Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/oRoT8DT0Cgyrb_3PsNxDRuUfC_c.roa
File:                     oRoT8DT0Cgyrb_3PsNxDRuUfC_c.roa (raw, json)
Hash identifier:          5DNZBY23yP4YkRroNrbI0koLpbgpz8IhOn5j3dVVDK0=
Subject key identifier:   A1:1A:13:F0:34:F4:0A:0C:AB:6F:FD:CF:B0:DC:43:46:E5:1F:0B:F7
Certificate issuer:       /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial:       018CCA2A71AA44572E36E991347694689907
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/oRoT8DT0Cgyrb_3PsNxDRuUfC_c.roa
Signing time:             Tue 02 Jan 2024 12:33:48 +0000
ROA not before:           Tue 02 Jan 2024 12:33:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     133752
IP address blocks:        91.132.56.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:71:aa:44:57:2e:36:e9:91:34:76:94:68:99:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
        Validity
            Not Before: Jan  2 12:33:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a11a13f034f40a0cab6ffdcfb0dc4346e51f0bf7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:31:32:3f:7c:d6:93:fd:8f:e4:70:2f:0a:da:
                    dc:ce:a4:3d:af:c3:46:d6:b9:9f:83:14:c0:98:c8:
                    53:16:c6:ef:a1:21:03:a9:3d:e4:a5:c3:64:d4:09:
                    91:e3:f1:89:53:e3:90:40:a5:5c:90:45:db:30:df:
                    5b:83:bc:78:19:27:dc:ac:db:72:38:a3:1a:6b:6e:
                    22:05:ed:5b:3e:77:ba:63:df:34:6a:1e:28:db:81:
                    7f:79:7a:2f:65:97:1a:a0:d6:32:a1:bc:4d:9a:90:
                    cb:bd:85:69:8b:5a:f5:fe:41:87:78:36:be:49:f1:
                    60:bc:c2:21:b9:6e:15:fa:0c:86:28:7c:6b:fd:93:
                    4a:3a:c2:20:dd:f7:78:8f:86:d0:0c:11:6c:1b:56:
                    6c:2e:d9:56:22:eb:cf:8c:8b:25:dc:8c:5d:6b:e0:
                    1c:eb:9c:83:13:74:37:b3:a5:69:f3:39:aa:cf:72:
                    e3:8b:40:5d:61:2d:1c:8b:eb:ed:e1:92:8a:37:22:
                    32:bb:b1:36:10:9d:cb:2d:9b:a2:8d:5d:45:df:02:
                    ce:7c:32:89:31:13:96:73:3b:54:35:cd:c6:07:7c:
                    f6:1b:f6:3a:0d:a0:07:3c:42:57:ce:3c:8e:60:a0:
                    91:90:61:d7:98:18:43:12:a7:49:c2:45:fe:af:84:
                    ad:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:1A:13:F0:34:F4:0A:0C:AB:6F:FD:CF:B0:DC:43:46:E5:1F:0B:F7
            X509v3 Authority Key Identifier:
                keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/oRoT8DT0Cgyrb_3PsNxDRuUfC_c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.132.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:c2:0d:41:24:8d:0d:72:9e:72:d0:65:66:36:fd:b8:7b:28:
         a7:56:5b:90:35:a8:a8:e8:69:36:e1:a0:ad:15:75:91:6f:b0:
         c0:64:52:e4:16:09:b7:95:94:d6:cb:f8:a8:28:54:fc:f2:97:
         5e:ae:97:39:56:2d:ec:d3:62:df:4e:ae:29:c7:2f:16:ea:05:
         c5:80:7d:4a:14:aa:25:fe:d2:26:ec:f9:14:6f:68:55:99:2e:
         a6:2a:47:af:3d:5f:f5:88:2b:ce:96:2b:52:e1:a7:3f:af:be:
         96:6b:4a:74:fd:82:de:5e:0a:6b:39:2e:7d:34:4d:7b:89:bc:
         6c:67:80:d8:5f:33:5a:b6:1b:6d:80:3f:a1:fd:94:6c:23:d8:
         a8:fc:70:4e:44:95:29:a7:1a:66:82:73:ca:c1:24:20:e9:73:
         d2:0e:3f:20:b5:15:82:42:2f:0b:eb:63:e0:d2:78:75:84:64:
         2d:31:13:fa:88:39:45:89:86:9c:f9:f6:27:f1:46:dd:26:90:
         6c:ec:77:d8:c2:f2:5e:cd:cf:2b:a8:2f:46:12:fc:6d:6a:41:
         34:91:71:ee:fe:fa:dd:e7:35:9e:07:6a:28:53:aa:7b:1e:73:
         f7:44:b9:34:93:2b:cd:13:27:69:89:69:a3:75:4c:2c:5b:bf:
         09:bd:c6:e0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKnGqRFcuNumRNHaUaJkHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjQwMTAyMTIzMzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTFhMTNmMDM0ZjQwYTBjYWI2ZmZkY2ZiMGRjNDM0NmU1MWYwYmY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoDEyP3zWk/2P5HAvCtrczqQ9r8NG
1rmfgxTAmMhTFsbvoSEDqT3kpcNk1AmR4/GJU+OQQKVckEXbMN9bg7x4GSfcrNty
OKMaa24iBe1bPne6Y980ah4o24F/eXovZZcaoNYyobxNmpDLvYVpi1r1/kGHeDa+
SfFgvMIhuW4V+gyGKHxr/ZNKOsIg3fd4j4bQDBFsG1ZsLtlWIuvPjIsl3Ixda+Ac
65yDE3Q3s6Vp8zmqz3Lji0BdYS0ci+vt4ZKKNyIyu7E2EJ3LLZuijV1F3wLOfDKJ
MROWcztUNc3GB3z2G/Y6DaAHPEJXzjyOYKCRkGHXmBhDEqdJwkX+r4StOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKEaE/A09AoMq2/9z7DcQ0blHwv3MB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvb1JvVDhEVDBDZ3lyYl8zUHNOeERSdVVmQ19jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW4Q4MA0G
CSqGSIb3DQEBCwUAA4IBAQAHwg1BJI0Ncp5y0GVmNv24eyinVluQNaio6Gk24aCt
FXWRb7DAZFLkFgm3lZTWy/ioKFT88pderpc5Vi3s02LfTq4pxy8W6gXFgH1KFKol
/tIm7PkUb2hVmS6mKkevPV/1iCvOlitS4ac/r76Wa0p0/YLeXgprOS59NE17ibxs
Z4DYXzNathttgD+h/ZRsI9io/HBORJUppxpmgnPKwSQg6XPSDj8gtRWCQi8L62Pg
0nh1hGQtMRP6iDlFiYac+fYn8UbdJpBs7HfYwvJezc8rqC9GEvxtakE0kXHu/vrd
5zWeB2ooU6p7HnP3RLk0kyvNEydpiWmjdUwsW78Jvcbg
-----END CERTIFICATE-----
Generated at Wed Nov 6 14:01:45 2024 by rpki-client on console-ams.rpki-client.org