Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/v9AHtPVnBfGG4pe70ByaBr8syjU.roa
File:                     v9AHtPVnBfGG4pe70ByaBr8syjU.roa (raw, json)
Hash identifier:          wDqsFggtAnmW3LnUsMIGZyy3un668nXRpHUgioRYM3g=
Subject key identifier:   BF:D0:07:B4:F5:67:05:F1:86:E2:97:BB:D0:1C:9A:06:BF:2C:CA:35
Certificate issuer:       /CN=67955b1aa1c0284d2843b96f26c5fe751e66946f
Certificate serial:       01856DC19CC2D26B6B89F48E772B929975DD
Authority key identifier: 67:95:5B:1A:A1:C0:28:4D:28:43:B9:6F:26:C5:FE:75:1E:66:94:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/v9AHtPVnBfGG4pe70ByaBr8syjU.roa
Signing time:             Sun 01 Jan 2023 14:34:43 +0000
ROA not before:           Sun 01 Jan 2023 14:34:43 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     206728
IP address blocks:        91.240.242.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6d:c1:9c:c2:d2:6b:6b:89:f4:8e:77:2b:92:99:75:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67955b1aa1c0284d2843b96f26c5fe751e66946f
        Validity
            Not Before: Jan  1 14:34:43 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=bfd007b4f56705f186e297bbd01c9a06bf2cca35
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:ba:95:ce:f8:d7:3e:97:29:fe:a0:c3:ca:f6:
                    cd:a0:32:70:ca:43:c4:b8:a5:b1:d7:32:0f:8b:75:
                    e0:cb:f2:55:72:e8:62:90:1f:5e:a8:13:86:fa:20:
                    46:10:68:e1:8d:9d:e3:b5:8a:c1:5f:66:c8:5a:cd:
                    3b:f8:8c:b4:9d:d9:b9:60:b7:38:03:77:7b:8e:26:
                    3a:58:8f:0b:8c:24:8e:f1:78:8c:5d:75:b3:41:c0:
                    56:53:88:6f:61:71:e3:04:3f:4d:4f:ef:b0:7c:dd:
                    32:98:d7:79:45:96:18:e0:51:be:d1:a5:84:11:6c:
                    c3:e8:dc:24:02:13:34:c9:62:eb:c0:e6:0c:04:98:
                    1f:61:d9:c0:71:22:73:7d:e2:94:39:8b:23:8d:03:
                    5f:ff:e1:01:04:f2:73:1a:8f:24:3b:a5:1f:00:c7:
                    35:ea:84:24:11:4c:98:1a:f1:21:a1:e2:97:cc:45:
                    3f:7b:04:3b:36:0f:35:26:03:f2:48:d3:5e:2c:ec:
                    dc:8d:f8:c4:ad:4f:e2:9a:73:83:d8:65:aa:99:3c:
                    0d:c8:d7:ae:1e:f7:01:3b:5d:d1:49:ae:5e:1f:bb:
                    cd:f7:b1:3b:d1:66:3e:e3:d5:4f:4f:c6:a7:fb:a8:
                    c4:12:e5:4b:66:4b:11:75:19:28:67:29:e1:1a:41:
                    3f:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:D0:07:B4:F5:67:05:F1:86:E2:97:BB:D0:1C:9A:06:BF:2C:CA:35
            X509v3 Authority Key Identifier:
                keyid:67:95:5B:1A:A1:C0:28:4D:28:43:B9:6F:26:C5:FE:75:1E:66:94:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/v9AHtPVnBfGG4pe70ByaBr8syjU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.240.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:c3:09:9e:28:59:ac:b7:f2:1d:fb:3a:d6:f1:22:bc:91:e6:
