Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/e1171c-5270-49cd-9379-b95b08a23ae1/1/D6-bYFOAvs_PYPLyUc3KaygYGxU.roa
File:                     D6-bYFOAvs_PYPLyUc3KaygYGxU.roa (raw, json)
Hash identifier:          /NUVDXXJd3G3/u8JQtSbTwyu/jCDNpmn1dGAAAYxsxg=
Subject key identifier:   0F:AF:9B:60:53:80:BE:CF:CF:60:F2:F2:51:CD:CA:6B:28:18:1B:15
Certificate issuer:       /CN=408af485b4fd0f03717cd4a709ef11c61d3ef46e
Certificate serial:       018905DEDAA5C17D3AB213A2621B0CA7C3A7
Authority key identifier: 40:8A:F4:85:B4:FD:0F:03:71:7C:D4:A7:09:EF:11:C6:1D:3E:F4:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QIr0hbT9DwNxfNSnCe8Rxh0-9G4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/e1171c-5270-49cd-9379-b95b08a23ae1/1/D6-bYFOAvs_PYPLyUc3KaygYGxU.roa
Signing time:             Thu 29 Jun 2023 06:37:18 +0000
ROA not before:           Thu 29 Jun 2023 06:37:18 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     20616
IP address blocks:        195.246.242.0/23 maxlen: 23
                          91.208.142.0/24 maxlen: 24
                          188.214.16.0/21 maxlen: 21

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:05:de:da:a5:c1:7d:3a:b2:13:a2:62:1b:0c:a7:c3:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=408af485b4fd0f03717cd4a709ef11c61d3ef46e
        Validity
            Not Before: Jun 29 06:37:18 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=0faf9b605380becfcf60f2f251cdca6b28181b15
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:0f:22:bb:0e:d0:61:f9:76:a4:5b:f3:53:65:
                    34:66:2a:ec:38:c5:de:ca:a8:2a:4a:d5:6e:fb:7f:
                    5d:53:25:2b:d5:76:1c:d9:5d:0a:0e:8d:a6:96:9b:
                    0d:ff:7e:60:86:ea:cb:23:42:c6:79:c9:6c:94:49:
                    27:3f:62:94:89:24:e2:c2:7c:32:f9:fd:c0:e6:22:
                    a0:e3:34:91:ba:f7:2c:e6:5e:65:ab:9b:13:cb:1e:
                    20:a3:e1:0f:3d:14:d6:62:10:ad:ea:fd:c3:c4:3c:
                    1e:e0:aa:a5:d5:56:04:9f:c9:9c:bf:2a:6d:68:83:
                    79:ae:1c:37:ba:a6:29:12:6f:54:be:df:fe:5d:f3:
                    58:f1:93:2e:2e:31:04:15:42:7f:5f:8f:ad:f6:b4:
                    50:dc:c8:77:bf:97:47:8b:c2:bd:d4:99:da:0b:52:
                    74:37:df:0b:8b:f4:cd:96:68:84:2d:c0:49:a5:3b:
                    4b:6e:fd:ef:84:fa:8d:bc:c2:6e:93:af:8a:05:94:
                    d2:41:e4:67:6d:f7:c6:f9:d0:20:cb:4e:e6:38:a2:
                    d0:ba:b4:b2:4c:0f:ae:9b:ac:b2:11:a8:96:23:89:
                    7c:4b:57:35:16:28:60:f8:21:c3:43:63:82:a8:14:
                    e3:db:91:e3:f4:d8:3a:5d:75:72:6f:aa:ad:d4:c3:
                    f4:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:AF:9B:60:53:80:BE:CF:CF:60:F2:F2:51:CD:CA:6B:28:18:1B:15
            X509v3 Authority Key Identifier:
                keyid:40:8A:F4:85:B4:FD:0F:03:71:7C:D4:A7:09:EF:11:C6:1D:3E:F4:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QIr0hbT9DwNxfNSnCe8Rxh0-9G4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/e1171c-5270-49cd-9379-b95b08a23ae1/1/D6-bYFOAvs_PYPLyUc3KaygYGxU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/e1171c-5270-49cd-9379-b95b08a23ae1/1/QIr0hbT9DwNxfNSnCe8Rxh0-9G4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.208.142.0/24
