Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/13e12a-2bac-4752-997d-df86b6dd997c/1/8NI6MSLcNSI2IZByHlqf2Hxkn6g.roa
File:                     8NI6MSLcNSI2IZByHlqf2Hxkn6g.roa (raw, json)
Hash identifier:          etw2Cf/cf2VbQ5jcLXlTYNZYANXNQ032AFOd88rMf+Q=
Subject key identifier:   F0:D2:3A:31:22:DC:35:22:36:21:90:72:1E:5A:9F:D8:7C:64:9F:A8
Certificate issuer:       /CN=2f814adc1d5209e098f078adbc856bad83b749c2
Certificate serial:       018F5F7C0E7D9B0E9A279AB317FE808D8FAC
Authority key identifier: 2F:81:4A:DC:1D:52:09:E0:98:F0:78:AD:BC:85:6B:AD:83:B7:49:C2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L4FK3B1SCeCY8HitvIVrrYO3ScI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/13e12a-2bac-4752-997d-df86b6dd997c/1/8NI6MSLcNSI2IZByHlqf2Hxkn6g.roa
Signing time:             Thu 09 May 2024 22:31:56 +0000
ROA not before:           Thu 09 May 2024 22:31:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215211
IP address blocks:        91.98.0.0/16 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:5f:7c:0e:7d:9b:0e:9a:27:9a:b3:17:fe:80:8d:8f:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f814adc1d5209e098f078adbc856bad83b749c2
        Validity
            Not Before: May  9 22:31:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f0d23a3122dc3522362190721e5a9fd87c649fa8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:2f:c4:89:59:7e:22:41:e2:d1:be:d2:8d:44:
                    a5:06:f9:f8:cf:38:22:7b:b9:49:5e:08:59:4e:aa:
                    f6:83:0a:9f:f5:84:63:9a:66:98:ea:6a:0b:ef:6e:
                    26:1b:53:96:07:e2:79:cc:e1:09:7b:cb:de:a3:61:
                    34:f7:68:43:53:c5:77:8c:2a:53:ef:35:3d:a2:7e:
                    19:cd:32:1c:b6:79:97:4f:07:06:35:9d:b1:ba:b9:
                    cb:45:bf:f3:02:78:58:a5:88:ed:85:06:95:8c:ac:
                    f3:4b:82:cc:0d:92:60:86:9d:9b:1e:90:e8:66:b1:
                    67:59:ba:71:15:65:30:f8:03:17:04:2b:49:99:b6:
                    d8:64:d2:23:bd:f4:e4:2f:eb:c1:3c:3a:5d:68:c7:
                    b9:32:cc:da:d2:f5:a0:47:64:12:6a:93:d0:41:f2:
                    cf:7e:6d:c5:bc:e7:9c:4e:24:7b:ee:2b:e7:10:2e:
                    a8:71:3f:0d:5b:02:aa:d3:da:ee:e8:33:dd:6f:39:
                    08:69:6d:bd:cc:9b:4e:59:ff:ea:de:c2:6d:f4:74:
                    e8:49:d5:13:3d:bf:3c:df:ce:90:47:65:aa:cc:1d:
                    87:5c:f8:2b:92:90:12:b3:50:8a:21:71:23:22:f0:
                    c2:88:bd:15:2f:dc:e0:c6:a7:93:d4:e5:cf:a4:a6:
                    5f:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:D2:3A:31:22:DC:35:22:36:21:90:72:1E:5A:9F:D8:7C:64:9F:A8
            X509v3 Authority Key Identifier:
                keyid:2F:81:4A:DC:1D:52:09:E0:98:F0:78:AD:BC:85:6B:AD:83:B7:49:C2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L4FK3B1SCeCY8HitvIVrrYO3ScI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/13e12a-2bac-4752-997d-df86b6dd997c/1/8NI6MSLcNSI2IZByHlqf2Hxkn6g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/13e12a-2bac-4752-997d-df86b6dd997c/1/L4FK3B1SCeCY8HitvIVrrYO3ScI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.98.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         58:5f:63:ad:a7:5e:92:3c:56:fe:4d:d9:6d:1f:cb:e1:68:ee:
         7f:8c:2e:07:17:12:88:cf:ae:a8:c3:f9:f7:0f:be:65:91:79:
         47:d5:1c:51:5e:b3:98:d2:25:04:6d:ae:5f:98:96:8c:90:9b:
         ad:14:a6:37:f5:37:3b:fd:2b:b1:44:4d:84:c8:9e:cc:a1:e1:
         7e:9c:af:d3:10:11:cd:a1:51:5b:0f:3f:03:99:81:82:d2:f2:
         66:f7:97:eb:52:14:92:58:86:38:5e:86:de:60:4a:7e:47:34:
         ac:60:45:3a:ce:a0:da:f3:59:74:8f:54:98:d7:ef:6c:ee:19:
         d1:32:f1:6e:7b:b0:c2:32:d2:1b:87:e8:d6:d5:13:16:d2:31:
         a9:f2:d8:5f:69:e0:30:d3:47:91:28:06:81:2d:f3:03:64:60:
         63:26:9b:19:29:fe:1f:f4:fd:34:0b:a4:5d:e1:71:88:9c:49:
         07:62:18:25:a4:07:e9:df:ad:e2:bf:4c:9a:b6:e2:22:58:4f:
         df:8a:aa:66:d6:36:9f:d3:36:70:14:8f:f4:d5:16:bf:f0:30:
         63:d9:d5:38:ca:3f:42:32:e3:c9:37:21:82:2d:3f:eb:ea:9b:
         7c:d4:f4:ab:6d:5c:6c:60:6a:a5:76:0e:89:4f:0a:21:9a:5c:
         bf:21:56:96
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAY9ffA59mw6aJ5qzF/6AjY+sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmODE0YWRjMWQ1MjA5ZTA5OGYwNzhhZGJjODU2YmFkODNi
NzQ5YzIwHhcNMjQwNTA5MjIzMTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMGQyM2EzMTIyZGMzNTIyMzYyMTkwNzIxZTVhOWZkODdjNjQ5ZmE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyS/EiVl+IkHi0b7SjUSlBvn4zzgi
e7lJXghZTqr2gwqf9YRjmmaY6moL724mG1OWB+J5zOEJe8veo2E092hDU8V3jCpT
7zU9on4ZzTIctnmXTwcGNZ2xurnLRb/zAnhYpYjthQaVjKzzS4LMDZJghp2bHpDo
ZrFnWbpxFWUw+AMXBCtJmbbYZNIjvfTkL+vBPDpdaMe5Msza0vWgR2QSapPQQfLP
fm3FvOecTiR77ivnEC6ocT8NWwKq09ru6DPdbzkIaW29zJtOWf/q3sJt9HToSdUT
Pb88386QR2WqzB2HXPgrkpASs1CKIXEjIvDCiL0VL9zgxqeT1OXPpKZf3QIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFPDSOjEi3DUiNiGQch5an9h8ZJ+oMB8GA1UdIwQY
MBaAFC+BStwdUgngmPB4rbyFa62Dt0nCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDRGSzNCMVNDZUNZOEhpdHZJVnJyWU8zU2NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi8xM2UxMmEtMmJhYy00NzUyLTk5N2Qt
ZGY4NmI2ZGQ5OTdjLzEvOE5JNk1TTGNOU0kySVpCeUhscWYySHhrbjZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi8xM2UxMmEtMmJhYy00NzUyLTk5N2QtZGY4NmI2ZGQ5OTdj
LzEvTDRGSzNCMVNDZUNZOEhpdHZJVnJyWU8zU2NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAW2IwDQYJ
KoZIhvcNAQELBQADggEBAFhfY62nXpI8Vv5N2W0fy+Fo7n+MLgcXEojPrqjD+fcP
vmWReUfVHFFes5jSJQRtrl+YloyQm60Upjf1Nzv9K7FETYTInsyh4X6cr9MQEc2h
UVsPPwOZgYLS8mb3l+tSFJJYhjheht5gSn5HNKxgRTrOoNrzWXSPVJjX72zuGdEy
8W57sMIy0huH6NbVExbSMany2F9p4DDTR5EoBoEt8wNkYGMmmxkp/h/0/TQLpF3h
cYicSQdiGCWkB+nfreK/TJq24iJYT9+KqmbWNp/TNnAUj/TVFr/wMGPZ1TjKP0Iy
48k3IYItP+vqm3zU9KttXGxgaqV2DolPCiGaXL8hVpY=
-----END CERTIFICATE-----
Generated at Fri Jun 14 10:40:41 2024 by rpki-client on console-ams.rpki-client.org