Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/5b0222-ed64-4f55-b45b-0059f737ef05/1/YvHx_Dp3tUQStqrNg1nUSFNPcPo.roa
File:                     YvHx_Dp3tUQStqrNg1nUSFNPcPo.roa (raw, json)
Hash identifier:          D82Fklo8Y38hxv/kesM9mWD/39X2cO8Lumxv41+xI2I=
Subject key identifier:   62:F1:F1:FC:3A:77:B5:44:12:B6:AA:CD:83:59:D4:48:53:4F:70:FA
Certificate issuer:       /CN=e501815c6f98f3a2b6184afebf18ea341be882ea
Certificate serial:       38084F0D
Authority key identifier: E5:01:81:5C:6F:98:F3:A2:B6:18:4A:FE:BF:18:EA:34:1B:E8:82:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5QGBXG-Y86K2GEr-vxjqNBvoguo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/5b0222-ed64-4f55-b45b-0059f737ef05/1/YvHx_Dp3tUQStqrNg1nUSFNPcPo.roa
Signing time:             Sat 01 Jan 2022 11:02:23 +0000
ROA not before:           Sat 01 Jan 2022 11:02:23 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     399641
IP address blocks:        87.251.23.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 940068621 (0x38084f0d)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e501815c6f98f3a2b6184afebf18ea341be882ea
        Validity
            Not Before: Jan  1 11:02:23 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=62f1f1fc3a77b54412b6aacd8359d448534f70fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:25:ad:f1:87:04:de:14:46:99:b3:2d:1c:8f:
                    dc:cc:03:04:86:02:e6:4f:7a:08:b3:b9:00:b9:ba:
                    16:46:55:4c:8c:94:82:97:03:80:2d:e3:a8:17:8a:
                    8b:8c:13:a9:19:86:45:65:bd:fc:a6:32:5a:f0:9d:
                    dc:04:2c:1c:af:a2:e4:8b:55:97:e9:5a:19:03:2e:
                    02:ca:99:71:bd:02:29:52:22:c9:2e:e8:69:2e:95:
                    2c:2e:08:4d:d0:01:d4:34:d3:3c:d6:07:b3:90:99:
                    31:50:40:72:2e:67:ac:0a:9a:fc:cd:0a:77:cf:4b:
                    eb:d7:aa:c1:d8:0b:63:ca:7a:fc:59:a1:0c:85:26:
                    61:4c:ad:35:e5:d2:69:f1:ac:6d:fb:1d:16:42:13:
                    de:48:1e:e0:1b:3d:f7:e2:ea:1c:47:57:25:0f:25:
                    4d:70:5f:5c:99:48:a1:5f:31:63:48:bd:22:bc:8f:
                    1c:40:6e:74:7e:93:e3:d7:e9:98:bb:18:84:6d:23:
                    79:05:9e:8e:c7:f0:c9:22:c5:dc:db:0b:d2:00:56:
                    0a:b5:6a:42:8d:37:d6:67:64:52:85:f8:ea:20:c6:
                    c8:c5:0b:94:bd:09:56:6c:ce:f9:43:ff:1e:8c:d3:
                    18:4f:13:b6:33:16:e8:74:91:3d:0a:35:d5:fe:61:
                    0f:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:F1:F1:FC:3A:77:B5:44:12:B6:AA:CD:83:59:D4:48:53:4F:70:FA
            X509v3 Authority Key Identifier:
                keyid:E5:01:81:5C:6F:98:F3:A2:B6:18:4A:FE:BF:18:EA:34:1B:E8:82:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5QGBXG-Y86K2GEr-vxjqNBvoguo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/5b0222-ed64-4f55-b45b-0059f737ef05/1/YvHx_Dp3tUQStqrNg1nUSFNPcPo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/5b0222-ed64-4f55-b45b-0059f737ef05/1/5QGBXG-Y86K2GEr-vxjqNBvoguo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.251.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:0c:9e:b5:d0:1e:d2:4e:89:1d:b8:25:2a:c1:f4:38:96:5e:
