Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/Zc9MLF2lagoSHrNw56SCag5ViIY.roa
File:                     Zc9MLF2lagoSHrNw56SCag5ViIY.roa (raw, json)
Hash identifier:          +Dcdnmmpc9S9Cb/YSW3TBTaICF5hzWV0Vk3LBDlyd9o=
Subject key identifier:   65:CF:4C:2C:5D:A5:6A:0A:12:1E:B3:70:E7:A4:82:6A:0E:55:88:86
Certificate issuer:       /CN=67955b1aa1c0284d2843b96f26c5fe751e66946f
Certificate serial:       0186077E23C9A8836CEB80D9A79B4BDC826D
Authority key identifier: 67:95:5B:1A:A1:C0:28:4D:28:43:B9:6F:26:C5:FE:75:1E:66:94:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/Zc9MLF2lagoSHrNw56SCag5ViIY.roa
Signing time:             Tue 31 Jan 2023 11:02:32 +0000
ROA not before:           Tue 31 Jan 2023 11:02:32 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     34665
IP address blocks:        195.210.9.0/24 maxlen: 24
                          91.238.96.0/24 maxlen: 24
                          91.193.110.0/24 maxlen: 24
                          193.93.61.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:07:7e:23:c9:a8:83:6c:eb:80:d9:a7:9b:4b:dc:82:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67955b1aa1c0284d2843b96f26c5fe751e66946f
        Validity
            Not Before: Jan 31 11:02:32 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=65cf4c2c5da56a0a121eb370e7a4826a0e558886
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:d0:7e:3d:08:08:d7:c2:a9:a8:4a:c6:69:ca:
                    12:3e:b3:b9:29:23:36:26:6c:34:5b:8c:24:0a:f3:
                    24:ca:30:02:b1:f2:1a:41:a8:2f:b1:c2:20:7a:96:
                    ab:3a:f3:b6:12:be:95:d2:69:83:cd:50:1d:7f:04:
                    62:ea:bd:5c:a3:8d:cf:59:a2:fa:fb:e5:f9:6e:5e:
                    fb:1a:04:c3:fc:e5:21:59:b7:7f:c7:9a:bc:de:b2:
                    07:6a:89:96:9e:f5:9e:3e:83:68:89:29:ee:84:46:
                    4a:a3:cf:29:b3:2b:0f:1a:32:2d:3d:30:7a:81:11:
                    02:30:e1:07:79:5c:60:10:a7:db:9c:0f:a4:9c:51:
                    8a:c4:ba:27:e7:4c:a8:e5:90:bc:0d:5f:4b:d0:c0:
                    ac:d9:c7:e0:96:8c:27:5e:6f:8a:8d:7b:c0:b8:a2:
                    4f:2b:61:3d:51:08:a5:c0:da:0e:2a:97:39:4c:7c:
                    7d:88:a3:33:24:48:b5:71:f2:af:22:76:b9:d9:27:
                    99:1b:05:31:e8:b7:95:7b:df:b3:77:21:d6:7f:80:
                    28:eb:c2:cf:79:05:fc:95:e3:d4:82:2e:15:37:08:
                    10:1f:e3:6b:24:66:40:7c:96:d0:64:c8:5d:1c:d3:
                    0b:04:f6:d5:05:d0:44:06:db:da:bd:ed:f0:e1:5d:
                    0d:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:CF:4C:2C:5D:A5:6A:0A:12:1E:B3:70:E7:A4:82:6A:0E:55:88:86
            X509v3 Authority Key Identifier:
                keyid:67:95:5B:1A:A1:C0:28:4D:28:43:B9:6F:26:C5:FE:75:1E:66:94:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/Zc9MLF2lagoSHrNw56SCag5ViIY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.193.110.0/24
