Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/BpCf9Pe_vjGACioeRXCf6B1Lnu0.roa
File:                     BpCf9Pe_vjGACioeRXCf6B1Lnu0.roa (raw, json)
Hash identifier:          nnLuBT8pffrsdpV2Xele1jS/Sp0h02u+o8jsOAfGITA=
Subject key identifier:   06:90:9F:F4:F7:BF:BE:31:80:0A:2A:1E:45:70:9F:E8:1D:4B:9E:ED
Certificate issuer:       /CN=ab71e9b13f5c339a58692eeabe72eaa406bbbd7d
Certificate serial:       01852EB314BF22F0802170421C7BEFC491C4
Authority key identifier: AB:71:E9:B1:3F:5C:33:9A:58:69:2E:EA:BE:72:EA:A4:06:BB:BD:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/q3HpsT9cM5pYaS7qvnLqpAa7vX0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/BpCf9Pe_vjGACioeRXCf6B1Lnu0.roa
Signing time:             Tue 20 Dec 2022 08:42:46 +0000
ROA not before:           Tue 20 Dec 2022 08:42:46 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     203377
IP address blocks:        91.151.85.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:2e:b3:14:bf:22:f0:80:21:70:42:1c:7b:ef:c4:91:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab71e9b13f5c339a58692eeabe72eaa406bbbd7d
        Validity
            Not Before: Dec 20 08:42:46 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=06909ff4f7bfbe31800a2a1e45709fe81d4b9eed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:e4:da:5b:f1:11:cd:ad:e1:28:cf:56:4c:5a:
                    bb:0f:df:6b:93:0d:a8:39:de:d4:c5:99:d7:87:c7:
                    d0:77:64:ee:ea:7f:6e:ef:0f:b1:0b:1a:20:b9:13:
                    2c:54:a4:b5:1d:c1:f8:a5:d5:57:64:80:16:88:73:
                    f1:86:4c:e0:cb:4e:5b:99:96:41:8f:51:2e:02:ff:
                    8f:f7:f4:7a:ab:5c:01:77:84:7a:49:6d:68:dd:49:
                    6d:ec:89:82:5e:1a:65:66:78:54:63:71:e6:f7:55:
                    5f:6c:62:2f:87:79:d7:70:17:a1:15:5a:e9:6e:e5:
                    04:07:53:e4:c0:d0:c7:d2:77:b9:a3:03:a4:37:2f:
                    56:75:55:d2:35:9e:41:88:0f:5b:28:e6:9c:96:d7:
                    ef:0e:1d:f4:1e:66:13:7b:3b:b9:98:c0:dc:5d:72:
                    81:35:a9:9a:bc:29:5d:27:a9:fc:a7:8f:21:3e:b4:
                    55:71:3a:5f:43:31:e2:7a:88:3d:85:45:0f:3b:45:
                    f3:71:3d:e4:9a:53:18:ac:20:81:14:08:d2:7b:cb:
                    2d:c4:46:b6:18:5e:ab:a9:16:17:18:17:2d:57:ec:
                    90:f2:c3:3b:86:e4:df:6f:e3:b3:38:ad:c9:12:2b:
                    b1:95:85:15:1c:d6:61:e1:55:14:4e:6f:63:1c:c0:
                    8e:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:90:9F:F4:F7:BF:BE:31:80:0A:2A:1E:45:70:9F:E8:1D:4B:9E:ED
            X509v3 Authority Key Identifier:
                keyid:AB:71:E9:B1:3F:5C:33:9A:58:69:2E:EA:BE:72:EA:A4:06:BB:BD:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q3HpsT9cM5pYaS7qvnLqpAa7vX0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/BpCf9Pe_vjGACioeRXCf6B1Lnu0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/q3HpsT9cM5pYaS7qvnLqpAa7vX0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.151.85.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c6:d5:b4:dc:13:9d:83:a2:3b:5c:6f:a3:91:1d:73:4c:c8:f5:
         90:00:1d:38:f8:8c:d1:6b:0c:80:2a:6d:c7:60:de:9f:4a:15:
         2f:4d:c8:f1:8d:02:a7:72:ba:77:4f:76:4e:32:ad:f6:0c:5b:
         9a:8b:d0:1b:f1:be:99:53:99:99:1a:f1:b5:85:f4:11:3d:16:
         1c:e6:00:b9:e9:ad:95:ab:c1:35:40:4c:c8:76:d2:2e:f1:db:
         d6:83:d9:f2:5b:d5:b5:25:2b:8b:71:cb:63:ca:6e:0e:bb:79:
         11:e6:1b:1d:4b:31:0c:cb:98:36:d0:4a:9b:91:c4:9d:22:f4:
         20:32:1f:7c:89:b1:75:64:68:45:e3:37:35:e2:b9:15:5d:03:
         8c:7f:a7:d9:b0:5a:d6:8c:19:79:08:12:e7:8c:75:46:dd:a4:
         2f:a1:73:e4:0d:b0:89:1d:8f:88:7a:b9:86:4a:cd:e4:b3:ff:
         da:7b:b3:e7:5c:a9:a2:52:5d:19:9d:ff:62:c6:c0:44:7a:f6:
         f7:dc:4c:3b:0e:99:e9:bd:cb:eb:ba:a8:85:3b:ac:ad:88:63:
         19:d9:69:6f:86:c6:36:48:c6:f6:92:10:11:ad:77:5c:7a:6a:
         cd:b2:39:a7:3c:df:8d:f2:06:20:33:88:29:54:56:d3:00:24:
         b3:59:0b:b8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYUusxS/IvCAIXBCHHvvxJHEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiNzFlOWIxM2Y1YzMzOWE1ODY5MmVlYWJlNzJlYWE0MDZi
YmJkN2QwHhcNMjIxMjIwMDg0MjQ2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjkwOWZmNGY3YmZiZTMxODAwYTJhMWU0NTcwOWZlODFkNGI5ZWVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgOTaW/ERza3hKM9WTFq7D99rkw2o
Od7UxZnXh8fQd2Tu6n9u7w+xCxoguRMsVKS1HcH4pdVXZIAWiHPxhkzgy05bmZZB
j1EuAv+P9/R6q1wBd4R6SW1o3Ult7ImCXhplZnhUY3Hm91VfbGIvh3nXcBehFVrp
buUEB1PkwNDH0ne5owOkNy9WdVXSNZ5BiA9bKOacltfvDh30HmYTezu5mMDcXXKB
NamavCldJ6n8p48hPrRVcTpfQzHieog9hUUPO0XzcT3kmlMYrCCBFAjSe8stxEa2
GF6rqRYXGBctV+yQ8sM7huTfb+OzOK3JEiuxlYUVHNZh4VUUTm9jHMCOVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAaQn/T3v74xgAoqHkVwn+gdS57tMB8GA1UdIwQY
MBaAFKtx6bE/XDOaWGku6r5y6qQGu719MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcTNIcHNUOWNNNXBZYVM3cXZuTHFwQWE3dlgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS82YmEzOWMtZWYxZC00ZDQ4LTk4MmIt
Y2Y0YjkwMDk5N2EwLzEvQnBDZjlQZV92akdBQ2lvZVJYQ2Y2QjFMbnUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS82YmEzOWMtZWYxZC00ZDQ4LTk4MmItY2Y0YjkwMDk5N2Ew
LzEvcTNIcHNUOWNNNXBZYVM3cXZuTHFwQWE3dlgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW5dVMA0G
CSqGSIb3DQEBCwUAA4IBAQDG1bTcE52Dojtcb6ORHXNMyPWQAB04+IzRawyAKm3H
YN6fShUvTcjxjQKncrp3T3ZOMq32DFuai9Ab8b6ZU5mZGvG1hfQRPRYc5gC56a2V
q8E1QEzIdtIu8dvWg9nyW9W1JSuLcctjym4Ou3kR5hsdSzEMy5g20EqbkcSdIvQg
Mh98ibF1ZGhF4zc14rkVXQOMf6fZsFrWjBl5CBLnjHVG3aQvoXPkDbCJHY+IermG
Ss3ks//ae7PnXKmiUl0Znf9ixsBEevb33Ew7DpnpvcvruqiFO6ytiGMZ2WlvhsY2
SMb2khARrXdcemrNsjmnPN+N8gYgM4gpVFbTACSzWQu4
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:38 2024 by rpki-client on console-ams.rpki-client.org