Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/T20aWV23K4biCvh0VbwXFnfvmlY.roa
File:                     T20aWV23K4biCvh0VbwXFnfvmlY.roa (raw, json)
Hash identifier:          OZg7ryxfP8PtWWUsF6/puJErjEbgOEcrwXneCNOfqTc=
Subject key identifier:   4F:6D:1A:59:5D:B7:2B:86:E2:0A:F8:74:55:BC:17:16:77:EF:9A:56
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       0187E597306973CA42E82E40D509769EF067
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/T20aWV23K4biCvh0VbwXFnfvmlY.roa
Signing time:             Thu 04 May 2023 07:08:23 +0000
ROA not before:           Thu 04 May 2023 07:08:23 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     0
IP address blocks:        185.218.84.0/22 maxlen: 24
                          178.215.236.0/24 maxlen: 24
                          171.22.72.0/22 maxlen: 24
                          147.78.101.0/24 maxlen: 24
                          147.78.100.0/24 maxlen: 24
                          92.119.196.0/23 maxlen: 24
                          87.120.64.0/23 maxlen: 24
                          185.216.84.0/22 maxlen: 24
                          94.103.126.0/24 maxlen: 24
                          185.218.137.0/24 maxlen: 24
                          94.154.162.0/23 maxlen: 24
                          94.154.161.0/24 maxlen: 24
                          185.219.126.0/24 maxlen: 24
                          45.151.89.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:e5:97:30:69:73:ca:42:e8:2e:40:d5:09:76:9e:f0:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: May  4 07:08:23 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=4f6d1a595db72b86e20af87455bc171677ef9a56
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:d6:81:b6:53:61:c3:b9:8e:4f:ca:96:b3:ac:
                    db:9f:cc:e3:c6:d6:c6:50:e8:4c:ae:d7:19:79:a7:
                    8d:20:41:6d:53:57:65:01:98:0d:ef:b2:28:d2:8e:
                    c2:0a:19:ed:3c:b3:00:1b:a7:fd:ca:7f:c5:8a:57:
                    3d:df:05:86:93:70:1c:e4:a9:12:a5:99:4c:eb:66:
                    7b:02:91:3b:88:87:7a:35:4c:7e:94:eb:0f:04:2e:
                    5c:a0:e9:43:d9:bb:3e:30:8c:25:e8:2a:db:ba:48:
                    88:3c:2b:aa:14:9b:b6:71:4b:20:e6:83:db:b1:96:
                    d9:49:d3:ac:3f:06:13:5b:80:36:ec:5d:76:b6:c6:
                    55:02:94:40:68:56:42:61:38:53:f0:6f:a1:cb:1a:
                    af:12:f9:39:a4:2f:3b:e0:93:a1:1d:c3:ad:2e:6d:
                    ac:8d:99:25:31:d1:9b:9b:39:4b:ea:b1:3e:73:46:
                    f9:cd:b1:f5:a7:98:b1:f3:ee:8f:0b:30:c7:fd:59:
                    26:67:e4:97:5c:f6:20:99:14:0d:06:11:40:d0:88:
                    c5:63:e6:91:4b:24:be:b7:33:95:1c:c5:ae:38:ef:
                    3e:23:b6:03:f9:6f:b1:94:d4:a8:9e:f3:21:44:5f:
                    f6:53:35:a6:c8:4e:82:af:b2:9c:3c:e6:f6:b7:95:
                    bf:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:6D:1A:59:5D:B7:2B:86:E2:0A:F8:74:55:BC:17:16:77:EF:9A:56
