Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/_6qgDdTb6jFFK1Bbh07KgtsUZro.roa
File:                     _6qgDdTb6jFFK1Bbh07KgtsUZro.roa (raw, json)
Hash identifier:          z5HMf/2dJhA5eFsDTBMZdvfJE4IAWZjJZRtEcGHA8vA=
Subject key identifier:   FF:AA:A0:0D:D4:DB:EA:31:45:2B:50:5B:87:4E:CA:82:DB:14:66:BA
Certificate issuer:       /CN=67955b1aa1c0284d2843b96f26c5fe751e66946f
Certificate serial:       018CC7275F48A2F8698D44B671F5C6445697
Authority key identifier: 67:95:5B:1A:A1:C0:28:4D:28:43:B9:6F:26:C5:FE:75:1E:66:94:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/_6qgDdTb6jFFK1Bbh07KgtsUZro.roa
Signing time:             Mon 01 Jan 2024 22:31:35 +0000
ROA not before:           Mon 01 Jan 2024 22:31:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49505
IP address blocks:        91.234.11.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:5f:48:a2:f8:69:8d:44:b6:71:f5:c6:44:56:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67955b1aa1c0284d2843b96f26c5fe751e66946f
        Validity
            Not Before: Jan  1 22:31:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ffaaa00dd4dbea31452b505b874eca82db1466ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:c2:a9:6e:4c:f8:54:41:ae:8a:d4:f3:fa:04:
                    0e:ff:53:93:00:fc:d8:d2:72:a3:7d:4a:71:1d:e9:
                    37:57:52:aa:42:b8:2a:a8:bc:96:61:f1:05:a3:ef:
                    fe:94:97:8b:1f:93:55:57:4d:0c:88:33:9c:36:63:
                    44:e1:d6:0b:70:a5:ad:15:65:3c:b9:89:7d:57:48:
                    15:8c:fb:38:1d:84:bb:f4:c2:d8:d3:d9:22:1b:78:
                    e9:b9:13:e4:c9:02:5b:71:37:44:f6:4c:6b:1d:e8:
                    89:fa:0f:9c:00:e2:03:f5:3b:3e:ae:a7:d1:69:bf:
                    46:fe:4b:ab:95:06:8e:de:f4:80:a7:b1:c0:30:9d:
                    b7:16:b5:c0:ad:11:a2:10:84:df:33:dc:64:8d:94:
                    7a:55:e4:d9:42:f6:48:91:0c:79:d5:f5:d4:04:3f:
                    f8:88:29:22:25:4b:f4:f2:85:b2:4d:28:02:67:08:
                    68:78:83:ab:be:cd:22:16:ec:9e:6a:fe:32:28:b1:
                    c9:e8:e3:6d:11:8d:2b:d3:33:b0:83:5f:7f:cd:9d:
                    d0:f4:54:38:fa:84:60:69:8b:ac:8c:89:77:89:b8:
                    be:04:d2:45:d0:bb:72:a5:76:8e:4e:b7:e7:a0:d8:
                    3e:70:6b:ea:cc:8d:d0:ce:b2:e9:99:2b:ca:08:44:
                    71:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:AA:A0:0D:D4:DB:EA:31:45:2B:50:5B:87:4E:CA:82:DB:14:66:BA
            X509v3 Authority Key Identifier:
                keyid:67:95:5B:1A:A1:C0:28:4D:28:43:B9:6F:26:C5:FE:75:1E:66:94:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/_6qgDdTb6jFFK1Bbh07KgtsUZro.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.234.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:c6:ad:0e:a7:8d:68:9f:c1:58:08:e4:4b:a6:3d:49:f3:d3:
         14:64:21:f8:68:dc:5e:71:b7:0d:e4:83:c5:bb:0b:f1:f9:6d:
         5c:b2:97:e8:2c:fa:c5:c0:64:ba:29:12:0e:04:08:a6:1f:26:
         a7:9a:bf:c1:01:b6:ab:a3:bd:2e:1a:71:f8:4f:a7:c1:39:2d:
         c5:2e:01:db:a9:ec:44:c8:ff:79:51:7a:cd:f5:15:3f:30:43:
         af:36:80:6d:e3:b8:99:46:96:e2:04:8d:52:44:f6:19:02:b3:
         7b:57:96:9a:35:3d:10:92:98:58:b6:2b:20:a2:e6:d0:13:06:
         2c:09:c0:7a:f1:a2:c9:b5:45:91:46:91:d7:11:72:e3:5b:73:
         ba:55:be:48:38:b8:8a:3f:af:5e:ec:4b:2b:2a:6b:74:24:4f:
         0e:8c:0d:fa:2f:94:46:43:2a:7d:dd:9f:99:af:2e:74:54:4f:
         7c:99:87:2a:08:59:f5:b5:80:b1:57:f4:0b:71:ca:69:48:fc:
         8f:4b:68:89:77:90:58:aa:00:06:6f:8d:02:7d:6f:f5:b6:eb:
         15:af:9f:e1:56:b9:85:a3:11:e3:69:b0:ea:9f:9a:6a:16:9d:
         28:d5:df:6d:a1:06:41:27:5e:c1:f7:ac:0a:3d:fd:72:2c:47:
         0f:c1:de:b3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJ19IovhpjUS2cfXGRFaXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3OTU1YjFhYTFjMDI4NGQyODQzYjk2ZjI2YzVmZTc1MWU2
Njk0NmYwHhcNMjQwMTAxMjIzMTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZmFhYTAwZGQ0ZGJlYTMxNDUyYjUwNWI4NzRlY2E4MmRiMTQ2NmJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApcKpbkz4VEGuitTz+gQO/1OTAPzY
0nKjfUpxHek3V1KqQrgqqLyWYfEFo+/+lJeLH5NVV00MiDOcNmNE4dYLcKWtFWU8
uYl9V0gVjPs4HYS79MLY09kiG3jpuRPkyQJbcTdE9kxrHeiJ+g+cAOID9Ts+rqfR
ab9G/kurlQaO3vSAp7HAMJ23FrXArRGiEITfM9xkjZR6VeTZQvZIkQx51fXUBD/4
iCkiJUv08oWyTSgCZwhoeIOrvs0iFuyeav4yKLHJ6ONtEY0r0zOwg19/zZ3Q9FQ4
+oRgaYusjIl3ibi+BNJF0LtypXaOTrfnoNg+cGvqzI3QzrLpmSvKCERxBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP+qoA3U2+oxRStQW4dOyoLbFGa6MB8GA1UdIwQY
MBaAFGeVWxqhwChNKEO5bybF/nUeZpRvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjVWYkdxSEFLRTBvUTdsdkpzWC1kUjVtbEc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi82MzE5MjUtNmIwZS00ZWE1LTkxZDct
MDhhZDk0MTAxZDdlLzEvXzZxZ0RkVGI2akZGSzFCYmgwN0tndHNVWnJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi82MzE5MjUtNmIwZS00ZWE1LTkxZDctMDhhZDk0MTAxZDdl
LzEvWjVWYkdxSEFLRTBvUTdsdkpzWC1kUjVtbEc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+oLMA0G
CSqGSIb3DQEBCwUAA4IBAQCKxq0Op41on8FYCORLpj1J89MUZCH4aNxecbcN5IPF
uwvx+W1cspfoLPrFwGS6KRIOBAimHyanmr/BAbaro70uGnH4T6fBOS3FLgHbqexE
yP95UXrN9RU/MEOvNoBt47iZRpbiBI1SRPYZArN7V5aaNT0QkphYtisgoubQEwYs
CcB68aLJtUWRRpHXEXLjW3O6Vb5IOLiKP69e7EsrKmt0JE8OjA36L5RGQyp93Z+Z
ry50VE98mYcqCFn1tYCxV/QLccppSPyPS2iJd5BYqgAGb40CfW/1tusVr5/hVrmF
oxHjabDqn5pqFp0o1d9toQZBJ17B96wKPf1yLEcPwd6z
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:58:27 2024 by rpki-client on console-fra.rpki-client.org