Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/jguTtSkQvPFEYEZzrtXsn8-EbN4.roa
File:                     jguTtSkQvPFEYEZzrtXsn8-EbN4.roa (raw, json)
Hash identifier:          pX25y4JqPqmnkNgq1S58seAS5YYdQ8zthNah9afqa0M=
Subject key identifier:   8E:0B:93:B5:29:10:BC:F1:44:60:46:73:AE:D5:EC:9F:CF:84:6C:DE
Certificate issuer:       /CN=ab71e9b13f5c339a58692eeabe72eaa406bbbd7d
Certificate serial:       01856DAF65DA996632B670FBE8620270204B
Authority key identifier: AB:71:E9:B1:3F:5C:33:9A:58:69:2E:EA:BE:72:EA:A4:06:BB:BD:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/q3HpsT9cM5pYaS7qvnLqpAa7vX0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/jguTtSkQvPFEYEZzrtXsn8-EbN4.roa
Signing time:             Sun 01 Jan 2023 14:14:49 +0000
ROA not before:           Sun 01 Jan 2023 14:14:49 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     203377
IP address blocks:        91.151.85.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6d:af:65:da:99:66:32:b6:70:fb:e8:62:02:70:20:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab71e9b13f5c339a58692eeabe72eaa406bbbd7d
        Validity
            Not Before: Jan  1 14:14:49 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=8e0b93b52910bcf144604673aed5ec9fcf846cde
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:e8:68:be:42:e2:8d:bf:a4:c3:2f:e0:9a:44:
                    51:34:fd:1a:36:4e:eb:b8:32:74:07:7c:de:58:36:
                    34:d8:c7:72:6e:73:a9:4b:4e:36:14:97:5a:ee:10:
                    45:5e:d8:09:d0:ee:a3:53:15:3d:41:40:82:f8:0a:
                    e5:ac:51:66:a1:76:b9:02:1c:fa:9a:f0:f6:62:e3:
                    21:00:46:7f:bd:f5:0a:2a:4d:ca:d2:45:70:b2:8b:
                    8f:4d:ba:3c:3f:e2:c5:ac:8c:c2:76:62:1f:e7:70:
                    40:ca:70:5d:93:81:d1:14:98:d1:f5:a1:86:fc:5c:
                    0d:50:75:39:71:20:b5:d1:94:84:0f:8e:7c:89:62:
                    fe:85:88:4e:ed:a5:8c:07:1e:68:a8:ec:38:7e:02:
                    15:f5:2d:eb:03:17:8f:6f:b4:bc:ec:81:3f:e3:60:
                    ae:c0:c8:5d:64:1b:30:5c:69:45:8e:21:f3:5c:c9:
                    28:30:13:10:e5:b9:85:de:8b:09:59:5c:48:83:0a:
                    d4:94:52:08:b2:3f:94:6e:d5:23:4b:e5:ce:de:b3:
                    8c:c0:13:14:cb:cd:b0:68:c6:61:69:00:00:4e:6d:
                    36:b5:3c:09:ac:73:4d:0c:c7:77:12:04:c4:1c:05:
                    a7:6b:9c:e6:b5:6b:8e:1e:cc:8d:b5:93:69:cd:01:
                    4b:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:0B:93:B5:29:10:BC:F1:44:60:46:73:AE:D5:EC:9F:CF:84:6C:DE
            X509v3 Authority Key Identifier:
                keyid:AB:71:E9:B1:3F:5C:33:9A:58:69:2E:EA:BE:72:EA:A4:06:BB:BD:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q3HpsT9cM5pYaS7qvnLqpAa7vX0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/jguTtSkQvPFEYEZzrtXsn8-EbN4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/q3HpsT9cM5pYaS7qvnLqpAa7vX0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.151.85.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:eb:e2:1d:46:de:34:99:a6:59:31:2a:50:de:23:48:2a:21:
         02:61:6c:ba:a9:53:33:3d:2b:cb:ba:24:2b:e0:a9:ba:da:17:
         30:a1:40:61:1f:ea:45:f4:74:1a:20:00:ab:5e:fd:05:66:67:
         30:10:a1:2f:24:24:fa:9a:b2:8e:3b:d9:35:52:f5:b8:93:69:
         2a:1e:a2:c6:cc:2b:9c:6d:d8:29:e4:1c:f6:bd:c5:48:e2:ef:
         7b:35:60:cf:c0:32:10:56:25:ca:b4:83:62:ca:03:d2:a6:34:
         8f:00:13:9c:5e:9a:f4:0e:d3:df:1c:2d:18:09:a8:0a:b9:4c:
         1b:24:13:7b:01:36:b2:4d:ad:d7:60:8f:bc:37:76:56:4a:bb:
         de:ec:99:da:e3:11:86:35:2d:b1:7a:91:9c:8d:67:0f:4b:12:
         37:3e:5a:d2:89:ba:49:32:8e:d1:3b:4b:9b:23:7b:d4:6e:05:
         80:60:12:a5:61:d5:28:04:a4:e3:0a:15:a7:0c:78:af:38:66:
         e9:95:78:a7:60:94:11:8b:62:39:e8:01:df:94:12:80:22:20:
         d1:5a:a3:ec:d2:ae:bd:17:f2:a4:f2:8a:03:59:d1:36:51:ec:
         d5:28:07:a6:95:0b:08:34:9c:27:73:8f:2a:f6:09:95:cf:bf:
         cb:fb:da:aa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVtr2XamWYytnD76GICcCBLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiNzFlOWIxM2Y1YzMzOWE1ODY5MmVlYWJlNzJlYWE0MDZi
YmJkN2QwHhcNMjMwMTAxMTQxNDQ5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTBiOTNiNTI5MTBiY2YxNDQ2MDQ2NzNhZWQ1ZWM5ZmNmODQ2Y2RlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmOhovkLijb+kwy/gmkRRNP0aNk7r
uDJ0B3zeWDY02MdybnOpS042FJda7hBFXtgJ0O6jUxU9QUCC+ArlrFFmoXa5Ahz6
mvD2YuMhAEZ/vfUKKk3K0kVwsouPTbo8P+LFrIzCdmIf53BAynBdk4HRFJjR9aGG
/FwNUHU5cSC10ZSED458iWL+hYhO7aWMBx5oqOw4fgIV9S3rAxePb7S87IE/42Cu
wMhdZBswXGlFjiHzXMkoMBMQ5bmF3osJWVxIgwrUlFIIsj+UbtUjS+XO3rOMwBMU
y82waMZhaQAATm02tTwJrHNNDMd3EgTEHAWna5zmtWuOHsyNtZNpzQFL8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI4Lk7UpELzxRGBGc67V7J/PhGzeMB8GA1UdIwQY
MBaAFKtx6bE/XDOaWGku6r5y6qQGu719MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcTNIcHNUOWNNNXBZYVM3cXZuTHFwQWE3dlgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS82YmEzOWMtZWYxZC00ZDQ4LTk4MmIt
Y2Y0YjkwMDk5N2EwLzEvamd1VHRTa1F2UEZFWUVaenJ0WHNuOC1FYk40LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS82YmEzOWMtZWYxZC00ZDQ4LTk4MmItY2Y0YjkwMDk5N2Ew
LzEvcTNIcHNUOWNNNXBZYVM3cXZuTHFwQWE3dlgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW5dVMA0G
CSqGSIb3DQEBCwUAA4IBAQCP6+IdRt40maZZMSpQ3iNIKiECYWy6qVMzPSvLuiQr
4Km62hcwoUBhH+pF9HQaIACrXv0FZmcwEKEvJCT6mrKOO9k1UvW4k2kqHqLGzCuc
bdgp5Bz2vcVI4u97NWDPwDIQViXKtINiygPSpjSPABOcXpr0DtPfHC0YCagKuUwb
JBN7ATayTa3XYI+8N3ZWSrve7Jna4xGGNS2xepGcjWcPSxI3PlrSibpJMo7RO0ub
I3vUbgWAYBKlYdUoBKTjChWnDHivOGbplXinYJQRi2I56AHflBKAIiDRWqPs0q69
F/Kk8ooDWdE2UezVKAemlQsINJwnc48q9gmVz7/L+9qq
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:38 2024 by rpki-client on console-ams.rpki-client.org