         5a:77:bd:4d:f9:10:63:11:67:31:e4:94:02:76:1c:19:da:46:
         3c:d1:e5:dd:d2:e0:8d:a4:09:20:e8:35:56:b8:65:20:0c:68:
         df:35:da:dd:d1:6f:0b:db:0f:47:c4:82:36:31:b3:d5:ec:da:
         aa:fd:19:a8:41:8e:fd:75:28:02:28:3a:97:f0:87:af:c7:36:
         86:90:92:23:24:76:94:03:23:84:f0:2c:62:d2:75:a2:1b:27:
         e3:8b:26:ff:e2:55:a9:64:76:57:0c:58:71:dd:57:65:2e:c8:
         f9:a8:47:85:86:6f:a7:9b:ca:9d:72:ca:86:82:74:7f:c2:96:
         6c:82:1d:d2:df:2f:80:f9:f4:a5:c5:2a:0d:6c:9b:b6:fa:16:
         ef:93:21:fc:f2:c4:f9:24:18:5f:90:b2:ef:e9:42:d2:97:35:
         ec:3a:53:05:5c:25:3a:fd:50:dd:04:bb:65:5c:25:af:01:b8:
         c5:93:0e:5c:39:91:2a:2c:af:fd:36:fb:09:7c:1c:79:a6:ce:
         a6:a8:0c:2a:a6:cd:01:e1:8b:3f:c8:9c:15:09:32:91:fa:fc:
         e3:52:da:b6:90:51:a1:12:76:a8:a0:7b:6a:12:9e:b8:ce:22:
         a7:b4:0a:95
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEOAhPDTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhl
NTAxODE1YzZmOThmM2EyYjYxODRhZmViZjE4ZWEzNDFiZTg4MmVhMB4XDTIyMDEw
MTExMDIyM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNjJmMWYxZmMzYTc3
YjU0NDEyYjZhYWNkODM1OWQ0NDg1MzRmNzBmYTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKQlrfGHBN4URpmzLRyP3MwDBIYC5k96CLO5ALm6FkZVTIyU
gpcDgC3jqBeKi4wTqRmGRWW9/KYyWvCd3AQsHK+i5ItVl+laGQMuAsqZcb0CKVIi
yS7oaS6VLC4ITdAB1DTTPNYHs5CZMVBAci5nrAqa/M0Kd89L69eqwdgLY8p6/Fmh
DIUmYUytNeXSafGsbfsdFkIT3kge4Bs99+LqHEdXJQ8lTXBfXJlIoV8xY0i9IryP
HEBudH6T49fpmLsYhG0jeQWejsfwySLF3NsL0gBWCrVqQo031mdkUoX46iDGyMUL
lL0JVmzO+UP/HozTGE8TtjMW6HSRPQo11f5hD3sCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBRi8fH8One1RBK2qs2DWdRIU09w+jAfBgNVHSMEGDAWgBTlAYFcb5jzorYY
Sv6/GOo0G+iC6jAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzVRR0JYRy1ZODZLMkdFci12eGpxTkJ2b2d1by5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMWMvNWIwMjIyLWVkNjQtNGY1NS1iNDViLTAwNTlmNzM3ZWYwNS8x
L1l2SHhfRHAzdFVRU3Rxck5nMW5VU0ZOUGNQby5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMWMv
NWIwMjIyLWVkNjQtNGY1NS1iNDViLTAwNTlmNzM3ZWYwNS8xLzVRR0JYRy1ZODZL
MkdFci12eGpxTkJ2b2d1by5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFf7FzANBgkqhkiG9w0BAQsFAAOC
AQEAFAyetdAe0k6JHbglKsH0OJZeWne9TfkQYxFnMeSUAnYcGdpGPNHl3dLgjaQJ
IOg1VrhlIAxo3zXa3dFvC9sPR8SCNjGz1ezaqv0ZqEGO/XUoAig6l/CHr8c2hpCS
IyR2lAMjhPAsYtJ1ohsn44sm/+JVqWR2VwxYcd1XZS7I+ahHhYZvp5vKnXLKhoJ0
f8KWbIId0t8vgPn0pcUqDWybtvoW75Mh/PLE+SQYX5Cy7+lC0pc17DpTBVwlOv1Q
3QS7ZVwlrwG4xZMOXDmRKiyv/Tb7CXwceabOpqgMKqbNAeGLP8icFQkykfr841La
tpBRoRJ2qKB7ahKeuM4ip7QKlQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:56:59 2024 by rpki-client on console-ams.rpki-client.org