Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/tfXoGWSN1wkZlA3gZFM0Tqhklaw.roa
File:                     tfXoGWSN1wkZlA3gZFM0Tqhklaw.roa (raw, json)
Hash identifier:          wkducfLI7KppOpxNWrZuGIM2roqTbTymE+CDOI1XhDw=
Subject key identifier:   B5:F5:E8:19:64:8D:D7:09:19:94:0D:E0:64:53:34:4E:A8:64:95:AC
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       0185ECC0C0E3BB5C1D4918DBA3D30024E586
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/tfXoGWSN1wkZlA3gZFM0Tqhklaw.roa
Signing time:             Thu 26 Jan 2023 06:25:33 +0000
ROA not before:           Thu 26 Jan 2023 06:25:33 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     0
IP address blocks:        185.218.84.0/22 maxlen: 24
                          87.121.124.0/23 maxlen: 24
                          45.81.240.0/24 maxlen: 24
                          178.215.236.0/24 maxlen: 24
                          171.22.72.0/22 maxlen: 24
                          185.252.176.0/24 maxlen: 24
                          171.22.19.0/24 maxlen: 24
                          92.119.196.0/23 maxlen: 24
                          185.216.84.0/22 maxlen: 24
                          185.218.137.0/24 maxlen: 24
                          87.120.218.0/24 maxlen: 24
                          94.154.161.0/24 maxlen: 24
                          94.154.162.0/23 maxlen: 24
                          185.219.126.0/24 maxlen: 24
                          45.151.89.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:ec:c0:c0:e3:bb:5c:1d:49:18:db:a3:d3:00:24:e5:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan 26 06:25:33 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=b5f5e819648dd70919940de06453344ea86495ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:e3:1d:cc:c7:25:0b:d4:17:e8:73:29:b3:cf:
                    5a:29:88:fe:df:28:e3:ce:d0:2f:7e:32:f0:dd:fb:
                    5f:40:bc:71:4e:11:01:e1:90:6b:75:ac:a0:49:1c:
                    da:89:20:09:d8:a2:01:fd:a4:6e:03:1b:23:12:87:
                    85:9f:76:85:a9:73:92:ba:52:40:d2:b4:a3:b2:ca:
                    bf:ae:3a:74:ac:48:f1:71:d1:18:91:dc:3b:81:f1:
                    ce:c0:86:3d:fe:f0:59:73:37:20:d7:73:d7:86:9b:
                    26:c5:af:4b:69:b5:52:4b:e2:aa:23:62:b2:49:22:
                    f1:a3:db:fd:33:de:4e:b7:fc:f9:d0:98:43:e8:d2:
                    58:d4:f9:72:4e:17:3a:76:1a:93:41:d4:fe:9b:cc:
                    b7:3b:20:09:98:11:55:b5:92:c6:2b:7a:ae:63:f6:
                    ec:40:d4:85:a2:95:d7:19:19:1b:89:1a:de:ce:2e:
                    00:75:54:9a:87:a0:8c:df:6e:43:20:ba:cb:c1:92:
                    31:c2:8f:6a:f7:69:2a:75:15:8e:80:1f:91:37:90:
                    a5:6b:5e:1d:ee:48:73:e6:4e:30:74:fe:ba:97:50:
                    ba:91:01:5a:9b:a8:e8:a2:68:9b:b6:8a:e5:d7:21:
                    d6:95:49:db:81:90:f9:8b:36:bc:77:9c:1a:c7:e6:
                    34:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:F5:E8:19:64:8D:D7:09:19:94:0D:E0:64:53:34:4E:A8:64:95:AC
