Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/YgbtTvpvLoA6DjsCBkKM5ykv57I.roa
File:                     YgbtTvpvLoA6DjsCBkKM5ykv57I.roa (raw, json)
Hash identifier:          XGKptZKJceLNOqyXy65CDgqb+RuIrhNTl9b5XUaqn4g=
Subject key identifier:   62:06:ED:4E:FA:6F:2E:80:3A:0E:3B:02:06:42:8C:E7:29:2F:E7:B2
Certificate issuer:       /CN=67955b1aa1c0284d2843b96f26c5fe751e66946f
Certificate serial:       018B85CB0F326DE6593DB3362A81C38233CA
Authority key identifier: 67:95:5B:1A:A1:C0:28:4D:28:43:B9:6F:26:C5:FE:75:1E:66:94:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/YgbtTvpvLoA6DjsCBkKM5ykv57I.roa
Signing time:             Tue 31 Oct 2023 12:52:39 +0000
ROA not before:           Tue 31 Oct 2023 12:52:39 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     0
IP address blocks:        91.238.97.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:85:cb:0f:32:6d:e6:59:3d:b3:36:2a:81:c3:82:33:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67955b1aa1c0284d2843b96f26c5fe751e66946f
        Validity
            Not Before: Oct 31 12:52:39 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=6206ed4efa6f2e803a0e3b0206428ce7292fe7b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:2e:c3:ad:14:fb:0a:ee:ba:3c:48:b1:ae:a4:
                    86:87:f6:f3:ba:90:f2:76:2a:bd:bd:cf:3b:de:02:
                    1e:37:65:7f:6d:45:9a:c5:0f:b0:be:4d:ca:6d:52:
                    ff:ae:5b:9d:e1:5a:9f:86:c4:99:1c:3f:12:48:7f:
                    5a:37:63:bd:50:85:6a:15:29:6f:52:3a:8a:9e:9f:
                    e6:bb:57:f8:23:6e:42:22:60:47:3f:ec:3b:5e:59:
                    56:9a:df:f4:b0:95:0e:6f:bc:18:b1:8d:2b:1b:86:
                    e7:39:f6:40:b0:72:10:67:89:d9:dd:93:29:d4:5f:
                    22:fa:73:50:aa:4d:ee:30:ad:df:9e:05:1b:3a:0d:
                    c5:ca:a7:4c:f5:43:5d:c4:bc:64:9e:fe:ec:c6:ea:
                    05:fa:fc:79:18:3d:60:0c:0d:49:fa:53:75:82:c7:
                    27:b5:29:ea:61:56:12:a2:32:82:64:22:85:96:b3:
                    ac:61:76:a1:67:40:02:67:37:65:3f:b0:13:46:c3:
                    e0:a5:09:3f:57:8e:2a:77:d3:9a:dc:88:79:a1:0f:
                    56:c9:77:40:12:9d:a7:d0:57:8c:0d:0a:ee:f2:11:
                    39:54:ca:8f:93:7f:c2:c4:30:b1:b7:79:14:b2:1f:
                    98:68:5d:07:7f:17:0a:13:42:55:78:db:5d:2b:38:
                    94:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:06:ED:4E:FA:6F:2E:80:3A:0E:3B:02:06:42:8C:E7:29:2F:E7:B2
            X509v3 Authority Key Identifier:
                keyid:67:95:5B:1A:A1:C0:28:4D:28:43:B9:6F:26:C5:FE:75:1E:66:94:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/YgbtTvpvLoA6DjsCBkKM5ykv57I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.238.97.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:f4:45:43:6a:c0:2e:d8:d1:41:1f:08:67:a7:0b:5c:22:2e:
         2e:4f:44:2f:87:49:42:7f:75:fb:4c:68:1d:0f:e8:0c:d2:c0:
         dc:bb:c1:97:94:8b:f9:a7:fa:45:8c:fc:f5:22:da:f5:ef:12:
         4b:9e:d0:56:f0:18:90:f4:2b:74:59:10:d0:99:c6:4a:73:73:
         95:68:77:63:f5:82:25:ae:53:b4:a2:6c:5d:cf:4b:dc:df:b1:
         8d:9a:09:88:29:e2:73:96:cb:e8:51:c0:e3:b2:1d:7b:a4:6e:
         86:e7:82:b5:67:fe:f5:14:97:c3:f7:1c:cb:85:64:1e:c0:62:
         21:9d:12:9d:bb:aa:94:bd:0a:e7:46:f9:95:06:e9:56:25:9b:
         c5:61:d6:29:c8:7a:8b:1d:f5:d1:67:ee:74:56:4a:ea:13:11:
         03:68:59:94:f5:30:6c:a5:eb:08:9c:b3:d5:be:62:58:53:32:
         50:8f:8b:3e:f6:2f:c1:04:a4:94:d5:27:e6:fe:41:b2:15:77:
         57:f2:7e:31:e1:b8:3a:5f:41:80:40:27:c9:98:48:ab:59:30:
         ba:30:73:77:dc:d6:23:cc:0f:5a:46:e3:c2:f7:f6:0d:4d:c0:
         29:1e:1b:aa:e0:e9:22:b3:6c:5e:93:74:c7:97:14:61:8b:e0:
         ec:eb:d6:64
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYuFyw8ybeZZPbM2KoHDgjPKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3OTU1YjFhYTFjMDI4NGQyODQzYjk2ZjI2YzVmZTc1MWU2
Njk0NmYwHhcNMjMxMDMxMTI1MjM5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjA2ZWQ0ZWZhNmYyZTgwM2EwZTNiMDIwNjQyOGNlNzI5MmZlN2IyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsy7DrRT7Cu66PEixrqSGh/bzupDy
diq9vc873gIeN2V/bUWaxQ+wvk3KbVL/rlud4VqfhsSZHD8SSH9aN2O9UIVqFSlv
UjqKnp/mu1f4I25CImBHP+w7XllWmt/0sJUOb7wYsY0rG4bnOfZAsHIQZ4nZ3ZMp
1F8i+nNQqk3uMK3fngUbOg3FyqdM9UNdxLxknv7sxuoF+vx5GD1gDA1J+lN1gscn
tSnqYVYSojKCZCKFlrOsYXahZ0ACZzdlP7ATRsPgpQk/V44qd9Oa3Ih5oQ9WyXdA
Ep2n0FeMDQru8hE5VMqPk3/CxDCxt3kUsh+YaF0HfxcKE0JVeNtdKziU9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGIG7U76by6AOg47AgZCjOcpL+eyMB8GA1UdIwQY
MBaAFGeVWxqhwChNKEO5bybF/nUeZpRvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjVWYkdxSEFLRTBvUTdsdkpzWC1kUjVtbEc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi82MzE5MjUtNmIwZS00ZWE1LTkxZDct
MDhhZDk0MTAxZDdlLzEvWWdidFR2cHZMb0E2RGpzQ0JrS001eWt2NTdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi82MzE5MjUtNmIwZS00ZWE1LTkxZDctMDhhZDk0MTAxZDdl
LzEvWjVWYkdxSEFLRTBvUTdsdkpzWC1kUjVtbEc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+5hMA0G
CSqGSIb3DQEBCwUAA4IBAQCE9EVDasAu2NFBHwhnpwtcIi4uT0Qvh0lCf3X7TGgd
D+gM0sDcu8GXlIv5p/pFjPz1Itr17xJLntBW8BiQ9Ct0WRDQmcZKc3OVaHdj9YIl
rlO0omxdz0vc37GNmgmIKeJzlsvoUcDjsh17pG6G54K1Z/71FJfD9xzLhWQewGIh
nRKdu6qUvQrnRvmVBulWJZvFYdYpyHqLHfXRZ+50VkrqExEDaFmU9TBspesInLPV
vmJYUzJQj4s+9i/BBKSU1Sfm/kGyFXdX8n4x4bg6X0GAQCfJmEirWTC6MHN33NYj
zA9aRuPC9/YNTcApHhuq4Okis2xek3THlxRhi+Ds69Zk
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:58:27 2024 by rpki-client on console-fra.rpki-client.org