Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/X0JA_Sa-pXfNtXgdbzJU4KpVrz0.roa
File:                     X0JA_Sa-pXfNtXgdbzJU4KpVrz0.roa (raw, json)
Hash identifier:          xG9Hx90iWPOgUw8q+HK4XBoedr2uSsGBCAGYzUdPXiI=
Subject key identifier:   5F:42:40:FD:26:BE:A5:77:CD:B5:78:1D:6F:32:54:E0:AA:55:AF:3D
Certificate issuer:       /CN=1f4738389cb3b998ec4fa6d4272f8dd799fbc4a9
Certificate serial:       01856D9D3C679879E512B94FE4AA53234CD3
Authority key identifier: 1F:47:38:38:9C:B3:B9:98:EC:4F:A6:D4:27:2F:8D:D7:99:FB:C4:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/X0JA_Sa-pXfNtXgdbzJU4KpVrz0.roa
Signing time:             Sun 01 Jan 2023 13:54:59 +0000
ROA not before:           Sun 01 Jan 2023 13:54:59 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     209260
IP address blocks:        91.213.189.0/24 maxlen: 24
                          194.156.150.0/24 maxlen: 24
                          91.208.104.0/24 maxlen: 24
                          91.208.109.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6d:9d:3c:67:98:79:e5:12:b9:4f:e4:aa:53:23:4c:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f4738389cb3b998ec4fa6d4272f8dd799fbc4a9
        Validity
            Not Before: Jan  1 13:54:59 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=5f4240fd26bea577cdb5781d6f3254e0aa55af3d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:9d:61:1d:0c:ad:67:14:cd:fc:9c:29:5b:b1:
                    5f:f4:cc:22:36:23:1a:4d:1a:a6:06:38:c1:7e:a7:
                    b8:a1:7b:3d:dd:ca:21:54:46:12:fa:cb:e5:2d:d1:
                    64:e6:db:96:e9:01:4a:71:a6:18:62:60:1c:3a:a5:
                    83:9c:70:76:10:7f:07:83:e1:8b:7f:90:ab:19:a9:
                    9d:53:14:0a:51:9a:75:03:ba:3f:0c:c8:ed:1f:33:
                    ce:dc:05:61:89:45:5d:08:24:26:c3:a8:d6:4b:c9:
                    d4:39:10:0e:38:51:53:52:d8:f4:3d:66:e4:56:fe:
                    dc:6b:db:84:b7:b6:fd:89:6d:61:a4:09:dc:07:36:
                    b3:99:8f:a8:19:6e:cb:a9:c9:9d:97:15:32:75:30:
                    c0:52:5f:52:f2:26:b8:ae:2d:7b:2e:14:89:8a:2e:
                    6c:f1:c3:5a:b0:76:4d:67:27:08:33:de:66:95:fc:
                    67:c4:2d:1e:10:0d:13:2b:ca:5a:66:a9:c6:fb:c2:
                    fb:b0:92:e3:22:76:1f:f6:66:e8:50:87:ae:e6:5b:
                    36:d3:76:5b:88:22:b3:07:35:0f:c8:e4:8d:f3:3d:
                    f0:05:0e:b7:20:cc:5c:8d:a5:44:bc:41:3c:b2:57:
                    91:36:96:42:36:5f:36:bf:99:aa:6b:ed:e7:f2:42:
                    f6:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:42:40:FD:26:BE:A5:77:CD:B5:78:1D:6F:32:54:E0:AA:55:AF:3D
            X509v3 Authority Key Identifier:
                keyid:1F:47:38:38:9C:B3:B9:98:EC:4F:A6:D4:27:2F:8D:D7:99:FB:C4:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/X0JA_Sa-pXfNtXgdbzJU4KpVrz0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/H0c4OJyzuZjsT6bUJy-N15n7xKk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.208.104.0/24
