Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/ovSmEpGoR5maNO_hsQv6C81kXpg.roa
File:                     ovSmEpGoR5maNO_hsQv6C81kXpg.roa (raw, json)
Hash identifier:          3oSZlBlWE6QmaMUGYdHzygpUMn30Zv+K5/2sK3t2HQY=
Subject key identifier:   A2:F4:A6:12:91:A8:47:99:9A:34:EF:E1:B1:0B:FA:0B:CD:64:5E:98
Certificate issuer:       /CN=c74c60adeb0cd5768cf756f562b1b5cc5b9c180a
Certificate serial:       01856F429AF660C3B50E90D4FA893D1CF6A3
Authority key identifier: C7:4C:60:AD:EB:0C:D5:76:8C:F7:56:F5:62:B1:B5:CC:5B:9C:18:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x0xgresM1XaM91b1YrG1zFucGAo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/ovSmEpGoR5maNO_hsQv6C81kXpg.roa
Signing time:             Sun 01 Jan 2023 21:35:14 +0000
ROA not before:           Sun 01 Jan 2023 21:35:14 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     60557
IP address blocks:        176.119.215.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:42:9a:f6:60:c3:b5:0e:90:d4:fa:89:3d:1c:f6:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c74c60adeb0cd5768cf756f562b1b5cc5b9c180a
        Validity
            Not Before: Jan  1 21:35:14 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a2f4a61291a847999a34efe1b10bfa0bcd645e98
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:5d:92:68:01:22:91:3b:99:7b:22:79:4b:0d:
                    df:b3:a5:d9:90:6d:2f:8b:44:4f:7e:f8:68:49:8c:
                    8a:5d:6e:9b:a1:97:47:7e:99:1e:01:5a:65:64:cf:
                    1b:82:85:3c:c4:06:dd:d3:98:a8:6f:ff:f4:82:b3:
                    33:55:71:ef:4b:e0:96:e1:db:ce:d6:5b:91:ce:8b:
                    3d:0d:52:d8:ab:ae:1d:3c:fa:26:c7:76:d8:a0:ec:
                    aa:a9:d7:df:c0:8c:a5:3f:8e:42:22:5d:ff:c6:f5:
                    ea:31:20:56:3c:ee:26:01:92:5f:f9:dc:b6:ea:88:
                    b6:b0:9a:aa:d6:5c:b4:e5:7e:0d:03:a6:24:0b:14:
                    6d:49:fe:98:37:5e:c1:b1:ed:80:0c:ee:70:25:79:
                    27:cb:e1:53:96:43:fc:60:4a:65:5b:09:54:43:02:
                    eb:42:10:d4:8e:23:a2:ea:4c:7e:31:1e:e1:be:9c:
                    c9:c5:fd:46:30:24:6c:88:39:29:9b:b6:89:5f:ec:
                    90:62:94:59:38:e2:de:3c:5c:e9:42:88:24:fd:0b:
                    86:8f:1e:fa:88:7e:66:1d:10:82:15:9f:c7:5d:91:
                    de:81:00:d8:5e:a1:5e:f0:7e:a0:69:c6:23:83:a0:
                    68:8e:8e:22:82:e8:6e:5e:ad:e9:1f:5f:79:c9:4c:
                    a3:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:F4:A6:12:91:A8:47:99:9A:34:EF:E1:B1:0B:FA:0B:CD:64:5E:98
            X509v3 Authority Key Identifier:
                keyid:C7:4C:60:AD:EB:0C:D5:76:8C:F7:56:F5:62:B1:B5:CC:5B:9C:18:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x0xgresM1XaM91b1YrG1zFucGAo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/ovSmEpGoR5maNO_hsQv6C81kXpg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/x0xgresM1XaM91b1YrG1zFucGAo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.119.215.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:d9:0f:3b:e7:76:0a:e9:91:23:67:7f:6b:e0:a5:3c:c0:20:
