Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/eYr8pS9rb8nE6SrIGOc11Yu8uvc.roa
File:                     eYr8pS9rb8nE6SrIGOc11Yu8uvc.roa (raw, json)
Hash identifier:          uo+TSoIZMFaoY6UQfqrxkMtN0lrZ/LbECOuV6mZG2Ao=
Subject key identifier:   79:8A:FC:A5:2F:6B:6F:C9:C4:E9:2A:C8:18:E7:35:D5:8B:BC:BA:F7
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       01842D1F3844043011DB557813D07ACD4AD3
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/eYr8pS9rb8nE6SrIGOc11Yu8uvc.roa
Signing time:             Mon 31 Oct 2022 08:18:51 +0000
ROA not before:           Mon 31 Oct 2022 08:18:51 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     209371
IP address blocks:        194.55.224.0/24 maxlen: 24
                          178.215.226.0/24 maxlen: 24
                          194.55.225.0/24 maxlen: 24
                          178.215.225.0/24 maxlen: 24
                          84.54.49.0/24 maxlen: 24
                          194.55.227.0/24 maxlen: 24
                          178.215.227.0/24 maxlen: 24
                          178.215.239.0/24 maxlen: 24
                          80.76.48.0/24 maxlen: 24
                          85.31.47.0/24 maxlen: 24
                          85.31.45.0/24 maxlen: 24
                          193.47.63.0/24 maxlen: 24
                          84.21.173.0/24 maxlen: 24
                          185.216.70.0/24 maxlen: 24
                          185.216.69.0/24 maxlen: 24
                          194.180.36.0/24 maxlen: 24
                          87.120.87.0/24 maxlen: 24
                          82.115.208.0/24 maxlen: 24
                          193.35.19.0/24 maxlen: 24
                          94.154.172.0/24 maxlen: 24
                          193.25.218.0/24 maxlen: 24
                          193.25.217.0/24 maxlen: 24
                          84.21.172.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:2d:1f:38:44:04:30:11:db:55:78:13:d0:7a:cd:4a:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Oct 31 08:18:51 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=798afca52f6b6fc9c4e92ac818e735d58bbcbaf7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:e0:5a:f6:82:d1:68:e7:2d:33:f2:b9:1d:d7:
                    aa:78:6e:7e:c6:70:71:69:27:79:fd:bc:14:5d:03:
                    75:f5:9c:c5:63:79:f2:60:b3:5c:66:5b:61:68:5a:
                    68:70:38:78:8b:08:f4:ec:c5:a5:28:0f:57:6d:6b:
                    7e:ce:87:d8:b6:5c:d5:43:0a:3f:36:1f:04:f8:69:
                    04:70:52:a6:fc:f0:1f:08:bd:37:7a:e3:24:22:bc:
                    61:8f:76:aa:20:c1:17:0e:f1:50:3c:a9:f0:10:a1:
                    e5:dc:7c:0d:cc:2c:46:32:cb:ea:b9:62:cf:29:62:
                    80:66:11:f4:fb:bc:44:e9:bb:92:87:97:5f:67:1f:
                    ec:e4:92:0a:d7:67:5d:2e:3f:1c:02:78:98:54:23:
                    43:f0:bd:c3:25:f6:72:0e:fd:e6:72:4f:12:81:71:
                    75:89:58:07:06:79:0f:41:70:0f:8a:c9:16:8a:eb:
                    f1:cc:e5:41:14:ba:9c:30:b8:32:24:ba:56:61:7b:
                    10:35:b5:05:10:8d:e6:51:ca:e0:04:43:c6:26:7b:
                    c4:87:0d:6b:f2:3b:f3:f4:7a:5c:3d:25:51:22:ba:
                    80:4a:cb:21:be:4c:d6:67:41:92:aa:15:5c:64:32:
                    9e:5a:3e:6d:c6:72:1f:7d:55:6e:52:38:0d:74:15:
