Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/b4cVQAaz4vh4M9NSLVKb0Jt_zH8.roa
File:                     b4cVQAaz4vh4M9NSLVKb0Jt_zH8.roa (raw, json)
Hash identifier:          mSer4ljeDcdojHUgIvMYp7AGpJ/4OHdUWsTL+c9+nDI=
Subject key identifier:   6F:87:15:40:06:B3:E2:F8:78:33:D3:52:2D:52:9B:D0:9B:7F:CC:7F
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018D30710DD2ED321802ABF786987FC0F053
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/b4cVQAaz4vh4M9NSLVKb0Jt_zH8.roa
Signing time:             Mon 22 Jan 2024 09:12:11 +0000
ROA not before:           Mon 22 Jan 2024 09:12:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        45.84.89.0/24 maxlen: 24
                          45.88.90.0/24 maxlen: 24
                          45.151.89.0/24 maxlen: 24
                          87.120.87.0/24 maxlen: 24
                          87.121.45.0/24 maxlen: 24
                          87.121.221.0/24 maxlen: 24
                          92.119.196.0/23 maxlen: 24
                          94.154.161.0/24 maxlen: 24
                          94.154.162.0/23 maxlen: 24
                          94.154.172.0/24 maxlen: 24
                          94.156.239.0/24 maxlen: 24
                          94.156.248.0/24 maxlen: 24
                          95.214.24.0/24 maxlen: 24
                          147.78.101.0/24 maxlen: 24
                          147.78.102.0/24 maxlen: 24
                          171.22.72.0/22 maxlen: 24
                          178.215.224.0/24 maxlen: 24
                          178.215.236.0/24 maxlen: 24
                          185.216.84.0/22 maxlen: 24
                          185.218.84.0/22 maxlen: 24
                          185.226.173.0/24 maxlen: 24
                          185.252.176.0/24 maxlen: 24
                          194.48.251.0/24 maxlen: 24
                          194.55.224.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:30:71:0d:d2:ed:32:18:02:ab:f7:86:98:7f:c0:f0:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan 22 09:12:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6f87154006b3e2f87833d3522d529bd09b7fcc7f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:00:9f:85:2a:e0:47:09:ec:e9:99:10:d7:d7:
                    1a:95:f4:66:ef:e2:e9:21:f1:dd:5d:35:d2:08:ac:
                    90:ba:5c:30:86:d8:d7:87:a3:ec:e6:a5:c1:e1:83:
                    0f:a8:4f:2b:dc:78:47:a8:8d:77:20:eb:c9:d6:30:
                    0e:09:01:81:18:88:7d:fb:65:b6:ee:f3:ef:4b:f6:
                    43:73:ce:5f:e5:85:86:7f:a8:85:25:8c:21:2f:03:
                    e2:12:6d:29:fc:dc:b7:9e:ee:7a:4a:99:79:8f:bf:
                    ec:fe:0a:19:41:5b:06:24:1e:db:40:09:48:e5:85:
                    a9:e1:0d:12:d5:8c:a8:ff:95:22:fc:b4:cb:25:8c:
                    e3:99:c3:50:8d:86:57:42:3f:e1:60:3b:6c:af:a0:
                    19:c8:f3:2a:20:29:71:e4:24:f8:f3:30:f7:8e:e4:
                    68:8f:ef:45:c3:dd:a0:22:e7:17:62:f4:25:a6:dc:
                    c3:eb:68:d7:23:e1:6a:3d:9b:05:84:5d:71:6c:0c:
                    1c:f8:91:2f:a1:f5:c4:00:81:12:4f:eb:11:6e:91:
                    10:7d:6b:46:74:0d:1e:ec:f3:7a:71:76:9f:dc:6a:
                    db:c6:68:3d:6b:f2:ca:b8:73:e9:41:76:5f:44:c7:
                    c4:4b:c5:06:8b:10:f7:ad:06:f8:0a:c9:7e:17:8d:
                    9a:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:87:15:40:06:B3:E2:F8:78:33:D3:52:2D:52:9B:D0:9B:7F:CC:7F
