Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/MZ58-dhhQx04EmPop2ke1PPs-B4.roa
File:                     MZ58-dhhQx04EmPop2ke1PPs-B4.roa (raw, json)
Hash identifier:          vVkhmNc/p5kAHB2zO4TFJztq0oERH5hJxf4k8JTf8fU=
Subject key identifier:   31:9E:7C:F9:D8:61:43:1D:38:12:63:E8:A7:69:1E:D4:F3:EC:F8:1E
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018875BC0607B513A9BCBFBB77909BEA2F3A
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/MZ58-dhhQx04EmPop2ke1PPs-B4.roa
Signing time:             Thu 01 Jun 2023 06:53:56 +0000
ROA not before:           Thu 01 Jun 2023 06:53:56 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     209371
IP address blocks:        178.215.239.0/24 maxlen: 24
                          45.128.96.0/24 maxlen: 24
                          45.128.97.0/24 maxlen: 24
                          45.128.99.0/24 maxlen: 24
                          45.139.107.0/24 maxlen: 24
                          45.84.89.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:75:bc:06:07:b5:13:a9:bc:bf:bb:77:90:9b:ea:2f:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jun  1 06:53:56 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=319e7cf9d861431d381263e8a7691ed4f3ecf81e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:07:83:fb:4a:b2:e3:ac:e8:59:5b:72:59:3e:
                    d2:13:6e:67:e7:b7:eb:67:b4:44:45:34:27:ec:0b:
                    42:52:98:5d:1c:05:25:18:e3:43:48:3f:63:a9:3d:
                    77:85:d9:9a:a4:05:28:d9:a2:d9:11:4d:18:41:47:
                    80:79:f9:72:86:e2:58:75:dd:2a:24:f6:3d:77:32:
                    ce:57:1a:1b:7e:65:e7:9d:b8:86:e4:4e:2d:3c:25:
                    f9:c8:c3:77:1c:b2:c0:73:34:c1:e5:88:67:2a:06:
                    3f:05:b3:71:04:73:47:51:24:56:0c:22:99:d2:1d:
                    46:d4:a4:e6:b3:37:f1:31:35:9b:4c:e5:8b:92:df:
                    1f:26:fc:21:c2:ae:3f:f7:88:32:12:49:07:c7:10:
                    12:0d:4d:42:3f:d7:e5:07:1d:8b:ec:a0:c3:bc:8b:
                    b3:92:f9:54:e1:25:27:0d:ad:2a:c7:4c:02:92:b0:
                    ed:3b:45:e2:f7:72:13:73:2a:2d:0f:05:80:fd:ad:
                    01:f8:a8:94:bf:c3:22:d8:86:df:6a:fb:bb:ba:16:
                    cf:5c:82:42:f4:41:b5:c5:f6:da:f7:ce:9d:b2:03:
                    85:00:db:c6:f5:c8:34:3e:35:66:8c:4c:3e:b8:04:
                    dd:55:5e:a9:36:7a:57:38:4c:12:59:86:46:e4:5b:
                    c5:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:9E:7C:F9:D8:61:43:1D:38:12:63:E8:A7:69:1E:D4:F3:EC:F8:1E
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/MZ58-dhhQx04EmPop2ke1PPs-B4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.84.89.0/24
                  45.128.96.0/23
                  45.128.99.0/24
                  45.139.107.0/24
                  178.215.239.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:6c:71:ad:37:65:77:a7:2f:5f:5f:98:63:74:87:21:c0:8b:
         11:7d:8c:80:07:74:ac:b9:e0:99:ac:43:64:43:c1:9a:ed:1f:
         26:0d:f8:70:fe:86:e1:d1:0f:dc:94:a9:73:0d:bc:10:83:63:
         56:37:e1:d7:23:6f:10:87:d8:90:bd:f1:67:df:34:10:a9:37:
         3d:c0:0a:9a:99:b9:41:44:0e:d4:ce:ce:10:92:10:5e:cd:1f:
         c4:27:3e:d3:6b:f4:a4:0c:01:15:75:05:84:58:be:0e:37:ac:
         be:d3:ad:db:0a:e8:66:ff:35:09:69:3b:ec:08:8d:d7:27:e9:
         b8:21:50:85:83:6e:c2:69:9c:38:d8:57:5e:c5:fe:4c:c1:90:
         96:39:f2:78:a0:8a:dd:a1:04:b6:da:64:4a:97:7c:f5:11:56:
         3d:5a:68:b4:83:82:0f:68:f5:3a:02:59:55:e8:47:80:6a:51:
         14:fd:55:c2:f4:43:51:fd:a2:ec:e0:17:ed:2f:f4:a8:52:a9:
         66:59:df:60:ad:b7:fc:ea:4e:15:36:d9:d1:26:8b:e3:df:fd:
         6f:95:fd:ec:b5:69:d6:84:40:62:8f:60:6a:61:63:4f:0a:58:
         06:88:16:6e:6a:99:1b:52:2d:b1:d1:d0:9e:13:f3:f2:4f:85:
         e9:ee:bd:77
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYh1vAYHtROpvL+7d5Cb6i86MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwNjAxMDY1MzU2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTllN2NmOWQ4NjE0MzFkMzgxMjYzZThhNzY5MWVkNGYzZWNmODFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlQeD+0qy46zoWVtyWT7SE25n57fr
Z7RERTQn7AtCUphdHAUlGONDSD9jqT13hdmapAUo2aLZEU0YQUeAeflyhuJYdd0q
JPY9dzLOVxobfmXnnbiG5E4tPCX5yMN3HLLAczTB5YhnKgY/BbNxBHNHUSRWDCKZ
0h1G1KTmszfxMTWbTOWLkt8fJvwhwq4/94gyEkkHxxASDU1CP9flBx2L7KDDvIuz
kvlU4SUnDa0qx0wCkrDtO0Xi93ITcyotDwWA/a0B+KiUv8Mi2Ibfavu7uhbPXIJC
9EG1xfba986dsgOFANvG9cg0PjVmjEw+uATdVV6pNnpXOEwSWYZG5FvFrwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFDGefPnYYUMdOBJj6KdpHtTz7PgeMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvTVo1OC1kaGhReDA0RW1Qb3Aya2UxUFBzLUI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQALVRZAwQB
LYBgAwQALYBjAwQALYtrAwQAstfvMA0GCSqGSIb3DQEBCwUAA4IBAQAwbHGtN2V3
py9fX5hjdIchwIsRfYyAB3SsueCZrENkQ8Ga7R8mDfhw/obh0Q/clKlzDbwQg2NW
N+HXI28Qh9iQvfFn3zQQqTc9wAqamblBRA7Uzs4QkhBezR/EJz7Ta/SkDAEVdQWE
WL4ON6y+063bCuhm/zUJaTvsCI3XJ+m4IVCFg27CaZw42Fdexf5MwZCWOfJ4oIrd
oQS22mRKl3z1EVY9Wmi0g4IPaPU6AllV6EeAalEU/VXC9ENR/aLs4BftL/SoUqlm
Wd9grbf86k4VNtnRJovj3/1vlf3stWnWhEBij2BqYWNPClgGiBZuapkbUi2x0dCe
E/PyT4Xp7r13
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:31 2024 by rpki-client on console-ams.rpki-client.org