Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/xHhewTCPqwMLZM6QFYucYJtqKlA.roa
File:                     xHhewTCPqwMLZM6QFYucYJtqKlA.roa (raw, json)
Hash identifier:          XMne/TA/kfBL3eOn6l6fWLHPlmyg2UP7Sc9ugwm/kfs=
Subject key identifier:   C4:78:5E:C1:30:8F:AB:03:0B:64:CE:90:15:8B:9C:60:9B:6A:2A:50
Certificate issuer:       /CN=7bab6c11d41162db0306858f83e5e65121132a6b
Certificate serial:       03EE4EFE
Authority key identifier: 7B:AB:6C:11:D4:11:62:DB:03:06:85:8F:83:E5:E6:51:21:13:2A:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e6tsEdQRYtsDBoWPg-XmUSETKms.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/xHhewTCPqwMLZM6QFYucYJtqKlA.roa
Signing time:             Sat 01 Jan 2022 06:00:45 +0000
ROA not before:           Sat 01 Jan 2022 06:00:45 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     16509
IP address blocks:        107.150.176.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 65949438 (0x3ee4efe)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7bab6c11d41162db0306858f83e5e65121132a6b
        Validity
            Not Before: Jan  1 06:00:45 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=c4785ec1308fab030b64ce90158b9c609b6a2a50
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:b3:fa:68:8e:29:6d:e5:b8:fe:4b:fb:73:b3:
                    3b:c4:d3:08:3f:17:f7:ab:02:8c:6e:03:d0:3e:39:
                    1c:70:20:35:79:fe:28:74:29:35:e5:4b:88:4b:f6:
                    6d:98:81:a6:25:37:43:82:6f:c6:a1:52:2f:5a:22:
                    af:df:3c:ce:6c:f7:46:08:53:9c:88:fd:13:b2:aa:
                    fb:76:f7:b9:f7:0a:f5:83:f6:63:b2:df:2e:b5:1f:
                    f3:a6:ea:73:8d:3e:8b:0c:05:87:31:89:5f:97:3a:
                    f2:88:15:2a:bc:00:16:1b:09:7b:47:d8:a9:fa:73:
                    b3:a2:0f:e8:27:18:9e:25:9c:6b:ef:ab:9b:ca:8a:
                    b5:6d:02:46:c7:df:6e:b4:f4:c3:02:34:8b:7c:f9:
                    16:12:6d:28:96:49:96:95:e6:9c:fd:5e:92:de:45:
                    54:a3:79:e5:a9:c5:ce:7f:0e:5c:79:ec:21:86:ba:
                    5a:b6:bb:01:53:d3:50:b4:20:d8:49:16:f3:f3:06:
                    de:09:30:a5:e2:f9:88:f4:e5:0c:3c:1f:6f:52:f1:
                    d2:28:a6:8f:fc:3d:a2:ca:97:cc:09:36:e6:ab:84:
                    c8:69:1c:df:7e:f6:c9:51:fa:b6:45:ff:31:1c:0f:
                    11:dd:49:44:01:bc:4f:a1:20:24:c2:9c:b7:b1:5f:
                    f0:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:78:5E:C1:30:8F:AB:03:0B:64:CE:90:15:8B:9C:60:9B:6A:2A:50
            X509v3 Authority Key Identifier:
                keyid:7B:AB:6C:11:D4:11:62:DB:03:06:85:8F:83:E5:E6:51:21:13:2A:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6tsEdQRYtsDBoWPg-XmUSETKms.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/xHhewTCPqwMLZM6QFYucYJtqKlA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/e6tsEdQRYtsDBoWPg-XmUSETKms.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  107.150.176.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:c6:31:d3:c9:e7:6d:00:62:00:c5:08:eb:4e:63:c0:4e:d4:
         cf:1d:d9:ca:1a:fc:88:a0:34:fb:ea:80:26:6f:06:00:8d:fc:
         e1:b8:6e:1c:77:fd:d0:ee:a7:d9:9e:59:3c:25:49:0c:49:f0:
         0b:bc:09:40:00:f7:1d:8b:c7:5c:17:b0:07:ef:16:4d:0c:64:
         ce:52:2d:60:96:2c:dd:a0:4d:21:69:54:1d:af:a7:64:10:f6:
         bb:e8:7a:b7:e3:59:5a:1c:eb:e6:c8:78:d1:d3:cd:8c:71:86:
         69:96:8b:75:84:6d:c4:32:de:68:5f:d2:4a:b8:8d:b3:ce:11:
         7f:29:7e:3f:70:dd:c7:9c:3c:58:54:e4:8f:74:fd:83:9e:9d:
         df:6b:e7:7d:fd:01:66:27:0f:9f:c2:61:d2:09:4e:d7:e3:96:
         a7:e8:48:78:04:f2:4b:72:ed:1d:12:cb:c6:08:47:87:2f:4e:
         35:60:7e:3b:0d:d3:b0:55:1b:8b:83:1f:28:c8:b5:b6:d9:43:
         07:7f:c6:be:42:3f:a5:d2:0e:a1:4e:f4:95:42:77:50:c0:51:
         54:82:a5:d8:ff:2d:68:f2:e9:b6:c3:ac:b6:48:5f:20:f8:d1:
         c5:e1:a4:3c:6b:51:88:b7:dd:a7:9d:85:e9:98:d5:c2:24:21:
         87:d0:3b:1c
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEA+5O/jANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg3
YmFiNmMxMWQ0MTE2MmRiMDMwNjg1OGY4M2U1ZTY1MTIxMTMyYTZiMB4XDTIyMDEw
MTA2MDA0NVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYzQ3ODVlYzEzMDhm
YWIwMzBiNjRjZTkwMTU4YjljNjA5YjZhMmE1MDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKiz+miOKW3luP5L+3OzO8TTCD8X96sCjG4D0D45HHAgNXn+
KHQpNeVLiEv2bZiBpiU3Q4JvxqFSL1oir988zmz3RghTnIj9E7Kq+3b3ufcK9YP2
Y7LfLrUf86bqc40+iwwFhzGJX5c68ogVKrwAFhsJe0fYqfpzs6IP6CcYniWca++r
m8qKtW0CRsffbrT0wwI0i3z5FhJtKJZJlpXmnP1ekt5FVKN55anFzn8OXHnsIYa6
Wra7AVPTULQg2EkW8/MG3gkwpeL5iPTlDDwfb1Lx0iimj/w9osqXzAk25quEyGkc
3372yVH6tkX/MRwPEd1JRAG8T6EgJMKct7Ff8KkCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBTEeF7BMI+rAwtkzpAVi5xgm2oqUDAfBgNVHSMEGDAWgBR7q2wR1BFi2wMG
hY+D5eZRIRMqazAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2U2dHNFZFFSWXRzREJvV1BnLVhtVVNFVEttcy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMzkvZDMzNGFkLTUyNDAtNGRhYS1hMDUwLTlmNWJmNzM2NzIwZS8x
L3hIaGV3VENQcXdNTFpNNlFGWXVjWUp0cUtsQS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzkv
ZDMzNGFkLTUyNDAtNGRhYS1hMDUwLTlmNWJmNzM2NzIwZS8xL2U2dHNFZFFSWXRz
REJvV1BnLVhtVVNFVEttcy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAGuWsDANBgkqhkiG9w0BAQsFAAOC
AQEAgMYx08nnbQBiAMUI605jwE7Uzx3Zyhr8iKA0++qAJm8GAI384bhuHHf90O6n
2Z5ZPCVJDEnwC7wJQAD3HYvHXBewB+8WTQxkzlItYJYs3aBNIWlUHa+nZBD2u+h6
t+NZWhzr5sh40dPNjHGGaZaLdYRtxDLeaF/SSriNs84Rfyl+P3Ddx5w8WFTkj3T9
g56d32vnff0BZicPn8Jh0glO1+OWp+hIeATyS3LtHRLLxghHhy9ONWB+Ow3TsFUb
i4MfKMi1ttlDB3/GvkI/pdIOoU70lUJ3UMBRVIKl2P8taPLptsOstkhfIPjRxeGk
PGtRiLfdp52F6ZjVwiQhh9A7HA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:03:35 2024 by rpki-client on console-ams.rpki-client.org