Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/becd16-a9e9-4cd6-800e-f008dd83e32a/1/jAL4o1MiD8YV04NW-WK_z_2VBio.roa
File:                     jAL4o1MiD8YV04NW-WK_z_2VBio.roa (raw, json)
Hash identifier:          /jj52zlVAlk68XTRa1oVos0BWKsyLDvao/m6TRRHRGU=
Subject key identifier:   8C:02:F8:A3:53:22:0F:C6:15:D3:83:56:F9:62:BF:CF:FD:95:06:2A
Certificate issuer:       /CN=e9be181aabdb195513a26c67b621e2986818d03d
Certificate serial:       018CCA2B585AF9BCF426A36FED5B5F941171
Authority key identifier: E9:BE:18:1A:AB:DB:19:55:13:A2:6C:67:B6:21:E2:98:68:18:D0:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6b4YGqvbGVUTomxntiHimGgY0D0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/becd16-a9e9-4cd6-800e-f008dd83e32a/1/jAL4o1MiD8YV04NW-WK_z_2VBio.roa
Signing time:             Tue 02 Jan 2024 12:34:47 +0000
ROA not before:           Tue 02 Jan 2024 12:34:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62240
IP address blocks:        176.53.133.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:58:5a:f9:bc:f4:26:a3:6f:ed:5b:5f:94:11:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e9be181aabdb195513a26c67b621e2986818d03d
        Validity
            Not Before: Jan  2 12:34:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8c02f8a353220fc615d38356f962bfcffd95062a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:14:c2:a6:5d:88:fb:a3:8f:c2:c5:52:fa:6a:
                    f0:35:a8:ad:c6:29:83:ba:95:9a:01:da:66:84:ed:
                    58:a2:a6:a1:41:57:c1:57:9a:10:48:c8:62:d9:83:
                    db:24:bc:92:a1:d6:cd:68:67:15:87:0b:16:91:6e:
                    7a:d4:92:2b:f5:10:32:69:39:f8:d2:b3:50:99:4d:
                    69:64:11:2f:f2:fd:4f:96:c4:8a:f8:8d:fd:48:3a:
                    f8:36:42:e1:19:c2:46:a0:c7:b7:af:89:59:8f:dd:
                    a0:f4:69:26:22:8c:13:6f:35:7b:39:c3:6a:e7:f4:
                    48:69:5b:68:d9:5b:1a:d9:74:a2:3a:cc:9b:68:ac:
                    b8:b4:b0:ad:f2:69:9f:a3:d3:f7:94:c0:0d:a8:85:
                    3e:55:db:ec:18:6a:e2:32:f0:09:51:28:60:89:8d:
                    98:51:77:15:ff:a5:dd:f0:af:51:97:49:7f:aa:3c:
                    36:cf:3e:fc:d2:04:08:b5:71:3b:8e:35:41:49:82:
                    e7:22:63:f0:2f:ca:d8:4e:34:e1:fd:d2:69:57:1b:
                    a0:f6:ff:09:67:1b:01:4f:c7:78:a8:fd:d2:f4:8f:
                    c8:2b:5e:4b:f4:da:d1:ff:26:4e:2a:eb:86:a8:bf:
                    03:bc:57:37:36:73:50:0b:b7:b3:44:6b:1f:fc:f0:
                    bb:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:02:F8:A3:53:22:0F:C6:15:D3:83:56:F9:62:BF:CF:FD:95:06:2A
            X509v3 Authority Key Identifier:
