Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/vZA1So7tzGHwenvILyg33MVuHyc.roa
File:                     vZA1So7tzGHwenvILyg33MVuHyc.roa (raw, json)
Hash identifier:          /LKToBXa2LeTr8OEJ1j0Uk5Vvat444dDfaAzsuj213k=
Subject key identifier:   BD:90:35:4A:8E:ED:CC:61:F0:7A:7B:C8:2F:28:37:DC:C5:6E:1F:27
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018A5097DE5A3B068C02C6BA86BA267C8D07
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/vZA1So7tzGHwenvILyg33MVuHyc.roa
Signing time:             Fri 01 Sep 2023 11:54:04 +0000
ROA not before:           Fri 01 Sep 2023 11:54:04 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     0
IP address blocks:        185.218.84.0/22 maxlen: 24
                          178.215.224.0/24 maxlen: 24
                          94.156.239.0/24 maxlen: 24
                          178.215.236.0/24 maxlen: 24
                          171.22.72.0/22 maxlen: 24
                          185.252.176.0/24 maxlen: 24
                          147.78.101.0/24 maxlen: 24
                          147.78.100.0/24 maxlen: 24
                          147.78.102.0/24 maxlen: 24
                          193.37.41.0/24 maxlen: 24
                          92.119.196.0/23 maxlen: 24
                          185.216.84.0/22 maxlen: 24
                          87.121.45.0/24 maxlen: 24
                          194.169.174.0/24 maxlen: 24
                          94.156.78.0/24 maxlen: 24
                          94.154.163.0/24 maxlen: 24
                          94.154.162.0/23 maxlen: 24
                          94.154.161.0/24 maxlen: 24
                          185.219.126.0/24 maxlen: 24
                          45.151.89.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:50:97:de:5a:3b:06:8c:02:c6:ba:86:ba:26:7c:8d:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Sep  1 11:54:04 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=bd90354a8eedcc61f07a7bc82f2837dcc56e1f27
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:c3:ef:ea:cd:9b:8d:dc:06:0f:3f:81:91:cd:
                    e7:86:f6:ef:98:e0:43:e5:8c:c5:96:16:45:bc:b2:
                    25:d5:4b:db:14:74:1a:6c:60:d3:87:fd:4e:e0:03:
                    a6:39:a4:9d:2d:bf:0f:40:f7:e7:0d:4d:ff:80:ce:
                    91:95:de:9f:5c:c3:b5:3f:3c:20:30:bc:8a:6e:e4:
                    7d:61:dd:d3:fb:de:ff:58:88:5a:39:e9:eb:39:12:
                    88:d8:1a:b9:e4:52:f7:bd:ae:ea:d3:26:2c:f8:b3:
                    70:9e:3a:a8:6c:09:70:04:a6:a6:60:fc:23:cd:7b:
                    84:a6:31:49:69:ec:02:e3:9d:53:e1:17:27:59:17:
                    3f:73:78:8b:e9:e1:6a:40:fe:f7:5e:37:9a:d8:a5:
                    1d:e8:b6:df:83:d3:cd:27:ef:b9:13:09:60:14:13:
                    fe:60:e1:5c:84:ca:a1:d9:d2:80:73:1a:25:64:0a:
                    f7:12:ca:cc:39:58:20:2f:25:4e:17:f6:70:71:1f:
                    cf:ce:9c:80:b2:65:9e:4d:3b:35:96:d0:f8:06:33:
                    e8:d6:1c:35:ad:6d:f4:0f:32:e1:55:03:3a:5d:83:
                    95:32:67:0a:00:3c:ed:c8:5e:a6:b4:36:90:ff:66:
                    01:09:86:d2:eb:38:1e:e0:31:c0:65:e3:73:86:c1:
                    6e:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:90:35:4A:8E:ED:CC:61:F0:7A:7B:C8:2F:28:37:DC:C5:6E:1F:27
