Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/GvDoLWGbS1se5UVprt8ejCILBFk.roa
File:                     GvDoLWGbS1se5UVprt8ejCILBFk.roa (raw, json)
Hash identifier:          TOp9lNQ23nD33FKfkYOYDI0rr9+j9xut8TQMZp/ZcYM=
Subject key identifier:   1A:F0:E8:2D:61:9B:4B:5B:1E:E5:45:69:AE:DF:1E:8C:22:0B:04:59
Certificate issuer:       /CN=67955b1aa1c0284d2843b96f26c5fe751e66946f
Certificate serial:       01823E989508066B1EB82997B83D5933F320
Authority key identifier: 67:95:5B:1A:A1:C0:28:4D:28:43:B9:6F:26:C5:FE:75:1E:66:94:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/GvDoLWGbS1se5UVprt8ejCILBFk.roa
Signing time:             Wed 27 Jul 2022 07:39:23 +0000
ROA not before:           Wed 27 Jul 2022 07:39:23 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     56690
IP address blocks:        91.238.96.0/22 maxlen: 22
                          91.203.232.0/23 maxlen: 23

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:3e:98:95:08:06:6b:1e:b8:29:97:b8:3d:59:33:f3:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67955b1aa1c0284d2843b96f26c5fe751e66946f
        Validity
            Not Before: Jul 27 07:39:23 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=1af0e82d619b4b5b1ee54569aedf1e8c220b0459
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:6b:d6:56:83:9b:87:07:4a:65:de:63:61:e1:
                    35:21:b8:d6:f0:12:e4:7c:90:8a:27:25:66:d6:e1:
                    d8:f1:2c:67:f7:49:8d:ff:7f:4d:a8:5f:92:71:c0:
                    61:5e:50:34:19:0a:32:18:a9:55:9b:f0:a3:9d:7f:
                    03:8c:9d:3b:26:30:b3:91:a6:ea:74:99:2b:c2:1d:
                    3e:60:e1:71:cb:7e:a9:ae:e8:b3:b7:0c:61:6e:f1:
                    bd:7d:2a:5e:74:72:34:81:96:96:33:55:07:f1:f1:
                    77:36:47:89:3c:44:88:d3:26:51:3e:96:f1:35:87:
                    9d:f0:e4:17:ff:86:8b:23:c9:29:3b:44:29:96:fb:
                    b1:52:be:b4:d5:cd:5e:99:d8:21:98:70:26:c1:77:
                    06:cf:cb:d1:8f:16:0c:de:ee:bb:62:e3:84:cc:f6:
                    20:49:56:62:20:ad:8b:2a:83:fc:5d:e3:f5:d0:5a:
                    ed:ce:0e:0d:e6:19:c4:b4:06:01:62:ca:3b:41:88:
                    d0:ec:59:42:af:a1:bb:95:94:14:29:00:53:51:e0:
                    0a:d7:81:ff:3d:6f:da:45:b7:f0:5d:c2:c5:5a:4d:
                    34:be:c8:b9:0d:43:42:04:c4:81:64:c9:31:d3:77:
                    26:0c:2a:44:d8:9f:cb:fe:43:22:e7:8e:60:23:27:
                    20:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:F0:E8:2D:61:9B:4B:5B:1E:E5:45:69:AE:DF:1E:8C:22:0B:04:59
            X509v3 Authority Key Identifier:
                keyid:67:95:5B:1A:A1:C0:28:4D:28:43:B9:6F:26:C5:FE:75:1E:66:94:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/GvDoLWGbS1se5UVprt8ejCILBFk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.203.232.0/23