                keyid:E9:BE:18:1A:AB:DB:19:55:13:A2:6C:67:B6:21:E2:98:68:18:D0:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b4YGqvbGVUTomxntiHimGgY0D0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/becd16-a9e9-4cd6-800e-f008dd83e32a/1/jAL4o1MiD8YV04NW-WK_z_2VBio.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/becd16-a9e9-4cd6-800e-f008dd83e32a/1/6b4YGqvbGVUTomxntiHimGgY0D0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.53.133.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:1d:75:95:46:26:5c:9b:ae:98:b1:98:cb:0c:e8:a7:ee:06:
         24:c4:87:b6:ec:2b:c3:32:74:00:51:ba:31:5b:4e:c0:47:b1:
         e9:1e:72:02:d3:e7:0e:cf:24:01:51:7c:7b:70:a5:74:8c:03:
         98:6e:d8:4c:20:42:34:0e:5a:45:8e:1f:c8:ef:32:40:8f:6b:
         1e:28:6f:63:23:75:ad:2d:92:0a:8b:b6:42:be:f8:67:45:9f:
         0d:cd:0f:d2:48:97:c2:ac:89:ce:70:2b:8b:d6:a4:f9:fd:ba:
         2a:da:e5:2b:0d:52:bf:b7:75:8d:12:82:53:5a:34:ca:3f:d0:
         17:1f:9d:c8:ba:e3:5e:95:bd:de:48:9e:3c:34:44:b0:f0:9a:
         bf:25:24:7d:76:d3:02:9f:d6:32:9c:de:36:3f:b4:ea:8a:94:
         f9:12:cf:60:f7:54:11:a7:bd:de:89:99:89:a2:8c:6b:7f:e9:
         ba:fd:f3:53:7b:47:94:17:fa:2f:92:5e:fd:c7:7c:ac:4a:e8:
         b0:94:5a:08:9f:5b:47:d3:9b:34:f6:96:d3:31:26:8a:7c:9e:
         8a:4e:e8:3e:6e:53:04:8c:44:96:46:81:71:ce:36:6a:0d:a2:
         bb:7b:3f:b7:f6:77:a7:4e:47:c5:59:72:1c:16:b6:2f:b4:c8:
         a7:fd:a3:fc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK1ha+bz0JqNv7VtflBFxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5YmUxODFhYWJkYjE5NTUxM2EyNmM2N2I2MjFlMjk4Njgx
OGQwM2QwHhcNMjQwMTAyMTIzNDQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YzAyZjhhMzUzMjIwZmM2MTVkMzgzNTZmOTYyYmZjZmZkOTUwNjJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzBTCpl2I+6OPwsVS+mrwNaitximD
upWaAdpmhO1YoqahQVfBV5oQSMhi2YPbJLySodbNaGcVhwsWkW561JIr9RAyaTn4
0rNQmU1pZBEv8v1PlsSK+I39SDr4NkLhGcJGoMe3r4lZj92g9GkmIowTbzV7OcNq
5/RIaVto2Vsa2XSiOsybaKy4tLCt8mmfo9P3lMANqIU+VdvsGGriMvAJUShgiY2Y
UXcV/6Xd8K9Rl0l/qjw2zz780gQItXE7jjVBSYLnImPwL8rYTjTh/dJpVxug9v8J
ZxsBT8d4qP3S9I/IK15L9NrR/yZOKuuGqL8DvFc3NnNQC7ezRGsf/PC7jwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIwC+KNTIg/GFdODVvliv8/9lQYqMB8GA1UdIwQY
MBaAFOm+GBqr2xlVE6JsZ7Yh4phoGNA9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNmI0WUdxdmJHVlVUb214bnRpSGltR2dZMEQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS9iZWNkMTYtYTllOS00Y2Q2LTgwMGUt
ZjAwOGRkODNlMzJhLzEvakFMNG8xTWlEOFlWMDROVy1XS196XzJWQmlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS9iZWNkMTYtYTllOS00Y2Q2LTgwMGUtZjAwOGRkODNlMzJh
LzEvNmI0WUdxdmJHVlVUb214bnRpSGltR2dZMEQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsDWFMA0G
CSqGSIb3DQEBCwUAA4IBAQCgHXWVRiZcm66YsZjLDOin7gYkxIe27CvDMnQAUbox
W07AR7HpHnIC0+cOzyQBUXx7cKV0jAOYbthMIEI0DlpFjh/I7zJAj2seKG9jI3Wt
LZIKi7ZCvvhnRZ8NzQ/SSJfCrInOcCuL1qT5/boq2uUrDVK/t3WNEoJTWjTKP9AX
H53IuuNelb3eSJ48NESw8Jq/JSR9dtMCn9YynN42P7TqipT5Es9g91QRp73eiZmJ
ooxrf+m6/fNTe0eUF/ovkl79x3ysSuiwlFoIn1tH05s09pbTMSaKfJ6KTug+blME
jESWRoFxzjZqDaK7ez+39nenTkfFWXIcFrYvtMin/aP8
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:00:58 2024 by rpki-client on console-ams.rpki-client.org