                  91.208.109.0/24
                  91.213.189.0/24
                  194.156.150.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:82:e3:c4:a7:f3:c2:48:79:cb:5f:62:ae:30:5c:59:92:7c:
         af:57:e8:b0:d6:7f:80:10:3e:b9:79:de:d0:c0:df:a6:10:8d:
         a1:b4:1e:f9:2e:00:d9:19:ff:44:3e:ac:17:13:61:ae:1a:00:
         d4:90:ef:a2:f4:b2:2a:2c:fb:22:be:85:b0:58:70:5d:dd:30:
         c9:31:9b:d5:b0:7c:63:1f:bd:8b:eb:97:97:de:db:f9:d9:6a:
         16:79:36:2f:64:e5:c8:a1:03:ba:f5:b9:fb:d4:34:b1:3c:cf:
         c8:da:33:c8:df:c2:78:36:30:c2:05:dc:d4:e8:0c:8f:95:45:
         f6:40:35:7e:d4:33:60:6e:75:71:65:ed:46:99:4a:45:23:39:
         de:a0:0f:49:7e:75:e0:55:50:12:e6:f7:36:1a:9a:f0:0c:e8:
         c5:a4:86:eb:20:c6:1e:6d:07:ed:0f:b4:e4:eb:9a:04:88:2e:
         e1:12:7c:4b:2f:cd:4f:ab:08:1e:38:c7:f2:6b:33:1a:23:87:
         f8:28:9d:63:ef:9b:7e:93:d0:57:3f:34:c5:ab:75:94:a5:f8:
         a7:ae:e5:4a:0c:f6:cb:36:74:57:07:c1:4c:d5:94:e6:e3:33:
         66:69:d2:51:4e:d9:c8:f2:70:b2:59:d2:44:40:81:2b:a8:1b:
         9e:45:03:9a
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYVtnTxnmHnlErlP5KpTI0zTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmNDczODM4OWNiM2I5OThlYzRmYTZkNDI3MmY4ZGQ3OTlm
YmM0YTkwHhcNMjMwMTAxMTM1NDU5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjQyNDBmZDI2YmVhNTc3Y2RiNTc4MWQ2ZjMyNTRlMGFhNTVhZjNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhZ1hHQytZxTN/JwpW7Ff9MwiNiMa
TRqmBjjBfqe4oXs93cohVEYS+svlLdFk5tuW6QFKcaYYYmAcOqWDnHB2EH8Hg+GL
f5CrGamdUxQKUZp1A7o/DMjtHzPO3AVhiUVdCCQmw6jWS8nUORAOOFFTUtj0PWbk
Vv7ca9uEt7b9iW1hpAncBzazmY+oGW7LqcmdlxUydTDAUl9S8ia4ri17LhSJii5s
8cNasHZNZycIM95mlfxnxC0eEA0TK8paZqnG+8L7sJLjInYf9mboUIeu5ls203Zb
iCKzBzUPyOSN8z3wBQ63IMxcjaVEvEE8sleRNpZCNl82v5mqa+3n8kL23wIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFF9CQP0mvqV3zbV4HW8yVOCqVa89MB8GA1UdIwQY
MBaAFB9HODics7mY7E+m1CcvjdeZ+8SpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDBjNE9KeXp1WmpzVDZiVUp5LU4xNW43eEtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS81MTc2OTQtYzhhMS00NThiLTljZjIt
NmM3ZTU2ODU4OTBjLzEvWDBKQV9TYS1wWGZOdFhnZGJ6SlU0S3BWcnowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS81MTc2OTQtYzhhMS00NThiLTljZjItNmM3ZTU2ODU4OTBj
LzEvSDBjNE9KeXp1WmpzVDZiVUp5LU4xNW43eEtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAW9BoAwQA
W9BtAwQAW9W9AwQAwpyWMA0GCSqGSIb3DQEBCwUAA4IBAQAIguPEp/PCSHnLX2Ku
MFxZknyvV+iw1n+AED65ed7QwN+mEI2htB75LgDZGf9EPqwXE2GuGgDUkO+i9LIq
LPsivoWwWHBd3TDJMZvVsHxjH72L65eX3tv52WoWeTYvZOXIoQO69bn71DSxPM/I
2jPI38J4NjDCBdzU6AyPlUX2QDV+1DNgbnVxZe1GmUpFIzneoA9JfnXgVVAS5vc2
GprwDOjFpIbrIMYebQftD7Tk65oEiC7hEnxLL81PqwgeOMfyazMaI4f4KJ1j75t+
k9BXPzTFq3WUpfinruVKDPbLNnRXB8FM1ZTm4zNmadJRTtnI8nCyWdJEQIErqBue
RQOa
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:18:14 2024 by rpki-client on console-ams.rpki-client.org