Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/e05e77-12ae-4f59-9491-cadd1129c98d/1/X3FVCAgXc6GOX92r079gzmZtCOQ.roa
File:                     X3FVCAgXc6GOX92r079gzmZtCOQ.roa (raw, json)
Hash identifier:          rqjNWkURRIouq1qWbvfRA7qmtyWRwbuEbIuzodsZgDI=
Subject key identifier:   5F:71:55:08:08:17:73:A1:8E:5F:DD:AB:D3:BF:60:CE:66:6D:08:E4
Certificate issuer:       /CN=e5bcfc1077cf876888fb6c75b2e394923205f3b5
Certificate serial:       01856E5D60E76227FFD59DAA41BC2FB9CC1A
Authority key identifier: E5:BC:FC:10:77:CF:87:68:88:FB:6C:75:B2:E3:94:92:32:05:F3:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5bz8EHfPh2iI-2x1suOUkjIF87U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/e05e77-12ae-4f59-9491-cadd1129c98d/1/X3FVCAgXc6GOX92r079gzmZtCOQ.roa
Signing time:             Sun 01 Jan 2023 17:24:51 +0000
ROA not before:           Sun 01 Jan 2023 17:24:51 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     10753
IP address blocks:        176.116.117.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6e:5d:60:e7:62:27:ff:d5:9d:aa:41:bc:2f:b9:cc:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e5bcfc1077cf876888fb6c75b2e394923205f3b5
        Validity
            Not Before: Jan  1 17:24:51 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=5f715508081773a18e5fddabd3bf60ce666d08e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:91:de:35:93:ce:64:c1:c3:7e:26:dd:a6:26:
                    93:62:67:5b:11:aa:c5:23:f7:c4:0e:97:d2:42:c3:
                    4e:33:c2:8b:1f:50:e7:c3:63:c3:fe:2a:fb:8a:f3:
                    56:b9:73:f6:cc:45:e1:ce:69:d7:bd:84:0a:35:6d:
                    a7:76:14:03:ed:07:7d:bd:fb:de:ea:a0:fb:db:61:
                    45:02:2f:e9:3a:6c:fd:be:5e:d8:1f:26:a5:86:62:
                    94:9e:e9:ac:21:fa:7c:c4:cd:c4:b1:96:a0:f7:6a:
                    aa:26:d7:4b:7c:86:83:39:68:1a:94:2b:44:0a:ec:
                    0f:c3:d0:4f:98:f6:a0:8a:2f:bd:15:95:99:c1:0b:
                    91:0e:59:1e:d1:cd:f7:b2:b8:f8:c0:92:54:ee:34:
                    fb:25:36:e4:80:70:32:b6:ca:0b:a2:de:0d:58:4c:
                    80:a4:39:4b:c1:b8:8e:ef:2b:b0:8b:16:bb:3b:e5:
                    f8:47:15:f6:a8:5c:14:de:f2:dc:36:98:61:46:e7:
                    3e:9a:ee:e9:59:39:f5:5e:e8:3e:a2:c3:a6:74:17:
                    54:54:14:22:3c:e3:d0:77:60:a6:26:cc:c6:91:06:
                    29:3b:3d:c9:e2:06:ce:35:46:a3:39:b2:96:f8:6f:
                    87:d2:71:c1:47:a0:a3:e4:bb:da:20:50:9d:16:a2:
                    21:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:71:55:08:08:17:73:A1:8E:5F:DD:AB:D3:BF:60:CE:66:6D:08:E4
            X509v3 Authority Key Identifier:
