Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/OWgBeEyInSYOKLbF1g4dK40EqUo.roa
File:                     OWgBeEyInSYOKLbF1g4dK40EqUo.roa (raw, json)
Hash identifier:          pGWPrlXKgnF1cXZsQt335+Wt2TP38ZdC8bBRf/f7+g8=
Subject key identifier:   39:68:01:78:4C:88:9D:26:0E:28:B6:C5:D6:0E:1D:2B:8D:04:A9:4A
Certificate issuer:       /CN=da00e981953061972c896bd6d27738d083aadb0e
Certificate serial:       0188E93DB9821E19CD24CB1B587286575BFB
Authority key identifier: DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/OWgBeEyInSYOKLbF1g4dK40EqUo.roa
Signing time:             Fri 23 Jun 2023 17:11:56 +0000
ROA not before:           Fri 23 Jun 2023 17:11:56 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     6079
IP address blocks:        91.250.244.0/24 maxlen: 24
                          188.211.249.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:e9:3d:b9:82:1e:19:cd:24:cb:1b:58:72:86:57:5b:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=da00e981953061972c896bd6d27738d083aadb0e
        Validity
            Not Before: Jun 23 17:11:56 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=396801784c889d260e28b6c5d60e1d2b8d04a94a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:2d:df:81:32:25:9a:0f:31:86:29:66:dd:86:
                    d3:83:5e:d9:49:7a:0b:44:63:6a:80:ed:6a:b2:69:
                    1b:6e:6f:92:11:2a:c3:d3:38:c3:04:f0:0d:aa:f1:
                    e5:ba:e3:19:da:e7:64:ca:7e:c9:a4:6a:2c:65:a3:
                    e6:00:8d:06:44:bb:e7:8d:b1:52:3b:e8:31:41:ab:
                    79:0d:9b:18:90:9d:0a:9c:de:de:5c:8e:84:70:38:
                    3b:b1:6c:1d:cd:55:a4:9f:e0:55:3f:14:98:ea:ac:
                    3e:6a:a7:9a:4e:29:94:55:6c:b4:3c:0a:a4:10:ce:
                    7c:8e:68:04:00:60:a2:5b:c4:34:3d:6c:df:6f:56:
                    8c:4a:3f:15:e6:81:a9:18:55:e3:9f:1a:fc:6b:79:
                    af:cd:ca:b3:97:02:1a:1d:6c:bb:2b:95:34:29:33:
                    74:12:b8:b7:1e:b2:18:3d:d4:9a:ac:36:d6:15:1e:
                    e6:60:e9:3e:94:a6:05:ff:dd:8d:f4:88:27:d3:04:
                    82:88:f1:de:f2:0d:be:e3:33:5a:90:57:03:36:f2:
                    06:96:7c:88:77:17:c7:d8:20:13:5f:3a:24:7b:a1:
                    15:8b:93:fe:ac:d1:ca:15:fb:7b:aa:3a:58:82:10:
                    5c:27:81:a8:34:f4:3d:96:89:9a:28:15:d7:74:43:
                    10:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:68:01:78:4C:88:9D:26:0E:28:B6:C5:D6:0E:1D:2B:8D:04:A9:4A
            X509v3 Authority Key Identifier:
                keyid:DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/OWgBeEyInSYOKLbF1g4dK40EqUo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/2gDpgZUwYZcsiWvW0nc40IOq2w4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.250.244.0/24
                  188.211.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:03:de:2d:cb:48:ce:63:de:35:83:bd:97:fd:ba:39:98:b8:
         d6:9e:7c:e6:02:7f:bd:89:f5:bb:58:cc:d3:ce:f4:c2:10:69:
         62:32:92:39:61:ca:9b:9d:59:99:39:e9:92:f7:75:70:93:22:
         0b:73:7b:77:f3:91:0b:f5:29:01:37:82:f8:e4:76:81:cd:f4:
         45:1f:97:51:f0:8c:16:dd:0e:ed:41:b0:5a:b8:f0:1c:a0:24:
         07:a5:11:c8:c7:f9:1e:15:fa:38:b5:57:64:93:0b:d1:21:28:
         11:b9:81:d0:a3:45:c4:f7:7a:9a:c7:d1:af:25:4d:62:f8:2a:
         d7:0c:3a:a0:8f:61:d4:59:91:0e:2e:75:ff:c9:54:2a:03:87:
         1c:34:72:68:67:dc:ed:0d:97:52:75:d7:ed:08:00:1e:9b:33:
         a4:2e:03:a7:37:f9:39:a2:46:c2:85:f6:d6:56:bc:b9:d3:ff:
         74:a3:ae:7f:ec:84:4c:06:2d:7c:67:f5:16:99:e6:18:8c:5a:
         8f:79:3a:02:55:a8:40:3b:6e:48:44:e8:eb:14:3a:7d:13:99:
         fd:b6:51:57:8f:8e:c1:94:11:5b:f6:0c:8a:29:a9:3f:1e:5e:
         68:c1:24:44:4b:24:c1:93:39:42:4a:89:ec:d4:23:18:ef:3a:
         7a:35:14:9f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYjpPbmCHhnNJMsbWHKGV1v7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhMDBlOTgxOTUzMDYxOTcyYzg5NmJkNmQyNzczOGQwODNh
YWRiMGUwHhcNMjMwNjIzMTcxMTU2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTY4MDE3ODRjODg5ZDI2MGUyOGI2YzVkNjBlMWQyYjhkMDRhOTRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAji3fgTIlmg8xhilm3YbTg17ZSXoL
RGNqgO1qsmkbbm+SESrD0zjDBPANqvHluuMZ2udkyn7JpGosZaPmAI0GRLvnjbFS
O+gxQat5DZsYkJ0KnN7eXI6EcDg7sWwdzVWkn+BVPxSY6qw+aqeaTimUVWy0PAqk
EM58jmgEAGCiW8Q0PWzfb1aMSj8V5oGpGFXjnxr8a3mvzcqzlwIaHWy7K5U0KTN0
Eri3HrIYPdSarDbWFR7mYOk+lKYF/92N9Ign0wSCiPHe8g2+4zNakFcDNvIGlnyI
dxfH2CATXzoke6EVi5P+rNHKFft7qjpYghBcJ4GoNPQ9lomaKBXXdEMQIwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDloAXhMiJ0mDii2xdYOHSuNBKlKMB8GA1UdIwQY
MBaAFNoA6YGVMGGXLIlr1tJ3ONCDqtsOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAt
OWE0OGVjZjllMTVlLzEvT1dnQmVFeUluU1lPS0xiRjFnNGRLNDBFcVVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAtOWE0OGVjZjllMTVl
LzEvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW/r0AwQA
vNP5MA0GCSqGSIb3DQEBCwUAA4IBAQCMA94ty0jOY941g72X/bo5mLjWnnzmAn+9
ifW7WMzTzvTCEGliMpI5YcqbnVmZOemS93VwkyILc3t385EL9SkBN4L45HaBzfRF
H5dR8IwW3Q7tQbBauPAcoCQHpRHIx/keFfo4tVdkkwvRISgRuYHQo0XE93qax9Gv
JU1i+CrXDDqgj2HUWZEOLnX/yVQqA4ccNHJoZ9ztDZdSddftCAAemzOkLgOnN/k5
okbChfbWVry50/90o65/7IRMBi18Z/UWmeYYjFqPeToCVahAO25IROjrFDp9E5n9
tlFXj47BlBFb9gyKKak/Hl5owSRESyTBkzlCSons1CMY7zp6NRSf
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:01:14 2024 by rpki-client on console-fra.rpki-client.org