Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/becd16-a9e9-4cd6-800e-f008dd83e32a/1/pN4RJPsnkklNJ6nA1sGcEnFQNAo.roa
File:                     pN4RJPsnkklNJ6nA1sGcEnFQNAo.roa (raw, json)
Hash identifier:          XwG03cp5HD0E8IfMWaJbcW/xXPVfW2CLpkI37l/7P3o=
Subject key identifier:   A4:DE:11:24:FB:27:92:49:4D:27:A9:C0:D6:C1:9C:12:71:50:34:0A
Certificate issuer:       /CN=e9be181aabdb195513a26c67b621e2986818d03d
Certificate serial:       018CCA2B5800783B7D42F7ADD751F0F1C61F
Authority key identifier: E9:BE:18:1A:AB:DB:19:55:13:A2:6C:67:B6:21:E2:98:68:18:D0:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6b4YGqvbGVUTomxntiHimGgY0D0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/becd16-a9e9-4cd6-800e-f008dd83e32a/1/pN4RJPsnkklNJ6nA1sGcEnFQNAo.roa
Signing time:             Tue 02 Jan 2024 12:34:47 +0000
ROA not before:           Tue 02 Jan 2024 12:34:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49729
IP address blocks:        91.228.88.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:58:00:78:3b:7d:42:f7:ad:d7:51:f0:f1:c6:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e9be181aabdb195513a26c67b621e2986818d03d
        Validity
            Not Before: Jan  2 12:34:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a4de1124fb2792494d27a9c0d6c19c127150340a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:89:25:ed:a9:2a:30:4d:21:c7:27:66:78:36:
                    88:3a:b1:a6:7d:fc:4f:bd:8a:75:f9:06:c7:64:e4:
                    a2:7a:68:09:3b:0d:f6:78:3e:28:c2:36:08:2d:96:
                    4d:0d:e4:27:f2:1a:5d:5b:be:92:ef:a9:95:4f:f5:
                    c1:00:3d:c5:d6:a1:73:19:7b:6e:6e:87:1b:d5:b6:
                    4e:7e:80:36:d4:c5:26:35:7f:7a:6d:5d:5d:9a:39:
                    c0:94:13:b8:cd:ba:20:c1:cd:3b:3f:ba:f1:3e:ce:
                    ad:09:8e:02:d1:44:21:72:43:1a:a6:15:bd:db:22:
                    38:78:0c:44:60:ef:49:65:2b:ab:38:61:af:d8:ca:
                    63:ee:7d:0a:a9:41:20:80:77:60:e3:bc:41:91:57:
                    ba:40:3e:0b:f4:11:e0:b5:3d:93:87:32:63:7f:73:
                    19:59:2c:a1:d0:e6:88:02:4d:5e:39:a3:c3:31:de:
                    4c:2c:f0:81:12:6b:68:9e:41:4b:55:90:17:b9:ec:
                    f4:ca:4c:0d:ca:36:46:0f:c6:c2:59:e0:bb:89:99:
                    08:a9:da:b9:cb:9b:58:6b:78:e4:80:e2:bd:e8:59:
                    94:81:bb:ef:54:c9:05:12:ab:8b:79:7d:42:78:12:
                    f9:8d:4f:ee:2d:eb:74:31:9c:71:5d:2f:ba:f0:8a:
                    0f:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:DE:11:24:FB:27:92:49:4D:27:A9:C0:D6:C1:9C:12:71:50:34:0A
            X509v3 Authority Key Identifier:
