Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/JyyAfWgAb1j6R4ekDMBSxkT-HAk.roa
File:                     JyyAfWgAb1j6R4ekDMBSxkT-HAk.roa (raw, json)
Hash identifier:          lQdYWczfoaIOJclpZFNxZQL+kI/geB4Y7vj7Xn+roG8=
Subject key identifier:   27:2C:80:7D:68:00:6F:58:FA:47:87:A4:0C:C0:52:C6:44:FE:1C:09
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       0187E59730DC485E56F3F9CB32516DA20023
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/JyyAfWgAb1j6R4ekDMBSxkT-HAk.roa
Signing time:             Thu 04 May 2023 07:08:23 +0000
ROA not before:           Thu 04 May 2023 07:08:23 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     207459
IP address blocks:        91.92.24.0/24 maxlen: 24
                          91.92.24.0/23 maxlen: 23
                          91.92.25.0/24 maxlen: 24
                          193.149.29.0/24 maxlen: 24
                          45.128.233.0/24 maxlen: 24
                          193.149.30.0/24 maxlen: 24
                          193.149.28.0/22 maxlen: 22
                          193.149.31.0/24 maxlen: 24
                          193.149.28.0/24 maxlen: 24
                          171.22.19.0/24 maxlen: 24
                          185.221.67.0/24 maxlen: 24
                          87.120.87.0/24 maxlen: 24
                          194.180.50.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:e5:97:30:dc:48:5e:56:f3:f9:cb:32:51:6d:a2:00:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: May  4 07:08:23 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=272c807d68006f58fa4787a40cc052c644fe1c09
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:e3:ca:2a:8c:bc:39:68:ce:c7:b5:c4:74:e6:
                    b4:df:ee:df:c2:9d:56:ac:1b:0a:42:06:41:26:cb:
                    57:3e:64:05:05:fa:82:5c:4e:64:1e:65:a0:06:bf:
                    cd:fc:81:be:56:2f:e1:47:3a:02:be:11:b0:fa:b7:
                    bf:62:a3:89:cf:bf:51:86:75:d0:26:53:91:4b:c8:
                    c1:c7:1e:d4:d6:11:27:22:d0:87:5a:6e:55:22:dd:
                    a6:0d:38:eb:3f:b5:f9:8c:73:d6:99:1a:b3:ed:1c:
                    ce:87:e2:3c:23:43:06:41:29:06:d9:de:1d:6b:5f:
                    88:76:84:32:87:b9:42:d7:96:48:94:51:20:35:5c:
                    88:aa:96:42:45:da:73:c4:5e:af:bc:eb:f1:2d:45:
                    94:28:80:4f:68:11:52:68:97:43:2c:b6:52:de:7d:
                    68:85:df:ec:b7:ac:4d:8c:51:12:c2:33:c9:97:ef:
                    62:bf:f9:0e:a2:52:49:19:1c:47:be:8f:15:ee:7e:
                    d0:72:1b:00:04:91:0d:b5:dc:f2:50:3e:2d:6d:5a:
                    16:16:97:ef:d1:1e:67:65:ee:b5:8c:a9:78:9b:88:
                    d6:21:c7:3d:4a:58:fc:8b:aa:ce:c1:95:e4:9d:2d:
                    ef:21:97:50:86:5e:8e:e2:65:10:ef:e7:47:19:e5:
