Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/nHY-3tFmt1qXDifO6VptUCIu_lk.roa
File:                     nHY-3tFmt1qXDifO6VptUCIu_lk.roa (raw, json)
Hash identifier:          LZqcnNSqIxNJx+3qhADAv9RZCSAJZBb/Vw1UDOs3Nu4=
Subject key identifier:   9C:76:3E:DE:D1:66:B7:5A:97:0E:27:CE:E9:5A:6D:50:22:2E:FE:59
Certificate issuer:       /CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
Certificate serial:       01856F1DCA38F48180A5C36C6ADF04D9C181
Authority key identifier: 5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/nHY-3tFmt1qXDifO6VptUCIu_lk.roa
Signing time:             Sun 01 Jan 2023 20:55:01 +0000
ROA not before:           Sun 01 Jan 2023 20:55:01 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     59916
IP address blocks:        109.233.207.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:1d:ca:38:f4:81:80:a5:c3:6c:6a:df:04:d9:c1:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
        Validity
            Not Before: Jan  1 20:55:01 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=9c763eded166b75a970e27cee95a6d50222efe59
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:8d:5e:5f:75:98:00:ac:27:28:cb:95:b2:60:
                    b1:41:73:00:68:d9:fc:59:5b:c5:d7:f4:0c:c4:7e:
                    04:a1:f7:a1:69:8a:77:94:16:29:cc:ca:5e:da:ef:
                    c3:ce:4b:f4:93:6e:05:e5:fe:fc:e5:6d:c5:d4:6f:
                    eb:f5:e6:73:35:60:6f:5c:38:a6:93:c2:66:7c:a0:
                    10:5e:b4:e3:2b:eb:ca:23:93:68:be:fe:01:f7:08:
                    52:42:0f:96:13:fa:f0:ea:bc:37:96:d4:5b:22:97:
                    dc:37:11:f0:43:ab:2c:44:8c:1d:b1:42:bc:b4:ee:
                    0e:ea:9a:de:22:9f:e1:ed:a1:10:4f:bf:59:a7:c7:
                    ad:d3:e1:f5:02:00:be:cc:f2:64:eb:bd:3e:7c:19:
                    c5:37:e1:c9:6b:69:ff:2a:8b:4f:34:3b:6b:f2:86:
                    e4:c0:d6:1b:32:22:44:c8:0a:a0:87:fa:06:0f:07:
                    ec:50:a5:19:18:f1:74:94:b4:33:f2:80:ca:b9:6b:
                    81:d8:76:7b:93:d1:65:47:dd:52:55:cd:be:71:a8:
                    19:91:77:95:dd:e8:07:8b:13:d2:94:65:46:6c:00:
                    b4:dd:c5:9b:7a:f6:48:66:e6:e5:0f:e2:d3:5a:86:
                    28:32:f4:9f:ef:0f:11:23:0a:95:17:97:2b:e0:f4:
                    58:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:76:3E:DE:D1:66:B7:5A:97:0E:27:CE:E9:5A:6D:50:22:2E:FE:59
            X509v3 Authority Key Identifier:
                keyid:5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/nHY-3tFmt1qXDifO6VptUCIu_lk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/XaOUHCfP5cI0xL8iHssqV5st6qs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.233.207.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:dc:d8:cb:ce:37:3e:3f:72:c0:e3:aa:2d:7d:1b:8a:09:31:
         ba:58:3d:e6:aa:51:e2:fd:ee:b0:51:22:00:29:2c:24:9d:dc:
         63:04:9f:2f:32:66:53:38:c2:b3:1c:12:f6:ef:78:18:6b:b1:
         85:bd:21:ff:37:cb:0a:bf:23:b5:89:36:50:6c:4e:ce:ba:93:
         8c:b3:cb:44:0e:31:2d:ae:c6:4e:08:de:9e:2c:07:da:81:43:
         25:f8:36:b4:bc:20:5a:2a:19:d7:78:0d:96:07:a1:b1:71:c9:
         83:a6:a5:41:48:c0:6f:a4:2a:48:c7:0e:ca:aa:18:23:06:ec:
         47:d8:77:15:01:72:8c:a3:b1:01:6d:0a:a2:d6:20:a0:89:98:
         b5:37:b4:9f:ed:81:0f:7f:65:7a:d9:73:ee:27:83:9e:7d:1c:
         59:9e:b1:48:b6:cf:dc:d2:66:1f:fe:5e:b1:d7:79:95:9a:eb:
         9b:65:d0:d5:3d:61:08:39:68:83:ea:47:67:cf:66:ba:8b:d4:
         65:ee:bb:cf:18:48:4a:79:31:0e:25:4f:1e:87:69:63:13:c2:
         a9:80:01:81:2a:66:10:eb:c2:11:37:72:8d:e1:db:8d:bb:73:
         55:99:2a:9f:f3:80:ce:53:18:f3:b7:3a:34:eb:3d:75:84:11:
         6b:8c:ea:9b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVvHco49IGApcNsat8E2cGBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkYTM5NDFjMjdjZmU1YzIzNGM0YmYyMjFlY2IyYTU3OWIy
ZGVhYWIwHhcNMjMwMTAxMjA1NTAxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Yzc2M2VkZWQxNjZiNzVhOTcwZTI3Y2VlOTVhNmQ1MDIyMmVmZTU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkY1eX3WYAKwnKMuVsmCxQXMAaNn8
WVvF1/QMxH4EofehaYp3lBYpzMpe2u/Dzkv0k24F5f785W3F1G/r9eZzNWBvXDim
k8JmfKAQXrTjK+vKI5Novv4B9whSQg+WE/rw6rw3ltRbIpfcNxHwQ6ssRIwdsUK8
tO4O6preIp/h7aEQT79Zp8et0+H1AgC+zPJk670+fBnFN+HJa2n/KotPNDtr8obk
wNYbMiJEyAqgh/oGDwfsUKUZGPF0lLQz8oDKuWuB2HZ7k9FlR91SVc2+cagZkXeV
3egHixPSlGVGbAC03cWbevZIZublD+LTWoYoMvSf7w8RIwqVF5cr4PRYDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJx2Pt7RZrdalw4nzulabVAiLv5ZMB8GA1UdIwQY
MBaAFF2jlBwnz+XCNMS/Ih7LKlebLeqrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGFPVUhDZlA1Y0kweEw4aUhzc3FWNXN0NnFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC8zMGVkM2UtYzRjNC00ZGU4LWI0ZjEt
ZjExYTM5ZjI2YzNiLzEvbkhZLTN0Rm10MXFYRGlmTzZWcHRVQ0l1X2xrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC8zMGVkM2UtYzRjNC00ZGU4LWI0ZjEtZjExYTM5ZjI2YzNi
LzEvWGFPVUhDZlA1Y0kweEw4aUhzc3FWNXN0NnFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbenPMA0G
CSqGSIb3DQEBCwUAA4IBAQCQ3NjLzjc+P3LA46otfRuKCTG6WD3mqlHi/e6wUSIA
KSwkndxjBJ8vMmZTOMKzHBL273gYa7GFvSH/N8sKvyO1iTZQbE7OupOMs8tEDjEt
rsZOCN6eLAfagUMl+Da0vCBaKhnXeA2WB6GxccmDpqVBSMBvpCpIxw7KqhgjBuxH
2HcVAXKMo7EBbQqi1iCgiZi1N7Sf7YEPf2V62XPuJ4OefRxZnrFIts/c0mYf/l6x
13mVmuubZdDVPWEIOWiD6kdnz2a6i9Rl7rvPGEhKeTEOJU8eh2ljE8KpgAGBKmYQ
68IRN3KN4duNu3NVmSqf84DOUxjztzo06z11hBFrjOqb
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:36:47 2024 by rpki-client on console-fra.rpki-client.org