Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/sZProqzipXzwbPutb3lArsz-_sk.roa
File:                     sZProqzipXzwbPutb3lArsz-_sk.roa (raw, json)
Hash identifier:          PhC8s/Uz/WGA5+Qa1fRuh5Jbi4WFEd2T/xxUi5z6W0s=
Subject key identifier:   B1:93:EB:A2:AC:E2:A5:7C:F0:6C:FB:AD:6F:79:40:AE:CC:FE:FE:C9
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       01894DBDCCA6A2E47F9E3B9E910E02B5A3BD
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/sZProqzipXzwbPutb3lArsz-_sk.roa
Signing time:             Thu 13 Jul 2023 05:33:51 +0000
ROA not before:           Thu 13 Jul 2023 05:33:51 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     207279
IP address blocks:        194.169.172.0/24 maxlen: 24
                          2.59.253.0/24 maxlen: 24
                          194.31.205.0/24 maxlen: 24
                          92.249.50.0/24 maxlen: 24
                          194.180.38.0/24 maxlen: 24
                          45.8.93.0/24 maxlen: 24
                          94.154.162.0/24 maxlen: 24
                          109.206.239.0/24 maxlen: 24
                          178.215.225.0/24 maxlen: 24
                          194.55.225.0/24 maxlen: 24
                          84.54.49.0/24 maxlen: 24
                          185.222.160.0/24 maxlen: 24
                          178.215.227.0/24 maxlen: 24
                          185.222.162.0/24 maxlen: 24
                          185.222.161.0/24 maxlen: 24
                          178.215.236.0/24 maxlen: 24
                          193.222.97.0/24 maxlen: 24
                          193.222.99.0/24 maxlen: 24
                          193.37.42.0/24 maxlen: 24
                          193.37.44.0/24 maxlen: 24
                          193.37.40.0/24 maxlen: 24
                          194.48.248.0/24 maxlen: 24
                          45.84.91.0/24 maxlen: 24
                          194.55.187.0/24 maxlen: 24
                          92.119.198.0/24 maxlen: 24
                          45.88.64.0/24 maxlen: 24
                          45.88.91.0/24 maxlen: 24
                          193.25.217.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:4d:bd:cc:a6:a2:e4:7f:9e:3b:9e:91:0e:02:b5:a3:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jul 13 05:33:51 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=b193eba2ace2a57cf06cfbad6f7940aeccfefec9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:4e:9b:b7:87:c1:fd:7c:57:ad:70:7b:f4:62:
                    fb:b8:d6:d0:8e:71:84:26:58:ea:73:b4:30:48:cb:
                    e7:95:5c:32:58:8c:9a:52:32:42:3e:f3:94:88:11:
                    7d:e2:38:42:23:bf:a7:d0:a2:eb:a2:2a:7a:29:b9:
                    37:05:7b:8d:5b:c6:7d:f4:23:72:f7:5d:5f:10:a4:
                    5c:1a:c7:6f:bb:6b:ba:a8:bb:ae:6c:91:1b:bd:1c:
                    f8:51:14:ce:c3:28:8d:38:ad:df:de:12:cb:ef:94:
                    98:5c:8b:93:f2:e5:87:92:66:46:25:29:61:34:71:
                    63:a3:6d:6d:5e:e2:07:1c:65:c3:bf:f4:79:28:09:
                    a4:c5:fa:48:81:0e:79:3a:13:aa:93:e5:9d:6c:a5:
                    b4:60:67:00:e7:b7:ff:1a:d7:17:87:85:7e:99:91:
                    ef:e1:f8:49:44:f1:c1:e8:01:ff:bd:98:85:48:f0:
                    a4:f3:1d:4f:e7:98:df:7a:0f:7e:fb:69:dc:49:d0:
                    2e:f2:80:4b:93:79:4e:60:cd:a9:25:11:3c:cf:d9:
                    46:73:6f:91:81:2f:76:fc:a9:56:15:c2:39:e5:9f:
                    22:79:3f:83:b4:1e:9e:c1:1d:41:71:22:14:2e:75:
                    d4:b3:18:f3:64:38:59:3f:68:9b:3e:52:bd:04:5d:
                    84:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:93:EB:A2:AC:E2:A5:7C:F0:6C:FB:AD:6F:79:40:AE:CC:FE:FE:C9