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/b4cVQAaz4vh4M9NSLVKb0Jt_zH8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.84.89.0/24
                  45.88.90.0/24
                  45.151.89.0/24
                  87.120.87.0/24
                  87.121.45.0/24
                  87.121.221.0/24
                  92.119.196.0/23
                  94.154.161.0-94.154.163.255
                  94.154.172.0/24
                  94.156.239.0/24
                  94.156.248.0/24
                  95.214.24.0/24
                  147.78.101.0-147.78.102.255
                  171.22.72.0/22
                  178.215.224.0/24
                  178.215.236.0/24
                  185.216.84.0/22
                  185.218.84.0/22
                  185.226.173.0/24
                  185.252.176.0/24
                  194.48.251.0/24
                  194.55.224.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:68:b8:c3:bc:77:07:6e:d3:79:28:45:d8:d6:57:2e:58:ed:
         c2:57:ef:68:f8:3c:5c:9a:1a:52:a5:75:f8:ea:99:ab:fa:7a:
         74:94:92:b8:eb:60:96:1a:a3:fa:ad:62:27:f4:24:cf:60:7d:
         ae:84:76:5a:e8:03:f1:52:e1:6e:31:6c:63:53:c3:35:52:ce:
         ea:44:a1:fc:b6:a8:bc:96:0d:4a:9b:5d:67:8e:2e:49:d3:9d:
         76:7f:31:56:94:8b:91:38:1e:a8:25:da:82:34:9f:97:ee:a9:
         cc:fa:0d:47:e8:82:7e:2b:c5:8c:f7:a9:d4:36:77:88:35:12:
         59:82:7d:b1:73:78:0d:46:cc:25:0e:32:f7:7e:4c:bd:a4:8b:
         6e:f8:d5:6f:e0:80:54:ef:eb:aa:76:a4:9e:4c:fb:34:da:3e:
         ed:be:03:50:18:e9:c0:69:21:3c:bf:25:ce:98:04:61:ac:5d:
         57:4b:13:1a:9d:4a:88:c4:45:09:dd:65:f8:e8:36:90:99:2c:
         75:95:34:6e:88:02:50:ba:c0:30:a1:8f:ee:1c:34:b3:55:08:
         1c:81:c5:98:e2:a4:9b:ab:48:0d:31:d1:37:df:6e:c3:30:e0:
         1a:38:3d:6c:8c:89:fd:c9:86:a0:da:ea:67:e3:40:a6:6d:6d:
         d2:6e:d9:00
-----BEGIN CERTIFICATE-----
MIIFkDCCBHigAwIBAgISAY0wcQ3S7TIYAqv3hph/wPBTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMTIyMDkxMjExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Zjg3MTU0MDA2YjNlMmY4NzgzM2QzNTIyZDUyOWJkMDliN2ZjYzdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoQCfhSrgRwns6ZkQ19calfRm7+Lp
IfHdXTXSCKyQulwwhtjXh6Ps5qXB4YMPqE8r3HhHqI13IOvJ1jAOCQGBGIh9+2W2
7vPvS/ZDc85f5YWGf6iFJYwhLwPiEm0p/Ny3nu56Spl5j7/s/goZQVsGJB7bQAlI
5YWp4Q0S1Yyo/5Ui/LTLJYzjmcNQjYZXQj/hYDtsr6AZyPMqIClx5CT48zD3juRo
j+9Fw92gIucXYvQlptzD62jXI+FqPZsFhF1xbAwc+JEvofXEAIEST+sRbpEQfWtG
dA0e7PN6cXaf3Grbxmg9a/LKuHPpQXZfRMfES8UGixD3rQb4Csl+F42apwIDAQAB
o4ICnDCCApgwHQYDVR0OBBYEFG+HFUAGs+L4eDPTUi1Sm9Cbf8x/MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvYjRjVlFBYXo0dmg0TTlOU0xWS2IwSnRfekg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGxBggrBgEFBQcBBwEB/wSBoTCBnjCBmwQCAAEwgZQDBAAt
VFkDBAAtWFoDBAAtl1kDBABXeFcDBABXeS0DBABXed0DBAFcd8QwDAMEAF6aoQME
Al6aoAMEAF6arAMEAF6c7wMEAF6c+AMEAF/WGDAMAwQAk05lAwQAk05mAwQCqxZI
AwQAstfgAwQAstfsAwQCudhUAwQCudpUAwQAueKtAwQAufywAwQAwjD7AwQAwjfg
MA0GCSqGSIb3DQEBCwUAA4IBAQAmaLjDvHcHbtN5KEXY1lcuWO3CV+9o+DxcmhpS
pXX46pmr+np0lJK462CWGqP6rWIn9CTPYH2uhHZa6APxUuFuMWxjU8M1Us7qRKH8
tqi8lg1Km11nji5J0512fzFWlIuROB6oJdqCNJ+X7qnM+g1H6IJ+K8WM96nUNneI
NRJZgn2xc3gNRswlDjL3fky9pItu+NVv4IBU7+uqdqSeTPs02j7tvgNQGOnAaSE8
vyXOmARhrF1XSxManUqIxEUJ3WX46DaQmSx1lTRuiAJQusAwoY/uHDSzVQgcgcWY
4qSbq0gNMdE3327DMOAaOD1sjIn9yYag2upn40CmbW3SbtkA
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:37 2024 by rpki-client on console-ams.rpki-client.org