Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/YB4b86FSNTCadww7bRvfpMHugM4.roa
File:                     YB4b86FSNTCadww7bRvfpMHugM4.roa (raw, json)
Hash identifier:          fmUjUVlofEnNK5XcC4/vjjdzoH2rnEd4T3ZaDLj4toc=
Subject key identifier:   60:1E:1B:F3:A1:52:35:30:9A:77:0C:3B:6D:1B:DF:A4:C1:EE:80:CE
Certificate issuer:       /CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
Certificate serial:       039C8A41
Authority key identifier: 5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/YB4b86FSNTCadww7bRvfpMHugM4.roa
Signing time:             Sat 01 Jan 2022 14:07:02 +0000
ROA not before:           Sat 01 Jan 2022 14:07:02 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     41578
IP address blocks:        109.233.205.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 60590657 (0x39c8a41)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
        Validity
            Not Before: Jan  1 14:07:02 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=601e1bf3a15235309a770c3b6d1bdfa4c1ee80ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:77:07:4e:08:6c:77:ee:38:c5:af:a8:03:e2:
                    ff:35:f9:33:31:ab:5e:e0:ca:44:2d:d6:44:07:69:
                    45:42:07:f1:7d:02:db:26:ca:68:e5:68:bc:f5:fd:
                    32:43:82:3d:be:36:15:d5:3c:76:75:ba:4d:47:e6:
                    b9:be:2a:05:4a:1b:8d:07:ca:d1:a8:41:cc:a6:37:
                    ea:ba:6c:cf:1e:48:7f:58:87:88:77:d4:3e:44:e9:
                    91:05:df:12:d7:75:11:14:2c:0b:46:42:01:67:d5:
                    4d:10:3c:70:17:72:31:81:65:63:0f:79:c5:f8:ec:
                    e3:bf:8f:07:01:a8:a2:d0:be:e0:ca:56:0a:0a:0f:
                    26:69:7d:21:ea:aa:95:b1:ae:43:1a:96:d9:88:4f:
                    1d:5d:3f:8e:b6:28:b8:a8:ef:18:b9:dd:91:ab:82:
                    fe:71:e3:b5:5d:9d:8a:b7:62:bc:02:25:1e:bb:9a:
                    7a:b5:58:f1:b5:b0:46:7e:bd:9d:1b:1d:2c:52:b1:
                    07:09:f1:5c:22:78:c7:d6:06:b2:c1:f4:d6:17:1a:
                    6e:62:59:7b:47:35:5f:a0:1f:17:ac:91:ec:3a:06:
                    cf:5b:1a:68:fb:bc:3a:57:26:d5:e9:d0:b2:ad:fb:
                    7f:57:60:0c:2e:39:80:75:21:49:53:d9:e5:c5:bb:
                    eb:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:1E:1B:F3:A1:52:35:30:9A:77:0C:3B:6D:1B:DF:A4:C1:EE:80:CE
            X509v3 Authority Key Identifier:
                keyid:5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/YB4b86FSNTCadww7bRvfpMHugM4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/XaOUHCfP5cI0xL8iHssqV5st6qs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.233.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:ed:55:10:76:c7:d0:4c:89:98:7a:45:65:68:1d:31:ae:b1:
         ea:a9:ac:85:4f:ff:f3:5d:26:ff:58:d7:0b:cd:01:91:b8:74:
         36:15:e2:d5:ad:92:1c:0b:75:b5:02:a6:b4:ac:15:75:5e:cc:
         5a:d3:f4:57:51:3a:83:b2:3e:08:33:d6:69:bc:be:40:61:74:
         a4:ba:ac:72:33:2e:7e:5d:91:12:bf:82:13:d8:16:82:ad:d6:
         56:f2:ca:f7:df:49:c3:d6:30:b8:4a:25:6f:d6:1e:91:73:8c:
         e2:5a:07:d0:4d:ba:92:39:e5:8f:93:9a:f3:ef:a0:61:7e:7b:
         2e:00:91:d8:46:de:90:ea:4b:1f:de:ed:c1:7f:2c:8e:28:c2:
         a5:67:fa:cf:8b:c0:ab:95:1b:33:51:27:04:51:c7:90:32:df:
         ea:b3:fc:0b:75:0d:34:ae:e1:a1:69:56:6d:8e:95:9d:33:63:
         52:0e:01:d2:d4:11:05:98:aa:92:a5:92:80:56:f3:d5:82:5b:
         c3:13:8d:02:f9:d4:f7:55:a6:a0:e4:46:87:75:2b:5a:ad:a5:
         bd:7c:30:6e:73:83:be:ca:f2:0d:7c:cf:e9:4c:0c:98:64:0b:
         96:94:80:25:ea:67:fe:6e:22:af:bd:f9:82:9a:7a:b1:dc:fb:
         02:f9:c6:79
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEA5yKQTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg1
ZGEzOTQxYzI3Y2ZlNWMyMzRjNGJmMjIxZWNiMmE1NzliMmRlYWFiMB4XDTIyMDEw
MTE0MDcwMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNjAxZTFiZjNhMTUy
MzUzMDlhNzcwYzNiNmQxYmRmYTRjMWVlODBjZTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKJ3B04IbHfuOMWvqAPi/zX5MzGrXuDKRC3WRAdpRUIH8X0C
2ybKaOVovPX9MkOCPb42FdU8dnW6TUfmub4qBUobjQfK0ahBzKY36rpszx5If1iH
iHfUPkTpkQXfEtd1ERQsC0ZCAWfVTRA8cBdyMYFlYw95xfjs47+PBwGootC+4MpW
CgoPJml9IeqqlbGuQxqW2YhPHV0/jrYouKjvGLndkauC/nHjtV2dirdivAIlHrua
erVY8bWwRn69nRsdLFKxBwnxXCJ4x9YGssH01hcabmJZe0c1X6AfF6yR7DoGz1sa
aPu8Olcm1enQsq37f1dgDC45gHUhSVPZ5cW766kCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBRgHhvzoVI1MJp3DDttG9+kwe6AzjAfBgNVHSMEGDAWgBRdo5QcJ8/lwjTE
vyIeyypXmy3qqzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1hhT1VIQ2ZQNWNJMHhMOGlIc3NxVjVzdDZxcy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvODAvMzBlZDNlLWM0YzQtNGRlOC1iNGYxLWYxMWEzOWYyNmMzYi8x
L1lCNGI4NkZTTlRDYWR3dzdiUnZmcE1IdWdNNC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvODAv
MzBlZDNlLWM0YzQtNGRlOC1iNGYxLWYxMWEzOWYyNmMzYi8xL1hhT1VIQ2ZQNWNJ
MHhMOGlIc3NxVjVzdDZxcy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAG3pzTANBgkqhkiG9w0BAQsFAAOC
AQEAHO1VEHbH0EyJmHpFZWgdMa6x6qmshU//810m/1jXC80Bkbh0NhXi1a2SHAt1
tQKmtKwVdV7MWtP0V1E6g7I+CDPWaby+QGF0pLqscjMufl2REr+CE9gWgq3WVvLK
999Jw9YwuEolb9YekXOM4loH0E26kjnlj5Oa8++gYX57LgCR2EbekOpLH97twX8s
jijCpWf6z4vAq5UbM1EnBFHHkDLf6rP8C3UNNK7hoWlWbY6VnTNjUg4B0tQRBZiq
kqWSgFbz1YJbwxONAvnU91WmoORGh3UrWq2lvXwwbnODvsryDXzP6UwMmGQLlpSA
Jepn/m4ir735gpp6sdz7AvnGeQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:36:47 2024 by rpki-client on console-fra.rpki-client.org