Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/PJC_xc2ZRYzEJYeE14cljvUw6QM.roa
File:                     PJC_xc2ZRYzEJYeE14cljvUw6QM.roa (raw, json)
Hash identifier:          Q/o+SUqPQM4C2h7k5DOeWKFQ5F5jj0bsvJpdok7pgtY=
Subject key identifier:   3C:90:BF:C5:CD:99:45:8C:C4:25:87:84:D7:87:25:8E:F5:30:E9:03
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       01876EDCE437AC3843E03DAEFC8B304CC74A
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/PJC_xc2ZRYzEJYeE14cljvUw6QM.roa
Signing time:             Tue 11 Apr 2023 05:49:42 +0000
ROA not before:           Tue 11 Apr 2023 05:49:42 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     25369
IP address blocks:        194.31.204.0/24 maxlen: 24
                          45.90.88.0/22 maxlen: 24
                          141.98.4.0/24 maxlen: 24
                          194.55.227.0/24 maxlen: 24
                          195.178.121.0/24 maxlen: 24
                          45.12.254.0/24 maxlen: 24
                          193.58.120.0/24 maxlen: 24
                          194.169.174.0/24 maxlen: 24
                          194.169.173.0/24 maxlen: 24
                          45.149.241.0/24 maxlen: 24
                          194.49.86.0/24 maxlen: 24
                          193.25.218.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:6e:dc:e4:37:ac:38:43:e0:3d:ae:fc:8b:30:4c:c7:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Apr 11 05:49:42 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3c90bfc5cd99458cc4258784d787258ef530e903
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:cb:dd:db:81:cd:e3:5d:c6:ff:9a:53:db:4c:
                    ea:f7:dd:0d:93:e3:1d:c0:56:42:04:64:5f:27:a4:
                    a5:7a:48:b7:ca:2d:f1:61:a8:af:1d:27:ba:c1:b1:
                    93:c3:5e:09:8f:be:f2:fe:b9:a4:be:c7:e5:e0:b6:
                    9a:9b:0c:c6:0b:8b:25:8a:dd:b2:e8:57:40:ad:e7:
                    d9:3b:0c:48:6f:94:6c:3b:33:57:fe:12:66:90:d1:
                    28:de:1c:b7:f4:d4:ed:95:4b:4a:3a:ef:72:3e:70:
                    6a:13:6c:8b:b5:0c:33:ef:fe:10:70:b0:d1:e1:75:
                    43:1f:a5:b9:48:6c:f4:1a:8b:50:57:00:af:d1:77:
                    34:c2:bd:fe:1d:3f:09:58:a3:eb:9f:b1:76:bb:0f:
                    47:21:dd:56:38:70:d0:80:a3:40:de:9b:53:a1:3e:
                    60:5f:8d:fa:88:0d:bc:39:6d:2e:bb:b0:8c:11:df:
                    51:c2:6b:ad:e1:78:03:6a:9f:26:cb:77:36:5e:6e:
                    a7:d7:d6:43:fa:8d:b3:33:d6:53:8f:eb:69:a9:f1:
                    40:6e:a7:e7:07:9c:66:6b:81:72:86:7f:4e:68:1a:
                    62:57:d4:bf:60:62:e9:98:76:f2:9a:82:d4:33:5d:
                    48:2b:e3:49:c5:3d:3c:a0:27:a7:8f:a7:bd:43:db:
                    9c:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:90:BF:C5:CD:99:45:8C:C4:25:87:84:D7:87:25:8E:F5:30:E9:03
