Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/usBokrkGI1DTsiu56f4FFcPUCcs.roa
File:                     usBokrkGI1DTsiu56f4FFcPUCcs.roa (raw, json)
Hash identifier:          1XCQi2PTDs59iL3Y1GdLxekKNnEwq1QtGgt1F2kF+iA=
Subject key identifier:   BA:C0:68:92:B9:06:23:50:D3:B2:2B:B9:E9:FE:05:15:C3:D4:09:CB
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       01873BBADF1393C88A9EDCAA3A62582B9B20
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/usBokrkGI1DTsiu56f4FFcPUCcs.roa
Signing time:             Sat 01 Apr 2023 07:31:55 +0000
ROA not before:           Sat 01 Apr 2023 07:31:55 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     207279
IP address blocks:        185.121.230.0/24 maxlen: 24
                          185.121.231.0/24 maxlen: 24
                          185.230.248.0/24 maxlen: 24
                          185.229.104.0/24 maxlen: 24
                          194.4.159.0/24 maxlen: 24
                          45.159.152.0/24 maxlen: 24
                          89.43.208.0/24 maxlen: 24
                          203.0.8.0/24 maxlen: 24
                          213.32.249.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:3b:ba:df:13:93:c8:8a:9e:dc:aa:3a:62:58:2b:9b:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Apr  1 07:31:55 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=bac06892b9062350d3b22bb9e9fe0515c3d409cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:16:9f:21:97:f7:09:e0:f0:f6:6d:e3:06:cf:
                    b9:fd:2c:93:82:9e:51:f3:b7:0b:45:4e:ee:b3:48:
                    67:26:72:e4:21:d9:06:41:64:89:94:83:8e:60:e1:
                    b4:4c:7f:24:a7:05:eb:90:38:c8:ae:c8:5a:bf:f4:
                    93:a6:03:89:17:f1:9f:fb:86:51:30:09:b3:87:08:
                    46:76:b1:3e:0a:75:f0:de:81:24:53:2e:5a:dc:b8:
                    7e:21:77:c6:98:69:08:f0:54:3c:e6:30:0c:bf:5a:
                    64:11:d5:a7:c9:4e:ce:bd:81:5a:cf:ff:99:1f:18:
                    81:32:42:fc:4c:85:14:5f:a0:9d:39:f3:44:ab:7c:
                    47:71:a8:30:38:b0:dd:f9:70:a3:d3:77:3b:c6:89:
                    bb:99:24:a9:1a:cd:bc:3d:e0:8b:6e:f3:e7:59:1d:
                    c5:8e:a9:b9:78:21:d1:de:44:3d:6c:25:10:54:45:
                    b3:79:1c:47:8a:65:76:57:bf:36:4e:fe:f4:3d:6e:
                    f5:9a:31:9d:56:9d:13:68:0d:d3:62:b4:f9:75:5c:
                    72:a9:ea:9e:4a:23:b8:87:be:03:cf:45:e5:00:67:
                    1b:85:20:3e:5c:07:7a:56:83:ce:4f:49:12:3e:51:
                    fc:5c:68:62:29:19:b9:60:4d:9d:f1:29:70:98:c5:
                    7e:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:C0:68:92:B9:06:23:50:D3:B2:2B:B9:E9:FE:05:15:C3:D4:09:CB
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/usBokrkGI1DTsiu56f4FFcPUCcs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.159.152.0/24
                  89.43.208.0/24
                  185.121.230.0/23
                  185.229.104.0/24
                  185.230.248.0/24
                  194.4.159.0/24
                  203.0.8.0/24
                  213.32.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:21:93:e5:00:6d:31:41:4c:6a:49:8c:26:10:fa:12:c0:da:
         ee:53:ee:89:51:0e:4b:13:89:77:2e:8d:4f:a7:5e:c7:1a:c2:
         bf:44:48:fb:e2:bd:a5:45:ca:af:41:0a:96:18:2e:b0:49:ea:
         72:11:cc:46:12:8d:d9:a1:47:d5:91:73:e2:33:f5:68:b8:df:
         26:26:a3:42:d2:c3:56:a9:4b:c2:d9:b2:c7:d9:1b:28:cf:f5:
         94:fe:a2:69:46:ac:1f:d0:91:25:38:b4:f6:58:e2:54:08:c0:
         9e:fe:e0:1e:f6:51:18:e9:3e:09:b7:1f:e8:a9:b5:3f:00:bf:
         8d:ce:0b:6e:d4:12:35:ed:ef:61:9a:22:d1:ca:2b:55:41:92:
         43:70:2f:44:99:0d:61:8d:d7:2a:29:51:2e:19:1d:9b:93:fe:
         a7:fc:e9:e5:b2:f8:e3:77:0d:35:95:d6:62:cd:93:cc:63:db:
         3a:d1:42:da:ba:8d:dd:b7:f5:44:0b:ef:69:15:19:6b:1a:ee:
         b0:5c:4d:cc:ee:4c:04:b7:da:b0:47:fe:90:07:41:20:82:c1:
         6b:5d:02:60:44:19:34:a3:ad:ac:b0:0c:94:78:60:70:0b:09:
         3a:4b:96:6d:21:8b:1e:bd:11:1e:e2:a4:1d:a6:e9:4f:3f:61:
         98:dc:e9:3a
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYc7ut8Tk8iKntyqOmJYK5sgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwNDAxMDczMTU1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYWMwNjg5MmI5MDYyMzUwZDNiMjJiYjllOWZlMDUxNWMzZDQwOWNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAixafIZf3CeDw9m3jBs+5/SyTgp5R
87cLRU7us0hnJnLkIdkGQWSJlIOOYOG0TH8kpwXrkDjIrshav/STpgOJF/Gf+4ZR
MAmzhwhGdrE+CnXw3oEkUy5a3Lh+IXfGmGkI8FQ85jAMv1pkEdWnyU7OvYFaz/+Z
HxiBMkL8TIUUX6CdOfNEq3xHcagwOLDd+XCj03c7xom7mSSpGs28PeCLbvPnWR3F
jqm5eCHR3kQ9bCUQVEWzeRxHimV2V782Tv70PW71mjGdVp0TaA3TYrT5dVxyqeqe
SiO4h74Dz0XlAGcbhSA+XAd6VoPOT0kSPlH8XGhiKRm5YE2d8SlwmMV+twIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFLrAaJK5BiNQ07Iruen+BRXD1AnLMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvdXNCb2tya0dJMURUc2l1NTZmNEZGY1BVQ2NzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQALZ+YAwQA
WSvQAwQBuXnmAwQAueVoAwQAueb4AwQAwgSfAwQAywAIAwQA1SD5MA0GCSqGSIb3
DQEBCwUAA4IBAQAAIZPlAG0xQUxqSYwmEPoSwNruU+6JUQ5LE4l3Lo1Pp17HGsK/
REj74r2lRcqvQQqWGC6wSepyEcxGEo3ZoUfVkXPiM/VouN8mJqNC0sNWqUvC2bLH
2Rsoz/WU/qJpRqwf0JElOLT2WOJUCMCe/uAe9lEY6T4Jtx/oqbU/AL+Nzgtu1BI1
7e9hmiLRyitVQZJDcC9EmQ1hjdcqKVEuGR2bk/6n/Onlsvjjdw01ldZizZPMY9s6
0ULauo3dt/VEC+9pFRlrGu6wXE3M7kwEt9qwR/6QB0EggsFrXQJgRBk0o62ssAyU
eGBwCwk6S5ZtIYsevREe4qQdpulPP2GY3Ok6
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:48 2024 by rpki-client on console-fra.rpki-client.org