Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/41f6f5-cef0-4a57-8e47-0a85986208a9/1/6EHWxS3ivpQk86LT65SgNfpFhpg.roa
File:                     6EHWxS3ivpQk86LT65SgNfpFhpg.roa (raw, json)
Hash identifier:          TfzMevnqt2CXPdT68IP5HHeF0PFYHYqFWsYqrpAPeQI=
Subject key identifier:   E8:41:D6:C5:2D:E2:BE:94:24:F3:A2:D3:EB:94:A0:35:FA:45:86:98
Certificate issuer:       /CN=5f51bcd89eb7f5b3ab08806ef51a7c2f6eb98efc
Certificate serial:       018E42780288ED40FD3FDBE08E07F255A96E
Authority key identifier: 5F:51:BC:D8:9E:B7:F5:B3:AB:08:80:6E:F5:1A:7C:2F:6E:B9:8E:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/X1G82J639bOrCIBu9Rp8L265jvw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/41f6f5-cef0-4a57-8e47-0a85986208a9/1/6EHWxS3ivpQk86LT65SgNfpFhpg.roa
Signing time:             Fri 15 Mar 2024 14:15:44 +0000
ROA not before:           Fri 15 Mar 2024 14:15:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50259
IP address blocks:        109.95.61.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:42:78:02:88:ed:40:fd:3f:db:e0:8e:07:f2:55:a9:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5f51bcd89eb7f5b3ab08806ef51a7c2f6eb98efc
        Validity
            Not Before: Mar 15 14:15:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e841d6c52de2be9424f3a2d3eb94a035fa458698
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:46:9b:51:54:cc:ff:0f:59:92:91:26:ad:8d:
                    29:08:53:ea:49:38:03:f4:42:53:af:a1:b2:d9:0e:
                    8c:94:e5:d9:ba:c8:83:2c:d2:8c:ad:41:29:8d:23:
                    45:1c:56:c5:99:05:90:74:e3:96:fc:af:6b:5d:34:
                    3e:ab:52:f2:13:2d:e2:bd:97:22:72:d6:19:2e:a2:
                    e2:5a:f0:92:de:1e:c8:af:1b:83:67:09:13:16:22:
                    e7:2b:fc:fb:c2:d2:13:a6:1f:d7:f0:23:de:b8:b8:
                    38:bf:6c:fc:c2:83:39:00:3a:c9:e7:52:16:5e:2b:
                    e1:f5:19:cc:2b:dd:42:9d:e3:cf:03:25:20:76:97:
                    fe:3a:42:53:b8:fd:98:c2:81:97:15:9c:04:38:f2:
                    dd:4b:30:e4:d0:4a:38:e9:00:96:17:e2:45:b8:6f:
                    49:6c:8d:08:09:11:d3:0c:fd:f0:bb:8f:aa:1d:4e:
                    96:1c:cb:03:ac:ef:1f:ca:73:13:de:75:48:02:2a:
                    e7:ee:e4:3b:5f:25:67:a4:fd:88:b3:f0:44:43:85:
                    0d:6f:5b:ff:52:40:03:1f:df:4a:89:87:a1:75:80:
                    d2:88:44:90:32:2e:db:2d:a8:39:14:8f:7e:78:37:
                    b8:c1:e8:b7:3a:9c:90:e9:40:85:fc:a5:6b:18:ce:
                    bb:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:41:D6:C5:2D:E2:BE:94:24:F3:A2:D3:EB:94:A0:35:FA:45:86:98
            X509v3 Authority Key Identifier:
                keyid:5F:51:BC:D8:9E:B7:F5:B3:AB:08:80:6E:F5:1A:7C:2F:6E:B9:8E:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/X1G82J639bOrCIBu9Rp8L265jvw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/41f6f5-cef0-4a57-8e47-0a85986208a9/1/6EHWxS3ivpQk86LT65SgNfpFhpg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/41f6f5-cef0-4a57-8e47-0a85986208a9/1/X1G82J639bOrCIBu9Rp8L265jvw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.95.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a5:4e:80:70:6e:cc:21:6f:e0:ba:b4:74:57:9c:4d:b0:a1:8a:
         d8:c9:dd:79:d2:a1:61:42:33:62:2e:47:15:29:d7:7b:6b:de:
         f8:e7:2a:e2:45:c7:57:58:23:67:fc:7a:a0:bd:98:65:4c:65:
         bf:90:f4:06:66:27:2b:f6:c3:a3:6a:3e:3f:c9:b9:65:a2:4c:
         fb:5a:35:f9:0c:7d:6f:bf:16:31:9b:58:b2:40:8e:1b:08:34:
         d5:7a:95:bf:48:fd:f1:05:b5:5b:89:f2:dd:5e:38:9d:43:3a:
         cf:ba:3f:ec:a2:9d:71:e7:37:19:a5:b1:4e:93:bd:f4:f7:71:
         c0:30:a7:8e:c3:92:ff:ef:69:ed:26:71:a1:a4:5b:03:25:d3:
         f0:3a:33:d1:a0:30:ed:e8:5c:8b:ed:be:75:fb:f3:8b:10:5e:
         f5:0a:58:49:9e:14:96:5a:c8:a6:ea:81:15:f6:3a:f8:70:1d:
         a6:a3:35:ee:ad:ec:e3:2d:1f:e5:86:26:d7:51:14:58:59:d8:
         94:ed:6e:46:e5:a5:9c:fd:e1:92:3b:d6:36:1f:0c:67:bb:bb:
         f6:d2:58:b3:50:ef:36:60:fe:94:40:e6:2f:f0:16:b0:6b:0f:
         a5:4d:f1:0d:96:04:df:62:69:36:18:4f:a4:48:86:22:1a:5e:
         3d:8c:5c:91
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5CeAKI7UD9P9vgjgfyValuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmNTFiY2Q4OWViN2Y1YjNhYjA4ODA2ZWY1MWE3YzJmNmVi
OThlZmMwHhcNMjQwMzE1MTQxNTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlODQxZDZjNTJkZTJiZTk0MjRmM2EyZDNlYjk0YTAzNWZhNDU4Njk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhUabUVTM/w9ZkpEmrY0pCFPqSTgD
9EJTr6Gy2Q6MlOXZusiDLNKMrUEpjSNFHFbFmQWQdOOW/K9rXTQ+q1LyEy3ivZci
ctYZLqLiWvCS3h7IrxuDZwkTFiLnK/z7wtITph/X8CPeuLg4v2z8woM5ADrJ51IW
Xivh9RnMK91CnePPAyUgdpf+OkJTuP2YwoGXFZwEOPLdSzDk0Eo46QCWF+JFuG9J
bI0ICRHTDP3wu4+qHU6WHMsDrO8fynMT3nVIAirn7uQ7XyVnpP2Is/BEQ4UNb1v/
UkADH99KiYehdYDSiESQMi7bLag5FI9+eDe4wei3OpyQ6UCF/KVrGM67CQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOhB1sUt4r6UJPOi0+uUoDX6RYaYMB8GA1UdIwQY
MBaAFF9RvNiet/WzqwiAbvUafC9uuY78MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWDFHODJKNjM5Yk9yQ0lCdTlScDhMMjY1anZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi80MWY2ZjUtY2VmMC00YTU3LThlNDct
MGE4NTk4NjIwOGE5LzEvNkVIV3hTM2l2cFFrODZMVDY1U2dOZnBGaHBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi80MWY2ZjUtY2VmMC00YTU3LThlNDctMGE4NTk4NjIwOGE5
LzEvWDFHODJKNjM5Yk9yQ0lCdTlScDhMMjY1anZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbV89MA0G
CSqGSIb3DQEBCwUAA4IBAQClToBwbswhb+C6tHRXnE2woYrYyd150qFhQjNiLkcV
Kdd7a9745yriRcdXWCNn/HqgvZhlTGW/kPQGZicr9sOjaj4/ybllokz7WjX5DH1v
vxYxm1iyQI4bCDTVepW/SP3xBbVbifLdXjidQzrPuj/sop1x5zcZpbFOk73093HA
MKeOw5L/72ntJnGhpFsDJdPwOjPRoDDt6FyL7b51+/OLEF71ClhJnhSWWsim6oEV
9jr4cB2mozXurezjLR/lhibXURRYWdiU7W5G5aWc/eGSO9Y2Hwxnu7v20lizUO82
YP6UQOYv8Bawaw+lTfENlgTfYmk2GE+kSIYiGl49jFyR
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:27:03 2024 by rpki-client on console-fra.rpki-client.org