Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/4e52f1-13b2-45df-8a43-1a39e6a6de93/1/A7aTyiNXPr_AbObyfOuS_bHCXxw.roa
File:                     A7aTyiNXPr_AbObyfOuS_bHCXxw.roa (raw, json)
Hash identifier:          RoeB9lVKuMqxshglzK8HbZItzrMS6YTAFlRz/PTOzos=
Subject key identifier:   03:B6:93:CA:23:57:3E:BF:C0:6C:E6:F2:7C:EB:92:FD:B1:C2:5F:1C
Certificate issuer:       /CN=cddbefba8fe3c1f668c8444384fe4a3a9f4d87f1
Certificate serial:       018E3243C3DB3053A2002C4C8A1E276F1167
Authority key identifier: CD:DB:EF:BA:8F:E3:C1:F6:68:C8:44:43:84:FE:4A:3A:9F:4D:87:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zdvvuo_jwfZoyERDhP5KOp9Nh_E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/4e52f1-13b2-45df-8a43-1a39e6a6de93/1/A7aTyiNXPr_AbObyfOuS_bHCXxw.roa
Signing time:             Tue 12 Mar 2024 10:44:45 +0000
ROA not before:           Tue 12 Mar 2024 10:44:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49505
IP address blocks:        176.116.17.0/24 maxlen: 24
                          217.8.117.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:32:43:c3:db:30:53:a2:00:2c:4c:8a:1e:27:6f:11:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cddbefba8fe3c1f668c8444384fe4a3a9f4d87f1
        Validity
            Not Before: Mar 12 10:44:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=03b693ca23573ebfc06ce6f27ceb92fdb1c25f1c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:7c:59:b0:f9:2e:a2:8e:79:21:46:66:80:35:
                    a2:44:0e:d6:69:89:74:a6:ba:21:67:c0:7a:9d:c5:
                    87:bb:54:1e:00:57:d4:83:65:7e:68:43:b7:f4:af:
                    8a:cd:ce:27:fb:45:d7:9f:02:5e:01:b3:e2:82:70:
                    8d:3a:fc:69:d7:f1:5b:3e:d8:4a:64:4a:34:81:21:
                    5a:d5:d8:f9:1b:ea:6d:f3:1d:b6:62:7b:19:b8:35:
                    f5:2d:d6:fe:58:d5:63:a5:3c:9a:6d:da:74:c4:03:
                    03:c8:53:23:ca:1d:11:99:bb:e5:e9:e1:43:33:c7:
                    37:18:3d:14:4c:68:71:c1:31:32:26:22:79:fb:29:
                    1a:c3:34:ec:1a:66:a7:78:fc:ca:06:5d:17:bf:d9:
                    83:04:3b:ab:34:77:a6:63:67:28:58:d5:a7:0a:b3:
                    a9:c5:33:72:11:86:86:73:48:dd:a3:9d:f2:05:c9:
                    22:bf:56:f1:b3:19:a2:9d:50:9b:49:23:07:f4:5e:
                    05:a3:7a:41:54:67:8c:18:bd:db:29:1e:c1:46:1f:
                    eb:dd:f2:de:c0:2f:d3:6f:a3:02:49:86:f5:f3:2d:
                    cd:6c:e6:a2:eb:3f:4d:56:f1:84:19:be:04:5f:99:
                    e3:26:a0:0b:f4:a0:17:b2:5b:00:df:5f:ed:d7:85:
                    a2:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:B6:93:CA:23:57:3E:BF:C0:6C:E6:F2:7C:EB:92:FD:B1:C2:5F:1C
            X509v3 Authority Key Identifier:
                keyid:CD:DB:EF:BA:8F:E3:C1:F6:68:C8:44:43:84:FE:4A:3A:9F:4D:87:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zdvvuo_jwfZoyERDhP5KOp9Nh_E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/4e52f1-13b2-45df-8a43-1a39e6a6de93/1/A7aTyiNXPr_AbObyfOuS_bHCXxw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/4e52f1-13b2-45df-8a43-1a39e6a6de93/1/zdvvuo_jwfZoyERDhP5KOp9Nh_E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.116.17.0/24