                    39:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:2C:80:7D:68:00:6F:58:FA:47:87:A4:0C:C0:52:C6:44:FE:1C:09
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/JyyAfWgAb1j6R4ekDMBSxkT-HAk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.128.233.0/24
                  87.120.87.0/24
                  91.92.24.0/23
                  171.22.19.0/24
                  185.221.67.0/24
                  193.149.28.0/22
                  194.180.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:ba:b1:06:c9:0c:82:96:e2:cc:ca:8e:38:00:11:11:84:62:
         6a:db:f7:3a:8f:cb:aa:96:dd:ef:be:6a:44:b6:4b:a3:d5:81:
         5a:9c:f1:95:df:95:55:ad:50:4c:c5:18:a5:de:75:86:7a:ad:
         e0:fd:9c:71:94:57:df:18:a1:f3:84:4a:ae:2a:8e:91:9d:95:
         29:4b:c9:7a:7d:ec:47:d1:a5:fd:78:dc:fa:c7:72:da:74:27:
         f1:c6:27:84:cb:45:13:63:d9:5e:74:1e:54:bf:38:65:9a:e6:
         2a:3b:ff:3b:36:ba:58:78:d5:98:ed:05:59:be:5e:b6:83:e0:
         f5:bb:64:95:7b:b8:f4:bc:eb:3c:d0:20:9e:b4:d4:45:56:60:
         5a:af:52:13:b7:62:1f:a7:2c:eb:f3:8b:bc:47:e5:5a:82:eb:
         73:85:92:51:8a:bb:07:5e:a8:d6:5a:45:70:d4:c4:8f:f4:45:
         0d:18:6c:ee:16:03:ed:15:0b:ef:6f:f0:25:97:72:59:ff:92:
         40:70:fa:cb:9f:17:a7:0c:37:85:a9:76:bb:cf:99:69:15:6a:
         1f:91:60:01:12:b0:a6:7f:25:db:b2:ed:c0:3d:0c:1a:76:11:
         dc:96:40:cb:9b:1b:42:b8:1a:bb:4a:2c:db:24:29:2e:b8:a4:
         31:c1:8a:e2
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYfllzDcSF5W8/nLMlFtogAjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwNTA0MDcwODIzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzJjODA3ZDY4MDA2ZjU4ZmE0Nzg3YTQwY2MwNTJjNjQ0ZmUxYzA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvOPKKoy8OWjOx7XEdOa03+7fwp1W
rBsKQgZBJstXPmQFBfqCXE5kHmWgBr/N/IG+Vi/hRzoCvhGw+re/YqOJz79RhnXQ
JlORS8jBxx7U1hEnItCHWm5VIt2mDTjrP7X5jHPWmRqz7RzOh+I8I0MGQSkG2d4d
a1+IdoQyh7lC15ZIlFEgNVyIqpZCRdpzxF6vvOvxLUWUKIBPaBFSaJdDLLZS3n1o
hd/st6xNjFESwjPJl+9iv/kOolJJGRxHvo8V7n7QchsABJENtdzyUD4tbVoWFpfv
0R5nZe61jKl4m4jWIcc9Slj8i6rOwZXknS3vIZdQhl6O4mUQ7+dHGeU5BQIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFCcsgH1oAG9Y+keHpAzAUsZE/hwJMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvSnl5QWZXZ0FiMWo2UjRla0RNQlN4a1QtSEFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQALYDpAwQA
V3hXAwQBW1wYAwQAqxYTAwQAud1DAwQCwZUcAwQAwrQyMA0GCSqGSIb3DQEBCwUA
A4IBAQCTurEGyQyCluLMyo44ABERhGJq2/c6j8uqlt3vvmpEtkuj1YFanPGV35VV
rVBMxRil3nWGeq3g/ZxxlFffGKHzhEquKo6RnZUpS8l6fexH0aX9eNz6x3LadCfx
xieEy0UTY9ledB5UvzhlmuYqO/87NrpYeNWY7QVZvl62g+D1u2SVe7j0vOs80CCe
tNRFVmBar1ITt2Ifpyzr84u8R+VagutzhZJRirsHXqjWWkVw1MSP9EUNGGzuFgPt
FQvvb/All3JZ/5JAcPrLnxenDDeFqXa7z5lpFWofkWABErCmfyXbsu3APQwadhHc
lkDLmxtCuBq7SizbJCkuuKQxwYri
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:30 2024 by rpki-client on console-ams.rpki-client.org