Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/yjMJ_AjsvHXrbJwhqNhhfunzQEs.roa
File:                     yjMJ_AjsvHXrbJwhqNhhfunzQEs.roa (raw, json)
Hash identifier:          1mGyG6II/kCm25g9b9lfuK2H5kfAvJCHQs/twkeJa/w=
Subject key identifier:   CA:33:09:FC:08:EC:BC:75:EB:6C:9C:21:A8:D8:61:7E:E9:F3:40:4B
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       1D88B699
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/yjMJ_AjsvHXrbJwhqNhhfunzQEs.roa
Signing time:             Fri 18 Mar 2022 14:01:44 +0000
ROA not before:           Fri 18 Mar 2022 14:01:44 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     1239
IP address blocks:        87.121.124.0/23 maxlen: 24
                          87.121.122.0/23 maxlen: 24
                          81.161.238.0/23 maxlen: 24
                          193.168.196.0/22 maxlen: 24
                          193.37.46.0/24 maxlen: 24
                          88.218.76.0/22 maxlen: 24
                          91.92.115.0/24 maxlen: 24
                          87.120.84.0/22 maxlen: 24
                          185.207.12.0/24 maxlen: 24
                          94.154.174.0/23 maxlen: 24
                          84.21.172.0/23 maxlen: 24
                          109.206.237.0/24 maxlen: 24
                          109.206.238.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 495498905 (0x1d88b699)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Mar 18 14:01:44 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=ca3309fc08ecbc75eb6c9c21a8d8617ee9f3404b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:0e:da:b4:a9:ed:68:44:89:1a:46:46:19:a7:
                    28:fc:08:b7:c0:e6:3a:8c:c8:27:49:c3:a6:06:df:
                    fb:6a:d1:30:83:c4:42:84:8c:b9:de:9b:e1:20:4c:
                    6c:00:63:67:15:fd:0c:9b:17:7b:a8:3b:ca:7b:3f:
                    73:1a:a1:c9:34:1b:86:00:67:ce:6b:22:f5:08:02:
                    f3:8d:87:58:fd:72:99:5e:b1:47:d6:00:da:45:7f:
                    1f:3c:90:ce:99:99:9d:59:0c:8a:f3:ec:e2:a7:5a:
                    14:e4:04:f3:f4:da:6f:e0:03:67:3e:77:d0:c9:86:
                    c3:a5:66:de:69:69:58:9a:be:d7:9d:ce:62:0f:8a:
                    5d:b7:ee:93:a3:bb:c6:91:68:01:1f:59:47:2c:fe:
                    8d:9c:73:8f:72:4b:e8:82:91:73:88:88:c4:f3:e4:
                    a8:49:2d:28:8c:2f:93:9d:a7:3c:77:30:37:40:dc:
                    ea:9d:4d:ad:d6:08:ff:12:b0:ec:28:9b:57:bd:ca:
                    95:dd:ed:db:47:0b:05:1b:79:87:6b:ab:31:d2:14:
                    1d:dd:a1:d6:f6:de:92:63:0c:db:e6:04:0b:f7:26:
                    93:5e:31:0f:47:a9:d1:1a:fb:29:45:31:1f:0b:00:
                    05:6c:fc:5a:78:fc:fd:77:c7:c2:83:f6:0f:58:44:
                    b2:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:33:09:FC:08:EC:BC:75:EB:6C:9C:21:A8:D8:61:7E:E9:F3:40:4B
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/yjMJ_AjsvHXrbJwhqNhhfunzQEs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.161.238.0/23
                  84.21.172.0/23
                  87.120.84.0/22
                  87.121.122.0-87.121.125.255