                  91.238.96.0/24
                  193.93.61.0/24
                  195.210.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:5f:0a:55:c6:ee:82:11:12:c5:af:fa:2c:a8:b9:22:8e:80:
         9b:36:7c:48:e5:e4:3e:ec:e0:71:da:d0:66:29:d8:69:87:e1:
         5a:76:fc:50:56:cc:3e:d4:94:06:92:6a:e1:46:28:36:37:fe:
         25:1a:23:16:2e:74:6a:94:d9:3f:c4:69:13:6a:58:7e:75:e7:
         64:29:cf:ca:73:2b:de:1d:96:92:31:90:49:e6:bb:8c:48:15:
         2d:a6:23:73:c2:17:00:fa:32:34:31:44:dd:d9:0c:ec:34:be:
         e5:df:81:c3:7e:5c:22:10:8c:ac:f9:ca:fb:98:15:fa:ff:65:
         6c:ea:16:c3:1e:65:a9:f8:24:e7:c3:50:71:54:2c:d7:1b:d9:
         02:5a:40:57:5f:e2:d5:cc:62:af:83:d4:2f:3f:03:bd:bc:04:
         6e:d0:17:d4:c9:8f:1c:16:39:de:00:78:48:10:96:89:7a:df:
         77:31:98:47:e9:b8:73:ce:38:93:30:21:97:15:22:87:2b:f7:
         2f:d5:9c:41:45:0f:7c:72:ac:be:31:82:85:0a:bc:d0:aa:3c:
         92:d3:3a:dd:8a:4a:e9:3b:ab:16:84:e4:19:b4:fd:23:56:d2:
         12:d4:d7:27:12:4c:88:2f:15:88:bf:31:ee:9e:3e:2f:48:f1:
         ed:c6:25:dc
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYYHfiPJqINs64DZp5tL3IJtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3OTU1YjFhYTFjMDI4NGQyODQzYjk2ZjI2YzVmZTc1MWU2
Njk0NmYwHhcNMjMwMTMxMTEwMjMyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NWNmNGMyYzVkYTU2YTBhMTIxZWIzNzBlN2E0ODI2YTBlNTU4ODg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAktB+PQgI18KpqErGacoSPrO5KSM2
Jmw0W4wkCvMkyjACsfIaQagvscIgeparOvO2Er6V0mmDzVAdfwRi6r1co43PWaL6
++X5bl77GgTD/OUhWbd/x5q83rIHaomWnvWePoNoiSnuhEZKo88psysPGjItPTB6
gRECMOEHeVxgEKfbnA+knFGKxLon50yo5ZC8DV9L0MCs2cfglownXm+KjXvAuKJP
K2E9UQilwNoOKpc5THx9iKMzJEi1cfKvIna52SeZGwUx6LeVe9+zdyHWf4Ao68LP
eQX8lePUgi4VNwgQH+NrJGZAfJbQZMhdHNMLBPbVBdBEBtvave3w4V0NOQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFGXPTCxdpWoKEh6zcOekgmoOVYiGMB8GA1UdIwQY
MBaAFGeVWxqhwChNKEO5bybF/nUeZpRvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjVWYkdxSEFLRTBvUTdsdkpzWC1kUjVtbEc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi82MzE5MjUtNmIwZS00ZWE1LTkxZDct
MDhhZDk0MTAxZDdlLzEvWmM5TUxGMmxhZ29TSHJOdzU2U0NhZzVWaUlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi82MzE5MjUtNmIwZS00ZWE1LTkxZDctMDhhZDk0MTAxZDdl
LzEvWjVWYkdxSEFLRTBvUTdsdkpzWC1kUjVtbEc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAW8FuAwQA
W+5gAwQAwV09AwQAw9IJMA0GCSqGSIb3DQEBCwUAA4IBAQBqXwpVxu6CERLFr/os
qLkijoCbNnxI5eQ+7OBx2tBmKdhph+FadvxQVsw+1JQGkmrhRig2N/4lGiMWLnRq
lNk/xGkTalh+dedkKc/KcyveHZaSMZBJ5ruMSBUtpiNzwhcA+jI0MUTd2QzsNL7l
34HDflwiEIys+cr7mBX6/2Vs6hbDHmWp+CTnw1BxVCzXG9kCWkBXX+LVzGKvg9Qv
PwO9vARu0BfUyY8cFjneAHhIEJaJet93MZhH6bhzzjiTMCGXFSKHK/cv1ZxBRQ98
cqy+MYKFCrzQqjyS0zrdikrpO6sWhOQZtP0jVtIS1NcnEkyILxWIvzHunj4vSPHt
xiXc
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:50:52 2024 by rpki-client on console-ams.rpki-client.org