Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/jSs40xyZciG65kD7cEpLqpWFJwk.roa
File:                     jSs40xyZciG65kD7cEpLqpWFJwk.roa (raw, json)
Hash identifier:          K+GZVEWNfJh5z5DeA5Tn+h5iEAGSkbBKXaQEOXc5Xjw=
Subject key identifier:   8D:2B:38:D3:1C:99:72:21:BA:E6:40:FB:70:4A:4B:AA:95:85:27:09
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       01874AAF9B4C3D9ED292CEB1C359A156E4F5
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/jSs40xyZciG65kD7cEpLqpWFJwk.roa
Signing time:             Tue 04 Apr 2023 05:13:55 +0000
ROA not before:           Tue 04 Apr 2023 05:13:55 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     61317
IP address blocks:        178.239.202.0/24 maxlen: 24
                          178.239.201.0/24 maxlen: 24
                          93.114.195.0/24 maxlen: 24
                          89.43.209.0/24 maxlen: 24
                          89.46.92.0/24 maxlen: 24
                          193.42.54.0/23 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:4a:af:9b:4c:3d:9e:d2:92:ce:b1:c3:59:a1:56:e4:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Apr  4 05:13:55 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=8d2b38d31c997221bae640fb704a4baa95852709
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:c8:f0:f5:91:82:36:ee:b4:7d:f6:3d:7e:93:
                    03:57:a9:a6:aa:c2:40:08:ae:1a:57:a7:46:56:9f:
                    e8:e2:7d:5a:de:75:32:ec:f2:a8:58:b6:25:0f:52:
                    96:72:ee:93:f4:14:d4:f8:b8:88:94:df:59:b1:ec:
                    53:26:52:87:87:00:e1:26:93:a7:73:f3:9a:99:56:
                    aa:59:83:38:0f:d5:0d:a5:c1:67:d8:63:5f:6a:a0:
                    36:fa:dc:7f:98:c0:7a:cb:58:43:86:4b:43:10:70:
                    c9:57:88:c9:12:8b:82:08:d9:f7:01:38:26:0d:fe:
                    83:ab:25:33:69:e5:19:1c:56:f0:30:b0:cd:b7:e8:
                    be:86:50:16:86:40:1a:6e:37:24:4b:76:b2:90:ae:
                    76:d2:db:26:7e:b6:ac:83:f7:de:a2:0b:e6:07:72:
                    0f:4c:4f:7f:0d:db:84:f4:80:7d:b5:48:af:de:a9:
                    78:4a:77:24:ed:86:85:b8:69:cf:d7:67:9c:2e:88:
                    10:47:86:8c:f9:07:fc:c7:7e:f3:4f:ac:a7:16:df:
                    e6:6e:97:84:69:da:a9:ee:7c:1e:41:ce:29:96:97:
                    b8:e1:49:2f:e7:83:9f:25:b6:33:1c:9d:7a:be:ff:
                    29:c6:dd:7c:35:ca:8f:ae:9f:66:73:b5:34:3b:bd:
                    11:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:2B:38:D3:1C:99:72:21:BA:E6:40:FB:70:4A:4B:AA:95:85:27:09
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/jSs40xyZciG65kD7cEpLqpWFJwk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.43.209.0/24
                  89.46.92.0/24
                  93.114.195.0/24
                  178.239.201.0-178.239.202.255
                  193.42.54.0/23

    Signature Algorithm: sha256WithRSAEncryption
         18:2c:14:04:7c:87:b7:76:4f:3d:f3:c7:25:c5:be:fb:59:96:
         fe:23:a9:a5:55:73:a8:11:ff:3c:d6:91:2e:0d:8b:f1:ef:a5:
         d8:28:6a:37:3b:8c:22:90:e0:cd:71:c6:a5:d7:f6:24:82:b7:
         75:20:6e:e8:2e:5f:93:49:79:b7:17:f6:bc:d1:28:fb:ab:b3:
         ae:bb:0d:ca:2a:dc:82:60:b1:a0:51:69:01:a6:1c:91:8d:ee:
         a2:1a:50:70:bd:83:59:05:ed:56:4d:8f:16:79:07:4d:04:cd:
         4c:6b:3e:04:16:57:21:9f:34:3f:1b:3a:37:27:5d:c7:7f:f5:
         d0:76:6c:4c:bf:e7:51:cc:ed:2b:49:a2:01:11:2b:c4:9a:88:
         3c:c1:9a:12:e0:98:c8:fd:a6:dc:a0:be:3f:f8:58:f8:54:d6:
         74:1b:6e:15:21:fd:51:23:19:f0:ba:06:d4:6b:70:2f:a8:1f:
         5d:a3:7d:dc:d0:3a:ae:f6:66:b1:de:91:69:ff:0e:20:a8:60:
         e0:53:5a:9b:a1:76:c2:22:a5:b6:4f:f3:57:c0:c8:1f:06:a3:
         36:10:3e:14:38:5e:70:7b:2b:46:32:32:2b:21:20:35:c3:c0:
         76:28:3d:39:66:72:e4:ef:72:71:9f:d6:67:a8:77:7c:15:b9:
         39:ee:54:f8
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAYdKr5tMPZ7Sks6xw1mhVuT1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwNDA0MDUxMzU1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDJiMzhkMzFjOTk3MjIxYmFlNjQwZmI3MDRhNGJhYTk1ODUyNzA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgsjw9ZGCNu60ffY9fpMDV6mmqsJA
CK4aV6dGVp/o4n1a3nUy7PKoWLYlD1KWcu6T9BTU+LiIlN9ZsexTJlKHhwDhJpOn
c/OamVaqWYM4D9UNpcFn2GNfaqA2+tx/mMB6y1hDhktDEHDJV4jJEouCCNn3ATgm
Df6DqyUzaeUZHFbwMLDNt+i+hlAWhkAabjckS3aykK520tsmfrasg/feogvmB3IP
TE9/DduE9IB9tUiv3ql4Snck7YaFuGnP12ecLogQR4aM+Qf8x37zT6ynFt/mbpeE
adqp7nweQc4plpe44Ukv54OfJbYzHJ16vv8pxt18NcqPrp9mc7U0O70RQwIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFI0rONMcmXIhuuZA+3BKS6qVhScJMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvalNzNDB4eVpjaUc2NWtEN2NFcExxcFdGSndrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjAsBAIAATAmAwQAWSvRAwQA
WS5cAwQAXXLDMAwDBACy78kDBACy78oDBAHBKjYwDQYJKoZIhvcNAQELBQADggEB
ABgsFAR8h7d2Tz3zxyXFvvtZlv4jqaVVc6gR/zzWkS4Ni/Hvpdgoajc7jCKQ4M1x
xqXX9iSCt3UgbuguX5NJebcX9rzRKPurs667Dcoq3IJgsaBRaQGmHJGN7qIaUHC9
g1kF7VZNjxZ5B00EzUxrPgQWVyGfND8bOjcnXcd/9dB2bEy/51HM7StJogERK8Sa
iDzBmhLgmMj9ptygvj/4WPhU1nQbbhUh/VEjGfC6BtRrcC+oH12jfdzQOq72ZrHe
kWn/DiCoYOBTWpuhdsIipbZP81fAyB8GozYQPhQ4XnB7K0YyMishIDXDwHYoPTlm
cuTvcnGf1meod3wVuTnuVPg=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:48 2024 by rpki-client on console-fra.rpki-client.org