Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/e8Lx231zJS7mCx8ba_StXVKIVVM.roa
File:                     e8Lx231zJS7mCx8ba_StXVKIVVM.roa (raw, json)
Hash identifier:          Rn9tMhv15pi+JqPQL1pOUwv+OQqQoL+RQ0cki/PlNKY=
Subject key identifier:   7B:C2:F1:DB:7D:73:25:2E:E6:0B:1F:1B:6B:F4:AD:5D:52:88:55:53
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018CC8DCFC29202DFF74E0140897CFE474C0
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/e8Lx231zJS7mCx8ba_StXVKIVVM.roa
Signing time:             Tue 02 Jan 2024 06:29:34 +0000
ROA not before:           Tue 02 Jan 2024 06:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200105
IP address blocks:        87.121.124.0/23 maxlen: 24
                          91.200.192.0/22 maxlen: 24
                          45.129.84.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dc:fc:29:20:2d:ff:74:e0:14:08:97:cf:e4:74:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan  2 06:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7bc2f1db7d73252ee60b1f1b6bf4ad5d52885553
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:a3:66:67:a4:3e:01:a7:c9:a7:42:69:90:b0:
                    29:d1:09:89:12:46:a5:95:be:d3:bf:06:09:5d:ca:
                    bc:27:dc:c8:02:5a:dd:70:70:3f:36:a5:e7:04:62:
                    05:e5:f5:dd:45:04:b4:a3:ea:97:41:26:ea:d9:56:
                    f4:c1:0c:d3:a0:47:4b:07:f2:86:86:67:94:4f:4d:
                    22:ed:c4:d6:bd:43:8e:6c:11:1e:dd:36:7b:03:07:
                    fd:c7:1e:d9:b0:09:c7:16:06:48:80:3e:09:9a:f9:
                    b5:d6:31:d3:91:24:5a:34:ef:a9:15:b5:48:8e:62:
                    6e:f5:dc:ae:f6:f1:c2:7d:a9:b5:dd:9f:a1:a6:d4:
                    a0:32:c8:07:13:84:70:09:c1:20:6d:ee:db:b4:de:
                    ad:4b:b3:c9:99:67:3c:c4:67:ca:bc:32:9d:b4:cb:
                    a0:c2:4f:6b:e9:0a:3d:6e:e9:32:e3:44:86:a0:92:
                    c2:34:f3:45:64:8b:65:ae:a3:f6:38:b0:8a:d4:1e:
                    91:45:65:be:b7:79:0f:91:d2:93:09:8b:bf:26:2d:
                    7a:39:22:11:bf:1b:1c:72:92:8d:6b:99:0d:67:6d:
                    4b:8b:8b:bb:27:b6:02:3c:f1:ff:97:e1:a2:c7:11:
                    35:0f:c7:61:a6:c5:7e:33:f6:85:2a:54:f7:65:31:
                    ac:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:C2:F1:DB:7D:73:25:2E:E6:0B:1F:1B:6B:F4:AD:5D:52:88:55:53
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/e8Lx231zJS7mCx8ba_StXVKIVVM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.129.84.0/24
                  87.121.124.0/23
                  91.200.192.0/22

    Signature Algorithm: sha256WithRSAEncryption
         25:8d:6b:eb:ee:4e:6e:52:82:02:97:a4:7f:a4:f2:f6:f2:e3:
         6f:7f:d5:7f:db:4a:c9:69:b2:e0:b0:48:9a:d8:02:86:b6:7e:
         cf:d2:aa:0f:e9:38:bf:7f:63:c2:c2:08:8a:8b:30:e1:b7:8c:
         01:78:8d:7e:94:ed:fb:46:34:5a:5a:13:73:fd:25:11:14:f5:
         0f:d4:da:a5:e6:d5:b5:80:2c:26:b9:0c:73:ea:6a:c5:ed:66:
         cc:30:2b:f9:6a:ae:dd:5d:c0:67:1c:75:ef:a8:64:ab:98:93:
         2c:11:23:9c:a2:11:ec:dc:98:a0:f5:1b:7e:11:cd:f4:19:54:
         52:ac:4d:50:02:2d:a7:d7:f2:75:cf:38:71:fb:12:48:14:30:
         03:62:b9:c0:66:91:b3:24:b8:a1:14:a2:95:63:bd:80:e8:64:
         38:0b:d8:da:c6:64:97:56:a2:a3:3d:d2:f2:5c:a6:5e:a2:74:
         44:9c:67:5a:0c:2b:8e:51:b4:d9:17:d4:29:4f:dc:6b:18:5c:
         fe:80:6b:8d:f8:c0:ab:ce:b5:bd:fb:d3:f3:2e:1e:06:e4:fd:
         96:1f:1b:92:b4:93:f8:2d:9b:2e:7a:61:52:66:ed:f4:5f:83:
         51:b0:46:cd:25:84:00:5d:67:ef:8a:ca:72:64:1e:39:e6:1e:
         8d:54:0e:bb
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzI3PwpIC3/dOAUCJfP5HTAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMTAyMDYyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YmMyZjFkYjdkNzMyNTJlZTYwYjFmMWI2YmY0YWQ1ZDUyODg1NTUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhKNmZ6Q+AafJp0JpkLAp0QmJEkal
lb7TvwYJXcq8J9zIAlrdcHA/NqXnBGIF5fXdRQS0o+qXQSbq2Vb0wQzToEdLB/KG
hmeUT00i7cTWvUOObBEe3TZ7Awf9xx7ZsAnHFgZIgD4Jmvm11jHTkSRaNO+pFbVI
jmJu9dyu9vHCfam13Z+hptSgMsgHE4RwCcEgbe7btN6tS7PJmWc8xGfKvDKdtMug
wk9r6Qo9buky40SGoJLCNPNFZItlrqP2OLCK1B6RRWW+t3kPkdKTCYu/Ji16OSIR
vxsccpKNa5kNZ21Li4u7J7YCPPH/l+GixxE1D8dhpsV+M/aFKlT3ZTGsIQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFHvC8dt9cyUu5gsfG2v0rV1SiFVTMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvZThMeDIzMXpKUzdtQ3g4YmFfU3RYVktJVlZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALYFUAwQB
V3l8AwQCW8jAMA0GCSqGSIb3DQEBCwUAA4IBAQAljWvr7k5uUoICl6R/pPL28uNv
f9V/20rJabLgsEia2AKGtn7P0qoP6Ti/f2PCwgiKizDht4wBeI1+lO37RjRaWhNz
/SURFPUP1Nql5tW1gCwmuQxz6mrF7WbMMCv5aq7dXcBnHHXvqGSrmJMsESOcohHs
3Jig9Rt+Ec30GVRSrE1QAi2n1/J1zzhx+xJIFDADYrnAZpGzJLihFKKVY72A6GQ4
C9jaxmSXVqKjPdLyXKZeonREnGdaDCuOUbTZF9QpT9xrGFz+gGuN+MCrzrW9+9Pz
Lh4G5P2WHxuStJP4LZsuemFSZu30X4NRsEbNJYQAXWfvispyZB455h6NVA67
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:17:15 2024 by rpki-client on console-fra.rpki-client.org