Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/GaTe0O3eA8CerCypfcWbbQihAXk.roa
File:                     GaTe0O3eA8CerCypfcWbbQihAXk.roa (raw, json)
Hash identifier:          TzoLOi3Uf4r+bLagiojsLm7M/h3xrOIJIfUUlXlLHTo=
Subject key identifier:   19:A4:DE:D0:ED:DE:03:C0:9E:AC:2C:A9:7D:C5:9B:6D:08:A1:01:79
Certificate issuer:       /CN=67955b1aa1c0284d2843b96f26c5fe751e66946f
Certificate serial:       018CC7276241F6DE5F9F60181473DD19675C
Authority key identifier: 67:95:5B:1A:A1:C0:28:4D:28:43:B9:6F:26:C5:FE:75:1E:66:94:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/GaTe0O3eA8CerCypfcWbbQihAXk.roa
Signing time:             Mon 01 Jan 2024 22:31:36 +0000
ROA not before:           Mon 01 Jan 2024 22:31:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216068
IP address blocks:        91.231.136.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:62:41:f6:de:5f:9f:60:18:14:73:dd:19:67:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67955b1aa1c0284d2843b96f26c5fe751e66946f
        Validity
            Not Before: Jan  1 22:31:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=19a4ded0edde03c09eac2ca97dc59b6d08a10179
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:20:a0:16:91:9e:91:42:eb:90:a6:1c:74:19:
                    58:9f:74:95:50:d1:d6:33:e7:07:46:fc:52:49:8d:
                    58:e0:7c:37:93:c9:af:e1:f1:7e:80:77:3f:46:38:
                    92:8d:f2:71:6f:11:f2:7e:33:08:f7:47:38:cf:b3:
                    13:aa:7f:8c:f5:7a:15:25:f9:02:9a:7b:e7:e5:77:
                    66:82:8f:f9:00:61:ac:88:a3:30:91:5b:c8:d5:3b:
                    02:27:b8:d0:69:22:ba:b9:38:be:59:79:ae:00:25:
                    d9:30:2d:0d:63:99:85:9a:02:5a:8f:ce:d7:e7:69:
                    93:89:be:67:cf:25:20:7b:99:3c:f8:1d:43:a0:57:
                    75:4f:48:02:6f:6a:e5:de:a7:ad:d7:0f:1b:66:c5:
                    1d:08:05:dc:eb:8c:83:65:44:94:3b:88:57:18:f7:
                    7a:f8:00:07:29:a3:ab:7e:2e:ca:46:ad:98:a1:0a:
                    32:d3:3f:c8:fc:2a:3a:41:5a:15:a6:47:34:8e:38:
                    36:ca:fa:68:ae:f5:5a:53:04:c9:02:95:2e:32:92:
                    6e:64:58:ca:90:bb:14:98:8d:29:a1:ba:83:e3:72:
                    4b:08:cd:26:89:bd:18:ba:30:24:d9:8c:37:c4:8a:
                    ed:f2:35:bc:c7:76:ac:b2:4d:37:76:54:b2:12:2a:
                    6c:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:A4:DE:D0:ED:DE:03:C0:9E:AC:2C:A9:7D:C5:9B:6D:08:A1:01:79
            X509v3 Authority Key Identifier:
                keyid:67:95:5B:1A:A1:C0:28:4D:28:43:B9:6F:26:C5:FE:75:1E:66:94:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/GaTe0O3eA8CerCypfcWbbQihAXk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.231.136.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:12:50:73:5b:d1:08:b9:e2:c1:1e:ea:75:d4:51:3b:cf:51:
