Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/7cecc7-f63d-43fc-b219-3955959eaf81/1/nVKG2lzqsoOWV7aBsadHWgyk7Us.roa
File:                     nVKG2lzqsoOWV7aBsadHWgyk7Us.roa (raw, json)
Hash identifier:          HJ4YycZbbJgaI4FHBBQp00dm/zQV6i5MDQDMsJy3QOE=
Subject key identifier:   9D:52:86:DA:5C:EA:B2:83:96:57:B6:81:B1:A7:47:5A:0C:A4:ED:4B
Certificate issuer:       /CN=458d12f095053c35876b88b47685d6435421fcf2
Certificate serial:       01856FD53ABEB8832F510E94417B0CFB2BE6
Authority key identifier: 45:8D:12:F0:95:05:3C:35:87:6B:88:B4:76:85:D6:43:54:21:FC:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RY0S8JUFPDWHa4i0doXWQ1Qh_PI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/7cecc7-f63d-43fc-b219-3955959eaf81/1/nVKG2lzqsoOWV7aBsadHWgyk7Us.roa
Signing time:             Mon 02 Jan 2023 00:15:23 +0000
ROA not before:           Mon 02 Jan 2023 00:15:23 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     49981
IP address blocks:        79.132.137.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:d5:3a:be:b8:83:2f:51:0e:94:41:7b:0c:fb:2b:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=458d12f095053c35876b88b47685d6435421fcf2
        Validity
            Not Before: Jan  2 00:15:23 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=9d5286da5ceab2839657b681b1a7475a0ca4ed4b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:8c:42:fe:b5:2d:db:b2:30:9c:e4:b4:cc:c8:
                    70:12:6f:3b:08:32:bd:98:60:2d:26:43:14:94:a8:
                    54:57:59:fc:4e:6e:24:af:71:83:2d:6a:3c:df:47:
                    49:d9:bf:c1:f3:7b:f2:2d:3c:a8:03:94:d5:b0:ad:
                    fe:60:ac:72:0e:e2:5b:1e:89:e7:c7:47:c6:b2:6c:
                    61:45:d4:ae:d5:f7:64:92:f7:65:5e:a5:d1:e3:61:
                    3c:f9:16:e5:49:8d:b0:78:34:3b:83:d2:b5:3c:83:
                    bf:7d:2e:8d:da:98:9e:f6:ab:53:d1:a7:b7:75:44:
                    72:3d:41:79:65:92:79:c2:3c:9f:28:9f:5d:4b:f7:
                    c5:c5:48:ed:c4:44:33:c3:3a:58:d7:d4:61:70:05:
                    50:b7:d3:d9:17:85:37:57:cf:7d:e0:6b:9d:97:c4:
                    d1:2c:91:5a:ce:60:73:5a:ef:18:65:00:a9:e4:0d:
                    12:06:76:06:bd:99:3c:30:eb:f8:05:11:9b:76:3a:
                    df:ba:ba:99:a0:04:9c:b9:43:15:fb:b5:79:4c:2b:
                    ff:ee:36:88:a9:2a:21:ae:ce:2e:bb:e3:be:5f:29:
                    92:14:13:20:8b:f2:2e:f4:5b:c5:18:fa:b0:bd:ab:
                    75:94:36:43:ae:3f:a7:4f:32:9e:7e:18:12:1f:f7:
                    08:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:52:86:DA:5C:EA:B2:83:96:57:B6:81:B1:A7:47:5A:0C:A4:ED:4B
            X509v3 Authority Key Identifier:
                keyid:45:8D:12:F0:95:05:3C:35:87:6B:88:B4:76:85:D6:43:54:21:FC:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RY0S8JUFPDWHa4i0doXWQ1Qh_PI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/7cecc7-f63d-43fc-b219-3955959eaf81/1/nVKG2lzqsoOWV7aBsadHWgyk7Us.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/7cecc7-f63d-43fc-b219-3955959eaf81/1/RY0S8JUFPDWHa4i0doXWQ1Qh_PI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.132.137.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:e2:07:ad:b2:9d:9b:5f:61:6f:61:18:d0:ab:15:2c:aa:e7:
         ad:c9:f6:93:0e:08:3d:4e:fe:eb:b1:fb:37:38:d4:ce:65:b3:
         11:96:46:db:c5:a6:39:5c:23:64:32:6a:88:bf:be:e7:86:60:
         4c:8a:31:69:fe:66:c6:a4:37:6e:88:e6:4a:06:65:1a:2c:28:
         d4:07:05:26:0d:f5:26:47:3e:87:50:b3:aa:42:01:03:38:b8:
         de:88:2f:1d:76:05:16:9c:ee:af:3b:8e:b6:66:e3:ef:90:2d:
         f4:44:85:7b:01:37:65:40:c4:b4:f3:9c:1f:a2:37:5c:16:c2:
         e0:7d:7b:90:6f:47:98:d3:c2:8e:db:25:fc:8d:82:11:11:cf:
         b9:3a:52:8f:ba:0f:8b:9c:4d:2a:01:f0:8f:8c:22:a7:6d:52:
         fc:07:28:69:ff:58:ee:6b:ef:9c:a8:fd:63:e1:97:9c:c4:50:
         0e:b3:b8:8e:94:53:7a:8e:d5:51:a4:73:8d:f4:bf:2b:1f:04:
         df:6f:3a:7a:f7:64:29:ca:08:ca:8a:32:ea:b5:85:a0:cf:cb:
         c3:ef:6a:22:60:a8:2c:b8:a4:f0:0c:b9:96:33:30:ae:35:57:
         7a:c8:5b:06:b7:17:76:1d:92:46:93:b2:ba:07:b0:0b:d2:e3:
         c2:ee:17:20
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVv1Tq+uIMvUQ6UQXsM+yvmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1OGQxMmYwOTUwNTNjMzU4NzZiODhiNDc2ODVkNjQzNTQy
MWZjZjIwHhcNMjMwMTAyMDAxNTIzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDUyODZkYTVjZWFiMjgzOTY1N2I2ODFiMWE3NDc1YTBjYTRlZDRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmYxC/rUt27IwnOS0zMhwEm87CDK9
mGAtJkMUlKhUV1n8Tm4kr3GDLWo830dJ2b/B83vyLTyoA5TVsK3+YKxyDuJbHonn
x0fGsmxhRdSu1fdkkvdlXqXR42E8+RblSY2weDQ7g9K1PIO/fS6N2pie9qtT0ae3
dURyPUF5ZZJ5wjyfKJ9dS/fFxUjtxEQzwzpY19RhcAVQt9PZF4U3V8994Gudl8TR
LJFazmBzWu8YZQCp5A0SBnYGvZk8MOv4BRGbdjrfurqZoAScuUMV+7V5TCv/7jaI
qSohrs4uu+O+XymSFBMgi/Iu9FvFGPqwvat1lDZDrj+nTzKefhgSH/cIFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ1Shtpc6rKDlle2gbGnR1oMpO1LMB8GA1UdIwQY
MBaAFEWNEvCVBTw1h2uItHaF1kNUIfzyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUlkwUzhKVUZQRFdIYTRpMGRvWFdRMVFoX1BJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS83Y2VjYzctZjYzZC00M2ZjLWIyMTkt
Mzk1NTk1OWVhZjgxLzEvblZLRzJsenFzb09XVjdhQnNhZEhXZ3lrN1VzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS83Y2VjYzctZjYzZC00M2ZjLWIyMTktMzk1NTk1OWVhZjgx
LzEvUlkwUzhKVUZQRFdIYTRpMGRvWFdRMVFoX1BJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAT4SJMA0G
CSqGSIb3DQEBCwUAA4IBAQA14getsp2bX2FvYRjQqxUsquetyfaTDgg9Tv7rsfs3
ONTOZbMRlkbbxaY5XCNkMmqIv77nhmBMijFp/mbGpDduiOZKBmUaLCjUBwUmDfUm
Rz6HULOqQgEDOLjeiC8ddgUWnO6vO462ZuPvkC30RIV7ATdlQMS085wfojdcFsLg
fXuQb0eY08KO2yX8jYIREc+5OlKPug+LnE0qAfCPjCKnbVL8Byhp/1jua++cqP1j
4ZecxFAOs7iOlFN6jtVRpHON9L8rHwTfbzp692QpygjKijLqtYWgz8vD72oiYKgs
uKTwDLmWMzCuNVd6yFsGtxd2HZJGk7K6B7AL0uPC7hcg
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:26:02 2024 by rpki-client on console-fra.rpki-client.org