Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/WhMggOhA1AY5U73uINIMRGshF34.roa
File:                     WhMggOhA1AY5U73uINIMRGshF34.roa (raw, json)
Hash identifier:          94XPwCudhA6B8Ai+YdgMzCgUY6vALFREisnV98MzvtI=
Subject key identifier:   5A:13:20:80:E8:40:D4:06:39:53:BD:EE:20:D2:0C:44:6B:21:17:7E
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       01862DB7E0FA55E7D8243E6E59930AC39441
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/WhMggOhA1AY5U73uINIMRGshF34.roa
Signing time:             Tue 07 Feb 2023 21:11:10 +0000
ROA not before:           Tue 07 Feb 2023 21:11:10 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     174
IP address blocks:        192.166.208.0/22 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:2d:b7:e0:fa:55:e7:d8:24:3e:6e:59:93:0a:c3:94:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Feb  7 21:11:10 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=5a132080e840d4063953bdee20d20c446b21177e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:33:76:0f:fa:76:46:66:2e:35:b6:c0:41:b2:
                    29:7d:b3:bb:90:6e:80:23:4b:6e:8f:49:da:70:ab:
                    80:8f:a2:99:3a:93:0b:0b:98:6e:c0:29:75:1a:b9:
                    ed:5c:95:9f:5a:0c:de:58:0b:ee:a5:67:91:20:c3:
                    1c:cb:44:30:97:ec:43:0d:77:51:d3:ac:d5:14:eb:
                    dd:91:01:d7:fc:d7:25:2d:70:46:3e:99:95:fb:6f:
                    af:d0:b2:ab:05:0a:6c:0e:1e:b8:b3:18:49:f1:f2:
                    07:86:9b:81:89:fd:64:d2:eb:74:aa:1b:85:b5:ea:
                    3c:c5:d9:9e:b4:4f:a6:d0:74:f4:e2:a7:06:43:42:
                    83:49:cf:78:0c:23:67:2f:b0:02:32:4e:f3:61:91:
                    9a:b6:43:a4:b7:3c:ea:c9:61:24:c3:03:7c:1f:01:
                    41:dd:f7:af:fa:03:5a:78:54:d8:d8:01:6e:ee:33:
                    29:20:37:eb:f7:42:57:36:c6:23:18:c6:c6:a5:93:
                    9c:a3:48:54:ac:90:f5:49:24:0a:bc:80:d4:f4:98:
                    a5:6f:19:bf:68:3c:53:d6:f7:15:03:bd:76:f7:65:
                    9a:de:9b:08:3d:67:a8:6e:0c:c0:17:66:51:d8:08:
                    b7:24:85:d9:ba:42:47:d7:af:91:7c:99:d2:ba:15:
                    af:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:13:20:80:E8:40:D4:06:39:53:BD:EE:20:D2:0C:44:6B:21:17:7E
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/WhMggOhA1AY5U73uINIMRGshF34.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.166.208.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1f:bd:4a:e5:33:f7:dc:85:34:93:2d:7a:9e:72:c7:83:3a:1b:
         f3:3b:5f:9d:ef:56:65:5d:6d:8e:6a:74:f2:48:14:04:6c:3f:
         9c:52:46:43:e0:4c:7e:85:cf:b3:b2:8b:60:51:38:c0:bf:a4:
         8f:2c:a3:91:14:b9:f4:51:2d:7b:3a:86:98:73:25:ec:be:7f:
         bd:38:07:4a:4a:48:44:47:b4:b6:3b:7b:5c:59:d5:24:bd:3f:
         e1:35:4d:53:96:ec:a4:19:8d:69:ad:c9:1f:a3:5f:4b:36:a1:
         12:ba:1e:96:9d:58:49:67:5d:b7:8c:18:5e:10:4c:b7:b0:03:
         d9:8a:f2:50:cd:d8:9b:ad:35:46:e9:c9:a5:7c:fd:b7:f9:1a:
         a7:49:11:e6:26:93:d1:6d:56:dd:62:9e:b2:db:b8:7f:36:a8:
         b7:36:b5:ca:6d:8b:d3:55:92:ca:7b:02:32:52:c6:2c:5b:e6:
         47:ae:e0:0b:90:b5:e7:c1:61:af:65:b0:12:1f:10:f8:40:6a:
         0e:6b:88:f4:f8:06:ac:d1:6a:d5:5a:84:e6:96:4e:89:cf:57:
         44:2b:41:10:2d:e8:06:7f:2a:7e:b3:64:21:77:f2:b3:45:dc:
         7c:03:28:1e:9d:6e:fa:57:aa:ca:1e:ac:79:56:66:4c:9e:56:
         52:2f:7b:94
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYYtt+D6VefYJD5uWZMKw5RBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwMjA3MjExMTEwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YTEzMjA4MGU4NDBkNDA2Mzk1M2JkZWUyMGQyMGM0NDZiMjExNzdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArjN2D/p2RmYuNbbAQbIpfbO7kG6A
I0tuj0nacKuAj6KZOpMLC5huwCl1GrntXJWfWgzeWAvupWeRIMMcy0Qwl+xDDXdR
06zVFOvdkQHX/NclLXBGPpmV+2+v0LKrBQpsDh64sxhJ8fIHhpuBif1k0ut0qhuF
teo8xdmetE+m0HT04qcGQ0KDSc94DCNnL7ACMk7zYZGatkOktzzqyWEkwwN8HwFB
3fev+gNaeFTY2AFu7jMpIDfr90JXNsYjGMbGpZOco0hUrJD1SSQKvIDU9Jilbxm/
aDxT1vcVA71292Wa3psIPWeobgzAF2ZR2Ai3JIXZukJH16+RfJnSuhWvtQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFoTIIDoQNQGOVO97iDSDERrIRd+MB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvV2hNZ2dPaEExQVk1VTczdUlOSU1SR3NoRjM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwKbQMA0G
CSqGSIb3DQEBCwUAA4IBAQAfvUrlM/fchTSTLXqecseDOhvzO1+d71ZlXW2OanTy
SBQEbD+cUkZD4Ex+hc+zsotgUTjAv6SPLKORFLn0US17OoaYcyXsvn+9OAdKSkhE
R7S2O3tcWdUkvT/hNU1TluykGY1prckfo19LNqESuh6WnVhJZ123jBheEEy3sAPZ
ivJQzdibrTVG6cmlfP23+RqnSRHmJpPRbVbdYp6y27h/Nqi3NrXKbYvTVZLKewIy
UsYsW+ZHruALkLXnwWGvZbASHxD4QGoOa4j0+Aas0WrVWoTmlk6Jz1dEK0EQLegG
fyp+s2Qhd/KzRdx8AygenW76V6rKHqx5VmZMnlZSL3uU
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:46 2024 by rpki-client on console-fra.rpki-client.org