Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/xOjGvl1z5QMLlW0F2EJv52nL8TA.roa
File:                     xOjGvl1z5QMLlW0F2EJv52nL8TA.roa (raw, json)
Hash identifier:          DESjwDLoD3SQE41+8iiMGaEb9g8wkLtHkzCJkWbSvkQ=
Subject key identifier:   C4:E8:C6:BE:5D:73:E5:03:0B:95:6D:05:D8:42:6F:E7:69:CB:F1:30
Certificate issuer:       /CN=4d88eb730ab1a501ea36ea3482d764544e141111
Certificate serial:       01856CCAE1694FD4A50B6B789DE151B17777
Authority key identifier: 4D:88:EB:73:0A:B1:A5:01:EA:36:EA:34:82:D7:64:54:4E:14:11:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TYjrcwqxpQHqNuo0gtdkVE4UERE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/xOjGvl1z5QMLlW0F2EJv52nL8TA.roa
Signing time:             Sun 01 Jan 2023 10:05:13 +0000
ROA not before:           Sun 01 Jan 2023 10:05:13 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     36351
IP address blocks:        109.199.96.0/19 maxlen: 24
                          37.60.224.0/19 maxlen: 24
                          185.225.236.0/22 maxlen: 24
                          185.56.84.0/22 maxlen: 24
                          77.104.128.0/18 maxlen: 24
                          146.66.64.0/18 maxlen: 24
                          93.187.136.0/21 maxlen: 24
                          109.73.224.0/20 maxlen: 24
                          185.62.236.0/22 maxlen: 24
                          2a04:f280::/40 maxlen: 64

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6c:ca:e1:69:4f:d4:a5:0b:6b:78:9d:e1:51:b1:77:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4d88eb730ab1a501ea36ea3482d764544e141111
        Validity
            Not Before: Jan  1 10:05:13 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c4e8c6be5d73e5030b956d05d8426fe769cbf130
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:2d:37:16:2f:19:24:0e:23:b7:f6:a3:29:cd:
                    45:bc:15:39:46:e2:e7:96:b1:3a:c6:57:b8:7e:23:
                    99:c6:33:df:d1:96:4e:39:62:de:0e:66:c8:95:f9:
                    b8:6a:0b:20:c5:9f:8c:07:8b:2d:bd:ed:69:ed:72:
                    e2:6c:e6:34:e1:85:f7:a7:0c:e3:4f:c9:46:6f:5b:
                    08:ec:08:04:cb:d3:0d:19:b5:41:22:17:87:7b:df:
                    52:2d:60:ca:67:61:21:df:b1:f4:7b:19:8e:76:73:
                    0a:26:cf:4c:f9:d0:1f:d8:42:6b:e6:c8:7d:a5:dc:
                    54:87:d2:ce:f2:ca:c5:79:41:a8:75:a1:d6:9d:ba:
                    dc:66:51:af:cf:ae:2c:f6:d8:c7:11:3a:b0:2c:60:
                    f8:7a:a0:2c:6e:38:3b:18:b9:b3:1f:bb:57:ce:ff:
                    98:c3:2e:fe:27:7a:f9:e1:f3:6e:9e:4e:75:fb:8e:
                    86:11:e7:67:73:51:5c:f1:a3:ea:a5:a7:04:2f:74:
                    8d:fa:db:3a:4d:f0:b0:b4:e8:a3:73:ef:34:a1:3d:
                    50:c1:bd:98:15:ea:cc:65:97:51:ab:af:25:87:c4:
                    34:3f:f8:1a:b5:24:78:ed:4c:91:14:86:a4:a2:be:
                    c2:c0:70:1e:6c:dd:8b:73:a0:9f:27:a0:91:62:bc:
                    a6:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:E8:C6:BE:5D:73:E5:03:0B:95:6D:05:D8:42:6F:E7:69:CB:F1:30
            X509v3 Authority Key Identifier:
                keyid:4D:88:EB:73:0A:B1:A5:01:EA:36:EA:34:82:D7:64:54:4E:14:11:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TYjrcwqxpQHqNuo0gtdkVE4UERE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/xOjGvl1z5QMLlW0F2EJv52nL8TA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/TYjrcwqxpQHqNuo0gtdkVE4UERE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.60.224.0/19