                  217.8.117.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:25:ce:e8:99:fa:58:52:6a:b4:46:0e:cd:04:cb:e6:84:09:
         9d:02:11:c2:5f:e6:b1:f4:ae:be:b1:ec:98:86:a8:8b:3a:fa:
         33:68:6b:ff:b7:5d:b5:15:4e:06:11:10:f4:ce:6a:29:9f:0f:
         e6:d5:2a:b2:06:80:83:23:b2:39:3c:4a:82:98:d2:82:34:67:
         26:e2:6d:79:43:52:f4:9a:86:17:1d:72:6d:c9:29:3b:6e:53:
         f6:6d:63:bc:9f:54:e5:0b:29:6d:ea:58:58:a6:97:b7:5b:37:
         33:e5:c9:56:49:57:a8:c6:92:53:bc:52:02:37:15:51:a8:81:
         c4:96:94:ad:7e:e3:e2:e5:b0:db:b3:55:4e:43:cf:86:ce:5b:
         cc:a9:57:08:d9:65:50:87:71:30:71:bf:ce:23:1c:b6:da:f2:
         06:7c:b6:2d:70:7e:0c:3e:d8:ae:6c:3a:e8:8b:ae:9b:3a:ca:
         ef:c0:0d:e3:1d:fc:63:1a:5b:b7:cb:f3:e0:2b:1e:88:25:fa:
         6c:e7:70:bd:c9:21:eb:6e:db:be:08:b0:c9:f1:fa:61:82:e9:
         06:5d:fc:9b:4e:1f:26:bc:3f:6b:83:d1:38:56:44:e0:2a:4f:
         e1:b7:96:71:c7:d5:6a:f4:dc:a2:90:c0:66:1b:ce:29:0c:f8:
         40:ae:25:4a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY4yQ8PbMFOiACxMih4nbxFnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkZGJlZmJhOGZlM2MxZjY2OGM4NDQ0Mzg0ZmU0YTNhOWY0
ZDg3ZjEwHhcNMjQwMzEyMTA0NDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwM2I2OTNjYTIzNTczZWJmYzA2Y2U2ZjI3Y2ViOTJmZGIxYzI1ZjFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi3xZsPkuoo55IUZmgDWiRA7WaYl0
prohZ8B6ncWHu1QeAFfUg2V+aEO39K+Kzc4n+0XXnwJeAbPignCNOvxp1/FbPthK
ZEo0gSFa1dj5G+pt8x22YnsZuDX1Ldb+WNVjpTyabdp0xAMDyFMjyh0Rmbvl6eFD
M8c3GD0UTGhxwTEyJiJ5+ykawzTsGmanePzKBl0Xv9mDBDurNHemY2coWNWnCrOp
xTNyEYaGc0jdo53yBckiv1bxsxminVCbSSMH9F4Fo3pBVGeMGL3bKR7BRh/r3fLe
wC/Tb6MCSYb18y3NbOai6z9NVvGEGb4EX5njJqAL9KAXslsA31/t14Wi6QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAO2k8ojVz6/wGzm8nzrkv2xwl8cMB8GA1UdIwQY
MBaAFM3b77qP48H2aMhEQ4T+SjqfTYfxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemR2dnVvX2p3ZlpveUVSRGhQNUtPcDlOaF9FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC80ZTUyZjEtMTNiMi00NWRmLThhNDMt
MWEzOWU2YTZkZTkzLzEvQTdhVHlpTlhQcl9BYk9ieWZPdVNfYkhDWHh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC80ZTUyZjEtMTNiMi00NWRmLThhNDMtMWEzOWU2YTZkZTkz
LzEvemR2dnVvX2p3ZlpveUVSRGhQNUtPcDlOaF9FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAsHQRAwQA
2Qh1MA0GCSqGSIb3DQEBCwUAA4IBAQAkJc7omfpYUmq0Rg7NBMvmhAmdAhHCX+ax
9K6+seyYhqiLOvozaGv/t121FU4GERD0zmopnw/m1SqyBoCDI7I5PEqCmNKCNGcm
4m15Q1L0moYXHXJtySk7blP2bWO8n1TlCylt6lhYppe3Wzcz5clWSVeoxpJTvFIC
NxVRqIHElpStfuPi5bDbs1VOQ8+GzlvMqVcI2WVQh3Ewcb/OIxy22vIGfLYtcH4M
PtiubDroi66bOsrvwA3jHfxjGlu3y/PgKx6IJfps53C9ySHrbtu+CLDJ8fphgukG
XfybTh8mvD9rg9E4VkTgKk/ht5Zxx9Vq9NyikMBmG84pDPhAriVK
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:02:17 2024 by rpki-client on console-ams.rpki-client.org