Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/uO0Fx4VyI0J9Y4EmL8srGpB4CrM.roa
File:                     uO0Fx4VyI0J9Y4EmL8srGpB4CrM.roa (raw, json)
Hash identifier:          +Sfdytov5Akuw32DYpyPqG0d5kmbXvX4UXWUcAc8m20=
Subject key identifier:   B8:ED:05:C7:85:72:23:42:7D:63:81:26:2F:CB:2B:1A:90:78:0A:B3
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       0187E20BE660293253E9FD2FB2E2F731B605
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/uO0Fx4VyI0J9Y4EmL8srGpB4CrM.roa
Signing time:             Wed 03 May 2023 14:37:23 +0000
ROA not before:           Wed 03 May 2023 14:37:23 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     1
IP address blocks:        81.161.231.0/24 maxlen: 24
                          164.40.185.0/24 maxlen: 24
                          45.139.100.0/22 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:e2:0b:e6:60:29:32:53:e9:fd:2f:b2:e2:f7:31:b6:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: May  3 14:37:23 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=b8ed05c7857223427d6381262fcb2b1a90780ab3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:85:31:5c:69:63:af:68:d9:f5:ea:6f:b7:30:
                    a5:a4:43:aa:b0:1c:b2:ee:10:d7:47:8a:d7:af:f3:
                    61:58:82:f5:2f:f2:39:4e:df:1e:83:4b:d0:fe:7d:
                    9b:f2:14:f9:7c:b5:f4:a8:d0:65:4a:00:5e:6e:9a:
                    34:76:72:50:32:fc:e3:9b:d9:c1:97:8f:9e:13:82:
                    86:26:63:37:6d:c0:d6:86:87:e9:40:0d:25:48:60:
                    9d:62:07:d0:10:c1:82:c9:be:ea:6f:56:c2:22:c0:
                    45:93:84:4d:05:a4:ed:bb:13:63:d7:b0:8a:1b:2e:
                    29:c3:78:1f:5b:11:3d:63:7a:15:81:3b:e5:53:7c:
                    6e:8e:cb:24:a8:d9:46:08:eb:b9:12:88:5c:43:3f:
                    37:c5:59:19:a4:46:b2:56:25:42:03:c8:fb:d9:d9:
                    15:cd:cf:06:da:d7:e2:12:cf:25:6d:17:7e:44:b6:
                    d7:f8:e1:bc:66:95:ac:d5:87:f2:35:fa:5b:02:cc:
                    c8:f9:54:60:3b:b2:3a:ea:27:24:24:b0:30:af:a7:
                    06:ad:8c:ac:39:3b:7f:83:cb:f9:8e:04:34:65:b2:
                    05:78:67:e2:cd:b4:16:cb:cc:a5:59:68:68:22:85:
                    53:90:bb:7d:81:8d:ea:5d:a6:3f:e3:bd:9a:35:f5:
                    b9:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:ED:05:C7:85:72:23:42:7D:63:81:26:2F:CB:2B:1A:90:78:0A:B3
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/uO0Fx4VyI0J9Y4EmL8srGpB4CrM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.139.100.0/22
                  81.161.231.0/24
                  164.40.185.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:c4:90:c9:9f:f4:dc:cd:8f:12:13:8b:76:38:f7:a3:ad:b7:
         cd:c3:7d:3c:25:a0:6b:8c:b9:b2:66:27:30:63:53:87:f4:0a:
         f9:3e:2e:41:22:d7:12:03:47:98:fb:0b:2c:f1:5d:7f:23:55:
         eb:65:a5:af:cc:e3:6e:4f:c0:9c:be:33:87:36:7c:25:6f:ad:
         59:73:7a:73:bb:59:75:1d:98:21:a7:c6:c9:0b:18:61:4a:17:
         52:23:fe:4a:e3:98:e9:5a:ce:e2:72:b3:e4:46:9b:e5:db:37:
         0b:6a:5d:74:8b:a2:75:f3:d9:54:44:12:1e:93:f0:7b:0e:ba:
         d1:4f:e5:b7:3a:8b:7e:85:7d:44:44:7d:ee:f9:fc:8d:31:e7:
         31:b5:e4:cb:8a:4c:3a:0c:35:63:9c:0c:7c:48:f3:69:d5:22:
         96:39:f7:16:b2:e1:d0:5d:ac:cd:ab:5d:90:8a:22:bb:99:4a:
         dc:b8:18:ff:76:ab:87:2f:3f:7d:64:d3:7a:a5:da:da:8e:5c:
         60:7e:a2:5a:a5:1f:39:79:68:02:68:ca:df:06:db:0d:5c:4e:
         b3:a1:dc:37:6b:2a:8c:08:2a:89:d2:59:a3:cc:7f:11:4d:21:
         11:d6:58:76:60:cd:7a:31:02:2b:8f:0b:de:30:7d:7f:63:51:
         8c:ed:f4:89
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYfiC+ZgKTJT6f0vsuL3MbYFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwNTAzMTQzNzIzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOGVkMDVjNzg1NzIyMzQyN2Q2MzgxMjYyZmNiMmIxYTkwNzgwYWIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnIUxXGljr2jZ9epvtzClpEOqsByy
7hDXR4rXr/NhWIL1L/I5Tt8eg0vQ/n2b8hT5fLX0qNBlSgBebpo0dnJQMvzjm9nB
l4+eE4KGJmM3bcDWhofpQA0lSGCdYgfQEMGCyb7qb1bCIsBFk4RNBaTtuxNj17CK
Gy4pw3gfWxE9Y3oVgTvlU3xujsskqNlGCOu5EohcQz83xVkZpEayViVCA8j72dkV
zc8G2tfiEs8lbRd+RLbX+OG8ZpWs1YfyNfpbAszI+VRgO7I66ickJLAwr6cGrYys
OTt/g8v5jgQ0ZbIFeGfizbQWy8ylWWhoIoVTkLt9gY3qXaY/472aNfW57wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFLjtBceFciNCfWOBJi/LKxqQeAqzMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvdU8wRng0VnlJMEo5WTRFbUw4c3JHcEI0Q3JNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCLYtkAwQA
UaHnAwQApCi5MA0GCSqGSIb3DQEBCwUAA4IBAQB+xJDJn/TczY8SE4t2OPejrbfN
w308JaBrjLmyZicwY1OH9Ar5Pi5BItcSA0eY+wss8V1/I1XrZaWvzONuT8CcvjOH
Nnwlb61Zc3pzu1l1HZghp8bJCxhhShdSI/5K45jpWs7icrPkRpvl2zcLal10i6J1
89lURBIek/B7DrrRT+W3Oot+hX1ERH3u+fyNMecxteTLikw6DDVjnAx8SPNp1SKW
OfcWsuHQXazNq12QiiK7mUrcuBj/dquHLz99ZNN6pdrajlxgfqJapR85eWgCaMrf
BtsNXE6zodw3ayqMCCqJ0lmjzH8RTSER1lh2YM16MQIrjwveMH1/Y1GM7fSJ
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:17:20 2024 by rpki-client on console-fra.rpki-client.org