Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/7cecc7-f63d-43fc-b219-3955959eaf81/1/4XgSB1r6UtaATGLNGr9N8ndq1r0.roa
File:                     4XgSB1r6UtaATGLNGr9N8ndq1r0.roa (raw, json)
Hash identifier:          FrZeS1Q4dGX27ufxZNd7QL5JwY5vGxQC7Ca8hfWzfGk=
Subject key identifier:   E1:78:12:07:5A:FA:52:D6:80:4C:62:CD:1A:BF:4D:F2:77:6A:D6:BD
Certificate issuer:       /CN=458d12f095053c35876b88b47685d6435421fcf2
Certificate serial:       0181EF93CDAD197DF0FECA9E29DFA76B9744
Authority key identifier: 45:8D:12:F0:95:05:3C:35:87:6B:88:B4:76:85:D6:43:54:21:FC:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RY0S8JUFPDWHa4i0doXWQ1Qh_PI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/7cecc7-f63d-43fc-b219-3955959eaf81/1/4XgSB1r6UtaATGLNGr9N8ndq1r0.roa
Signing time:             Mon 11 Jul 2022 23:24:09 +0000
ROA not before:           Mon 11 Jul 2022 23:24:09 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     44066
IP address blocks:        79.132.138.0/24 maxlen: 24
                          79.132.136.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:81:ef:93:cd:ad:19:7d:f0:fe:ca:9e:29:df:a7:6b:97:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=458d12f095053c35876b88b47685d6435421fcf2
        Validity
            Not Before: Jul 11 23:24:09 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=e17812075afa52d6804c62cd1abf4df2776ad6bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:fb:09:c9:f9:37:7e:b3:f6:5a:1d:05:fe:1a:
                    29:00:e5:4e:07:56:b3:a2:f3:8c:7a:fb:d8:19:11:
                    39:27:27:4d:59:dc:67:c0:2e:57:64:ef:94:ef:3b:
                    27:b3:9e:7a:7b:d2:ad:7e:c0:9b:5e:a5:70:a9:1f:
                    e4:65:91:43:cb:f6:db:1f:14:e5:9e:1b:54:db:b5:
                    99:f0:b8:87:3b:70:4a:3a:45:52:bf:a8:b9:ff:81:
                    4f:9f:89:a7:20:3a:8f:a6:f8:75:fb:83:ef:cb:4a:
                    63:4b:52:25:7a:d6:3a:48:99:bb:4b:7c:c4:1b:1c:
                    ec:cd:df:01:b6:2f:78:61:46:1f:47:e4:00:d3:bd:
                    2e:c7:94:a6:17:a0:31:df:53:a3:6a:85:f8:ca:50:
                    07:85:9b:b2:29:b4:bb:6c:17:26:e1:c3:e3:0a:e0:
                    3e:e9:74:70:4e:96:a6:75:2d:5e:6b:9a:2c:42:55:
                    7a:6b:40:4f:c3:96:48:ac:f5:71:5c:e5:0a:81:02:
                    06:fd:be:be:ec:6f:53:19:cf:bf:90:7c:9c:24:e8:
                    2b:40:91:15:3a:1f:7d:fa:c8:18:e9:87:59:78:96:
                    b4:24:9b:ff:d0:07:e9:fe:dd:97:05:0f:ee:df:f2:
                    dd:be:ef:22:2c:58:b1:2f:6e:cd:c0:c5:c2:82:1f:
                    dc:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:78:12:07:5A:FA:52:D6:80:4C:62:CD:1A:BF:4D:F2:77:6A:D6:BD
            X509v3 Authority Key Identifier:
                keyid:45:8D:12:F0:95:05:3C:35:87:6B:88:B4:76:85:D6:43:54:21:FC:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RY0S8JUFPDWHa4i0doXWQ1Qh_PI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/7cecc7-f63d-43fc-b219-3955959eaf81/1/4XgSB1r6UtaATGLNGr9N8ndq1r0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/7cecc7-f63d-43fc-b219-3955959eaf81/1/RY0S8JUFPDWHa4i0doXWQ1Qh_PI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.132.136.0/24
