Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/m3FO6dSHNlE4SUDQxMxaM38t4KU.roa
File:                     m3FO6dSHNlE4SUDQxMxaM38t4KU.roa (raw, json)
Hash identifier:          yjIGCPrweMyCI8HivULUgPeX8rqGdZL7tuJtQ0wmdM0=
Subject key identifier:   9B:71:4E:E9:D4:87:36:51:38:49:40:D0:C4:CC:5A:33:7F:2D:E0:A5
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018D1C5A8B381DDF0A24451D747305B95EB0
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/m3FO6dSHNlE4SUDQxMxaM38t4KU.roa
Signing time:             Thu 18 Jan 2024 11:35:12 +0000
ROA not before:           Thu 18 Jan 2024 11:35:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206003
IP address blocks:        37.139.130.0/24 maxlen: 24
                          45.129.84.0/24 maxlen: 24
                          45.141.158.0/24 maxlen: 24
                          79.110.61.0/24 maxlen: 24
                          81.161.239.0/24 maxlen: 24
                          87.121.124.0/23 maxlen: 24
                          87.121.162.0/24 maxlen: 24
                          91.200.192.0/22 maxlen: 24
                          171.22.17.0/24 maxlen: 24
                          171.22.31.0/24 maxlen: 24
                          193.25.216.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:1c:5a:8b:38:1d:df:0a:24:45:1d:74:73:05:b9:5e:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan 18 11:35:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9b714ee9d4873651384940d0c4cc5a337f2de0a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:37:80:e0:8f:c2:a0:9d:f1:cf:82:ff:2b:63:
                    09:81:d4:f0:fc:07:3d:d0:28:3e:d6:cb:16:05:42:
                    18:89:82:bf:e0:72:7a:36:e6:94:dd:a2:45:ac:50:
                    ad:18:3b:16:35:c4:cf:47:7c:b0:b1:03:a0:2c:78:
                    b5:2a:89:90:ff:ad:22:40:89:dc:25:be:a8:70:75:
                    83:10:1b:9b:d9:6c:b8:d2:ed:cb:d7:d8:06:b6:cd:
                    27:26:2c:ad:71:2e:91:a8:b9:44:94:5e:1c:42:01:
                    90:04:86:71:f1:ea:c5:b2:b3:ee:bb:e8:fc:9b:cf:
                    0b:26:2b:6e:61:91:44:8c:e5:3f:d4:a6:52:b6:6c:
                    dd:26:69:ea:96:7b:35:a8:8b:18:17:d1:00:a3:ec:
                    20:6d:d8:25:c5:87:d1:e0:1e:f9:c1:dc:fc:00:6e:
                    67:9e:4e:a8:09:61:ce:7c:0d:93:ed:b7:ba:86:19:
                    8e:fe:7b:5a:b0:ac:cc:1c:23:56:9c:57:5b:2f:02:
                    f8:a6:70:40:db:49:3e:73:7c:f8:7b:aa:d0:21:12:
                    ff:77:d2:30:28:a3:88:11:23:31:af:96:8e:ac:a5:
                    0f:53:df:5b:bb:94:7e:3f:96:b6:58:5c:9f:fd:3c:
                    2a:43:b9:a0:f5:47:08:9f:1c:31:75:07:c9:00:4f:
                    41:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:71:4E:E9:D4:87:36:51:38:49:40:D0:C4:CC:5A:33:7F:2D:E0:A5
