Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/Y0eY6I2_KgQNVFlSI-oDpkVO3pw.roa
File:                     Y0eY6I2_KgQNVFlSI-oDpkVO3pw.roa (raw, json)
Hash identifier:          JZk2EIkKiG5cbIULxzcQXQk9/Sf+YkU4t1M81G80p00=
Subject key identifier:   63:47:98:E8:8D:BF:2A:04:0D:54:59:52:23:EA:03:A6:45:4E:DE:9C
Certificate issuer:       /CN=67955b1aa1c0284d2843b96f26c5fe751e66946f
Certificate serial:       018CC7275DDB7D4114D215B48C9AB1B264C3
Authority key identifier: 67:95:5B:1A:A1:C0:28:4D:28:43:B9:6F:26:C5:FE:75:1E:66:94:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/Y0eY6I2_KgQNVFlSI-oDpkVO3pw.roa
Signing time:             Mon 01 Jan 2024 22:31:35 +0000
ROA not before:           Mon 01 Jan 2024 22:31:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39465
IP address blocks:        91.231.136.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:5d:db:7d:41:14:d2:15:b4:8c:9a:b1:b2:64:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67955b1aa1c0284d2843b96f26c5fe751e66946f
        Validity
            Not Before: Jan  1 22:31:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=634798e88dbf2a040d54595223ea03a6454ede9c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:57:44:9d:75:9b:69:65:28:09:27:5a:00:43:
                    f9:7e:6b:8c:81:ee:eb:3c:b2:28:07:6a:ff:50:cf:
                    b6:cd:e4:35:ee:47:ad:b3:36:e5:58:bb:b0:c8:d5:
                    cd:d3:7d:88:89:9e:d4:34:94:20:9e:43:5e:03:8d:
                    a7:2b:92:34:b3:40:fb:eb:d6:3d:d1:d8:65:6f:6d:
                    e7:fe:b3:a0:e1:2a:22:ab:dd:47:48:6f:39:8b:9d:
                    8e:65:fd:da:1a:19:40:74:2c:8e:23:6e:71:81:c7:
                    54:79:d6:c3:c6:6f:16:a5:63:5f:2b:25:b8:a2:db:
                    aa:8c:0d:64:cc:62:9e:c2:19:5a:e0:6f:cf:a3:14:
                    d1:c5:4b:99:49:f2:ea:89:16:5e:57:0e:21:73:fa:
                    47:2e:68:c1:ad:66:08:ad:aa:0f:b4:01:8e:81:25:
                    34:8b:1e:74:68:c5:0c:c6:fb:bf:88:d9:d2:15:9e:
                    32:c1:3a:ce:15:ab:cc:6f:f3:47:f6:e3:92:af:a8:
                    24:37:a6:61:b7:39:5c:92:88:b6:fa:e7:8d:1b:b6:
                    c2:41:82:86:0f:c6:f2:ab:b7:50:4d:f7:a1:1b:34:
                    32:21:f3:61:b4:08:a7:ef:9b:bd:84:7a:c6:b1:ad:
                    70:53:f5:91:e4:63:34:28:e0:21:87:59:d2:f1:6c:
                    33:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:47:98:E8:8D:BF:2A:04:0D:54:59:52:23:EA:03:A6:45:4E:DE:9C
            X509v3 Authority Key Identifier:
                keyid:67:95:5B:1A:A1:C0:28:4D:28:43:B9:6F:26:C5:FE:75:1E:66:94:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/Y0eY6I2_KgQNVFlSI-oDpkVO3pw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.231.136.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:47:63:cb:39:c0:97:b6:cc:c0:18:b8:56:76:ff:b9:69:d3:
         06:dd:95:d1:58:4e:28:56:2b:33:1f:33:0d:3e:9e:1a:20:74:
         ce:74:94:16:5b:9b:86:36:be:61:ed:cf:f2:15:4d:cf:2d:aa:
         f0:83:09:c2:88:31:ac:e9:16:57:a3:c8:c1:e0:7a:60:61:ea:
         b3:3e:9e:d7:bb:ee:ff:06:93:5e:b8:73:08:08:58:ac:a1:fe:
         ac:28:54:a4:54:19:c2:a8:6f:87:57:66:1d:9b:51:13:0f:24:
         5f:ef:fa:b1:82:40:ea:f9:6f:40:03:65:d3:f2:ca:4d:2f:e6:
         e9:4d:8a:a3:bb:2f:8b:c8:29:17:d8:f4:58:b1:c5:23:42:81:
         71:99:20:0c:62:14:31:e3:2a:39:45:b4:4a:2c:54:4d:b3:fb:
         24:a2:d3:63:47:7a:f4:df:62:de:d5:7f:81:43:98:67:48:5c:
         23:a8:70:76:da:9a:b8:3f:bc:45:df:b8:f7:58:b5:2d:b7:31:
         60:9a:d0:a7:95:1e:22:5e:82:ea:90:ef:cf:97:2a:68:3e:a8:
         ee:a1:fe:39:62:a4:06:d2:0f:fc:de:d9:99:c1:41:db:03:82:
         81:a5:7e:21:fb:39:4f:d5:75:8d:fc:85:89:a8:15:2b:ad:2a:
         12:26:78:78
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJ13bfUEU0hW0jJqxsmTDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3OTU1YjFhYTFjMDI4NGQyODQzYjk2ZjI2YzVmZTc1MWU2
Njk0NmYwHhcNMjQwMTAxMjIzMTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzQ3OThlODhkYmYyYTA0MGQ1NDU5NTIyM2VhMDNhNjQ1NGVkZTljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuFdEnXWbaWUoCSdaAEP5fmuMge7r
PLIoB2r/UM+2zeQ17ketszblWLuwyNXN032IiZ7UNJQgnkNeA42nK5I0s0D769Y9
0dhlb23n/rOg4Soiq91HSG85i52OZf3aGhlAdCyOI25xgcdUedbDxm8WpWNfKyW4
otuqjA1kzGKewhla4G/PoxTRxUuZSfLqiRZeVw4hc/pHLmjBrWYIraoPtAGOgSU0
ix50aMUMxvu/iNnSFZ4ywTrOFavMb/NH9uOSr6gkN6Zhtzlckoi2+ueNG7bCQYKG
D8byq7dQTfehGzQyIfNhtAin75u9hHrGsa1wU/WR5GM0KOAhh1nS8WwznQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGNHmOiNvyoEDVRZUiPqA6ZFTt6cMB8GA1UdIwQY
MBaAFGeVWxqhwChNKEO5bybF/nUeZpRvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjVWYkdxSEFLRTBvUTdsdkpzWC1kUjVtbEc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi82MzE5MjUtNmIwZS00ZWE1LTkxZDct
MDhhZDk0MTAxZDdlLzEvWTBlWTZJMl9LZ1FOVkZsU0ktb0Rwa1ZPM3B3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi82MzE5MjUtNmIwZS00ZWE1LTkxZDctMDhhZDk0MTAxZDdl
LzEvWjVWYkdxSEFLRTBvUTdsdkpzWC1kUjVtbEc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+eIMA0G
CSqGSIb3DQEBCwUAA4IBAQBfR2PLOcCXtszAGLhWdv+5adMG3ZXRWE4oViszHzMN
Pp4aIHTOdJQWW5uGNr5h7c/yFU3PLarwgwnCiDGs6RZXo8jB4HpgYeqzPp7Xu+7/
BpNeuHMICFisof6sKFSkVBnCqG+HV2Ydm1ETDyRf7/qxgkDq+W9AA2XT8spNL+bp
TYqjuy+LyCkX2PRYscUjQoFxmSAMYhQx4yo5RbRKLFRNs/skotNjR3r032Le1X+B
Q5hnSFwjqHB22pq4P7xF37j3WLUttzFgmtCnlR4iXoLqkO/PlypoPqjuof45YqQG
0g/83tmZwUHbA4KBpX4h+zlP1XWN/IWJqBUrrSoSJnh4
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:58:27 2024 by rpki-client on console-fra.rpki-client.org