31.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:ee:6c:f8:d9:70:db:ff:b4:c7:15:9f:5b:f0:cb:0f:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Feb 28 06:35:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0b592de4509fb5efca39e1f411febdf0affb8e13
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:3a:be:a3:fc:c2:55:ff:f0:9b:c3:86:e5:84:
                    d1:cf:98:61:63:38:b7:fb:ae:a5:5f:18:b9:61:4b:
                    45:e4:c0:a0:88:69:5b:ad:a1:a5:bd:00:e5:e0:f2:
                    49:b1:84:74:7a:d8:55:1d:61:35:4c:80:fb:99:02:
                    8f:34:fd:00:c6:b6:b3:23:3e:94:6c:5a:b3:4b:18:
                    a1:a0:9b:b5:a3:4e:04:54:2c:6e:70:b1:df:4e:3d:
                    8e:d7:f1:18:2a:b1:3f:59:ee:89:ef:99:db:11:f0:
                    31:53:e7:0b:b5:ae:c8:8e:f6:fa:da:9c:c3:3f:13:
                    47:92:7e:38:69:2f:da:cb:3b:b4:84:3e:9a:01:42:
                    7c:93:4a:7e:02:c4:3c:50:17:b8:43:12:dc:9d:96:
                    51:e4:7d:65:48:a2:28:07:35:5f:f9:53:ea:74:7d:
                    2a:06:a7:95:19:29:fa:c5:d9:d5:c4:7f:35:a3:06:
                    8f:ce:53:31:dd:e2:45:fc:ee:65:af:b7:86:6c:43:
                    9a:d3:6a:a4:8a:92:2d:e9:02:6b:1f:f1:1d:b1:94:
                    4d:95:f1:c6:36:75:0a:8f:9f:1c:2f:8f:2b:96:ec:
                    49:a9:b9:7e:03:f2:ac:aa:e8:79:c6:cf:a4:22:60:
                    24:fd:ce:0d:b3:65:62:9c:ea:8a:b6:10:72:7d:e4:
                    20:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:59:2D:E4:50:9F:B5:EF:CA:39:E1:F4:11:FE:BD:F0:AF:FB:8E:13
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/C1kt5FCfte_KOeH0Ef698K_7jhM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.129.84.0/24
                  45.141.158.0/24
                  81.161.239.0/24
                  87.121.124.0/23
                  87.121.162.0/24
                  91.200.192.0/22
                  171.22.17.0/24
                  171.22.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:a9:9e:85:5f:eb:cb:f2:30:e4:b1:ee:2e:4d:5c:eb:b9:50:
         da:e1:bf:41:62:92:b0:3d:ed:da:eb:bb:90:dc:85:5d:cd:6f:
         37:04:ef:fd:74:d1:2f:6c:1e:9f:57:d2:3e:ce:88:0a:07:d6:
         9e:d3:68:64:85:66:8e:e7:52:4e:b2:06:b4:d4:71:89:cd:5c:
         8a:0e:2e:9c:50:ae:cb:b9:50:13:0d:71:91:44:d9:19:90:54:
         0b:b5:67:df:91:c9:03:bd:4a:c3:fc:52:62:6c:fb:7d:01:45:
         30:3c:ac:b0:9e:56:2c:10:90:66:dc:d3:a5:6a:53:fd:0f:0d:
         c5:0d:54:c7:32:4f:9f:bc:39:8b:b1:d6:8e:b5:09:f7:0c:63:
         68:ab:a4:5f:1c:69:cd:68:d5:63:b5:37:c0:f5:85:80:c2:74:
         26:0c:80:0f:ca:72:ec:8a:aa:b1:68:e0:7f:bf:c6:52:fe:57:
         79:6f:c0:5c:ad:0b:08:ca:89:fc:35:b8:bf:1c:be:4f:48:b6:
         ef:3d:d9:2e:a1:79:8d:9c:aa:e0:d0:f6:30:b7:39:6e:75:89:
         15:34:9c:1b:ed:47:02:97:44:40:6d:b1:c8:85:57:9e:63:5b:
         3a:15:e9:2b:1a:73:81:66:ac:f2:bc:97:ec:34:c4:8b:d9:2b:
         2f:32:59:29
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAY3ubPjZcNv/tMcVn1vwyw8CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMjI4MDYzNTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjU5MmRlNDUwOWZiNWVmY2EzOWUxZjQxMWZlYmRmMGFmZmI4ZTEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqjq+o/zCVf/wm8OG5YTRz5hhYzi3
+66lXxi5YUtF5MCgiGlbraGlvQDl4PJJsYR0ethVHWE1TID7mQKPNP0AxrazIz6U
bFqzSxihoJu1o04EVCxucLHfTj2O1/EYKrE/We6J75nbEfAxU+cLta7Ijvb62pzD
PxNHkn44aS/ayzu0hD6aAUJ8k0p+AsQ8UBe4QxLcnZZR5H1lSKIoBzVf+VPqdH0q
BqeVGSn6xdnVxH81owaPzlMx3eJF/O5lr7eGbEOa02qkipIt6QJrH/EdsZRNlfHG
NnUKj58cL48rluxJqbl+A/Ksquh5xs+kImAk/c4Ns2VinOqKthByfeQgWwIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFAtZLeRQn7Xvyjnh9BH+vfCv+44TMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvQzFrdDVGQ2Z0ZV9LT2VIMEVmNjk4S183amhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQALYFUAwQA
LY2eAwQAUaHvAwQBV3l8AwQAV3miAwQCW8jAAwQAqxYRAwQAqxYfMA0GCSqGSIb3
DQEBCwUAA4IBAQBnqZ6FX+vL8jDkse4uTVzruVDa4b9BYpKwPe3a67uQ3IVdzW83
BO/9dNEvbB6fV9I+zogKB9ae02hkhWaO51JOsga01HGJzVyKDi6cUK7LuVATDXGR
RNkZkFQLtWffkckDvUrD/FJibPt9AUUwPKywnlYsEJBm3NOlalP9Dw3FDVTHMk+f
vDmLsdaOtQn3DGNoq6RfHGnNaNVjtTfA9YWAwnQmDIAPynLsiqqxaOB/v8ZS/ld5
b8BcrQsIyon8Nbi/HL5PSLbvPdkuoXmNnKrg0PYwtzludYkVNJwb7UcCl0RAbbHI
hVeeY1s6FekrGnOBZqzyvJfsNMSL2SsvMlkp
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:17:01 2024 by rpki-client on console-fra.rpki-client.org