         ed:48:8f:76:a3:31:5d:d3:2a:28:82:b7:b1:d2:70:d5:a4:5a:
         3e:26:9d:0c:26:0c:a6:0d:72:62:df:a3:b1:6b:31:c2:f2:93:
         2b:06:e6:ae:01:e1:15:e8:4e:81:8b:bc:bc:8d:5f:87:ba:cd:
         13:6e:bc:e1:f7:61:83:b6:75:2a:41:58:ca:63:6e:e8:30:2a:
         df:62:86:8e:59:ff:52:5c:11:36:e7:f4:10:81:43:db:c1:76:
         84:d8:d7:a3:c8:98:8d:dc:22:37:43:68:6a:5a:ce:c2:90:19:
         35:13:09:76:36:e6:f3:62:68:43:14:6f:e3:23:44:1e:bf:95:
         0b:0a:55:7f:44:ce:95:5c:59:0a:e6:c0:a8:1a:99:96:a6:92:
         6b:8e:3d:01:5f:94:9f:6f:28:a1:c6:c8:96:e1:cb:ee:0e:c5:
         45:40:13:e0:d3:60:2a:44:63:36:76:f8:61:e4:1b:58:b0:30:
         2d:0e:7d:05:13:94:78:29:19:0a:93:59:41:d3:ee:a7:79:de:
         bd:96:97:fc:08:39:99:eb:90:37:f7:cb:8c:b0:ca:79:35:c1:
         a3:7d:d8:9c:35:e2:4f:9a:9e:e3:ec:91:46:b5:78:86:a5:1e:
         e6:5b:0f:49
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVtwZzC0mtrifSOdyuSmXXdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3OTU1YjFhYTFjMDI4NGQyODQzYjk2ZjI2YzVmZTc1MWU2
Njk0NmYwHhcNMjMwMTAxMTQzNDQzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZmQwMDdiNGY1NjcwNWYxODZlMjk3YmJkMDFjOWEwNmJmMmNjYTM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm7qVzvjXPpcp/qDDyvbNoDJwykPE
uKWx1zIPi3Xgy/JVcuhikB9eqBOG+iBGEGjhjZ3jtYrBX2bIWs07+Iy0ndm5YLc4
A3d7jiY6WI8LjCSO8XiMXXWzQcBWU4hvYXHjBD9NT++wfN0ymNd5RZYY4FG+0aWE
EWzD6NwkAhM0yWLrwOYMBJgfYdnAcSJzfeKUOYsjjQNf/+EBBPJzGo8kO6UfAMc1
6oQkEUyYGvEhoeKXzEU/ewQ7Ng81JgPySNNeLOzcjfjErU/imnOD2GWqmTwNyNeu
HvcBO13RSa5eH7vN97E70WY+49VPT8an+6jEEuVLZksRdRkoZynhGkE/AwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL/QB7T1ZwXxhuKXu9Acmga/LMo1MB8GA1UdIwQY
MBaAFGeVWxqhwChNKEO5bybF/nUeZpRvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjVWYkdxSEFLRTBvUTdsdkpzWC1kUjVtbEc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi82MzE5MjUtNmIwZS00ZWE1LTkxZDct
MDhhZDk0MTAxZDdlLzEvdjlBSHRQVm5CZkdHNHBlNzBCeWFCcjhzeWpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi82MzE5MjUtNmIwZS00ZWE1LTkxZDctMDhhZDk0MTAxZDdl
LzEvWjVWYkdxSEFLRTBvUTdsdkpzWC1kUjVtbEc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW/DyMA0G
CSqGSIb3DQEBCwUAA4IBAQBtwwmeKFmst/Id+zrW8SK8kebtSI92ozFd0yoogrex
0nDVpFo+Jp0MJgymDXJi36OxazHC8pMrBuauAeEV6E6Bi7y8jV+Hus0Tbrzh92GD
tnUqQVjKY27oMCrfYoaOWf9SXBE25/QQgUPbwXaE2NejyJiN3CI3Q2hqWs7CkBk1
Ewl2NubzYmhDFG/jI0Qev5ULClV/RM6VXFkK5sCoGpmWppJrjj0BX5SfbyihxsiW
4cvuDsVFQBPg02AqRGM2dvhh5BtYsDAtDn0FE5R4KRkKk1lB0+6ned69lpf8CDmZ
65A398uMsMp5NcGjfdicNeJPmp7j7JFGtXiGpR7mWw9J
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:58:27 2024 by rpki-client on console-fra.rpki-client.org