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/PJC_xc2ZRYzEJYeE14cljvUw6QM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.12.254.0/24
                  45.90.88.0/22
                  45.149.241.0/24
                  141.98.4.0/24
                  193.25.218.0/24
                  193.58.120.0/24
                  194.31.204.0/24
                  194.49.86.0/24
                  194.55.227.0/24
                  194.169.173.0-194.169.174.255
                  195.178.121.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:1d:22:4b:5f:b3:8a:6b:1e:e4:63:f2:0d:e8:14:10:d5:26:
         80:0e:28:8f:a7:17:23:a7:46:67:69:39:f7:fe:88:a8:80:6b:
         42:d5:e8:3a:e2:2e:85:2a:75:59:df:4b:9e:8f:4d:0b:65:1e:
         d8:62:9e:9f:59:1a:c2:df:92:15:03:cb:86:00:46:c5:8c:db:
         ae:17:89:ff:ec:d4:19:e4:04:5f:a7:3a:8c:c9:1a:ff:ed:c0:
         b7:7d:69:a6:b2:3d:48:50:1c:8a:35:72:c3:ad:01:f5:9d:58:
         1a:45:f2:fe:ba:25:64:0e:a7:a7:d9:61:72:cc:5d:51:6e:ed:
         5b:49:e9:df:20:8a:66:4b:d1:74:46:13:da:88:13:91:63:50:
         e8:bc:a9:eb:9a:8e:95:4c:a5:10:9a:06:35:33:aa:73:a3:33:
         a7:5d:9a:99:65:04:49:7e:b6:7f:33:e1:9e:95:a7:77:23:c4:
         b7:2a:2e:49:14:20:39:c1:87:7d:e4:01:ea:91:2e:d8:19:ce:
         78:ea:73:e3:4c:c9:26:a7:98:e8:16:88:fe:8e:d9:0f:7a:ec:
         e8:ee:0c:4f:91:47:88:76:9a:5c:1d:7d:05:a4:3f:47:e4:f8:
         ce:f2:fd:25:99:32:f9:81:ad:bc:a4:e1:08:34:ec:47:13:83:
         f1:02:30:74
-----BEGIN CERTIFICATE-----
MIIFQTCCBCmgAwIBAgISAYdu3OQ3rDhD4D2u/IswTMdKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwNDExMDU0OTQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzkwYmZjNWNkOTk0NThjYzQyNTg3ODRkNzg3MjU4ZWY1MzBlOTAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0svd24HN413G/5pT20zq990Nk+Md
wFZCBGRfJ6Sleki3yi3xYaivHSe6wbGTw14Jj77y/rmkvsfl4LaamwzGC4slit2y
6FdArefZOwxIb5RsOzNX/hJmkNEo3hy39NTtlUtKOu9yPnBqE2yLtQwz7/4QcLDR
4XVDH6W5SGz0GotQVwCv0Xc0wr3+HT8JWKPrn7F2uw9HId1WOHDQgKNA3ptToT5g
X436iA28OW0uu7CMEd9Rwmut4XgDap8my3c2Xm6n19ZD+o2zM9ZTj+tpqfFAbqfn
B5xma4Fyhn9OaBpiV9S/YGLpmHbymoLUM11IK+NJxT08oCenj6e9Q9ucqQIDAQAB
o4ICTTCCAkkwHQYDVR0OBBYEFDyQv8XNmUWMxCWHhNeHJY71MOkDMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvUEpDX3hjMlpSWXpFSlllRTE0Y2xqdlV3NlFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGMGCCsGAQUFBwEHAQH/BFQwUjBQBAIAATBKAwQALQz+AwQC
LVpYAwQALZXxAwQAjWIEAwQAwRnaAwQAwTp4AwQAwh/MAwQAwjFWAwQAwjfjMAwD
BADCqa0DBADCqa4DBADDsnkwDQYJKoZIhvcNAQELBQADggEBAF4dIktfs4prHuRj
8g3oFBDVJoAOKI+nFyOnRmdpOff+iKiAa0LV6DriLoUqdVnfS56PTQtlHthinp9Z
GsLfkhUDy4YARsWM264Xif/s1BnkBF+nOozJGv/twLd9aaayPUhQHIo1csOtAfWd
WBpF8v66JWQOp6fZYXLMXVFu7VtJ6d8gimZL0XRGE9qIE5FjUOi8qeuajpVMpRCa
BjUzqnOjM6ddmpllBEl+tn8z4Z6Vp3cjxLcqLkkUIDnBh33kAeqRLtgZznjqc+NM
ySanmOgWiP6O2Q967OjuDE+RR4h2mlwdfQWkP0fk+M7y/SWZMvmBrbyk4Qg07EcT
g/ECMHQ=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:17:06 2024 by rpki-client on console-fra.rpki-client.org