Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/b1a82a-490f-43fb-986e-26170da4a0b1/1/A0B9QZ1R0XutAR0WMPOVNjP_m4c.roa
File:                     A0B9QZ1R0XutAR0WMPOVNjP_m4c.roa (raw, json)
Hash identifier:          YdRUUDpRIwdafxfaex2jVI8Sn3H7rgKPd+tvPzv0lIM=
Subject key identifier:   03:40:7D:41:9D:51:D1:7B:AD:01:1D:16:30:F3:95:36:33:FF:9B:87
Certificate issuer:       /CN=6d69da44ae067fc1a98a5f6f05f12e545d0fc62a
Certificate serial:       018CC72722A1B4E97540EB88E7E53633AAF0
Authority key identifier: 6D:69:DA:44:AE:06:7F:C1:A9:8A:5F:6F:05:F1:2E:54:5D:0F:C6:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bWnaRK4Gf8Gpil9vBfEuVF0Pxio.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/b1a82a-490f-43fb-986e-26170da4a0b1/1/A0B9QZ1R0XutAR0WMPOVNjP_m4c.roa
Signing time:             Mon 01 Jan 2024 22:31:19 +0000
ROA not before:           Mon 01 Jan 2024 22:31:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208885
IP address blocks:        185.33.61.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:22:a1:b4:e9:75:40:eb:88:e7:e5:36:33:aa:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d69da44ae067fc1a98a5f6f05f12e545d0fc62a
        Validity
            Not Before: Jan  1 22:31:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=03407d419d51d17bad011d1630f3953633ff9b87
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:1c:51:2b:81:e6:e6:91:1a:55:5e:04:ca:e5:
                    8f:de:a6:c0:58:9a:1f:c2:b7:69:65:79:86:26:08:
                    8a:e4:05:20:48:75:0f:1e:cc:a8:3c:34:d3:d9:f1:
                    f6:f7:d7:2a:9d:36:bd:32:9f:16:60:88:28:1d:7a:
                    1b:cd:8e:29:2e:41:ea:d0:ee:4b:4a:5c:56:f9:03:
                    32:08:eb:c8:34:2e:01:57:a2:88:0f:91:c6:be:17:
                    ec:38:9c:fb:bc:38:b3:21:d9:da:ef:26:ed:41:08:
                    cd:50:39:22:c5:e4:82:92:7d:eb:ff:17:97:96:c2:
                    ff:da:52:6a:d8:80:ea:38:d5:93:6a:1b:64:d2:97:
                    7e:08:af:f0:a2:2e:70:e2:c7:fc:a4:a0:e6:f1:3a:
                    7e:1e:3d:cf:93:7f:55:75:89:9c:d4:3b:8a:2c:ba:
                    78:21:9d:c0:06:5a:86:4c:7b:b4:0b:99:ba:73:75:
                    a4:3a:db:f0:f3:2a:b2:89:43:a4:33:45:4f:80:52:
                    aa:87:94:5c:7a:b0:74:43:fa:80:b5:55:48:86:11:
                    84:e7:e2:55:db:13:56:35:0a:97:e9:f1:41:3e:f2:
                    24:04:4f:75:04:32:05:ed:a8:9f:63:00:e5:d3:ad:
                    46:2b:e9:a8:7c:c1:74:7c:9f:ef:32:1c:6c:7c:ec:
                    1f:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:40:7D:41:9D:51:D1:7B:AD:01:1D:16:30:F3:95:36:33:FF:9B:87
            X509v3 Authority Key Identifier:
