Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/mwPliPZsQRTf7lVTCg03j-BGqJ4.roa
File:                     mwPliPZsQRTf7lVTCg03j-BGqJ4.roa (raw, json)
Hash identifier:          yoH/SVyx5t5t8uhOG7IjQVcx0s7zHAFS5nOq/RRKddM=
Subject key identifier:   9B:03:E5:88:F6:6C:41:14:DF:EE:55:53:0A:0D:37:8F:E0:46:A8:9E
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       0188BEFCE1A8315B107765343D8259CC96A0
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/mwPliPZsQRTf7lVTCg03j-BGqJ4.roa
Signing time:             Thu 15 Jun 2023 12:17:03 +0000
ROA not before:           Thu 15 Jun 2023 12:17:03 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     207459
IP address blocks:        91.92.24.0/24 maxlen: 24
                          91.92.24.0/23 maxlen: 23
                          91.92.25.0/24 maxlen: 24
                          193.149.29.0/24 maxlen: 24
                          193.149.30.0/24 maxlen: 24
                          193.149.28.0/22 maxlen: 22
                          193.149.31.0/24 maxlen: 24
                          193.149.28.0/24 maxlen: 24
                          171.22.19.0/24 maxlen: 24
                          185.221.67.0/24 maxlen: 24
                          87.120.87.0/24 maxlen: 24
                          194.180.50.0/24 maxlen: 24
                          93.123.116.0/24 maxlen: 24
                          94.154.163.0/24 maxlen: 24
                          176.125.255.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:be:fc:e1:a8:31:5b:10:77:65:34:3d:82:59:cc:96:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jun 15 12:17:03 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=9b03e588f66c4114dfee55530a0d378fe046a89e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:f5:f8:94:9b:53:6d:07:fc:56:b7:72:1f:98:
                    61:4b:6f:a8:16:43:cf:97:d9:d8:81:e0:26:d4:27:
                    83:00:3b:8b:e4:1e:84:2c:7d:17:55:a2:7d:2b:a2:
                    26:84:01:aa:e5:7a:6a:18:db:59:93:51:54:f9:fd:
                    f9:89:c4:03:9d:32:28:53:f2:ce:92:95:c6:e2:e0:
                    84:b7:79:9c:28:67:56:97:40:3c:07:18:56:01:58:
                    8d:7b:2c:4f:56:c7:07:84:b6:6a:95:f3:4b:f3:89:
                    f1:a8:96:4a:22:41:c8:d8:1b:1d:3c:68:19:ea:95:
                    1d:6f:ac:d4:df:0c:dc:79:85:83:3c:1a:96:d1:a2:
                    3f:5b:85:b1:e2:4c:5a:37:41:38:46:cd:13:84:69:
                    b6:d0:56:3c:aa:03:53:17:c8:74:87:6d:b3:bc:07:
                    0d:fb:01:02:c7:4f:18:c1:75:00:c8:b0:c6:6e:2d:
                    e4:d9:d0:93:c4:e7:40:5a:b9:75:47:47:f3:9b:cc:
                    42:65:a6:5e:72:28:da:3b:df:2c:a2:64:e2:e8:b5:
                    99:e7:f6:bc:58:ab:4a:1d:3e:73:ec:8c:a5:ec:ac:
                    73:e9:fb:bc:0b:0a:85:7b:4b:1b:50:83:2d:06:68:
                    f4:eb:5f:b7:1a:0a:b7:03:a9:7b:15:9d:5f:91:41:
                    f9:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:03:E5:88:F6:6C:41:14:DF:EE:55:53:0A:0D:37:8F:E0:46:A8:9E
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/mwPliPZsQRTf7lVTCg03j-BGqJ4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.120.87.0/24
                  91.92.24.0/23
                  93.123.116.0/24
                  94.154.163.0/24
                  171.22.19.0/24
                  176.125.255.0/24
                  185.221.67.0/24
                  193.149.28.0/22
                  194.180.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:c7:38:d8:06:b8:44:c2:27:e5:c5:ef:23:af:b1:82:30:3c:
         cc:f6:0d:83:cf:db:da:e9:fa:0a:ea:5e:10:86:f3:47:3b:4d:
         fd:18:f7:73:e5:a0:2a:39:77:69:6c:32:30:54:57:0a:13:81:
         df:6a:8b:16:82:c9:49:28:5b:f7:62:85:85:16:50:35:3b:b2:
         cc:83:be:9c:fa:9d:71:97:ba:ae:f6:a8:cd:84:bf:e3:0b:c0:
         9e:66:d2:dd:ed:6d:3f:dc:9f:f2:01:3d:8e:3d:f1:62:9d:09:
         a3:38:98:54:94:64:e1:fc:b0:26:a7:95:40:08:99:9a:90:b1:
         01:e2:45:38:2b:73:28:5c:90:9b:2f:d2:f0:5b:63:d1:20:9d:
         a2:34:ee:f4:71:19:a6:b3:15:0d:82:ec:c6:5a:57:57:db:66:
         9e:28:07:8c:96:fc:cb:bd:e3:ab:d3:b7:05:de:de:27:98:be:
         8b:d6:26:d0:95:6c:ee:33:b7:96:d3:97:76:f9:62:fc:0b:8b:
         ca:08:48:e9:e3:34:a8:db:1b:f7:b1:ca:4d:7b:c1:3c:13:a6:
         d2:75:95:db:06:40:6e:19:27:d9:b3:a6:70:48:f2:80:97:83:
         36:8b:57:8d:70:0a:c1:f4:41:c7:57:1a:c0:a7:cb:f4:1e:f7:
         11:da:88:41
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYi+/OGoMVsQd2U0PYJZzJagMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwNjE1MTIxNzAzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YjAzZTU4OGY2NmM0MTE0ZGZlZTU1NTMwYTBkMzc4ZmUwNDZhODllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1vX4lJtTbQf8VrdyH5hhS2+oFkPP
l9nYgeAm1CeDADuL5B6ELH0XVaJ9K6ImhAGq5XpqGNtZk1FU+f35icQDnTIoU/LO
kpXG4uCEt3mcKGdWl0A8BxhWAViNeyxPVscHhLZqlfNL84nxqJZKIkHI2BsdPGgZ
6pUdb6zU3wzceYWDPBqW0aI/W4Wx4kxaN0E4Rs0ThGm20FY8qgNTF8h0h22zvAcN
+wECx08YwXUAyLDGbi3k2dCTxOdAWrl1R0fzm8xCZaZecijaO98somTi6LWZ5/a8
WKtKHT5z7Iyl7Kxz6fu8CwqFe0sbUIMtBmj061+3Ggq3A6l7FZ1fkUH5BQIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFJsD5Yj2bEEU3+5VUwoNN4/gRqieMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvbXdQbGlQWnNRUlRmN2xWVENnMDNqLUJHcUo0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQAV3hXAwQB
W1wYAwQAXXt0AwQAXpqjAwQAqxYTAwQAsH3/AwQAud1DAwQCwZUcAwQAwrQyMA0G
CSqGSIb3DQEBCwUAA4IBAQBuxzjYBrhEwiflxe8jr7GCMDzM9g2Dz9va6foK6l4Q
hvNHO039GPdz5aAqOXdpbDIwVFcKE4HfaosWgslJKFv3YoWFFlA1O7LMg76c+p1x
l7qu9qjNhL/jC8CeZtLd7W0/3J/yAT2OPfFinQmjOJhUlGTh/LAmp5VACJmakLEB
4kU4K3MoXJCbL9LwW2PRIJ2iNO70cRmmsxUNguzGWldX22aeKAeMlvzLveOr07cF
3t4nmL6L1ibQlWzuM7eW05d2+WL8C4vKCEjp4zSo2xv3scpNe8E8E6bSdZXbBkBu
GSfZs6ZwSPKAl4M2i1eNcArB9EHHVxrAp8v0HvcR2ohB
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:42 2024 by rpki-client on console-ams.rpki-client.org