Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/ccc94b-c287-4e5f-8604-7e594f2494cc/1/yaGy4KDk65GQh8Nr-YAVQoM2kbM.roa
File:                     yaGy4KDk65GQh8Nr-YAVQoM2kbM.roa (raw, json)
Hash identifier:          EZF9N3zXGDBfaONxveZ1ujOLcTDhEE0V/rkIlnDxbbA=
Subject key identifier:   C9:A1:B2:E0:A0:E4:EB:91:90:87:C3:6B:F9:80:15:42:83:36:91:B3
Certificate issuer:       /CN=763d457e5d3cc0acd8a74f8b10e2686bfbc496cb
Certificate serial:       018E3243C33535A97DDAF56E810B82EFDBBE
Authority key identifier: 76:3D:45:7E:5D:3C:C0:AC:D8:A7:4F:8B:10:E2:68:6B:FB:C4:96:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dj1Ffl08wKzYp0-LEOJoa_vElss.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/ccc94b-c287-4e5f-8604-7e594f2494cc/1/yaGy4KDk65GQh8Nr-YAVQoM2kbM.roa
Signing time:             Tue 12 Mar 2024 10:44:45 +0000
ROA not before:           Tue 12 Mar 2024 10:44:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49505
IP address blocks:        93.190.123.0/24 maxlen: 24
                          176.126.98.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:32:43:c3:35:35:a9:7d:da:f5:6e:81:0b:82:ef:db:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=763d457e5d3cc0acd8a74f8b10e2686bfbc496cb
        Validity
            Not Before: Mar 12 10:44:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c9a1b2e0a0e4eb919087c36bf9801542833691b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:b3:14:1e:76:35:eb:f1:92:13:e0:b0:eb:c7:
                    a6:9c:ec:46:f6:8b:7c:8f:05:b9:6c:73:5b:32:b3:
                    f5:b1:f6:fe:69:7f:54:55:81:b6:1a:9f:46:87:3a:
                    4b:e7:e3:30:5c:e6:a5:ea:61:58:b1:ca:45:95:7e:
                    db:e7:35:b8:97:f7:86:90:1d:ea:65:41:ff:91:6d:
                    0e:24:23:fe:27:2f:95:c4:91:69:be:4b:d7:af:fe:
                    cd:61:d9:4d:73:63:d6:dd:d7:a4:01:74:76:99:41:
                    37:fe:9e:16:0c:06:a3:41:cb:12:78:b8:a8:2d:1e:
                    23:51:5f:7e:a3:0e:8e:40:58:c6:14:17:8e:b0:28:
                    1e:15:3c:f3:70:5f:35:b1:08:df:10:cf:4a:9d:15:
                    7d:6e:6c:2d:e6:81:a3:b3:75:2c:40:63:55:5d:53:
                    65:b6:57:c1:ca:40:6f:1c:20:e2:58:8f:80:a2:aa:
                    e4:a6:5f:c1:d4:1f:04:14:89:e0:52:ef:ce:57:d4:
                    d0:5f:49:39:f7:49:4d:36:74:b0:4d:75:fb:69:ed:
                    e4:3d:22:19:7f:f9:24:ad:63:d9:6f:c7:00:07:46:
                    89:5b:2d:9a:c3:65:87:36:39:fd:39:eb:cd:6b:e4:
                    d1:77:70:96:dd:6c:52:29:cd:2f:d1:fd:43:93:70:
                    f6:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:A1:B2:E0:A0:E4:EB:91:90:87:C3:6B:F9:80:15:42:83:36:91:B3
            X509v3 Authority Key Identifier:
                keyid:76:3D:45:7E:5D:3C:C0:AC:D8:A7:4F:8B:10:E2:68:6B:FB:C4:96:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dj1Ffl08wKzYp0-LEOJoa_vElss.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/ccc94b-c287-4e5f-8604-7e594f2494cc/1/yaGy4KDk65GQh8Nr-YAVQoM2kbM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/ccc94b-c287-4e5f-8604-7e594f2494cc/1/dj1Ffl08wKzYp0-LEOJoa_vElss.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.190.123.0/24
