Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/d582c4-36e3-4a57-8752-e641e713d1fa/1/eyJBSwJz0VKEsj-gm372BKlqwhk.roa
File:                     eyJBSwJz0VKEsj-gm372BKlqwhk.roa (raw, json)
Hash identifier:          P4yd5Crzt13t9qq8fBnLJxeFVeHGcLjcDlGrgH4zrYk=
Subject key identifier:   7B:22:41:4B:02:73:D1:52:84:B2:3F:A0:9B:7E:F6:04:A9:6A:C2:19
Certificate issuer:       /CN=d0299cf12b38ff12d95ffc0d13ac12c69fe2c1ca
Certificate serial:       01C353BC
Authority key identifier: D0:29:9C:F1:2B:38:FF:12:D9:5F:FC:0D:13:AC:12:C6:9F:E2:C1:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Cmc8Ss4_xLZX_wNE6wSxp_iwco.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/d582c4-36e3-4a57-8752-e641e713d1fa/1/eyJBSwJz0VKEsj-gm372BKlqwhk.roa
Signing time:             Sat 01 Jan 2022 01:58:06 +0000
ROA not before:           Sat 01 Jan 2022 01:58:06 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     50643
IP address blocks:        176.117.81.0/24 maxlen: 24
                          176.117.80.0/22 maxlen: 22
                          176.117.80.0/23 maxlen: 23
                          176.117.80.0/24 maxlen: 24
                          176.117.82.0/23 maxlen: 23
                          176.117.85.0/24 maxlen: 24
                          176.117.82.0/24 maxlen: 24
                          176.117.83.0/24 maxlen: 24
                          176.117.84.0/24 maxlen: 24
                          176.117.84.0/23 maxlen: 23
                          176.117.84.0/22 maxlen: 22
                          176.117.86.0/23 maxlen: 23
                          176.117.87.0/24 maxlen: 24
                          176.117.86.0/24 maxlen: 24
                          176.117.93.0/24 maxlen: 24
                          176.117.94.0/24 maxlen: 24
                          176.117.95.0/24 maxlen: 24
                          176.117.92.0/24 maxlen: 24
                          176.117.64.0/20 maxlen: 20
                          176.117.64.0/19 maxlen: 19

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 29578172 (0x1c353bc)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d0299cf12b38ff12d95ffc0d13ac12c69fe2c1ca
        Validity
            Not Before: Jan  1 01:58:06 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=7b22414b0273d15284b23fa09b7ef604a96ac219
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:f1:e6:82:ec:2e:cc:3a:c7:01:5d:53:42:45:
                    f6:11:4c:52:54:2a:b5:04:7f:89:68:ba:60:54:3a:
                    65:e6:3c:39:f6:89:7c:72:50:39:d8:b7:fc:e0:a4:
                    08:5a:88:11:cc:f5:7b:ca:e8:8c:42:63:b9:39:58:
                    64:45:43:e6:d3:40:81:3c:40:e5:46:19:b9:ca:4b:
                    90:f5:f1:41:65:8d:d8:df:63:9b:a5:c3:dd:5a:e2:
                    97:e2:9a:05:e9:45:a7:8a:90:9a:4c:29:b8:9f:e0:
                    b2:da:c1:a0:c3:80:5e:6e:f0:05:42:6b:81:52:e8:
                    e2:dc:61:57:ad:42:a7:ea:b8:c2:b9:a9:e3:52:e5:
                    21:1e:ef:03:54:69:56:dd:3a:28:d4:ec:10:04:ca:
                    0c:d5:5e:7a:bc:4f:16:b2:15:2f:ca:0a:ef:53:70:
                    ac:7b:0f:50:ae:a8:f7:6e:4a:c3:62:1a:48:2f:ad:
                    58:91:8c:72:58:f1:8c:2b:ef:c7:14:23:1a:e2:1a:
                    10:c1:2a:92:e8:0d:a0:77:ad:e7:80:22:3a:07:94:
                    59:e6:ae:71:93:81:ef:c1:5e:39:21:34:52:20:43:
                    f4:07:fa:a1:d9:77:11:60:25:b4:95:d0:0b:9d:fe:
                    1e:fd:c2:04:9d:03:3b:ec:e7:da:f9:d6:d5:b6:d5:
                    c1:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:22:41:4B:02:73:D1:52:84:B2:3F:A0:9B:7E:F6:04:A9:6A:C2:19
            X509v3 Authority Key Identifier:
                keyid:D0:29:9C:F1:2B:38:FF:12:D9:5F:FC:0D:13:AC:12:C6:9F:E2:C1:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Cmc8Ss4_xLZX_wNE6wSxp_iwco.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/d582c4-36e3-4a57-8752-e641e713d1fa/1/eyJBSwJz0VKEsj-gm372BKlqwhk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/d582c4-36e3-4a57-8752-e641e713d1fa/1/0Cmc8Ss4_xLZX_wNE6wSxp_iwco.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.117.64.0/19

    Signature Algorithm: sha256WithRSAEncryption
         18:af:f1:b6:2d:65:d6:36:15:da:86:4e:92:42:56:ba:ec:e1:
         46:9b:34:fb:1c:a1:f4:2e:41:e9:25:1b:c4:1f:27:e2:03:39:
         4e:89:9d:66:07:b9:61:ce:1c:fc:12:0b:64:ea:a2:b7:8d:9e:
         72:ed:00:2b:61:aa:ff:d3:fb:c8:93:45:42:d8:7a:d1:a2:82:
         ff:2a:b5:e3:27:a6:dc:41:94:ab:a9:30:b2:12:e4:3d:bc:f8:
         05:14:fc:22:53:17:f9:59:a3:04:b8:0b:b3:bb:d5:5f:d0:77:
         b1:0a:55:b0:86:3e:72:ee:88:97:b1:09:0a:ee:a8:97:ab:87:
         0a:73:15:c0:d6:3b:43:ba:cb:d8:20:2b:06:9c:d0:9b:10:eb:
         c7:48:e7:f5:ca:62:68:eb:f7:0c:c5:c4:f6:59:15:fa:e6:d4:
         38:96:79:b1:8d:f4:3b:4d:0f:f1:12:0c:6c:46:d3:59:62:af:
         8e:14:97:90:81:2a:b1:73:a1:57:d5:0c:d4:b4:bb:c9:d0:7f:
         95:f7:9f:eb:8a:34:a9:04:7c:8f:7f:f4:58:c7:b8:93:bf:4f:
         f7:b4:0c:43:7e:b3:fc:4e:de:11:d0:eb:e0:3f:e1:2b:bc:cd:
         da:2a:cb:d4:98:69:e1:17:cb:f8:17:f3:a5:72:69:01:d2:b4:
         0b:f6:41:0c
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEAcNTvDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhk
MDI5OWNmMTJiMzhmZjEyZDk1ZmZjMGQxM2FjMTJjNjlmZTJjMWNhMB4XDTIyMDEw
MTAxNTgwNloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoN2IyMjQxNGIwMjcz
ZDE1Mjg0YjIzZmEwOWI3ZWY2MDRhOTZhYzIxOTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMfx5oLsLsw6xwFdU0JF9hFMUlQqtQR/iWi6YFQ6ZeY8OfaJ
fHJQOdi3/OCkCFqIEcz1e8rojEJjuTlYZEVD5tNAgTxA5UYZucpLkPXxQWWN2N9j
m6XD3Vril+KaBelFp4qQmkwpuJ/gstrBoMOAXm7wBUJrgVLo4txhV61Cp+q4wrmp
41LlIR7vA1RpVt06KNTsEATKDNVeerxPFrIVL8oK71NwrHsPUK6o925Kw2IaSC+t
WJGMcljxjCvvxxQjGuIaEMEqkugNoHet54AiOgeUWeaucZOB78FeOSE0UiBD9Af6
odl3EWAltJXQC53+Hv3CBJ0DO+zn2vnW1bbVwQcCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBR7IkFLAnPRUoSyP6CbfvYEqWrCGTAfBgNVHSMEGDAWgBTQKZzxKzj/Etlf
/A0TrBLGn+LByjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzBDbWM4U3M0X3hMWlhfd05FNndTeHBfaXdjby5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMGYvZDU4MmM0LTM2ZTMtNGE1Ny04NzUyLWU2NDFlNzEzZDFmYS8x
L2V5SkJTd0p6MFZLRXNqLWdtMzcyQktscXdoay5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMGYv
ZDU4MmM0LTM2ZTMtNGE1Ny04NzUyLWU2NDFlNzEzZDFmYS8xLzBDbWM4U3M0X3hM
Wlhfd05FNndTeHBfaXdjby5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBbB1QDANBgkqhkiG9w0BAQsFAAOC
AQEAGK/xti1l1jYV2oZOkkJWuuzhRps0+xyh9C5B6SUbxB8n4gM5TomdZge5Yc4c
/BILZOqit42ecu0AK2Gq/9P7yJNFQth60aKC/yq14yem3EGUq6kwshLkPbz4BRT8
IlMX+VmjBLgLs7vVX9B3sQpVsIY+cu6Il7EJCu6ol6uHCnMVwNY7Q7rL2CArBpzQ
mxDrx0jn9cpiaOv3DMXE9lkV+ubUOJZ5sY30O00P8RIMbEbTWWKvjhSXkIEqsXOh
V9UM1LS7ydB/lfef64o0qQR8j3/0WMe4k79P97QMQ36z/E7eEdDr4D/hK7zN2irL
1Jhp4RfL+BfzpXJpAdK0C/ZBDA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:19:06 2024 by rpki-client on console-fra.rpki-client.org