                  77.104.128.0/18
                  93.187.136.0/21
                  109.73.224.0/20
                  109.199.96.0/19
                  146.66.64.0/18
                  185.56.84.0/22
                  185.62.236.0/22
                  185.225.236.0/22
                IPv6:
                  2a04:f280::/40

    Signature Algorithm: sha256WithRSAEncryption
         71:a9:c0:47:0a:c0:a4:6d:54:a4:72:e0:07:71:5d:9d:6c:fd:
         6c:cc:5c:0b:49:be:ec:82:27:29:d9:16:3d:40:17:96:5b:c9:
         0c:be:25:65:2c:07:04:f8:1d:8b:54:3d:71:25:37:c9:62:dd:
         ca:f9:29:06:a0:80:0f:3b:88:3b:32:94:69:1c:45:04:1f:11:
         c7:eb:70:82:40:97:52:af:f4:d3:6d:32:9b:e5:e1:bd:8b:af:
         6b:4a:ca:da:b0:9d:0c:e8:30:04:81:dd:b0:1d:35:77:b0:0b:
         02:b1:87:b0:48:4e:f6:92:63:a4:ba:5e:68:6b:f1:0a:74:b2:
         1f:aa:20:44:e2:5d:35:96:39:c0:f6:b7:01:c7:0c:c2:8e:cf:
         6c:bd:6e:ec:44:e3:61:62:7f:b6:02:51:ae:ff:a6:5b:38:14:
         ac:fc:c8:4b:2f:e1:e7:6c:5b:ac:53:89:86:e1:98:f0:9c:50:
         84:86:08:b9:c5:90:a6:76:12:c2:ad:b5:d1:32:3d:ea:26:93:
         3e:78:e5:2d:a4:81:46:c6:14:98:c2:b7:8d:4a:f3:c4:0e:c5:
         4b:93:ba:95:88:24:5f:f8:2b:69:c9:76:25:48:e6:59:55:a9:
         b4:5d:93:63:fc:cc:bb:dc:3d:ec:45:95:47:f4:d4:42:49:fb:
         76:cc:75:75
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAYVsyuFpT9SlC2t4neFRsXd3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkODhlYjczMGFiMWE1MDFlYTM2ZWEzNDgyZDc2NDU0NGUx
NDExMTEwHhcNMjMwMTAxMTAwNTEzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNGU4YzZiZTVkNzNlNTAzMGI5NTZkMDVkODQyNmZlNzY5Y2JmMTMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhi03Fi8ZJA4jt/ajKc1FvBU5RuLn
lrE6xle4fiOZxjPf0ZZOOWLeDmbIlfm4agsgxZ+MB4stve1p7XLibOY04YX3pwzj
T8lGb1sI7AgEy9MNGbVBIheHe99SLWDKZ2Eh37H0exmOdnMKJs9M+dAf2EJr5sh9
pdxUh9LO8srFeUGodaHWnbrcZlGvz64s9tjHETqwLGD4eqAsbjg7GLmzH7tXzv+Y
wy7+J3r54fNunk51+46GEednc1Fc8aPqpacEL3SN+ts6TfCwtOijc+80oT1Qwb2Y
FerMZZdRq68lh8Q0P/gatSR47UyRFIakor7CwHAebN2Lc6CfJ6CRYrymRwIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFMToxr5dc+UDC5VtBdhCb+dpy/EwMB8GA1UdIwQY
MBaAFE2I63MKsaUB6jbqNILXZFROFBERMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFlqcmN3cXhwUUhxTnVvMGd0ZGtWRTRVRVJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS9jNDkzZWUtZjY2ZS00MjA4LWEzMWQt
NzI2ZjgzZDIzODkyLzEveE9qR3ZsMXo1UU1MbFcwRjJFSnY1Mm5MOFRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS9jNDkzZWUtZjY2ZS00MjA4LWEzMWQtNzI2ZjgzZDIzODky
LzEvVFlqcmN3cXhwUUhxTnVvMGd0ZGtWRTRVRVJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjA8BAIAATA2AwQFJTzgAwQG
TWiAAwQDXbuIAwQEbUngAwQFbcdgAwQGkkJAAwQCuThUAwQCuT7sAwQCueHsMA4E
AgACMAgDBgAqBPKAADANBgkqhkiG9w0BAQsFAAOCAQEAcanARwrApG1UpHLgB3Fd
nWz9bMxcC0m+7IInKdkWPUAXllvJDL4lZSwHBPgdi1Q9cSU3yWLdyvkpBqCADzuI
OzKUaRxFBB8Rx+twgkCXUq/0020ym+XhvYuva0rK2rCdDOgwBIHdsB01d7ALArGH
sEhO9pJjpLpeaGvxCnSyH6ogROJdNZY5wPa3AccMwo7PbL1u7ETjYWJ/tgJRrv+m
WzgUrPzISy/h52xbrFOJhuGY8JxQhIYIucWQpnYSwq210TI96iaTPnjlLaSBRsYU
mMK3jUrzxA7FS5O6lYgkX/gracl2JUjmWVWptF2TY/zMu9w97EWVR/TUQkn7dsx1
dQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:33:48 2024 by rpki-client on console-fra.rpki-client.org