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/T20aWV23K4biCvh0VbwXFnfvmlY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.151.89.0/24
                  87.120.64.0/23
                  92.119.196.0/23
                  94.103.126.0/24
                  94.154.161.0-94.154.163.255
                  147.78.100.0/23
                  171.22.72.0/22
                  178.215.236.0/24
                  185.216.84.0/22
                  185.218.84.0/22
                  185.218.137.0/24
                  185.219.126.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:55:ff:eb:6b:b4:3c:a4:0d:9b:dd:84:f4:1c:27:61:b3:ca:
         95:8f:63:17:46:0f:6b:43:f6:bb:97:e1:c5:fa:83:30:73:c5:
         bc:29:de:8a:e0:b7:58:5f:1f:9b:2e:8e:d6:59:5c:ec:24:6c:
         d4:ae:c1:8c:63:96:6d:7b:e6:23:a7:d6:df:4a:bd:db:d6:8a:
         cb:65:ca:a6:47:4d:3d:1f:a6:23:34:d6:b0:62:f6:c3:f7:f7:
         a8:0a:e3:2c:6a:ab:c9:e0:94:83:c0:92:a8:40:3a:cf:1b:ec:
         a9:03:83:f3:17:f2:8c:5b:c3:47:23:e7:60:58:de:66:f2:8c:
         0e:40:72:61:0f:99:fc:45:ae:8a:f0:c1:f0:82:0a:ae:b8:bd:
         fa:43:4d:e6:21:89:57:cd:67:a1:59:a1:4b:22:4d:cb:a1:b6:
         c9:fd:a4:57:56:3a:a3:e7:e6:77:2c:50:90:a4:ac:6a:38:9e:
         c7:64:0e:24:33:a5:1e:8d:9d:8b:4f:4b:23:bc:59:31:e2:c7:
         7c:7f:b4:86:92:57:02:33:bb:a2:e3:7b:fc:f7:df:12:8c:ba:
         b8:23:3e:e7:19:b3:e5:33:4d:51:db:d5:a9:db:21:a0:29:fa:
         7e:63:c3:cc:b1:11:fe:9b:81:1e:7f:27:7b:a5:aa:06:93:90:
         2c:6d:88:14
-----BEGIN CERTIFICATE-----
MIIFRzCCBC+gAwIBAgISAYfllzBpc8pC6C5A1Ql2nvBnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwNTA0MDcwODIzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjZkMWE1OTVkYjcyYjg2ZTIwYWY4NzQ1NWJjMTcxNjc3ZWY5YTU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhNaBtlNhw7mOT8qWs6zbn8zjxtbG
UOhMrtcZeaeNIEFtU1dlAZgN77Io0o7CChntPLMAG6f9yn/Filc93wWGk3Ac5KkS
pZlM62Z7ApE7iId6NUx+lOsPBC5coOlD2bs+MIwl6CrbukiIPCuqFJu2cUsg5oPb
sZbZSdOsPwYTW4A27F12tsZVApRAaFZCYThT8G+hyxqvEvk5pC874JOhHcOtLm2s
jZklMdGbmzlL6rE+c0b5zbH1p5ix8+6PCzDH/VkmZ+SXXPYgmRQNBhFA0IjFY+aR
SyS+tzOVHMWuOO8+I7YD+W+xlNSonvMhRF/2UzWmyE6Cr7KcPOb2t5W/IwIDAQAB
o4ICUzCCAk8wHQYDVR0OBBYEFE9tGlldtyuG4gr4dFW8FxZ375pWMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvVDIwYVdWMjNLNGJpQ3ZoMFZid1hGbmZ2bWxZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGkGCCsGAQUFBwEHAQH/BFowWDBWBAIAATBQAwQALZdZAwQB
V3hAAwQBXHfEAwQAXmd+MAwDBABemqEDBAJemqADBAGTTmQDBAKrFkgDBACy1+wD
BAK52FQDBAK52lQDBAC52okDBAC5234wDQYJKoZIhvcNAQELBQADggEBACRV/+tr
tDykDZvdhPQcJ2GzypWPYxdGD2tD9ruX4cX6gzBzxbwp3orgt1hfH5sujtZZXOwk
bNSuwYxjlm175iOn1t9KvdvWistlyqZHTT0fpiM01rBi9sP396gK4yxqq8nglIPA
kqhAOs8b7KkDg/MX8oxbw0cj52BY3mbyjA5AcmEPmfxFrorwwfCCCq64vfpDTeYh
iVfNZ6FZoUsiTcuhtsn9pFdWOqPn5ncsUJCkrGo4nsdkDiQzpR6NnYtPSyO8WTHi
x3x/tIaSVwIzu6Lje/z33xKMurgjPucZs+UzTVHb1anbIaAp+n5jw8yxEf6bgR5/
J3ulqgaTkCxtiBQ=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:33 2024 by rpki-client on console-ams.rpki-client.org