Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/nXkrD-szHe30GoYnNGSlmLv_Bdk.roa
File:                     nXkrD-szHe30GoYnNGSlmLv_Bdk.roa (raw, json)
Hash identifier:          V8H7CLKIB3dZvAoRJSg9sladMLmKEti6W+uAgqBe+vo=
Subject key identifier:   9D:79:2B:0F:EB:33:1D:ED:F4:1A:86:27:34:64:A5:98:BB:FF:05:D9
Certificate issuer:       /CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
Certificate serial:       018E3243C2B3B967FB131086E4CB23BA83D4
Authority key identifier: C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/nXkrD-szHe30GoYnNGSlmLv_Bdk.roa
Signing time:             Tue 12 Mar 2024 10:44:45 +0000
ROA not before:           Tue 12 Mar 2024 10:44:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48031
IP address blocks:        91.246.62.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:32:43:c2:b3:b9:67:fb:13:10:86:e4:cb:23:ba:83:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
        Validity
            Not Before: Mar 12 10:44:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9d792b0feb331dedf41a86273464a598bbff05d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:ac:88:49:24:38:37:aa:a2:48:21:e2:cb:31:
                    36:2b:6d:52:a5:49:68:57:88:ac:ea:eb:1f:71:41:
                    d0:ae:10:d6:89:27:19:2a:54:04:b3:c9:ed:e6:ba:
                    67:0c:4c:d2:f3:1e:28:89:b2:15:7b:4e:f7:3f:03:
                    ef:60:19:d6:56:bc:15:cf:a1:d5:c3:1f:b6:b0:61:
                    57:85:0b:26:f9:31:a2:1b:26:69:e5:98:a1:46:58:
                    49:b9:9e:8c:34:b8:ff:73:79:75:7a:ba:aa:00:bd:
                    ab:3b:ef:f6:1d:ad:7f:80:f1:80:39:0e:d7:8a:2d:
                    06:10:87:49:33:4a:08:ad:38:86:cc:9d:1a:dc:fc:
                    1f:4e:8b:7f:3f:55:c8:cf:3e:25:70:c9:11:d1:ac:
                    8b:ec:c8:9b:df:52:09:4c:4d:03:f3:f0:31:2b:e1:
                    24:23:96:21:c2:3c:af:9e:db:b4:14:ea:cf:c4:5f:
                    1d:2e:af:80:fe:cc:c6:e1:93:fd:e7:31:20:43:c2:
                    75:ae:47:78:a8:a9:8f:66:f0:34:88:7c:49:c5:ce:
                    43:d4:e8:8f:7d:34:89:b6:37:6f:ab:f4:29:05:4f:
                    1d:bf:44:be:76:36:aa:72:fa:d6:c2:c4:fa:b5:80:
                    1b:48:95:9e:ff:0f:73:42:7c:04:cf:8b:be:3a:bf:
                    f1:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:79:2B:0F:EB:33:1D:ED:F4:1A:86:27:34:64:A5:98:BB:FF:05:D9
            X509v3 Authority Key Identifier:
                keyid:C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/nXkrD-szHe30GoYnNGSlmLv_Bdk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.246.62.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:f4:3f:e8:53:95:fe:7b:0a:f4:5f:3e:f3:6a:14:d9:53:df:
         f4:18:69:b9:f4:10:b2:27:98:e5:85:7c:4c:6c:47:61:f8:f5:
         09:8a:cc:eb:b5:f1:1d:dc:56:bb:e9:92:7b:9f:fb:08:88:45:
         65:eb:8e:b6:27:ee:b3:ec:aa:5e:61:99:d5:3b:91:e6:90:ef:
         a0:4a:aa:23:cb:3e:b8:9b:35:06:60:ba:31:9a:e1:85:86:20:
         ca:b0:8d:5f:3f:9f:a8:77:f7:a6:e1:19:81:24:14:6f:4e:fc:
         4d:e4:f5:02:94:21:35:08:f8:8c:16:e6:b7:5e:bc:1d:82:8e:
         29:84:c9:6d:54:d4:37:be:28:4c:91:05:79:d1:51:a9:98:c8:
         7b:52:8b:14:03:e3:9e:8c:99:cc:b4:3e:7b:2e:a3:c5:ea:fa:
         50:63:d9:c5:7f:c8:fe:da:db:bc:e0:b3:fc:04:fd:f9:2f:40:
         48:de:82:3c:4e:1d:09:92:2d:fa:0b:30:34:ea:28:1c:16:d9:
         16:ac:53:df:ce:9e:cc:37:27:20:0b:27:dd:99:cc:8d:1b:50:
         ee:ba:72:8b:95:9f:3c:fc:9a:2c:8c:a7:a9:eb:08:3a:3f:f4:
         ad:22:99:50:69:fc:d2:92:c4:06:d0:aa:e0:9a:cb:0a:a0:05:
         7b:82:d9:81
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4yQ8KzuWf7ExCG5MsjuoPUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzODI4MGM1MzAwYjc0ODg4YWM3ZWI0YmZhNjQxN2Q5YTJl
N2IwYmUwHhcNMjQwMzEyMTA0NDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDc5MmIwZmViMzMxZGVkZjQxYTg2MjczNDY0YTU5OGJiZmYwNWQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnqyISSQ4N6qiSCHiyzE2K21SpUlo
V4is6usfcUHQrhDWiScZKlQEs8nt5rpnDEzS8x4oibIVe073PwPvYBnWVrwVz6HV
wx+2sGFXhQsm+TGiGyZp5ZihRlhJuZ6MNLj/c3l1erqqAL2rO+/2Ha1/gPGAOQ7X
ii0GEIdJM0oIrTiGzJ0a3PwfTot/P1XIzz4lcMkR0ayL7Mib31IJTE0D8/AxK+Ek
I5Yhwjyvntu0FOrPxF8dLq+A/szG4ZP95zEgQ8J1rkd4qKmPZvA0iHxJxc5D1OiP
fTSJtjdvq/QpBU8dv0S+djaqcvrWwsT6tYAbSJWe/w9zQnwEz4u+Or/xzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ15Kw/rMx3t9BqGJzRkpZi7/wXZMB8GA1UdIwQY
MBaAFMOCgMUwC3SIisfrS/pkF9mi57C+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2Yt
NDFiYjIxYWMyODAxLzEvblhrckQtc3pIZTMwR29Zbk5HU2xtTHZfQmRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2YtNDFiYjIxYWMyODAx
LzEvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW/Y+MA0G
CSqGSIb3DQEBCwUAA4IBAQCZ9D/oU5X+ewr0Xz7zahTZU9/0GGm59BCyJ5jlhXxM
bEdh+PUJiszrtfEd3Fa76ZJ7n/sIiEVl6462J+6z7KpeYZnVO5HmkO+gSqojyz64
mzUGYLoxmuGFhiDKsI1fP5+od/em4RmBJBRvTvxN5PUClCE1CPiMFua3Xrwdgo4p
hMltVNQ3vihMkQV50VGpmMh7UosUA+OejJnMtD57LqPF6vpQY9nFf8j+2tu84LP8
BP35L0BI3oI8Th0Jki36CzA06igcFtkWrFPfzp7MNycgCyfdmcyNG1DuunKLlZ88
/JosjKep6wg6P/StIplQafzSksQG0KrgmssKoAV7gtmB
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:52:27 2024 by rpki-client on console-ams.rpki-client.org