                  188.214.16.0/21
                  195.246.242.0/23

    Signature Algorithm: sha256WithRSAEncryption
         46:f4:02:b7:a7:52:7f:62:71:e1:34:df:70:23:e4:78:a0:1f:
         3e:7d:77:67:2c:34:e2:af:72:40:9b:c0:63:a2:99:03:8f:d1:
         ac:9a:80:95:68:ef:76:19:72:97:e5:86:80:70:a1:dd:24:4a:
         e0:9f:50:70:af:85:1b:37:cd:70:66:c6:35:4f:2b:6a:92:f8:
         e7:ff:e7:4f:f0:c9:6c:d4:46:b7:e7:b6:ee:50:57:0f:af:0e:
         ee:db:f4:fb:7d:33:53:34:5f:d1:59:a8:8f:66:15:8d:5d:03:
         6a:f7:d3:7f:79:54:42:25:59:06:d0:dc:f6:2d:32:0f:4f:bc:
         67:79:8c:9a:28:5d:9b:26:ca:b0:1d:9f:14:52:50:94:47:94:
         30:08:fe:ce:22:25:12:c2:db:40:0f:d0:b4:4c:b1:20:ba:de:
         a0:e7:c5:5b:a8:d4:c0:9a:57:df:1d:eb:e0:8b:d1:71:3b:1a:
         e0:84:e2:ee:8f:5c:50:f7:37:08:d3:b3:98:59:78:3f:ab:5c:
         f5:33:d9:0d:ad:a7:0f:f4:40:e8:87:86:6b:78:12:dd:66:99:
         ba:98:05:52:0f:37:e6:7d:53:9c:dc:ad:50:ed:cc:4a:fb:16:
         6b:32:74:ed:e4:2e:7d:e0:58:2e:37:8f:bf:db:b7:29:41:f7:
         02:0b:b9:eb
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYkF3tqlwX06shOiYhsMp8OnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwOGFmNDg1YjRmZDBmMDM3MTdjZDRhNzA5ZWYxMWM2MWQz
ZWY0NmUwHhcNMjMwNjI5MDYzNzE4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZmFmOWI2MDUzODBiZWNmY2Y2MGYyZjI1MWNkY2E2YjI4MTgxYjE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiQ8iuw7QYfl2pFvzU2U0ZirsOMXe
yqgqStVu+39dUyUr1XYc2V0KDo2mlpsN/35ghurLI0LGeclslEknP2KUiSTiwnwy
+f3A5iKg4zSRuvcs5l5lq5sTyx4go+EPPRTWYhCt6v3DxDwe4Kql1VYEn8mcvypt
aIN5rhw3uqYpEm9Uvt/+XfNY8ZMuLjEEFUJ/X4+t9rRQ3Mh3v5dHi8K91JnaC1J0
N98Li/TNlmiELcBJpTtLbv3vhPqNvMJuk6+KBZTSQeRnbffG+dAgy07mOKLQurSy
TA+um6yyEaiWI4l8S1c1Fihg+CHDQ2OCqBTj25Hj9Ng6XXVyb6qt1MP0OwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFA+vm2BTgL7Pz2Dy8lHNymsoGBsVMB8GA1UdIwQY
MBaAFECK9IW0/Q8DcXzUpwnvEcYdPvRuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUUlyMGhiVDlEd054Zk5TbkNlOFJ4aDAtOUc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9lMTE3MWMtNTI3MC00OWNkLTkzNzkt
Yjk1YjA4YTIzYWUxLzEvRDYtYllGT0F2c19QWVBMeVVjM0theWdZR3hVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9lMTE3MWMtNTI3MC00OWNkLTkzNzktYjk1YjA4YTIzYWUx
LzEvUUlyMGhiVDlEd054Zk5TbkNlOFJ4aDAtOUc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAW9COAwQD
vNYQAwQBw/byMA0GCSqGSIb3DQEBCwUAA4IBAQBG9AK3p1J/YnHhNN9wI+R4oB8+
fXdnLDTir3JAm8BjopkDj9GsmoCVaO92GXKX5YaAcKHdJErgn1Bwr4UbN81wZsY1
Tytqkvjn/+dP8Mls1Ea357buUFcPrw7u2/T7fTNTNF/RWaiPZhWNXQNq99N/eVRC
JVkG0Nz2LTIPT7xneYyaKF2bJsqwHZ8UUlCUR5QwCP7OIiUSwttAD9C0TLEgut6g
58VbqNTAmlffHevgi9FxOxrghOLuj1xQ9zcI07OYWXg/q1z1M9kNracP9EDoh4Zr
eBLdZpm6mAVSDzfmfVOc3K1Q7cxK+xZrMnTt5C594FguN4+/27cpQfcCC7nr
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:03:06 2024 by rpki-client on console-ams.rpki-client.org