                  79.132.138.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:42:26:de:e4:34:f8:69:5f:9d:ac:de:3b:bd:15:e2:6d:b4:
         a0:af:0b:df:67:24:22:ca:d2:6a:06:2d:90:80:4a:45:91:b0:
         50:0f:e0:88:af:47:6c:10:f3:74:34:ff:49:d9:32:26:89:c5:
         52:e2:2b:8e:e8:58:0e:ff:7b:49:25:de:6d:7c:7d:06:c0:64:
         83:69:98:d8:21:fc:9a:26:36:3e:c7:2e:e2:e6:0a:2d:f3:f1:
         c8:7d:be:32:63:a9:a3:ea:28:89:2b:1b:79:20:a1:94:2c:c4:
         39:51:11:b6:d3:78:2e:28:1e:f9:1e:cd:2c:0d:31:f8:d7:a3:
         58:d4:b4:6b:06:84:b9:40:e0:40:b6:93:62:f1:3f:1c:c9:3a:
         48:19:cb:3f:03:94:24:7e:be:96:f0:be:d3:b8:52:6b:88:5d:
         01:a0:14:2b:d2:eb:52:cd:a6:d7:96:7c:c2:d3:2c:a1:b3:15:
         95:b2:f0:67:cb:ef:66:5e:3b:6d:65:51:78:1c:1c:71:d5:79:
         2a:4b:0e:7a:b8:53:1a:54:68:f8:f9:cf:97:ca:be:af:6e:4c:
         63:e5:77:b8:ad:f8:25:4d:60:8e:b2:8c:9b:a9:2e:7d:03:7e:
         41:8e:9a:3f:c5:3d:98:8b:50:af:c6:b3:82:18:41:46:d6:9d:
         d9:24:91:26
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYHvk82tGX3w/sqeKd+na5dEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1OGQxMmYwOTUwNTNjMzU4NzZiODhiNDc2ODVkNjQzNTQy
MWZjZjIwHhcNMjIwNzExMjMyNDA5WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTc4MTIwNzVhZmE1MmQ2ODA0YzYyY2QxYWJmNGRmMjc3NmFkNmJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApvsJyfk3frP2Wh0F/hopAOVOB1az
ovOMevvYGRE5JydNWdxnwC5XZO+U7zsns556e9KtfsCbXqVwqR/kZZFDy/bbHxTl
nhtU27WZ8LiHO3BKOkVSv6i5/4FPn4mnIDqPpvh1+4Pvy0pjS1IletY6SJm7S3zE
Gxzszd8Bti94YUYfR+QA070ux5SmF6Ax31OjaoX4ylAHhZuyKbS7bBcm4cPjCuA+
6XRwTpamdS1ea5osQlV6a0BPw5ZIrPVxXOUKgQIG/b6+7G9TGc+/kHycJOgrQJEV
Oh99+sgY6YdZeJa0JJv/0Afp/t2XBQ/u3/Ldvu8iLFixL27NwMXCgh/c/QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOF4Egda+lLWgExizRq/TfJ3ata9MB8GA1UdIwQY
MBaAFEWNEvCVBTw1h2uItHaF1kNUIfzyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUlkwUzhKVUZQRFdIYTRpMGRvWFdRMVFoX1BJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS83Y2VjYzctZjYzZC00M2ZjLWIyMTkt
Mzk1NTk1OWVhZjgxLzEvNFhnU0IxcjZVdGFBVEdMTkdyOU44bmRxMXIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS83Y2VjYzctZjYzZC00M2ZjLWIyMTktMzk1NTk1OWVhZjgx
LzEvUlkwUzhKVUZQRFdIYTRpMGRvWFdRMVFoX1BJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAT4SIAwQA
T4SKMA0GCSqGSIb3DQEBCwUAA4IBAQCJQibe5DT4aV+drN47vRXibbSgrwvfZyQi
ytJqBi2QgEpFkbBQD+CIr0dsEPN0NP9J2TImicVS4iuO6FgO/3tJJd5tfH0GwGSD
aZjYIfyaJjY+xy7i5got8/HIfb4yY6mj6iiJKxt5IKGULMQ5URG203guKB75Hs0s
DTH416NY1LRrBoS5QOBAtpNi8T8cyTpIGcs/A5Qkfr6W8L7TuFJriF0BoBQr0utS
zabXlnzC0yyhsxWVsvBny+9mXjttZVF4HBxx1XkqSw56uFMaVGj4+c+Xyr6vbkxj
5Xe4rfglTWCOsoybqS59A35Bjpo/xT2Yi1CvxrOCGEFG1p3ZJJEm
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:03:55 2024 by rpki-client on console-ams.rpki-client.org