                keyid:E9:BE:18:1A:AB:DB:19:55:13:A2:6C:67:B6:21:E2:98:68:18:D0:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b4YGqvbGVUTomxntiHimGgY0D0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/becd16-a9e9-4cd6-800e-f008dd83e32a/1/pN4RJPsnkklNJ6nA1sGcEnFQNAo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/becd16-a9e9-4cd6-800e-f008dd83e32a/1/6b4YGqvbGVUTomxntiHimGgY0D0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.228.88.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:50:33:4f:59:d1:b9:73:c1:ad:28:13:4d:8e:ef:03:e9:e1:
         5e:07:13:47:13:2f:cf:df:e1:8e:86:76:da:b2:1a:6c:aa:e6:
         d7:46:ef:0a:a9:f7:68:29:32:88:cd:c3:30:4e:ce:5f:6e:81:
         ff:d0:0b:7e:a9:e7:74:d3:82:cb:fa:4e:3c:78:d2:f6:1e:49:
         19:0e:e2:c3:cc:fd:86:32:cd:b2:6f:13:1c:23:10:85:d8:da:
         31:1d:83:ac:43:bf:a0:f0:07:f7:d7:18:5f:a2:a4:bf:30:cb:
         73:88:a5:9e:7f:1b:0d:c1:e3:f9:14:0b:fd:68:88:a8:0d:a6:
         1d:3b:aa:94:db:94:ff:15:a1:a3:e2:cf:fb:b6:c0:3c:7a:34:
         12:8c:37:c9:f7:b3:a5:c0:77:cd:bc:ff:e7:b7:d4:31:c5:e1:
         1a:5d:7f:95:76:ea:68:90:9d:37:75:56:52:c9:3f:4e:12:0f:
         0c:52:c8:dc:db:8b:2b:a3:20:ed:6c:ad:cd:b7:8b:ab:f5:e9:
         0e:2a:34:1f:fe:03:87:f0:c9:f0:85:a8:a0:14:18:61:c4:16:
         01:d7:ea:26:91:91:6b:0c:a8:01:21:a8:cf:fc:dd:f6:68:0c:
         5a:2d:ec:87:8c:e9:90:1f:5a:b5:84:41:7f:c1:48:90:3a:92:
         d2:ec:fe:a4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK1gAeDt9Qvet11Hw8cYfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5YmUxODFhYWJkYjE5NTUxM2EyNmM2N2I2MjFlMjk4Njgx
OGQwM2QwHhcNMjQwMTAyMTIzNDQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNGRlMTEyNGZiMjc5MjQ5NGQyN2E5YzBkNmMxOWMxMjcxNTAzNDBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvYkl7akqME0hxydmeDaIOrGmffxP
vYp1+QbHZOSiemgJOw32eD4owjYILZZNDeQn8hpdW76S76mVT/XBAD3F1qFzGXtu
bocb1bZOfoA21MUmNX96bV1dmjnAlBO4zbogwc07P7rxPs6tCY4C0UQhckMaphW9
2yI4eAxEYO9JZSurOGGv2Mpj7n0KqUEggHdg47xBkVe6QD4L9BHgtT2ThzJjf3MZ
WSyh0OaIAk1eOaPDMd5MLPCBEmtonkFLVZAXuez0ykwNyjZGD8bCWeC7iZkIqdq5
y5tYa3jkgOK96FmUgbvvVMkFEquLeX1CeBL5jU/uLet0MZxxXS+68IoPpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKTeEST7J5JJTSepwNbBnBJxUDQKMB8GA1UdIwQY
MBaAFOm+GBqr2xlVE6JsZ7Yh4phoGNA9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNmI0WUdxdmJHVlVUb214bnRpSGltR2dZMEQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS9iZWNkMTYtYTllOS00Y2Q2LTgwMGUt
ZjAwOGRkODNlMzJhLzEvcE40UkpQc25ra2xOSjZuQTFzR2NFbkZRTkFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS9iZWNkMTYtYTllOS00Y2Q2LTgwMGUtZjAwOGRkODNlMzJh
LzEvNmI0WUdxdmJHVlVUb214bnRpSGltR2dZMEQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+RYMA0G
CSqGSIb3DQEBCwUAA4IBAQB6UDNPWdG5c8GtKBNNju8D6eFeBxNHEy/P3+GOhnba
shpsqubXRu8KqfdoKTKIzcMwTs5fboH/0At+qed004LL+k48eNL2HkkZDuLDzP2G
Ms2ybxMcIxCF2NoxHYOsQ7+g8Af31xhfoqS/MMtziKWefxsNweP5FAv9aIioDaYd
O6qU25T/FaGj4s/7tsA8ejQSjDfJ97OlwHfNvP/nt9QxxeEaXX+VdupokJ03dVZS
yT9OEg8MUsjc24sroyDtbK3Nt4ur9ekOKjQf/gOH8MnwhaigFBhhxBYB1+omkZFr
DKgBIajP/N32aAxaLeyHjOmQH1q1hEF/wUiQOpLS7P6k
-----END CERTIFICATE-----
Generated at Mon Sep 9 10:15:51 2024 by rpki-client on console-ams.rpki-client.org