                  91.238.96.0/22

    Signature Algorithm: sha256WithRSAEncryption
         87:e3:bc:e0:8b:ff:2b:73:72:01:bc:7d:57:75:6d:37:1f:09:
         e7:e8:33:47:4b:cf:b6:a5:43:f4:5c:29:fd:57:0e:9f:2f:2b:
         21:40:01:8b:63:59:ca:67:6a:14:09:ff:2d:74:60:c3:7f:01:
         c9:d7:6e:6e:b5:48:d5:be:3c:18:ac:34:85:ca:8b:30:68:c3:
         da:69:de:56:2c:05:f5:c4:27:b4:5f:39:ac:69:72:9c:b5:86:
         21:4c:16:be:ee:03:74:9c:98:5e:d1:b1:a5:61:03:78:40:50:
         10:fa:bc:9e:63:8b:11:5f:76:d4:49:b5:52:fc:05:fc:40:33:
         7d:b5:9f:13:0c:d6:a4:f2:ad:ee:af:ce:a4:fd:34:88:fb:32:
         e3:59:3f:2c:fd:f7:65:ec:b5:b6:c7:10:b2:e7:53:35:97:57:
         12:cf:da:2c:97:60:ef:fa:0a:ac:03:07:19:1e:8e:80:33:14:
         30:08:46:a0:15:69:56:3e:9b:98:0b:74:63:d3:6c:b4:f1:aa:
         cc:16:16:1f:12:7d:16:93:5c:4f:12:66:15:82:67:88:d8:b8:
         73:83:dd:e1:33:01:44:33:30:f0:9c:b9:dc:32:d3:ad:17:33:
         80:8b:99:00:22:75:79:26:86:ce:10:aa:b2:03:9c:ed:c2:04:
         d4:6d:94:8a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYI+mJUIBmseuCmXuD1ZM/MgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3OTU1YjFhYTFjMDI4NGQyODQzYjk2ZjI2YzVmZTc1MWU2
Njk0NmYwHhcNMjIwNzI3MDczOTIzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYWYwZTgyZDYxOWI0YjViMWVlNTQ1NjlhZWRmMWU4YzIyMGIwNDU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjmvWVoObhwdKZd5jYeE1IbjW8BLk
fJCKJyVm1uHY8Sxn90mN/39NqF+SccBhXlA0GQoyGKlVm/CjnX8DjJ07JjCzkabq
dJkrwh0+YOFxy36pruiztwxhbvG9fSpedHI0gZaWM1UH8fF3NkeJPESI0yZRPpbx
NYed8OQX/4aLI8kpO0QplvuxUr601c1emdghmHAmwXcGz8vRjxYM3u67YuOEzPYg
SVZiIK2LKoP8XeP10Frtzg4N5hnEtAYBYso7QYjQ7FlCr6G7lZQUKQBTUeAK14H/
PW/aRbfwXcLFWk00vsi5DUNCBMSBZMkx03cmDCpE2J/L/kMi545gIycgUwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBrw6C1hm0tbHuVFaa7fHowiCwRZMB8GA1UdIwQY
MBaAFGeVWxqhwChNKEO5bybF/nUeZpRvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjVWYkdxSEFLRTBvUTdsdkpzWC1kUjVtbEc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi82MzE5MjUtNmIwZS00ZWE1LTkxZDct
MDhhZDk0MTAxZDdlLzEvR3ZEb0xXR2JTMXNlNVVWcHJ0OGVqQ0lMQkZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi82MzE5MjUtNmIwZS00ZWE1LTkxZDctMDhhZDk0MTAxZDdl
LzEvWjVWYkdxSEFLRTBvUTdsdkpzWC1kUjVtbEc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBW8voAwQC
W+5gMA0GCSqGSIb3DQEBCwUAA4IBAQCH47zgi/8rc3IBvH1XdW03Hwnn6DNHS8+2
pUP0XCn9Vw6fLyshQAGLY1nKZ2oUCf8tdGDDfwHJ125utUjVvjwYrDSFyoswaMPa
ad5WLAX1xCe0XzmsaXKctYYhTBa+7gN0nJhe0bGlYQN4QFAQ+ryeY4sRX3bUSbVS
/AX8QDN9tZ8TDNak8q3ur86k/TSI+zLjWT8s/fdl7LW2xxCy51M1l1cSz9osl2Dv
+gqsAwcZHo6AMxQwCEagFWlWPpuYC3Rj02y08arMFhYfEn0Wk1xPEmYVgmeI2Lhz
g93hMwFEMzDwnLncMtOtFzOAi5kAInV5JobOEKqyA5ztwgTUbZSK
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:50:52 2024 by rpki-client on console-ams.rpki-client.org