Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/d582c4-36e3-4a57-8752-e641e713d1fa/1/4hYHjKdlQApr6KNaWkQbnCABsEE.roa
File:                     4hYHjKdlQApr6KNaWkQbnCABsEE.roa (raw, json)
Hash identifier:          My+P4TZbVAoZLhALtZLEsKfbYy2esXx6TfpZdxFigCg=
Subject key identifier:   E2:16:07:8C:A7:65:40:0A:6B:E8:A3:5A:5A:44:1B:9C:20:01:B0:41
Certificate issuer:       /CN=d0299cf12b38ff12d95ffc0d13ac12c69fe2c1ca
Certificate serial:       0185CB822C55A59AF51EF990C26A2F779011
Authority key identifier: D0:29:9C:F1:2B:38:FF:12:D9:5F:FC:0D:13:AC:12:C6:9F:E2:C1:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Cmc8Ss4_xLZX_wNE6wSxp_iwco.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/d582c4-36e3-4a57-8752-e641e713d1fa/1/4hYHjKdlQApr6KNaWkQbnCABsEE.roa
Signing time:             Thu 19 Jan 2023 19:29:43 +0000
ROA not before:           Thu 19 Jan 2023 19:29:43 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     59956
IP address blocks:        176.117.76.0/22 maxlen: 22
                          176.117.80.0/22 maxlen: 22
                          176.117.84.0/22 maxlen: 22
                          176.117.88.0/22 maxlen: 22
                          176.117.92.0/22 maxlen: 22

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:cb:82:2c:55:a5:9a:f5:1e:f9:90:c2:6a:2f:77:90:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d0299cf12b38ff12d95ffc0d13ac12c69fe2c1ca
        Validity
            Not Before: Jan 19 19:29:43 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=e216078ca765400a6be8a35a5a441b9c2001b041
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:5b:25:33:02:49:71:45:50:04:16:48:10:60:
                    11:6a:7b:ab:81:56:c5:48:cb:64:7e:5f:4b:6d:3b:
                    93:5f:de:01:99:28:93:1f:2e:64:c2:f9:4d:61:59:
                    81:d1:5b:c5:fa:b3:21:b2:48:bd:64:db:78:a5:7b:
                    45:a6:6d:7c:e3:c0:49:9b:62:37:ea:df:cf:b3:db:
                    28:81:d4:ef:28:82:97:e3:cc:88:1b:33:2b:c9:b7:
                    90:98:2d:97:ca:f1:15:a2:c8:b1:00:7d:f8:28:18:
                    4a:88:c3:15:38:1e:71:d3:de:c6:68:d9:a9:16:bd:
                    9f:99:c1:97:a1:07:b0:61:00:3d:0e:ac:5e:b1:d8:
                    41:b4:60:44:77:a0:ea:c9:82:3e:b0:b1:71:82:d0:
                    76:ba:60:38:10:ea:62:c3:35:4a:d4:78:30:ac:fa:
                    67:38:66:b3:0b:4a:dc:49:7f:f6:60:9c:d9:5d:2e:
                    86:83:94:7f:1a:44:1c:e7:be:68:8a:89:73:cc:4d:
                    f7:f2:68:71:32:5f:e0:44:96:8f:d2:58:40:60:69:
                    8e:1c:72:0f:d7:5d:9d:c9:39:e3:ee:a9:86:01:d0:
                    8c:5c:0c:ff:21:d8:c0:bc:c5:a1:11:1f:32:3c:ca:
                    36:ff:13:f3:c6:27:d5:4f:6b:11:95:9e:e6:50:8b:
                    48:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:16:07:8C:A7:65:40:0A:6B:E8:A3:5A:5A:44:1B:9C:20:01:B0:41
            X509v3 Authority Key Identifier:
                keyid:D0:29:9C:F1:2B:38:FF:12:D9:5F:FC:0D:13:AC:12:C6:9F:E2:C1:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Cmc8Ss4_xLZX_wNE6wSxp_iwco.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/d582c4-36e3-4a57-8752-e641e713d1fa/1/4hYHjKdlQApr6KNaWkQbnCABsEE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/d582c4-36e3-4a57-8752-e641e713d1fa/1/0Cmc8Ss4_xLZX_wNE6wSxp_iwco.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.117.76.0-176.117.95.255

    Signature Algorithm: sha256WithRSAEncryption
         43:fa:fd:9e:56:12:28:ff:f9:49:38:7e:76:14:6d:ad:5c:80:
         0d:e4:52:ed:52:29:a3:71:c3:f0:a8:80:88:0f:8d:31:5a:1d:
         3d:f0:68:8b:94:a5:7f:ae:8b:f0:4f:2b:ad:07:9d:f5:b2:a7:
         47:93:74:04:07:9d:c8:bf:e3:70:b1:62:b1:5e:5a:c4:17:c2:
         6f:ca:55:51:af:9a:52:d5:d9:66:21:b6:a3:f4:8d:60:0b:f4:
         7e:a9:f2:95:de:6c:ed:88:ad:9d:f3:dc:b8:a2:0f:6a:01:f3:
         28:c2:63:2b:34:18:66:3b:58:2e:60:2e:75:19:84:26:fd:05:
         22:53:95:ed:d1:45:32:b4:94:d4:be:fd:0b:04:c6:f8:0c:1a:
         e1:9c:cc:0f:41:49:e2:dd:47:86:0b:41:17:ba:31:5a:d5:e1:
         af:8e:3a:07:3f:e7:8d:6b:d0:aa:a5:4f:49:21:88:ea:00:7f:
         51:b9:38:6d:15:d6:f2:aa:8c:61:ff:52:d0:13:4c:f7:ba:d1:
         05:4b:03:5d:c8:c7:b7:64:43:92:55:1d:d1:80:ea:c1:4c:a7:
         bd:d8:82:16:95:5f:da:2f:90:46:97:20:c2:1d:a5:55:5a:8e:
         ca:8f:67:dd:b8:6c:7e:75:ec:56:67:06:c7:45:76:76:57:3a:
         02:b8:61:22
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYXLgixVpZr1HvmQwmovd5ARMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwMjk5Y2YxMmIzOGZmMTJkOTVmZmMwZDEzYWMxMmM2OWZl
MmMxY2EwHhcNMjMwMTE5MTkyOTQzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjE2MDc4Y2E3NjU0MDBhNmJlOGEzNWE1YTQ0MWI5YzIwMDFiMDQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnlslMwJJcUVQBBZIEGARanurgVbF
SMtkfl9LbTuTX94BmSiTHy5kwvlNYVmB0VvF+rMhski9ZNt4pXtFpm1848BJm2I3
6t/Ps9sogdTvKIKX48yIGzMrybeQmC2XyvEVosixAH34KBhKiMMVOB5x097GaNmp
Fr2fmcGXoQewYQA9DqxesdhBtGBEd6DqyYI+sLFxgtB2umA4EOpiwzVK1HgwrPpn
OGazC0rcSX/2YJzZXS6Gg5R/GkQc575oiolzzE338mhxMl/gRJaP0lhAYGmOHHIP
112dyTnj7qmGAdCMXAz/IdjAvMWhER8yPMo2/xPzxifVT2sRlZ7mUItIQQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFOIWB4ynZUAKa+ijWlpEG5wgAbBBMB8GA1UdIwQY
MBaAFNApnPErOP8S2V/8DROsEsaf4sHKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMENtYzhTczRfeExaWF93TkU2d1N4cF9pd2NvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi9kNTgyYzQtMzZlMy00YTU3LTg3NTIt
ZTY0MWU3MTNkMWZhLzEvNGhZSGpLZGxRQXByNktOYVdrUWJuQ0FCc0VFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi9kNTgyYzQtMzZlMy00YTU3LTg3NTItZTY0MWU3MTNkMWZh
LzEvMENtYzhTczRfeExaWF93TkU2d1N4cF9pd2NvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAKwdUwD
BAWwdUAwDQYJKoZIhvcNAQELBQADggEBAEP6/Z5WEij/+Uk4fnYUba1cgA3kUu1S
KaNxw/CogIgPjTFaHT3waIuUpX+ui/BPK60HnfWyp0eTdAQHnci/43CxYrFeWsQX
wm/KVVGvmlLV2WYhtqP0jWAL9H6p8pXebO2IrZ3z3LiiD2oB8yjCYys0GGY7WC5g
LnUZhCb9BSJTle3RRTK0lNS+/QsExvgMGuGczA9BSeLdR4YLQRe6MVrV4a+OOgc/
541r0KqlT0khiOoAf1G5OG0V1vKqjGH/UtATTPe60QVLA13Ix7dkQ5JVHdGA6sFM
p73YghaVX9ovkEaXIMIdpVVajsqPZ924bH517FZnBsdFdnZXOgK4YSI=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:53:21 2024 by rpki-client on console-ams.rpki-client.org