                    94:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:8A:FC:A5:2F:6B:6F:C9:C4:E9:2A:C8:18:E7:35:D5:8B:BC:BA:F7
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/eYr8pS9rb8nE6SrIGOc11Yu8uvc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.76.48.0/24
                  82.115.208.0/24
                  84.21.172.0/23
                  84.54.49.0/24
                  85.31.45.0/24
                  85.31.47.0/24
                  87.120.87.0/24
                  94.154.172.0/24
                  178.215.225.0-178.215.227.255
                  178.215.239.0/24
                  185.216.69.0-185.216.70.255
                  193.25.217.0-193.25.218.255
                  193.35.19.0/24
                  193.47.63.0/24
                  194.55.224.0/23
                  194.55.227.0/24
                  194.180.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:b7:7b:09:dd:d0:83:7a:03:81:ab:aa:d2:08:6b:d5:06:37:
         38:1a:b8:b4:91:35:c0:b8:33:c5:28:d4:c2:6d:98:7c:00:62:
         c6:58:d9:5b:25:b2:10:84:cf:88:82:bb:84:95:b3:8d:cc:ed:
         46:e8:6f:ce:3f:7b:d4:22:8a:32:7b:f2:dc:2c:68:17:33:69:
         21:eb:8a:a5:34:69:25:55:64:7e:12:00:e9:a7:fb:62:36:c9:
         79:9d:dc:bf:0b:bd:cb:e1:67:bb:8d:11:0c:cf:81:03:b1:38:
         c8:df:15:c1:dc:03:8d:50:b9:0a:a3:ce:4b:5f:f1:a4:b2:9a:
         08:f3:bb:fa:5f:27:0b:fc:b3:dc:f4:e7:1f:87:6f:73:f0:e0:
         de:34:1b:4a:d1:75:a5:19:4d:ca:26:99:81:cd:ef:41:80:89:
         43:6a:04:d4:37:53:35:80:50:9f:4c:ad:bd:33:2e:8d:6a:49:
         53:7d:62:8f:5f:de:b6:d9:3b:ae:aa:fd:15:64:2d:7b:07:f6:
         87:91:1c:27:3d:42:89:7a:55:c7:ec:55:5d:3f:9d:c5:9a:b3:
         56:7f:ac:69:8b:53:af:74:db:86:ca:68:f6:e7:cc:f6:1c:37:
         b7:c8:9b:48:11:e2:a1:0e:20:7f:b0:36:ef:bf:2c:a8:05:45:
         e7:13:b1:96
-----BEGIN CERTIFICATE-----
MIIFeTCCBGGgAwIBAgISAYQtHzhEBDAR21V4E9B6zUrTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjIxMDMxMDgxODUxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OThhZmNhNTJmNmI2ZmM5YzRlOTJhYzgxOGU3MzVkNThiYmNiYWY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu+Ba9oLRaOctM/K5HdeqeG5+xnBx
aSd5/bwUXQN19ZzFY3nyYLNcZlthaFpocDh4iwj07MWlKA9XbWt+zofYtlzVQwo/
Nh8E+GkEcFKm/PAfCL03euMkIrxhj3aqIMEXDvFQPKnwEKHl3HwNzCxGMsvquWLP
KWKAZhH0+7xE6buSh5dfZx/s5JIK12ddLj8cAniYVCND8L3DJfZyDv3mck8SgXF1
iVgHBnkPQXAPiskWiuvxzOVBFLqcMLgyJLpWYXsQNbUFEI3mUcrgBEPGJnvEhw1r
8jvz9HpcPSVRIrqASsshvkzWZ0GSqhVcZDKeWj5txnIffVVuUjgNdBWUwQIDAQAB
o4IChTCCAoEwHQYDVR0OBBYEFHmK/KUva2/JxOkqyBjnNdWLvLr3MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvZVlyOHBTOXJiOG5FNlNySUdPYzExWXU4dXZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGaBggrBgEFBQcBBwEB/wSBijCBhzCBhAQCAAEwfgMEAFBM
MAMEAFJz0AMEAVQVrAMEAFQ2MQMEAFUfLQMEAFUfLwMEAFd4VwMEAF6arDAMAwQA
stfhAwQCstfgAwQAstfvMAwDBAC52EUDBAC52EYwDAMEAMEZ2QMEAMEZ2gMEAMEj
EwMEAMEvPwMEAcI34AMEAMI34wMEAMK0JDANBgkqhkiG9w0BAQsFAAOCAQEAc7d7
Cd3Qg3oDgauq0ghr1QY3OBq4tJE1wLgzxSjUwm2YfABixljZWyWyEITPiIK7hJWz
jcztRuhvzj971CKKMnvy3CxoFzNpIeuKpTRpJVVkfhIA6af7YjbJeZ3cvwu9y+Fn
u40RDM+BA7E4yN8VwdwDjVC5CqPOS1/xpLKaCPO7+l8nC/yz3PTnH4dvc/Dg3jQb
StF1pRlNyiaZgc3vQYCJQ2oE1DdTNYBQn0ytvTMujWpJU31ij1/ettk7rqr9FWQt
ewf2h5EcJz1CiXpVx+xVXT+dxZqzVn+saYtTr3Tbhspo9ufM9hw3t8ibSBHioQ4g
f7A2778sqAVF5xOxlg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:17:15 2024 by rpki-client on console-fra.rpki-client.org