                  88.218.76.0/22
                  91.92.115.0/24
                  94.154.174.0/23
                  109.206.237.0-109.206.238.255
                  185.207.12.0/24
                  193.37.46.0/24
                  193.168.196.0/22

    Signature Algorithm: sha256WithRSAEncryption
         58:49:9d:1d:d0:cd:38:21:bc:49:21:13:b2:2b:c7:95:0f:3b:
         5d:69:03:c2:d3:8c:df:55:50:4f:a6:b8:3e:8b:12:78:99:02:
         0d:bf:f2:f4:3b:ce:33:a2:9f:10:46:98:f0:ca:47:35:3a:1e:
         64:fd:27:eb:e9:91:c8:6b:38:44:3a:0a:a7:2e:d7:14:95:48:
         1b:2d:3b:85:14:31:c5:47:2e:a7:b0:3b:a3:5f:2c:6a:ac:60:
         c5:bc:8f:69:0d:27:9a:79:2c:66:e9:de:ff:b7:86:5a:4c:b4:
         3d:66:15:07:be:b5:ec:68:62:c2:56:00:c3:01:25:d8:e4:71:
         46:7b:e4:40:d6:24:04:62:05:8f:e0:b9:59:7e:df:a8:a9:87:
         1e:5a:d7:2b:4a:bc:f8:ad:42:c8:40:22:e3:cf:5c:cf:9e:1d:
         ec:06:93:f1:00:25:d1:4e:47:7e:e0:b7:a2:23:68:74:d2:9e:
         a0:b6:21:6c:0a:02:54:2a:46:6b:83:f5:06:df:81:fa:4d:3f:
         98:a5:84:6f:33:41:98:62:ed:ed:6d:cd:64:de:eb:89:df:ed:
         32:7e:49:41:0c:20:6d:e9:f6:2c:db:4d:88:b8:f4:b8:98:6e:
         45:2f:17:aa:c3:5a:7a:60:20:ca:5b:2a:85:99:1a:7c:d6:6a:
         6f:70:88:0e
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgIEHYi2mTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygy
MmM0YWMzZTNjNDNkNzBkMDUzNDljODE1YmFhZGQzOGFkNzc1ZTlkMB4XDTIyMDMx
ODE0MDE0NFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoY2EzMzA5ZmMwOGVj
YmM3NWViNmM5YzIxYThkODYxN2VlOWYzNDA0YjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJsO2rSp7WhEiRpGRhmnKPwIt8DmOozIJ0nDpgbf+2rRMIPE
QoSMud6b4SBMbABjZxX9DJsXe6g7yns/cxqhyTQbhgBnzmsi9QgC842HWP1ymV6x
R9YA2kV/HzyQzpmZnVkMivPs4qdaFOQE8/Tab+ADZz530MmGw6Vm3mlpWJq+153O
Yg+KXbfuk6O7xpFoAR9ZRyz+jZxzj3JL6IKRc4iIxPPkqEktKIwvk52nPHcwN0Dc
6p1NrdYI/xKw7CibV73Kld3t20cLBRt5h2urMdIUHd2h1vbekmMM2+YEC/cmk14x
D0ep0Rr7KUUxHwsABWz8Wnj8/XfHwoP2D1hEssUCAwEAAaOCAlUwggJRMB0GA1Ud
DgQWBBTKMwn8COy8detsnCGo2GF+6fNASzAfBgNVHSMEGDAWgBQixKw+PEPXDQU0
nIFbqt04rXdenTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0lzU3NQanhEMXcwRk5KeUJXNnJkT0sxM1hwMC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMDMvOTEzYTNhLWY1NTAtNDZmMC1hY2M3LWNkM2NhNTk3NTcxMi8x
L3lqTUpfQWpzdkhYcmJKd2hxTmhoZnVuelFFcy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDMv
OTEzYTNhLWY1NTAtNDZmMC1hY2M3LWNkM2NhNTk3NTcxMi8xL0lzU3NQanhEMXcw
Rk5KeUJXNnJkT0sxM1hwMC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBr
BggrBgEFBQcBBwEB/wRcMFowWAQCAAEwUgMEAVGh7gMEAVQVrAMEAld4VDAMAwQB
V3l6AwQBV3l8AwQCWNpMAwQAW1xzAwQBXpquMAwDBABtzu0DBABtzu4DBAC5zwwD
BADBJS4DBALBqMQwDQYJKoZIhvcNAQELBQADggEBAFhJnR3QzTghvEkhE7Irx5UP
O11pA8LTjN9VUE+muD6LEniZAg2/8vQ7zjOinxBGmPDKRzU6HmT9J+vpkchrOEQ6
Cqcu1xSVSBstO4UUMcVHLqewO6NfLGqsYMW8j2kNJ5p5LGbp3v+3hlpMtD1mFQe+
texoYsJWAMMBJdjkcUZ75EDWJARiBY/guVl+36iphx5a1ytKvPitQshAIuPPXM+e
HewGk/EAJdFOR37gt6IjaHTSnqC2IWwKAlQqRmuD9QbfgfpNP5ilhG8zQZhi7e1t
zWTe64nf7TJ+SUEMIG3p9izbTYi49LiYbkUvF6rDWnpgIMpbKoWZGnzWam9wiA4=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:47 2024 by rpki-client on console-ams.rpki-client.org