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/tfXoGWSN1wkZlA3gZFM0Tqhklaw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.81.240.0/24
                  45.151.89.0/24
                  87.120.218.0/24
                  87.121.124.0/23
                  92.119.196.0/23
                  94.154.161.0-94.154.163.255
                  171.22.19.0/24
                  171.22.72.0/22
                  178.215.236.0/24
                  185.216.84.0/22
                  185.218.84.0/22
                  185.218.137.0/24
                  185.219.126.0/24
                  185.252.176.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:d6:4b:04:9c:32:f7:ec:7f:b7:f6:0a:b5:50:e3:14:d1:a9:
         19:31:b9:10:19:eb:41:08:81:6f:53:69:f5:b4:ed:f7:e8:e4:
         88:3d:ca:19:e8:0c:fa:21:17:5b:49:aa:db:47:01:bc:89:d1:
         1e:d0:40:0e:53:e5:f0:06:f7:3f:4c:8c:a8:64:a7:be:1f:a2:
         5f:89:71:1d:95:f1:83:26:88:3d:1e:e2:7c:75:7e:ce:60:41:
         71:87:13:98:07:91:b7:df:27:a2:44:0d:0f:51:82:6e:e8:37:
         99:96:f8:88:76:03:70:ee:ac:e5:0c:61:5b:3d:83:de:40:ff:
         b2:29:e6:f2:43:86:74:bc:46:61:6d:c5:19:20:84:95:9e:69:
         7b:20:85:7f:f1:56:46:2d:bb:76:6e:6a:db:73:d7:32:16:07:
         d8:d1:f3:ca:7e:e1:1a:08:6f:27:23:72:d8:f0:98:47:d5:e8:
         bb:84:ed:77:df:55:42:a6:15:e8:a4:20:4e:55:dc:b7:10:8c:
         bd:a2:e8:18:95:2d:81:bd:6a:5f:d6:ee:70:6e:de:fe:38:fa:
         ad:5b:bd:e8:de:37:40:64:15:9c:90:2d:f3:3a:cd:b8:c6:50:
         a5:9d:eb:6f:d5:0b:fc:e4:0f:e5:ae:7c:f5:9a:04:f0:6a:f0:
         2c:07:10:f8
-----BEGIN CERTIFICATE-----
MIIFUzCCBDugAwIBAgISAYXswMDju1wdSRjbo9MAJOWGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwMTI2MDYyNTMzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNWY1ZTgxOTY0OGRkNzA5MTk5NDBkZTA2NDUzMzQ0ZWE4NjQ5NWFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkOMdzMclC9QX6HMps89aKYj+3yjj
ztAvfjLw3ftfQLxxThEB4ZBrdaygSRzaiSAJ2KIB/aRuAxsjEoeFn3aFqXOSulJA
0rSjssq/rjp0rEjxcdEYkdw7gfHOwIY9/vBZczcg13PXhpsmxa9LabVSS+KqI2Ky
SSLxo9v9M95Ot/z50JhD6NJY1PlyThc6dhqTQdT+m8y3OyAJmBFVtZLGK3quY/bs
QNSFopXXGRkbiRrezi4AdVSah6CM325DILrLwZIxwo9q92kqdRWOgB+RN5Cla14d
7khz5k4wdP66l1C6kQFam6joomibtorl1yHWlUnbgZD5iza8d5wax+Y0BQIDAQAB
o4ICXzCCAlswHQYDVR0OBBYEFLX16BlkjdcJGZQN4GRTNE6oZJWsMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvdGZYb0dXU04xd2tabEEzZ1pGTTBUcWhrbGF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHUGCCsGAQUFBwEHAQH/BGYwZDBiBAIAATBcAwQALVHwAwQA
LZdZAwQAV3jaAwQBV3l8AwQBXHfEMAwDBABemqEDBAJemqADBACrFhMDBAKrFkgD
BACy1+wDBAK52FQDBAK52lQDBAC52okDBAC5234DBAC5/LAwDQYJKoZIhvcNAQEL
BQADggEBADrWSwScMvfsf7f2CrVQ4xTRqRkxuRAZ60EIgW9TafW07ffo5Ig9yhno
DPohF1tJqttHAbyJ0R7QQA5T5fAG9z9MjKhkp74fol+JcR2V8YMmiD0e4nx1fs5g
QXGHE5gHkbffJ6JEDQ9Rgm7oN5mW+Ih2A3DurOUMYVs9g95A/7Ip5vJDhnS8RmFt
xRkghJWeaXsghX/xVkYtu3Zuattz1zIWB9jR88p+4RoIbycjctjwmEfV6LuE7Xff
VUKmFeikIE5V3LcQjL2i6BiVLYG9al/W7nBu3v44+q1bvejeN0BkFZyQLfM6zbjG
UKWd62/VC/zkD+WufPWaBPBq8CwHEPg=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:17:20 2024 by rpki-client on console-fra.rpki-client.org