         9b:c8:79:85:df:6c:3d:5d:13:e5:bf:d0:a3:0c:9c:68:00:a6:
         bd:c5:5e:f1:11:b7:af:06:5d:ee:c9:54:fc:ec:5d:7a:58:b1:
         cc:d5:4a:88:ec:8c:cf:05:b5:af:fd:d2:ed:1f:2a:1a:1b:3e:
         25:9b:54:64:4b:aa:94:04:48:db:93:a4:32:2e:f0:20:e3:8d:
         af:9b:39:ff:12:a3:48:06:95:1d:49:d9:9f:f9:9a:4d:c1:f5:
         b7:69:19:fb:f1:c2:80:6f:66:95:9c:39:34:7d:ee:f9:fb:c7:
         e3:08:ee:54:27:89:cc:08:57:ec:8f:57:c7:a1:34:de:ab:f6:
         57:b5:18:cb:6d:f5:c6:fb:05:99:43:b8:bc:fc:f5:14:78:0d:
         24:26:9b:3d:a2:51:a9:ee:01:12:21:3e:f4:3c:f2:97:82:c4:
         c4:9e:b3:cc:f9:fb:7e:ac:53:40:f9:05:39:32:04:89:d3:0a:
         b3:11:be:90:97:ac:09:76:9d:05:09:c4:5e:6a:f4:a0:5d:82:
         40:82:bd:b5:ca:53:eb:4f:b8:30:8e:23:16:3f:19:4f:31:c6:
         e4:f7:7f:c4:e6:c3:f5:c8:a8:a4:b6:3a:5f:8a:12:06:2c:ce:
         2d:b5:15:fc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVvQpr2YMO1DpDU+ok9HPajMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3NGM2MGFkZWIwY2Q1NzY4Y2Y3NTZmNTYyYjFiNWNjNWI5
YzE4MGEwHhcNMjMwMTAxMjEzNTE0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMmY0YTYxMjkxYTg0Nzk5OWEzNGVmZTFiMTBiZmEwYmNkNjQ1ZTk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjV2SaAEikTuZeyJ5Sw3fs6XZkG0v
i0RPfvhoSYyKXW6boZdHfpkeAVplZM8bgoU8xAbd05iob//0grMzVXHvS+CW4dvO
1luRzos9DVLYq64dPPomx3bYoOyqqdffwIylP45CIl3/xvXqMSBWPO4mAZJf+dy2
6oi2sJqq1ly05X4NA6YkCxRtSf6YN17Bse2ADO5wJXkny+FTlkP8YEplWwlUQwLr
QhDUjiOi6kx+MR7hvpzJxf1GMCRsiDkpm7aJX+yQYpRZOOLePFzpQogk/QuGjx76
iH5mHRCCFZ/HXZHegQDYXqFe8H6gacYjg6Bojo4iguhuXq3pH195yUyjsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKL0phKRqEeZmjTv4bEL+gvNZF6YMB8GA1UdIwQY
MBaAFMdMYK3rDNV2jPdW9WKxtcxbnBgKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDB4Z3Jlc00xWGFNOTFiMVlyRzF6RnVjR0FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZi9hZGI2NWMtZjZmNy00NDk1LWJhMjMt
ODg1ZTg0ZTc1MTJlLzEvb3ZTbUVwR29SNW1hTk9faHNRdjZDODFrWHBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZi9hZGI2NWMtZjZmNy00NDk1LWJhMjMtODg1ZTg0ZTc1MTJl
LzEveDB4Z3Jlc00xWGFNOTFiMVlyRzF6RnVjR0FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsHfXMA0G
CSqGSIb3DQEBCwUAA4IBAQAn2Q8753YK6ZEjZ39r4KU8wCCbyHmF32w9XRPlv9Cj
DJxoAKa9xV7xEbevBl3uyVT87F16WLHM1UqI7IzPBbWv/dLtHyoaGz4lm1RkS6qU
BEjbk6QyLvAg442vmzn/EqNIBpUdSdmf+ZpNwfW3aRn78cKAb2aVnDk0fe75+8fj
CO5UJ4nMCFfsj1fHoTTeq/ZXtRjLbfXG+wWZQ7i8/PUUeA0kJps9olGp7gESIT70
PPKXgsTEnrPM+ft+rFNA+QU5MgSJ0wqzEb6Ql6wJdp0FCcReavSgXYJAgr21ylPr
T7gwjiMWPxlPMcbk93/E5sP1yKiktjpfihIGLM4ttRX8
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:57:30 2024 by rpki-client on console-ams.rpki-client.org