                keyid:6D:69:DA:44:AE:06:7F:C1:A9:8A:5F:6F:05:F1:2E:54:5D:0F:C6:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bWnaRK4Gf8Gpil9vBfEuVF0Pxio.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/b1a82a-490f-43fb-986e-26170da4a0b1/1/A0B9QZ1R0XutAR0WMPOVNjP_m4c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/b1a82a-490f-43fb-986e-26170da4a0b1/1/bWnaRK4Gf8Gpil9vBfEuVF0Pxio.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.33.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:2f:e6:b7:02:d4:94:51:e5:32:ce:bc:f2:21:3c:cc:51:93:
         b3:2c:84:53:24:36:37:23:95:b1:3c:36:67:6a:e5:e8:9f:c2:
         47:77:20:72:68:da:9e:a3:80:23:07:1f:21:5e:23:48:89:16:
         9f:a9:49:03:36:f3:02:53:01:df:84:b1:f6:d4:f7:25:1d:a7:
         87:0b:2a:40:ca:c4:6b:50:53:a8:be:ce:c7:99:82:d5:85:8d:
         11:ff:ad:b3:fa:f8:98:73:77:26:46:40:cb:b0:5e:38:84:e3:
         41:3b:10:7d:39:9f:a2:f9:46:ab:7f:b1:35:c8:c3:86:4a:19:
         81:a1:61:04:11:7f:9d:b0:39:db:ec:8e:0f:fd:23:80:96:09:
         5f:94:9c:78:b7:06:da:6d:ac:80:c5:87:ea:d3:e4:45:05:ee:
         b5:0b:1f:f8:dd:dc:5c:66:fd:98:03:4f:59:cf:b9:0e:0b:75:
         fd:e3:d8:da:f5:9c:15:94:62:1e:ec:eb:21:8e:3b:a4:ed:9e:
         2d:1c:3d:f3:64:b6:1f:dc:62:60:13:bf:ab:cc:83:3e:ca:9a:
         50:69:33:f3:11:ff:61:f5:a3:ae:07:3e:49:d1:6f:14:20:a1:
         78:6e:60:95:88:3d:df:8e:f3:b0:97:58:74:94:d9:af:e9:be:
         54:fd:8a:b1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJyKhtOl1QOuI5+U2M6rwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkNjlkYTQ0YWUwNjdmYzFhOThhNWY2ZjA1ZjEyZTU0NWQw
ZmM2MmEwHhcNMjQwMTAxMjIzMTE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzQwN2Q0MTlkNTFkMTdiYWQwMTFkMTYzMGYzOTUzNjMzZmY5Yjg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3RxRK4Hm5pEaVV4EyuWP3qbAWJof
wrdpZXmGJgiK5AUgSHUPHsyoPDTT2fH299cqnTa9Mp8WYIgoHXobzY4pLkHq0O5L
SlxW+QMyCOvINC4BV6KID5HGvhfsOJz7vDizIdna7ybtQQjNUDkixeSCkn3r/xeX
lsL/2lJq2IDqONWTahtk0pd+CK/woi5w4sf8pKDm8Tp+Hj3Pk39VdYmc1DuKLLp4
IZ3ABlqGTHu0C5m6c3WkOtvw8yqyiUOkM0VPgFKqh5RcerB0Q/qAtVVIhhGE5+JV
2xNWNQqX6fFBPvIkBE91BDIF7aifYwDl061GK+mofMF0fJ/vMhxsfOwfpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFANAfUGdUdF7rQEdFjDzlTYz/5uHMB8GA1UdIwQY
MBaAFG1p2kSuBn/BqYpfbwXxLlRdD8YqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlduYVJLNEdmOEdwaWw5dkJmRXVWRjBQeGlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS9iMWE4MmEtNDkwZi00M2ZiLTk4NmUt
MjYxNzBkYTRhMGIxLzEvQTBCOVFaMVIwWHV0QVIwV01QT1ZOalBfbTRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS9iMWE4MmEtNDkwZi00M2ZiLTk4NmUtMjYxNzBkYTRhMGIx
LzEvYlduYVJLNEdmOEdwaWw5dkJmRXVWRjBQeGlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuSE9MA0G
CSqGSIb3DQEBCwUAA4IBAQA9L+a3AtSUUeUyzrzyITzMUZOzLIRTJDY3I5WxPDZn
auXon8JHdyByaNqeo4AjBx8hXiNIiRafqUkDNvMCUwHfhLH21PclHaeHCypAysRr
UFOovs7HmYLVhY0R/62z+viYc3cmRkDLsF44hONBOxB9OZ+i+Uarf7E1yMOGShmB
oWEEEX+dsDnb7I4P/SOAlglflJx4twbabayAxYfq0+RFBe61Cx/43dxcZv2YA09Z
z7kOC3X949ja9ZwVlGIe7Oshjjuk7Z4tHD3zZLYf3GJgE7+rzIM+yppQaTPzEf9h
9aOuBz5J0W8UIKF4bmCViD3fjvOwl1h0lNmv6b5U/Yqx
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:54:56 2024 by rpki-client on console-fra.rpki-client.org