                  176.126.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b1:dc:c4:08:c6:9c:ad:51:0a:a9:e0:9b:d0:9e:d5:d5:26:1a:
         54:8f:58:86:10:d3:2b:f2:92:6d:45:63:b5:61:d5:48:5b:70:
         2a:6d:8c:b9:db:91:fe:c3:0b:21:7b:dc:ac:57:77:0d:b9:88:
         0a:33:7f:d9:2a:16:27:6d:a6:19:1a:9b:51:06:04:44:a2:51:
         8a:eb:9b:7e:8c:13:13:5c:bd:03:d1:91:b0:b2:19:5b:c5:28:
         27:4f:e8:45:36:8a:8c:d1:44:94:c5:42:0a:86:7b:ff:75:53:
         66:8e:37:5a:a5:a8:c7:e8:29:47:0f:e1:88:ca:09:35:b8:61:
         5d:2e:53:ff:6c:98:71:72:df:72:0f:aa:8c:1d:f0:95:7e:3e:
         ce:5b:fa:ca:b5:64:5e:8b:bb:37:eb:94:5f:65:f3:cd:df:30:
         09:2a:0f:6a:fb:00:a7:bc:e4:6a:f6:4e:c4:38:5c:c5:40:3a:
         95:ab:0a:74:bb:4b:78:59:0a:20:db:f6:fb:24:9b:08:42:fa:
         e8:42:75:67:78:78:90:47:c3:29:33:a1:48:5a:85:08:97:18:
         8a:f2:c7:30:8b:5d:e6:74:3a:7d:c9:fc:12:44:01:d2:db:45:
         51:a7:95:96:9a:cc:56:56:67:bc:0e:8e:be:83:d0:eb:ec:17:
         d9:0e:31:df
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY4yQ8M1Nal92vVugQuC79u+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2M2Q0NTdlNWQzY2MwYWNkOGE3NGY4YjEwZTI2ODZiZmJj
NDk2Y2IwHhcNMjQwMzEyMTA0NDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOWExYjJlMGEwZTRlYjkxOTA4N2MzNmJmOTgwMTU0MjgzMzY5MWIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArLMUHnY16/GSE+Cw68emnOxG9ot8
jwW5bHNbMrP1sfb+aX9UVYG2Gp9GhzpL5+MwXOal6mFYscpFlX7b5zW4l/eGkB3q
ZUH/kW0OJCP+Jy+VxJFpvkvXr/7NYdlNc2PW3dekAXR2mUE3/p4WDAajQcsSeLio
LR4jUV9+ow6OQFjGFBeOsCgeFTzzcF81sQjfEM9KnRV9bmwt5oGjs3UsQGNVXVNl
tlfBykBvHCDiWI+Aoqrkpl/B1B8EFIngUu/OV9TQX0k590lNNnSwTXX7ae3kPSIZ
f/kkrWPZb8cAB0aJWy2aw2WHNjn9OevNa+TRd3CW3WxSKc0v0f1Dk3D2ywIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMmhsuCg5OuRkIfDa/mAFUKDNpGzMB8GA1UdIwQY
MBaAFHY9RX5dPMCs2KdPixDiaGv7xJbLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZGoxRmZsMDh3S3pZcDAtTEVPSm9hX3ZFbHNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC9jY2M5NGItYzI4Ny00ZTVmLTg2MDQt
N2U1OTRmMjQ5NGNjLzEveWFHeTRLRGs2NUdRaDhOci1ZQVZRb00ya2JNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC9jY2M5NGItYzI4Ny00ZTVmLTg2MDQtN2U1OTRmMjQ5NGNj
LzEvZGoxRmZsMDh3S3pZcDAtTEVPSm9hX3ZFbHNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXb57AwQA
sH5iMA0GCSqGSIb3DQEBCwUAA4IBAQCx3MQIxpytUQqp4JvQntXVJhpUj1iGENMr
8pJtRWO1YdVIW3AqbYy525H+wwshe9ysV3cNuYgKM3/ZKhYnbaYZGptRBgREolGK
65t+jBMTXL0D0ZGwshlbxSgnT+hFNoqM0USUxUIKhnv/dVNmjjdapajH6ClHD+GI
ygk1uGFdLlP/bJhxct9yD6qMHfCVfj7OW/rKtWRei7s365RfZfPN3zAJKg9q+wCn
vORq9k7EOFzFQDqVqwp0u0t4WQog2/b7JJsIQvroQnVneHiQR8MpM6FIWoUIlxiK
8scwi13mdDp9yfwSRAHS20VRp5WWmsxWVme8Do6+g9Dr7BfZDjHf
-----END CERTIFICATE-----
Generated at Mon Aug 12 12:24:57 2024 by rpki-client on console-fra.rpki-client.org