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/sZProqzipXzwbPutb3lArsz-_sk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.59.253.0/24
                  45.8.93.0/24
                  45.84.91.0/24
                  45.88.64.0/24
                  45.88.91.0/24
                  84.54.49.0/24
                  92.119.198.0/24
                  92.249.50.0/24
                  94.154.162.0/24
                  109.206.239.0/24
                  178.215.225.0/24
                  178.215.227.0/24
                  178.215.236.0/24
                  185.222.160.0-185.222.162.255
                  193.25.217.0/24
                  193.37.40.0/24
                  193.37.42.0/24
                  193.37.44.0/24
                  193.222.97.0/24
                  193.222.99.0/24
                  194.31.205.0/24
                  194.48.248.0/24
                  194.55.187.0/24
                  194.55.225.0/24
                  194.169.172.0/24
                  194.180.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b1:df:90:9f:ca:e0:5f:2b:65:fa:ab:73:7f:f9:c4:d8:ba:4a:
         0b:00:a8:52:71:ed:07:9a:30:8c:94:15:c8:98:1c:66:33:b1:
         a3:b6:5e:62:fb:b0:59:ba:9e:d2:6a:99:01:fe:9a:12:d8:a8:
         a3:3f:87:b2:11:7c:12:c0:04:e0:45:44:65:66:00:c3:b8:d4:
         ee:ac:1a:42:14:64:47:33:8c:6e:de:bd:6b:98:87:1a:59:51:
         76:21:c0:cc:ff:17:da:fd:ce:9e:46:82:0b:65:0e:d9:74:73:
         3f:e7:95:f0:bd:96:a3:90:05:d9:2a:87:36:fc:24:0e:28:c1:
         60:10:ae:17:60:04:07:8f:8a:35:b7:cd:bd:72:0b:d5:cb:e2:
         df:10:18:e2:dd:6f:b3:87:d6:6c:e6:40:ba:7d:b2:b3:72:35:
         0b:0e:fc:96:77:51:47:0e:cb:12:6d:8b:3c:a0:ca:b2:7b:84:
         08:cc:d5:a5:a5:3e:22:c9:01:07:61:84:ee:be:14:bb:16:82:
         17:87:a3:c1:fa:9f:74:36:a2:24:ae:14:cf:9b:03:b8:3e:55:
         30:c1:9f:d4:d4:1d:1f:c8:6a:37:85:3d:a8:82:5e:b0:71:36:
         1f:8e:15:4c:4f:d6:8d:1c:a5:65:03:5b:84:00:52:05:4e:17:
         f8:d4:52:7f
-----BEGIN CERTIFICATE-----
MIIFoDCCBIigAwIBAgISAYlNvcymouR/njuekQ4CtaO9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwNzEzMDUzMzUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTkzZWJhMmFjZTJhNTdjZjA2Y2ZiYWQ2Zjc5NDBhZWNjZmVmZWM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwE6bt4fB/XxXrXB79GL7uNbQjnGE
Jljqc7QwSMvnlVwyWIyaUjJCPvOUiBF94jhCI7+n0KLroip6Kbk3BXuNW8Z99CNy
911fEKRcGsdvu2u6qLuubJEbvRz4URTOwyiNOK3f3hLL75SYXIuT8uWHkmZGJSlh
NHFjo21tXuIHHGXDv/R5KAmkxfpIgQ55OhOqk+WdbKW0YGcA57f/GtcXh4V+mZHv
4fhJRPHB6AH/vZiFSPCk8x1P55jfeg9++2ncSdAu8oBLk3lOYM2pJRE8z9lGc2+R
gS92/KlWFcI55Z8ieT+DtB6ewR1BcSIULnXUsxjzZDhZP2ibPlK9BF2EswIDAQAB
o4ICrDCCAqgwHQYDVR0OBBYEFLGT66Ks4qV88Gz7rW95QK7M/v7JMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvc1pQcm9xemlwWHp3YlB1dGIzbEFyc3otX3NrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHBBggrBgEFBQcBBwEB/wSBsTCBrjCBqwQCAAEwgaQDBAAC
O/0DBAAtCF0DBAAtVFsDBAAtWEADBAAtWFsDBABUNjEDBABcd8YDBABc+TIDBABe
mqIDBABtzu8DBACy1+EDBACy1+MDBACy1+wwDAMEBbneoAMEALneogMEAMEZ2QME
AMElKAMEAMElKgMEAMElLAMEAMHeYQMEAMHeYwMEAMIfzQMEAMIw+AMEAMI3uwME
AMI34QMEAMKprAMEAMK0JjANBgkqhkiG9w0BAQsFAAOCAQEAsd+Qn8rgXytl+qtz
f/nE2LpKCwCoUnHtB5owjJQVyJgcZjOxo7ZeYvuwWbqe0mqZAf6aEtiooz+HshF8
EsAE4EVEZWYAw7jU7qwaQhRkRzOMbt69a5iHGllRdiHAzP8X2v3OnkaCC2UO2XRz
P+eV8L2Wo5AF2SqHNvwkDijBYBCuF2AEB4+KNbfNvXIL1cvi3xAY4t1vs4fWbOZA
un2ys3I1Cw78lndRRw7LEm2LPKDKsnuECMzVpaU+IskBB2GE7r4UuxaCF4ejwfqf
dDaiJK4Uz5sDuD5VMMGf1NQdH8hqN4U9qIJesHE2H44VTE/WjRylZQNbhABSBU4X
+NRSfw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:17:20 2024 by rpki-client on console-fra.rpki-client.org