Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/6n2szMXzvkf4JAn6uQqXtVeql60.roa
File:                     6n2szMXzvkf4JAn6uQqXtVeql60.roa (raw, json)
Hash identifier:          TomHlAiKEamADdNHZa8KIHnkuTYHK7N4+ddLx0r0j4o=
Subject key identifier:   EA:7D:AC:CC:C5:F3:BE:47:F8:24:09:FA:B9:0A:97:B5:57:AA:97:AD
Certificate issuer:       /CN=67955b1aa1c0284d2843b96f26c5fe751e66946f
Certificate serial:       0185C9CD79CB5533AAF8CE1A9FEDC4B3C561
Authority key identifier: 67:95:5B:1A:A1:C0:28:4D:28:43:B9:6F:26:C5:FE:75:1E:66:94:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/6n2szMXzvkf4JAn6uQqXtVeql60.roa
Signing time:             Thu 19 Jan 2023 11:32:44 +0000
ROA not before:           Thu 19 Jan 2023 11:32:44 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     49505
IP address blocks:        91.234.11.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:c9:cd:79:cb:55:33:aa:f8:ce:1a:9f:ed:c4:b3:c5:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67955b1aa1c0284d2843b96f26c5fe751e66946f
        Validity
            Not Before: Jan 19 11:32:44 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ea7dacccc5f3be47f82409fab90a97b557aa97ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:7e:3c:f7:7c:60:e7:b7:ba:01:d9:ef:94:ba:
                    e6:f9:18:d1:9d:50:f6:62:60:ae:ec:f4:50:6d:b8:
                    64:36:86:0d:57:94:1c:45:f7:40:84:c1:79:a3:2b:
                    3d:31:3c:22:60:9b:36:11:5a:f6:24:28:24:e5:cd:
                    4f:05:ad:c8:4c:c7:f0:de:eb:cb:0a:22:1d:9b:62:
                    42:ab:0a:c1:60:34:9b:35:ec:e5:02:09:99:f4:07:
                    9e:d9:b3:24:a0:86:45:18:10:7e:9e:1b:a4:79:dd:
                    f3:e0:ad:b7:e0:e2:30:70:cf:eb:87:da:d8:ea:20:
                    74:3a:1c:b7:76:e5:21:9c:32:fc:1f:3c:f9:35:79:
                    b1:8a:82:42:e1:79:6a:24:8d:23:7d:42:65:2e:f6:
                    77:c4:83:84:aa:66:44:28:5b:01:d6:c1:57:e8:0a:
                    11:28:66:dd:79:95:e7:83:af:af:57:37:ee:ea:7c:
                    6d:a3:9e:93:8b:9e:74:20:f3:fb:95:4f:19:37:e8:
                    d1:a7:ae:3a:a2:8a:61:1d:97:64:ef:f3:7f:00:28:
                    72:3b:6a:e7:38:e1:ce:6a:8f:9e:8a:f0:be:d1:d2:
                    b3:37:87:e0:c8:8f:52:f4:63:65:c6:df:3d:3c:7f:
                    62:d2:0a:72:f1:00:e8:de:f0:5d:cf:aa:a2:b6:c3:
                    fd:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:7D:AC:CC:C5:F3:BE:47:F8:24:09:FA:B9:0A:97:B5:57:AA:97:AD
            X509v3 Authority Key Identifier:
                keyid:67:95:5B:1A:A1:C0:28:4D:28:43:B9:6F:26:C5:FE:75:1E:66:94:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/6n2szMXzvkf4JAn6uQqXtVeql60.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.234.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:d6:02:7d:7f:13:dc:88:a6:68:3b:ff:15:a7:a8:c1:ba:94:
         cb:56:f7:9b:24:9d:3e:1f:8e:e9:a8:14:a7:0a:4f:63:24:30:
         ae:9d:70:f5:2f:85:ff:0c:b2:3d:98:08:e5:ee:41:24:69:55:
         ba:2f:22:71:4a:74:5f:78:b8:e3:66:cd:9a:6b:b6:fa:0b:05:
         8a:73:67:1b:de:81:4b:07:2d:0d:6e:a0:61:f2:f2:e1:6b:5b:
         d4:98:05:14:d6:ac:bc:72:0f:29:a8:b0:2e:24:69:d2:3f:21:
         8f:d6:64:c1:ff:62:00:fa:64:aa:1f:13:4d:56:a9:87:9f:9d:
         c3:87:06:52:90:59:2d:23:54:df:7d:3e:5a:42:e0:ab:6e:fb:
         32:e4:dd:67:b6:1e:47:cb:5f:fa:3a:9e:36:29:4c:a0:02:80:
         b5:23:41:f5:a5:7a:29:95:b0:d9:f5:be:2a:7a:78:f9:e2:c2:
         17:94:82:55:3d:f7:f2:bc:34:88:32:96:d7:f5:13:b7:03:95:
         4b:94:b8:70:32:c6:e2:08:58:4f:3d:c0:e7:36:cb:29:a4:78:
         7a:bf:5e:55:42:7e:a3:fd:1f:70:77:52:8f:c9:0a:45:ac:f4:
         b3:90:40:de:08:d1:44:1e:6a:39:fa:fb:94:5c:f4:f2:5b:41:
         57:cb:ad:89
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYXJzXnLVTOq+M4an+3Es8VhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3OTU1YjFhYTFjMDI4NGQyODQzYjk2ZjI2YzVmZTc1MWU2
Njk0NmYwHhcNMjMwMTE5MTEzMjQ0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYTdkYWNjY2M1ZjNiZTQ3ZjgyNDA5ZmFiOTBhOTdiNTU3YWE5N2FkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA434893xg57e6AdnvlLrm+RjRnVD2
YmCu7PRQbbhkNoYNV5QcRfdAhMF5oys9MTwiYJs2EVr2JCgk5c1PBa3ITMfw3uvL
CiIdm2JCqwrBYDSbNezlAgmZ9Aee2bMkoIZFGBB+nhuked3z4K234OIwcM/rh9rY
6iB0Ohy3duUhnDL8Hzz5NXmxioJC4XlqJI0jfUJlLvZ3xIOEqmZEKFsB1sFX6AoR
KGbdeZXng6+vVzfu6nxto56Ti550IPP7lU8ZN+jRp646oophHZdk7/N/AChyO2rn
OOHOao+eivC+0dKzN4fgyI9S9GNlxt89PH9i0gpy8QDo3vBdz6qitsP9lQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOp9rMzF875H+CQJ+rkKl7VXqpetMB8GA1UdIwQY
MBaAFGeVWxqhwChNKEO5bybF/nUeZpRvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjVWYkdxSEFLRTBvUTdsdkpzWC1kUjVtbEc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi82MzE5MjUtNmIwZS00ZWE1LTkxZDct
MDhhZDk0MTAxZDdlLzEvNm4yc3pNWHp2a2Y0SkFuNnVRcVh0VmVxbDYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi82MzE5MjUtNmIwZS00ZWE1LTkxZDctMDhhZDk0MTAxZDdl
LzEvWjVWYkdxSEFLRTBvUTdsdkpzWC1kUjVtbEc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+oLMA0G
CSqGSIb3DQEBCwUAA4IBAQAw1gJ9fxPciKZoO/8Vp6jBupTLVvebJJ0+H47pqBSn
Ck9jJDCunXD1L4X/DLI9mAjl7kEkaVW6LyJxSnRfeLjjZs2aa7b6CwWKc2cb3oFL
By0NbqBh8vLha1vUmAUU1qy8cg8pqLAuJGnSPyGP1mTB/2IA+mSqHxNNVqmHn53D
hwZSkFktI1TffT5aQuCrbvsy5N1nth5Hy1/6Op42KUygAoC1I0H1pXoplbDZ9b4q
enj54sIXlIJVPffyvDSIMpbX9RO3A5VLlLhwMsbiCFhPPcDnNssppHh6v15VQn6j
/R9wd1KPyQpFrPSzkEDeCNFEHmo5+vuUXPTyW0FXy62J
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:58:27 2024 by rpki-client on console-fra.rpki-client.org