Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/9MCMBQDSRiNp3gnmPgCVHcRJm-g.roa
File:                     9MCMBQDSRiNp3gnmPgCVHcRJm-g.roa (raw, json)
Hash identifier:          IuV297dXhCyWYY4EMzjAOm4sTrPes/t/0AndFKwyyzA=
Subject key identifier:   F4:C0:8C:05:00:D2:46:23:69:DE:09:E6:3E:00:95:1D:C4:49:9B:E8
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       01867A58FD0A8C73610B7AF0A1D9D51E2C36
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/9MCMBQDSRiNp3gnmPgCVHcRJm-g.roa
Signing time:             Wed 22 Feb 2023 18:18:17 +0000
ROA not before:           Wed 22 Feb 2023 18:18:17 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     0
IP address blocks:        93.115.254.0/23 maxlen: 24
                          89.40.76.0/24 maxlen: 24
                          87.247.148.0/24 maxlen: 24
                          87.247.149.0/24 maxlen: 24
                          185.255.170.0/23 maxlen: 24
                          185.103.72.0/24 maxlen: 24
                          185.241.210.0/23 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:7a:58:fd:0a:8c:73:61:0b:7a:f0:a1:d9:d5:1e:2c:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Feb 22 18:18:17 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f4c08c0500d2462369de09e63e00951dc4499be8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:98:8b:11:8f:ce:77:53:28:5a:37:0f:6c:f2:
                    d2:65:85:bb:94:b5:a4:ef:45:81:83:9d:cd:bc:b4:
                    22:76:62:b2:f5:e9:fe:ab:92:32:9f:1c:22:8b:28:
                    03:14:fe:20:8e:59:4a:af:7c:fe:7d:43:5b:11:a9:
                    e2:2f:02:63:24:41:ac:0a:8f:3f:1d:60:b4:0c:73:
                    e8:fb:4b:9f:89:d7:c2:c2:c9:f8:ad:6f:32:d6:e8:
                    31:4f:b0:1a:07:f6:c0:af:52:de:82:71:b9:9a:3c:
                    f3:78:73:bc:c4:46:23:02:64:00:db:d2:2e:e9:5b:
                    40:e9:38:6c:66:f2:90:08:03:4d:6f:dc:3c:9e:a5:
                    57:21:4a:e1:fc:31:e4:e8:7a:46:69:2c:4f:af:48:
                    d7:ef:62:34:c4:58:80:54:62:a7:d5:52:b7:e8:60:
                    b9:34:1a:5b:a4:3f:fe:7a:c6:98:58:1f:db:1c:09:
                    5f:c8:d3:81:74:61:c1:c5:4f:03:b9:f7:ab:98:80:
                    c5:f8:20:81:6c:73:b7:de:ea:e1:b7:42:2e:16:97:
                    64:11:85:3f:af:20:b0:e7:fd:bd:de:09:ef:9b:d5:
                    95:04:0a:0a:42:ca:35:74:ac:43:93:62:5c:c5:4d:
                    bb:93:d5:16:be:35:21:17:d5:21:86:ca:f7:93:76:
                    17:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:C0:8C:05:00:D2:46:23:69:DE:09:E6:3E:00:95:1D:C4:49:9B:E8
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/9MCMBQDSRiNp3gnmPgCVHcRJm-g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.247.148.0/23
                  89.40.76.0/24
                  93.115.254.0/23
                  185.103.72.0/24
                  185.241.210.0/23
                  185.255.170.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4d:98:5e:99:6e:1b:c6:15:42:3f:27:0f:9f:47:b3:c5:5e:46:
         87:7b:8d:66:76:1f:00:ec:81:71:ff:d2:bc:1e:7f:37:a1:54:
         e1:b9:43:77:c5:06:9d:b8:3e:69:1a:19:ad:5d:06:52:80:6f:
         5d:05:56:27:74:16:91:e6:6f:d2:5c:b0:9a:37:c5:68:16:ae:
         ca:66:62:ff:f0:d3:78:a4:76:bc:f7:36:21:b2:b9:c9:6c:6d:
         5f:0a:12:fe:f5:15:5a:9d:bd:2f:b6:37:3d:29:b4:19:81:b5:
         bc:be:a2:e0:9e:36:b0:c6:2e:de:7f:a6:9b:fe:61:4c:f8:17:
         34:27:c4:df:b0:26:f6:34:3d:64:2b:82:11:83:2c:8e:e7:21:
         b8:9f:da:a8:d9:c0:8d:eb:6b:8b:28:cc:0b:54:bf:ec:f8:21:
         72:d8:8b:8f:08:b1:8f:5b:f3:83:20:27:39:ea:e2:18:24:7a:
         8a:c3:8f:33:b6:cb:69:fa:ee:5e:c5:8b:4b:57:39:ad:56:68:
         16:73:90:f6:8c:e5:eb:d7:02:70:9a:9e:3a:a6:54:ea:c3:f7:
         34:db:4f:9b:d9:b2:cb:1f:3d:22:e0:2b:07:79:2d:93:12:eb:
         44:47:70:ff:c7:a7:e4:ff:9a:2c:22:ad:10:4b:72:ce:e1:aa:
         b2:5b:10:c6
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYZ6WP0KjHNhC3rwodnVHiw2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwMjIyMTgxODE3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNGMwOGMwNTAwZDI0NjIzNjlkZTA5ZTYzZTAwOTUxZGM0NDk5YmU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgZiLEY/Od1MoWjcPbPLSZYW7lLWk
70WBg53NvLQidmKy9en+q5IynxwiiygDFP4gjllKr3z+fUNbEaniLwJjJEGsCo8/
HWC0DHPo+0ufidfCwsn4rW8y1ugxT7AaB/bAr1LegnG5mjzzeHO8xEYjAmQA29Iu
6VtA6ThsZvKQCANNb9w8nqVXIUrh/DHk6HpGaSxPr0jX72I0xFiAVGKn1VK36GC5
NBpbpD/+esaYWB/bHAlfyNOBdGHBxU8DufermIDF+CCBbHO33urht0IuFpdkEYU/
ryCw5/293gnvm9WVBAoKQso1dKxDk2JcxU27k9UWvjUhF9Uhhsr3k3YXMwIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFPTAjAUA0kYjad4J5j4AlR3ESZvoMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvOU1DTUJRRFNSaU5wM2dubVBnQ1ZIY1JKbS1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQBV/eUAwQA
WShMAwQBXXP+AwQAuWdIAwQBufHSAwQBuf+qMA0GCSqGSIb3DQEBCwUAA4IBAQBN
mF6ZbhvGFUI/Jw+fR7PFXkaHe41mdh8A7IFx/9K8Hn83oVThuUN3xQaduD5pGhmt
XQZSgG9dBVYndBaR5m/SXLCaN8VoFq7KZmL/8NN4pHa89zYhsrnJbG1fChL+9RVa
nb0vtjc9KbQZgbW8vqLgnjawxi7ef6ab/mFM+Bc0J8TfsCb2ND1kK4IRgyyO5yG4
n9qo2cCN62uLKMwLVL/s+CFy2IuPCLGPW/ODICc56uIYJHqKw48ztstp+u5exYtL
VzmtVmgWc5D2jOXr1wJwmp46plTqw/c020+b2bLLHz0i4CsHeS2TEutER3D/x6fk
/5osIq0QS3LO4aqyWxDG
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:09 2024 by rpki-client on console-ams.rpki-client.org