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/m3FO6dSHNlE4SUDQxMxaM38t4KU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.139.130.0/24
                  45.129.84.0/24
                  45.141.158.0/24
                  79.110.61.0/24
                  81.161.239.0/24
                  87.121.124.0/23
                  87.121.162.0/24
                  91.200.192.0/22
                  171.22.17.0/24
                  171.22.31.0/24
                  193.25.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:92:b8:f1:01:35:e6:ea:06:c8:48:36:97:3b:af:85:46:3e:
         a9:b3:d3:8d:18:3a:75:f3:8e:a3:a5:6c:cf:a7:11:10:0e:04:
         4f:22:a6:e5:48:1a:78:99:eb:3e:0d:37:fd:d4:e4:58:63:70:
         d8:e9:cb:ac:2b:a0:8d:27:11:0d:82:a3:ac:24:64:da:90:6f:
         1f:cf:7d:3a:77:69:1d:1e:3f:f3:d4:01:a6:3e:51:76:bc:4b:
         dc:ef:45:08:9c:70:76:a5:e7:22:c1:c4:f2:dd:bf:2f:96:32:
         7f:06:7b:b8:d2:fa:c4:9c:df:e5:a2:55:9c:8d:25:e2:3b:31:
         e1:4c:60:73:46:21:c5:0b:a3:59:d5:ae:34:5f:3d:1b:0d:5d:
         f9:5d:8d:26:32:97:2a:15:c1:1f:e6:43:48:15:c0:1a:15:b8:
         b1:99:72:cf:a7:d8:be:51:7e:32:4c:a4:58:99:3e:1a:38:de:
         3c:26:f1:98:55:7d:0f:c8:b5:1d:0a:10:3b:fb:11:96:50:50:
         54:72:01:03:5c:6a:02:a9:a0:0d:64:dc:13:59:30:20:71:3d:
         3f:ca:4f:49:dc:98:6e:9c:c0:92:dd:e2:de:7f:03:06:1f:8e:
         9e:a2:12:9f:85:75:a8:43:bb:d1:bc:d5:a1:3c:07:94:b7:3a:
         5a:8d:62:1e
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAY0cWos4Hd8KJEUddHMFuV6wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMTE4MTEzNTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YjcxNGVlOWQ0ODczNjUxMzg0OTQwZDBjNGNjNWEzMzdmMmRlMGE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvzeA4I/CoJ3xz4L/K2MJgdTw/Ac9
0Cg+1ssWBUIYiYK/4HJ6NuaU3aJFrFCtGDsWNcTPR3ywsQOgLHi1KomQ/60iQInc
Jb6ocHWDEBub2Wy40u3L19gGts0nJiytcS6RqLlElF4cQgGQBIZx8erFsrPuu+j8
m88LJituYZFEjOU/1KZStmzdJmnqlns1qIsYF9EAo+wgbdglxYfR4B75wdz8AG5n
nk6oCWHOfA2T7be6hhmO/ntasKzMHCNWnFdbLwL4pnBA20k+c3z4e6rQIRL/d9Iw
KKOIESMxr5aOrKUPU99bu5R+P5a2WFyf/TwqQ7mg9UcInxwxdQfJAE9BKwIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFJtxTunUhzZROElA0MTMWjN/LeClMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvbTNGTzZkU0hObEU0U1VEUXhNeGFNMzh0NEtVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQAJYuCAwQA
LYFUAwQALY2eAwQAT249AwQAUaHvAwQBV3l8AwQAV3miAwQCW8jAAwQAqxYRAwQA
qxYfAwQAwRnYMA0GCSqGSIb3DQEBCwUAA4IBAQBRkrjxATXm6gbISDaXO6+FRj6p
s9ONGDp1846jpWzPpxEQDgRPIqblSBp4mes+DTf91ORYY3DY6cusK6CNJxENgqOs
JGTakG8fz306d2kdHj/z1AGmPlF2vEvc70UInHB2peciwcTy3b8vljJ/Bnu40vrE
nN/lolWcjSXiOzHhTGBzRiHFC6NZ1a40Xz0bDV35XY0mMpcqFcEf5kNIFcAaFbix
mXLPp9i+UX4yTKRYmT4aON48JvGYVX0PyLUdChA7+xGWUFBUcgEDXGoCqaANZNwT
WTAgcT0/yk9J3JhunMCS3eLefwMGH46eohKfhXWoQ7vRvNWhPAeUtzpajWIe
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:17:18 2024 by rpki-client on console-fra.rpki-client.org