Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Eh6kxnLksZZQ1Jqud2PtQnNKle8.roa
File:                     Eh6kxnLksZZQ1Jqud2PtQnNKle8.roa (raw, json)
Hash identifier:          C9vlwEPPGgLElZgVKqNEpLPPVH93wTQilwzuqiyzarI=
Subject key identifier:   12:1E:A4:C6:72:E4:B1:96:50:D4:9A:AE:77:63:ED:42:73:4A:95:EF
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       0188F7E67994FD69875F2C1F3262E7A59C82
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Eh6kxnLksZZQ1Jqud2PtQnNKle8.roa
Signing time:             Mon 26 Jun 2023 13:30:56 +0000
ROA not before:           Mon 26 Jun 2023 13:30:56 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     200385
IP address blocks:        94.156.10.0/24 maxlen: 24
                          141.98.4.0/24 maxlen: 24
                          94.103.126.0/24 maxlen: 24
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:f7:e6:79:94:fd:69:87:5f:2c:1f:32:62:e7:a5:9c:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jun 26 13:30:56 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=121ea4c672e4b19650d49aae7763ed42734a95ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:94:60:e2:11:a0:fa:44:08:6f:ee:59:e4:d6:
                    d5:09:07:1c:bf:00:27:fd:61:cf:10:7c:16:a1:3b:
                    1c:c3:f6:cb:ad:7a:fc:cc:dd:c5:59:61:bf:29:f7:
                    c9:15:2e:75:8c:de:10:5d:16:8e:eb:32:fd:c4:e5:
                    8f:1e:b4:da:15:59:08:09:0e:f0:1e:9e:38:44:40:
                    1d:89:0a:94:21:2e:53:dd:b5:77:23:6c:fb:dc:0e:
                    e5:42:a9:0c:57:0c:c8:14:40:fe:87:2a:a1:be:27:
                    94:16:de:65:dc:e7:e1:39:c8:33:69:33:de:16:6f:
                    0e:aa:42:b2:ae:86:34:fc:e0:d6:94:14:77:46:0f:
                    7c:dd:d1:6f:5b:bb:99:16:00:6b:a7:1d:42:fb:5a:
                    ee:c9:a3:d1:c6:e4:64:4e:2b:f7:70:bb:bd:27:ae:
                    bc:8a:b7:4c:81:8c:30:e2:15:a7:ea:78:ae:9b:e8:
                    64:2f:d0:09:c4:df:7a:98:fa:26:a6:02:7e:4c:53:
                    2c:65:d2:1f:68:d5:d9:56:30:ea:a9:8f:40:1c:87:
                    7c:c0:27:91:45:e2:60:21:01:34:8f:ba:f2:01:c3:
                    ab:6a:24:cf:a9:59:04:27:42:6e:e0:50:5d:97:3f:
                    9d:05:c0:91:94:de:fa:9b:89:f2:f7:dd:a2:fd:b8:
                    87:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:1E:A4:C6:72:E4:B1:96:50:D4:9A:AE:77:63:ED:42:73:4A:95:EF
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Eh6kxnLksZZQ1Jqud2PtQnNKle8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.103.126.0/24
                  94.156.10.0/24
                  141.98.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:19:ed:21:6d:91:f8:52:99:7e:a1:a7:52:9d:d2:1e:47:4e:
         65:d9:1f:60:db:04:3a:68:75:bf:4a:53:85:06:01:99:c7:f2:
         81:bf:55:12:76:79:c2:8f:06:96:b2:84:7f:5b:64:48:b7:55:
         f4:2a:41:ce:65:c1:cb:d3:80:14:00:86:fe:df:72:73:92:38:
         d9:53:40:52:ce:0f:f4:6f:6f:1d:a2:5d:52:70:1d:2a:49:91:
         66:5a:f5:e8:15:d5:ab:0f:eb:df:a8:da:68:79:a5:20:a2:a6:
         95:d7:36:70:93:52:ab:4a:32:04:d8:18:94:6b:7b:59:d2:d0:
         55:d0:e4:15:dd:d8:a0:c9:96:d3:c3:36:a2:e7:ac:e4:1e:02:
         3c:88:f7:f1:f4:1b:8f:a3:af:37:84:2e:4e:b7:dc:be:8f:6a:
         52:f5:f6:ec:a8:b1:cb:72:78:45:ee:07:30:f2:57:a5:12:ac:
         cb:3e:91:aa:90:77:3c:ca:db:3f:d3:08:09:53:1f:e7:14:1f:
         68:1c:fb:70:1e:f5:28:07:04:91:b4:84:d4:8e:23:15:df:11:
         84:6f:73:31:4a:4b:4d:eb:34:40:be:96:9f:2d:88:9a:cb:66:
         a8:bd:6c:34:0e:31:4d:56:7f:7a:0a:82:73:02:c0:b5:47:dc:
         87:66:28:e4
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYj35nmU/WmHXywfMmLnpZyCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwNjI2MTMzMDU2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMjFlYTRjNjcyZTRiMTk2NTBkNDlhYWU3NzYzZWQ0MjczNGE5NWVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh5Rg4hGg+kQIb+5Z5NbVCQccvwAn
/WHPEHwWoTscw/bLrXr8zN3FWWG/KffJFS51jN4QXRaO6zL9xOWPHrTaFVkICQ7w
Hp44REAdiQqUIS5T3bV3I2z73A7lQqkMVwzIFED+hyqhvieUFt5l3OfhOcgzaTPe
Fm8OqkKyroY0/ODWlBR3Rg983dFvW7uZFgBrpx1C+1ruyaPRxuRkTiv3cLu9J668
irdMgYww4hWn6nium+hkL9AJxN96mPompgJ+TFMsZdIfaNXZVjDqqY9AHId8wCeR
ReJgIQE0j7ryAcOraiTPqVkEJ0Ju4FBdlz+dBcCRlN76m4ny992i/biHLQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFBIepMZy5LGWUNSarndj7UJzSpXvMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvRWg2a3huTGtzWlpRMUpxdWQyUHRRbk5LbGU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAXmd+AwQA
XpwKAwQAjWIEMA0GCSqGSIb3DQEBCwUAA4IBAQBYGe0hbZH4Upl+oadSndIeR05l
2R9g2wQ6aHW/SlOFBgGZx/KBv1USdnnCjwaWsoR/W2RIt1X0KkHOZcHL04AUAIb+
33JzkjjZU0BSzg/0b28dol1ScB0qSZFmWvXoFdWrD+vfqNpoeaUgoqaV1zZwk1Kr
SjIE2BiUa3tZ0tBV0OQV3digyZbTwzai56zkHgI8iPfx9BuPo683hC5Ot9y+j2pS
9fbsqLHLcnhF7gcw8lelEqzLPpGqkHc8yts/0wgJUx/nFB9oHPtwHvUoBwSRtITU
jiMV3xGEb3MxSktN6zRAvpafLYiay2aovWw0DjFNVn96CoJzAsC1R9yHZijk
-----END CERTIFICATE-----
Generated at Tue Jun 10 05:16:30 2025 by rpki-client