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/vZA1So7tzGHwenvILyg33MVuHyc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.151.89.0/24
                  87.121.45.0/24
                  92.119.196.0/23
                  94.154.161.0-94.154.163.255
                  94.156.78.0/24
                  94.156.239.0/24
                  147.78.100.0-147.78.102.255
                  171.22.72.0/22
                  178.215.224.0/24
                  178.215.236.0/24
                  185.216.84.0/22
                  185.218.84.0/22
                  185.219.126.0/24
                  185.252.176.0/24
                  193.37.41.0/24
                  194.169.174.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b0:8b:19:bd:ca:40:3e:4e:88:e8:32:55:b0:93:39:4d:c2:b2:
         0f:9a:c5:a8:a4:88:ef:d4:96:18:6c:54:57:d6:a6:d3:5d:32:
         57:cb:dc:46:7b:e7:b2:ac:4c:e6:c5:96:bc:54:4a:0c:d0:96:
         b8:fb:e1:17:b5:98:d1:0c:3b:54:91:50:a1:3f:f1:dc:71:d7:
         a1:04:f3:d6:59:3a:b2:66:4d:85:26:44:04:2a:78:2e:7a:cc:
         43:8f:37:70:1f:26:36:73:19:5c:c1:3a:ec:2e:0c:12:56:cd:
         b0:53:a1:8d:01:89:0e:c3:ad:d0:77:45:2d:23:54:30:7e:cd:
         70:2c:89:39:b5:16:cb:30:7a:09:53:09:a2:7e:f9:d1:e6:8b:
         a3:43:e3:f7:15:b3:d7:0a:53:85:98:69:37:d1:c6:dd:c6:65:
         d9:ad:22:de:10:d2:ae:da:4b:97:b9:e4:15:52:d2:b1:34:7e:
         eb:20:d7:d7:9c:fb:da:8d:53:26:40:38:60:1d:fe:9f:1c:a3:
         9b:63:9f:f6:8c:d7:1d:b5:f3:d4:87:e5:ae:6d:83:50:3a:07:
         cf:a2:a2:38:d4:ce:90:59:46:74:05:3c:33:d8:07:9f:3b:f9:
         17:09:91:a9:5f:4e:88:8b:5f:a5:17:83:01:00:0a:81:07:72:
         2a:75:85:c6
-----BEGIN CERTIFICATE-----
MIIFaDCCBFCgAwIBAgISAYpQl95aOwaMAsa6hromfI0HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwOTAxMTE1NDA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDkwMzU0YThlZWRjYzYxZjA3YTdiYzgyZjI4MzdkY2M1NmUxZjI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAicPv6s2bjdwGDz+Bkc3nhvbvmOBD
5YzFlhZFvLIl1UvbFHQabGDTh/1O4AOmOaSdLb8PQPfnDU3/gM6Rld6fXMO1Pzwg
MLyKbuR9Yd3T+97/WIhaOenrORKI2Bq55FL3va7q0yYs+LNwnjqobAlwBKamYPwj
zXuEpjFJaewC451T4RcnWRc/c3iL6eFqQP73Xjea2KUd6Lbfg9PNJ++5EwlgFBP+
YOFchMqh2dKAcxolZAr3EsrMOVggLyVOF/ZwcR/PzpyAsmWeTTs1ltD4BjPo1hw1
rW30DzLhVQM6XYOVMmcKADztyF6mtDaQ/2YBCYbS6zge4DHAZeNzhsFuGQIDAQAB
o4ICdDCCAnAwHQYDVR0OBBYEFL2QNUqO7cxh8Hp7yC8oN9zFbh8nMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvdlpBMVNvN3R6R0h3ZW52SUx5ZzMzTVZ1SHljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGJBggrBgEFBQcBBwEB/wR6MHgwdgQCAAEwcAMEAC2XWQME
AFd5LQMEAVx3xDAMAwQAXpqhAwQCXpqgAwQAXpxOAwQAXpzvMAwDBAKTTmQDBACT
TmYDBAKrFkgDBACy1+ADBACy1+wDBAK52FQDBAK52lQDBAC5234DBAC5/LADBADB
JSkDBADCqa4wDQYJKoZIhvcNAQELBQADggEBALCLGb3KQD5OiOgyVbCTOU3Csg+a
xaikiO/UlhhsVFfWptNdMlfL3EZ757KsTObFlrxUSgzQlrj74Re1mNEMO1SRUKE/
8dxx16EE89ZZOrJmTYUmRAQqeC56zEOPN3AfJjZzGVzBOuwuDBJWzbBToY0BiQ7D
rdB3RS0jVDB+zXAsiTm1FssweglTCaJ++dHmi6ND4/cVs9cKU4WYaTfRxt3GZdmt
It4Q0q7aS5e55BVS0rE0fusg19ec+9qNUyZAOGAd/p8co5tjn/aM1x2189SH5a5t
g1A6B8+iojjUzpBZRnQFPDPYB587+RcJkalfToiLX6UXgwEACoEHcip1hcY=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:17:21 2024 by rpki-client on console-fra.rpki-client.org