Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/e1171c-5270-49cd-9379-b95b08a23ae1/1/0vckrfeS-JieXWc9j0s-sktyMWY.roa
File:                     0vckrfeS-JieXWc9j0s-sktyMWY.roa (raw, json)
Hash identifier:          5q2yBs2MCX5xSyYwIc+QQuGl4mbJFnEq1DC03/3vN4c=
Subject key identifier:   D2:F7:24:AD:F7:92:F8:98:9E:5D:67:3D:8F:4B:3E:B2:4B:72:31:66
Certificate issuer:       /CN=408af485b4fd0f03717cd4a709ef11c61d3ef46e
Certificate serial:       0183604A7F68B4A9FB34BBD19839DEDBB9C2
Authority key identifier: 40:8A:F4:85:B4:FD:0F:03:71:7C:D4:A7:09:EF:11:C6:1D:3E:F4:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QIr0hbT9DwNxfNSnCe8Rxh0-9G4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/e1171c-5270-49cd-9379-b95b08a23ae1/1/0vckrfeS-JieXWc9j0s-sktyMWY.roa
Signing time:             Wed 21 Sep 2022 13:43:58 +0000
ROA not before:           Wed 21 Sep 2022 13:43:58 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     59854
IP address blocks:        188.214.142.0/24 maxlen: 24
                          89.35.173.0/24 maxlen: 24
                          93.119.227.0/24 maxlen: 24
                          185.171.185.0/24 maxlen: 24
                          185.171.184.0/24 maxlen: 24
                          185.171.187.0/24 maxlen: 24
                          77.81.164.0/23 maxlen: 23
                          188.215.36.0/24 maxlen: 24
                          86.105.187.0/24 maxlen: 24
                          89.40.21.0/24 maxlen: 24
                          86.105.215.0/24 maxlen: 24
                          128.0.46.0/23 maxlen: 23

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:60:4a:7f:68:b4:a9:fb:34:bb:d1:98:39:de:db:b9:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=408af485b4fd0f03717cd4a709ef11c61d3ef46e
        Validity
            Not Before: Sep 21 13:43:58 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=d2f724adf792f8989e5d673d8f4b3eb24b723166
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:28:b6:2b:fd:78:34:85:bd:df:4d:d8:7b:19:
                    cb:69:88:f1:44:c4:bf:c1:6e:32:a6:29:2b:ed:b0:
                    dc:e8:8f:97:cf:c2:11:d9:84:f5:e4:a3:44:59:c1:
                    4e:0f:42:d4:1c:d4:33:4d:a5:f6:63:ee:dd:db:57:
                    ef:e5:bb:27:c4:9c:e8:cf:fd:e9:0d:70:d3:07:b7:
                    d6:64:41:e2:5c:a3:7b:d3:3e:b8:fc:1c:2f:97:90:
                    92:9d:6d:9f:ef:8a:a8:e3:96:74:28:90:f0:a2:60:
                    ee:d8:0f:de:bb:1e:ad:1a:09:8f:c2:a7:e1:16:f9:
                    45:b0:59:d6:e5:01:f9:6a:59:d5:b9:47:ef:89:28:
                    9f:7b:bd:8f:6b:d5:6b:d5:a9:fb:83:21:b3:cd:e9:
                    86:01:f3:a6:0e:a9:ca:ff:12:18:e2:0c:e0:e7:b0:
                    f5:07:c4:19:a8:e2:85:84:8b:30:3e:41:01:15:f2:
                    db:ba:46:f4:97:84:04:81:15:83:61:ba:fe:85:a1:
                    47:f7:1f:71:d1:ad:94:6f:c8:6a:1c:3c:a6:3d:54:
                    cc:c7:58:b2:4b:a5:3f:e7:5e:e9:a8:84:f8:97:4e:
                    8a:78:4b:56:56:0e:2f:bb:47:3b:9a:49:87:99:e9:
                    bc:d4:f0:64:fc:70:9f:28:23:ca:63:09:12:c7:35:
                    5d:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:F7:24:AD:F7:92:F8:98:9E:5D:67:3D:8F:4B:3E:B2:4B:72:31:66
            X509v3 Authority Key Identifier:
                keyid:40:8A:F4:85:B4:FD:0F:03:71:7C:D4:A7:09:EF:11:C6:1D:3E:F4:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QIr0hbT9DwNxfNSnCe8Rxh0-9G4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/e1171c-5270-49cd-9379-b95b08a23ae1/1/0vckrfeS-JieXWc9j0s-sktyMWY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/e1171c-5270-49cd-9379-b95b08a23ae1/1/QIr0hbT9DwNxfNSnCe8Rxh0-9G4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.81.164.0/23
                  86.105.187.0/24
                  86.105.215.0/24
                  89.35.173.0/24
                  89.40.21.0/24
                  93.119.227.0/24
                  128.0.46.0/23
                  185.171.184.0/23
                  185.171.187.0/24
                  188.214.142.0/24
                  188.215.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:d7:f0:9f:dd:0f:bb:7f:0b:59:39:ba:b1:76:a4:30:37:6c:
         01:89:90:eb:9a:d3:32:ac:62:ab:c0:17:28:33:ed:2f:4a:63:
         8b:63:6d:89:35:d6:6b:2e:fa:d6:e5:fd:60:2f:a1:db:70:83:
         37:6f:dc:af:3f:cf:92:5d:4e:ec:d0:44:77:d8:02:9b:67:de:
         1e:66:5d:e3:c7:75:f8:8b:32:25:7d:f7:80:58:fd:01:1f:52:
         05:37:0b:5d:fc:fe:d6:cd:1b:5c:32:ec:1a:f1:16:51:d3:07:
         a1:bc:8c:08:39:ed:5e:52:5e:e0:18:7f:99:ed:30:90:05:88:
         52:d3:56:44:ce:67:e7:ed:fa:b8:e7:fa:c8:44:20:34:03:e5:
         5e:84:b0:4d:9e:21:28:29:96:af:e0:24:29:f2:a4:53:5f:ce:
         0a:50:aa:f9:90:60:06:8c:cf:6a:1b:2e:4e:e0:d4:aa:d5:77:
         fe:cd:56:57:2a:30:c1:a7:7f:c6:1e:60:56:d0:8f:cb:c2:aa:
         65:a6:10:dc:5b:ac:a4:19:93:cf:88:4c:35:1e:1c:11:cb:bd:
         0f:d2:b2:f0:3f:68:21:8f:19:08:86:d3:f6:5b:a4:d0:9f:d5:
         67:7c:e8:05:f4:1a:5d:da:1e:4f:dc:d7:8a:69:1e:d4:3e:2b:
         47:97:09:06
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAYNgSn9otKn7NLvRmDne27nCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwOGFmNDg1YjRmZDBmMDM3MTdjZDRhNzA5ZWYxMWM2MWQz
ZWY0NmUwHhcNMjIwOTIxMTM0MzU4WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMmY3MjRhZGY3OTJmODk4OWU1ZDY3M2Q4ZjRiM2ViMjRiNzIzMTY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnyi2K/14NIW9303YexnLaYjxRMS/
wW4ypikr7bDc6I+Xz8IR2YT15KNEWcFOD0LUHNQzTaX2Y+7d21fv5bsnxJzoz/3p
DXDTB7fWZEHiXKN70z64/Bwvl5CSnW2f74qo45Z0KJDwomDu2A/eux6tGgmPwqfh
FvlFsFnW5QH5alnVuUfviSife72Pa9Vr1an7gyGzzemGAfOmDqnK/xIY4gzg57D1
B8QZqOKFhIswPkEBFfLbukb0l4QEgRWDYbr+haFH9x9x0a2Ub8hqHDymPVTMx1iy
S6U/517pqIT4l06KeEtWVg4vu0c7mkmHmem81PBk/HCfKCPKYwkSxzVdvwIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFNL3JK33kviYnl1nPY9LPrJLcjFmMB8GA1UdIwQY
MBaAFECK9IW0/Q8DcXzUpwnvEcYdPvRuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUUlyMGhiVDlEd054Zk5TbkNlOFJ4aDAtOUc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9lMTE3MWMtNTI3MC00OWNkLTkzNzkt
Yjk1YjA4YTIzYWUxLzEvMHZja3JmZVMtSmllWFdjOWowcy1za3R5TVdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9lMTE3MWMtNTI3MC00OWNkLTkzNzktYjk1YjA4YTIzYWUx
LzEvUUlyMGhiVDlEd054Zk5TbkNlOFJ4aDAtOUc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQBTVGkAwQA
Vmm7AwQAVmnXAwQAWSOtAwQAWSgVAwQAXXfjAwQBgAAuAwQBuau4AwQAuau7AwQA
vNaOAwQAvNckMA0GCSqGSIb3DQEBCwUAA4IBAQAO1/Cf3Q+7fwtZObqxdqQwN2wB
iZDrmtMyrGKrwBcoM+0vSmOLY22JNdZrLvrW5f1gL6HbcIM3b9yvP8+SXU7s0ER3
2AKbZ94eZl3jx3X4izIlffeAWP0BH1IFNwtd/P7WzRtcMuwa8RZR0wehvIwIOe1e
Ul7gGH+Z7TCQBYhS01ZEzmfn7fq45/rIRCA0A+VehLBNniEoKZav4CQp8qRTX84K
UKr5kGAGjM9qGy5O4NSq1Xf+zVZXKjDBp3/GHmBW0I/LwqplphDcW6ykGZPPiEw1
HhwRy70P0rLwP2ghjxkIhtP2W6TQn9VnfOgF9Bpd2h5P3NeKaR7UPitHlwkG
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:25:27 2024 by rpki-client on console-fra.rpki-client.org