Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/ccc94b-c287-4e5f-8604-7e594f2494cc/1/iS3dKUMNSokzOwK1Xu84Ki0naTY.roa
File:                     iS3dKUMNSokzOwK1Xu84Ki0naTY.roa (raw, json)
Hash identifier:          lGjdEa/e3ZM1X2BUo6tg11YyDHpkY0yGogQeQ7FSpC4=
Subject key identifier:   89:2D:DD:29:43:0D:4A:89:33:3B:02:B5:5E:EF:38:2A:2D:27:69:36
Certificate issuer:       /CN=763d457e5d3cc0acd8a74f8b10e2686bfbc496cb
Certificate serial:       018E3243C2E6B2779BD24EA12853E69C6840
Authority key identifier: 76:3D:45:7E:5D:3C:C0:AC:D8:A7:4F:8B:10:E2:68:6B:FB:C4:96:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dj1Ffl08wKzYp0-LEOJoa_vElss.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/ccc94b-c287-4e5f-8604-7e594f2494cc/1/iS3dKUMNSokzOwK1Xu84Ki0naTY.roa
Signing time:             Tue 12 Mar 2024 10:44:45 +0000
ROA not before:           Tue 12 Mar 2024 10:44:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48031
IP address blocks:        91.247.169.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:32:43:c2:e6:b2:77:9b:d2:4e:a1:28:53:e6:9c:68:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=763d457e5d3cc0acd8a74f8b10e2686bfbc496cb
        Validity
            Not Before: Mar 12 10:44:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=892ddd29430d4a89333b02b55eef382a2d276936
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:e6:c8:b5:ef:54:3e:32:6a:2c:f5:73:ab:08:
                    db:4e:79:e9:69:fc:f2:93:5b:a4:b3:c3:af:06:f2:
                    07:52:1b:38:f0:fd:8b:22:da:f9:f9:bf:b0:d4:02:
                    6b:db:72:b9:94:b0:d8:82:e0:ef:f1:cc:88:f9:0f:
                    39:b6:c7:7f:63:4a:10:42:60:e7:91:3c:93:75:8e:
                    bc:d9:7b:c3:e6:ae:32:22:17:06:19:27:d5:dc:c5:
                    9c:14:1d:8b:57:7c:61:18:8f:8b:e3:2e:d5:ea:21:
                    17:2d:4a:26:c6:b8:16:22:b9:3f:51:d9:c7:9c:9f:
                    df:44:26:90:d6:74:63:76:07:42:50:3e:10:75:d6:
                    16:2e:05:33:e0:87:55:86:fb:dc:b9:9d:d4:4b:48:
                    78:26:08:73:b9:60:6c:73:84:e3:8e:0b:89:09:01:
                    81:dd:ea:ad:d8:2a:f3:90:1a:94:d8:21:fd:27:49:
                    f2:4c:6a:c3:ea:fa:c8:42:39:f5:19:9b:75:e4:4e:
                    67:54:9f:9a:f9:44:47:cc:71:11:0f:31:78:be:a1:
                    fd:ed:9e:eb:c8:a2:d2:0a:27:95:84:40:19:bc:ca:
                    2a:49:50:7e:24:9f:0c:06:35:e0:f9:d8:43:8a:f5:
                    b4:70:1a:9c:6a:59:21:a0:6c:2c:f3:b4:4c:0f:59:
                    5f:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:2D:DD:29:43:0D:4A:89:33:3B:02:B5:5E:EF:38:2A:2D:27:69:36
            X509v3 Authority Key Identifier:
                keyid:76:3D:45:7E:5D:3C:C0:AC:D8:A7:4F:8B:10:E2:68:6B:FB:C4:96:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dj1Ffl08wKzYp0-LEOJoa_vElss.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/ccc94b-c287-4e5f-8604-7e594f2494cc/1/iS3dKUMNSokzOwK1Xu84Ki0naTY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/ccc94b-c287-4e5f-8604-7e594f2494cc/1/dj1Ffl08wKzYp0-LEOJoa_vElss.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.247.169.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cb:ea:e1:32:ee:98:58:e6:d2:be:cd:8c:a3:ae:8c:ab:22:74:
         cd:88:de:4e:88:71:39:3c:89:9c:fa:83:01:f7:6c:08:ca:c8:
         37:0c:9c:a7:ec:58:b7:d4:6e:2f:38:7f:2c:2b:0c:b4:2b:c0:
         fe:26:92:e9:13:0f:99:2b:7f:6c:6f:a8:57:91:5c:c3:d2:6b:
         ec:cd:5b:e7:af:68:ce:11:fe:d2:92:2c:95:80:16:84:90:7e:
         85:6c:ff:2e:34:d3:fc:8b:56:15:6f:3c:04:98:a9:e9:f6:ff:
         fe:91:0a:0d:6e:77:8b:6e:b6:30:b9:f9:11:7c:95:e7:3b:58:
         bf:87:a4:89:7b:1f:35:7b:c8:f7:97:90:d8:cb:fc:b8:ba:45:
         0b:fd:c3:0b:46:ed:c4:86:2a:4c:6f:1f:3f:58:2c:be:b2:88:
         36:40:d0:a7:06:6d:f1:a3:1e:36:55:56:ee:17:b7:08:96:93:
         6c:88:ec:65:ad:1e:3e:3c:9e:b0:8e:51:f1:ad:fe:e8:17:86:
         ed:0e:08:82:93:14:ca:9b:37:57:6c:4b:4d:1f:57:c2:95:82:
         6d:a2:55:89:70:35:5c:15:5b:8b:74:ae:fe:12:c4:44:69:db:
         cc:cf:b6:c6:62:4a:81:fa:7d:5f:a3:f9:08:c5:47:b1:5b:b8:
         c2:25:f7:68
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4yQ8Lmsneb0k6hKFPmnGhAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2M2Q0NTdlNWQzY2MwYWNkOGE3NGY4YjEwZTI2ODZiZmJj
NDk2Y2IwHhcNMjQwMzEyMTA0NDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTJkZGQyOTQzMGQ0YTg5MzMzYjAyYjU1ZWVmMzgyYTJkMjc2OTM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq+bIte9UPjJqLPVzqwjbTnnpafzy
k1uks8OvBvIHUhs48P2LItr5+b+w1AJr23K5lLDYguDv8cyI+Q85tsd/Y0oQQmDn
kTyTdY682XvD5q4yIhcGGSfV3MWcFB2LV3xhGI+L4y7V6iEXLUomxrgWIrk/UdnH
nJ/fRCaQ1nRjdgdCUD4QddYWLgUz4IdVhvvcuZ3US0h4JghzuWBsc4TjjguJCQGB
3eqt2CrzkBqU2CH9J0nyTGrD6vrIQjn1GZt15E5nVJ+a+URHzHERDzF4vqH97Z7r
yKLSCieVhEAZvMoqSVB+JJ8MBjXg+dhDivW0cBqcalkhoGws87RMD1lfBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIkt3SlDDUqJMzsCtV7vOCotJ2k2MB8GA1UdIwQY
MBaAFHY9RX5dPMCs2KdPixDiaGv7xJbLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZGoxRmZsMDh3S3pZcDAtTEVPSm9hX3ZFbHNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC9jY2M5NGItYzI4Ny00ZTVmLTg2MDQt
N2U1OTRmMjQ5NGNjLzEvaVMzZEtVTU5Tb2t6T3dLMVh1ODRLaTBuYVRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC9jY2M5NGItYzI4Ny00ZTVmLTg2MDQtN2U1OTRmMjQ5NGNj
LzEvZGoxRmZsMDh3S3pZcDAtTEVPSm9hX3ZFbHNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW/epMA0G
CSqGSIb3DQEBCwUAA4IBAQDL6uEy7phY5tK+zYyjroyrInTNiN5OiHE5PImc+oMB
92wIysg3DJyn7Fi31G4vOH8sKwy0K8D+JpLpEw+ZK39sb6hXkVzD0mvszVvnr2jO
Ef7SkiyVgBaEkH6FbP8uNNP8i1YVbzwEmKnp9v/+kQoNbneLbrYwufkRfJXnO1i/
h6SJex81e8j3l5DYy/y4ukUL/cMLRu3EhipMbx8/WCy+sog2QNCnBm3xox42VVbu
F7cIlpNsiOxlrR4+PJ6wjlHxrf7oF4btDgiCkxTKmzdXbEtNH1fClYJtolWJcDVc
FVuLdK7+EsREadvMz7bGYkqB+n1fo/kIxUexW7jCJfdo
-----END CERTIFICATE-----
Generated at Mon Aug 12 14:38:24 2024 by rpki-client on console-ams.rpki-client.org