                keyid:E5:BC:FC:10:77:CF:87:68:88:FB:6C:75:B2:E3:94:92:32:05:F3:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5bz8EHfPh2iI-2x1suOUkjIF87U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/e05e77-12ae-4f59-9491-cadd1129c98d/1/X3FVCAgXc6GOX92r079gzmZtCOQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/e05e77-12ae-4f59-9491-cadd1129c98d/1/5bz8EHfPh2iI-2x1suOUkjIF87U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.116.117.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d2:3e:08:e8:68:eb:f0:d8:dc:fe:36:73:1f:4b:22:4d:2e:27:
         07:8a:2e:e3:b3:8c:38:c1:1b:ab:54:ea:de:6a:29:d1:be:7f:
         52:30:c9:65:fa:a5:56:45:a7:07:46:ee:35:d2:22:0e:c5:63:
         ab:36:98:7e:19:d5:96:71:47:4e:2d:7d:18:73:6c:7a:bc:ae:
         59:2b:92:57:67:e5:0d:64:0b:99:ff:0a:59:4c:33:94:b7:f2:
         7f:9e:b6:1b:2d:2c:d3:0c:2e:48:0f:b0:6e:85:f7:63:1b:8e:
         1b:d4:1c:30:98:31:78:86:b0:32:fb:b7:48:ed:e1:75:63:d4:
         5f:bb:57:d8:9c:5d:f5:c1:45:04:c2:bb:e2:b4:94:17:1c:2a:
         94:fa:2f:06:6d:9c:af:82:86:16:c0:c5:f6:46:04:7f:31:e4:
         b0:36:cd:d9:9e:43:cd:27:96:25:e5:be:c0:dc:29:a0:96:4c:
         29:b3:53:f7:c6:5a:00:da:26:0f:cd:e3:c2:b6:2e:a0:8b:cc:
         65:98:d7:45:36:a5:46:50:3d:a9:03:a5:c7:24:10:5b:89:e3:
         56:be:3e:90:1f:95:ae:17:a8:94:19:65:44:52:cd:60:6b:04:
         91:f9:ca:ba:c8:6f:3a:2c:63:19:21:2a:d9:ae:7b:b5:c1:bb:
         cf:27:c5:48
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVuXWDnYif/1Z2qQbwvucwaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1YmNmYzEwNzdjZjg3Njg4OGZiNmM3NWIyZTM5NDkyMzIw
NWYzYjUwHhcNMjMwMTAxMTcyNDUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjcxNTUwODA4MTc3M2ExOGU1ZmRkYWJkM2JmNjBjZTY2NmQwOGU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt5HeNZPOZMHDfibdpiaTYmdbEarF
I/fEDpfSQsNOM8KLH1Dnw2PD/ir7ivNWuXP2zEXhzmnXvYQKNW2ndhQD7Qd9vfve
6qD722FFAi/pOmz9vl7YHyalhmKUnumsIfp8xM3EsZag92qqJtdLfIaDOWgalCtE
CuwPw9BPmPagii+9FZWZwQuRDlke0c33srj4wJJU7jT7JTbkgHAytsoLot4NWEyA
pDlLwbiO7yuwixa7O+X4RxX2qFwU3vLcNphhRuc+mu7pWTn1Xug+osOmdBdUVBQi
POPQd2CmJszGkQYpOz3J4gbONUajObKW+G+H0nHBR6Cj5LvaIFCdFqIh3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF9xVQgIF3Ohjl/dq9O/YM5mbQjkMB8GA1UdIwQY
MBaAFOW8/BB3z4doiPtsdbLjlJIyBfO1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWJ6OEVIZlBoMmlJLTJ4MXN1T1VraklGODdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi9lMDVlNzctMTJhZS00ZjU5LTk0OTEt
Y2FkZDExMjljOThkLzEvWDNGVkNBZ1hjNkdPWDkycjA3OWd6bVp0Q09RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi9lMDVlNzctMTJhZS00ZjU5LTk0OTEtY2FkZDExMjljOThk
LzEvNWJ6OEVIZlBoMmlJLTJ4MXN1T1VraklGODdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsHR1MA0G
CSqGSIb3DQEBCwUAA4IBAQDSPgjoaOvw2Nz+NnMfSyJNLicHii7js4w4wRurVOre
ainRvn9SMMll+qVWRacHRu410iIOxWOrNph+GdWWcUdOLX0Yc2x6vK5ZK5JXZ+UN
ZAuZ/wpZTDOUt/J/nrYbLSzTDC5ID7BuhfdjG44b1BwwmDF4hrAy+7dI7eF1Y9Rf
u1fYnF31wUUEwrvitJQXHCqU+i8GbZyvgoYWwMX2RgR/MeSwNs3ZnkPNJ5Yl5b7A
3Cmglkwps1P3xloA2iYPzePCti6gi8xlmNdFNqVGUD2pA6XHJBBbieNWvj6QH5Wu
F6iUGWVEUs1gawSR+cq6yG86LGMZISrZrnu1wbvPJ8VI
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:19:06 2024 by rpki-client on console-fra.rpki-client.org