         c8:45:2b:14:54:55:80:bd:01:14:cc:d8:b8:13:f5:2b:b2:39:
         0a:87:cf:95:8e:8f:8c:00:7e:57:56:11:6a:fa:65:2a:32:71:
         20:17:71:66:d8:98:b9:0f:17:e1:b6:27:f3:d7:9c:2b:ef:e5:
         08:d3:44:1d:ba:aa:52:30:8b:1b:63:13:1c:c5:9d:4f:23:68:
         3c:4a:c8:96:36:8d:fa:7c:26:3b:fd:8a:2b:c3:e9:f1:d9:40:
         1f:d1:03:ad:2b:ae:ee:84:93:c9:46:4f:ff:05:2f:81:c1:b1:
         fc:dd:3e:64:e2:11:20:65:2a:58:0b:3b:03:37:f8:ba:03:d3:
         ef:b2:72:3d:68:99:73:c5:43:50:56:d2:33:b9:0c:fd:d0:88:
         e5:02:3b:01:0f:46:3e:43:65:b7:56:2b:82:62:ce:3d:88:1f:
         14:af:66:86:fa:01:5d:9d:be:00:13:4d:a9:8a:a3:7f:92:96:
         cd:51:07:45:27:d9:2c:a0:7e:ba:da:80:bd:93:86:e9:88:22:
         c9:c4:c3:21:3c:16:3c:94:83:ca:5d:aa:18:9c:94:28:23:50:
         69:62:47:ed:1b:76:15:ec:53:8e:47:ce:69:36:7c:42:cf:59:
         83:4f:9b:53
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJ2JB9t5fn2AYFHPdGWdcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3OTU1YjFhYTFjMDI4NGQyODQzYjk2ZjI2YzVmZTc1MWU2
Njk0NmYwHhcNMjQwMTAxMjIzMTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOWE0ZGVkMGVkZGUwM2MwOWVhYzJjYTk3ZGM1OWI2ZDA4YTEwMTc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnCCgFpGekULrkKYcdBlYn3SVUNHW
M+cHRvxSSY1Y4Hw3k8mv4fF+gHc/RjiSjfJxbxHyfjMI90c4z7MTqn+M9XoVJfkC
mnvn5Xdmgo/5AGGsiKMwkVvI1TsCJ7jQaSK6uTi+WXmuACXZMC0NY5mFmgJaj87X
52mTib5nzyUge5k8+B1DoFd1T0gCb2rl3qet1w8bZsUdCAXc64yDZUSUO4hXGPd6
+AAHKaOrfi7KRq2YoQoy0z/I/Co6QVoVpkc0jjg2yvporvVaUwTJApUuMpJuZFjK
kLsUmI0pobqD43JLCM0mib0YujAk2Yw3xIrt8jW8x3assk03dlSyEipsvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBmk3tDt3gPAnqwsqX3Fm20IoQF5MB8GA1UdIwQY
MBaAFGeVWxqhwChNKEO5bybF/nUeZpRvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjVWYkdxSEFLRTBvUTdsdkpzWC1kUjVtbEc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi82MzE5MjUtNmIwZS00ZWE1LTkxZDct
MDhhZDk0MTAxZDdlLzEvR2FUZTBPM2VBOENlckN5cGZjV2JiUWloQVhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi82MzE5MjUtNmIwZS00ZWE1LTkxZDctMDhhZDk0MTAxZDdl
LzEvWjVWYkdxSEFLRTBvUTdsdkpzWC1kUjVtbEc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+eIMA0G
CSqGSIb3DQEBCwUAA4IBAQAzElBzW9EIueLBHup11FE7z1HIRSsUVFWAvQEUzNi4
E/UrsjkKh8+Vjo+MAH5XVhFq+mUqMnEgF3Fm2Ji5Dxfhtifz15wr7+UI00QduqpS
MIsbYxMcxZ1PI2g8SsiWNo36fCY7/Yorw+nx2UAf0QOtK67uhJPJRk//BS+BwbH8
3T5k4hEgZSpYCzsDN/i6A9PvsnI9aJlzxUNQVtIzuQz90IjlAjsBD0Y+Q2W3ViuC
Ys49iB8Ur2aG+gFdnb4AE02piqN/kpbNUQdFJ9ksoH662oC9k4bpiCLJxMMhPBY8
lIPKXaoYnJQoI1BpYkftG3YV7FOOR85pNnxCz1mDT5tT
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:50:52 2024 by rpki-client on console-ams.rpki-client.org