Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/7cecc7-f63d-43fc-b219-3955959eaf81/1/rTp3vhMZZxzf82rijIxwfeo3IQo.roa
File:                     rTp3vhMZZxzf82rijIxwfeo3IQo.roa (raw, json)
Hash identifier:          83b0LjumcbpeEk5S9AX1XNjJnZPZxvXB+yKMQHT31nk=
Subject key identifier:   AD:3A:77:BE:13:19:67:1C:DF:F3:6A:E2:8C:8C:70:7D:EA:37:21:0A
Certificate issuer:       /CN=458d12f095053c35876b88b47685d6435421fcf2
Certificate serial:       018A1A7123AC4FF4A1B73903C143D14F196B
Authority key identifier: 45:8D:12:F0:95:05:3C:35:87:6B:88:B4:76:85:D6:43:54:21:FC:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RY0S8JUFPDWHa4i0doXWQ1Qh_PI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/7cecc7-f63d-43fc-b219-3955959eaf81/1/rTp3vhMZZxzf82rijIxwfeo3IQo.roa
Signing time:             Mon 21 Aug 2023 23:32:16 +0000
ROA not before:           Mon 21 Aug 2023 23:32:16 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     44066
IP address blocks:        79.132.138.0/24 maxlen: 24
                          79.132.136.0/24 maxlen: 24
                          79.132.142.0/24 maxlen: 24
                          79.132.143.0/24 maxlen: 24
                          79.132.140.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:1a:71:23:ac:4f:f4:a1:b7:39:03:c1:43:d1:4f:19:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=458d12f095053c35876b88b47685d6435421fcf2
        Validity
            Not Before: Aug 21 23:32:16 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ad3a77be1319671cdff36ae28c8c707dea37210a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:f6:a6:f1:8b:7e:62:27:fa:b2:e7:5e:7b:92:
                    eb:2c:f0:d1:41:a9:02:82:26:e9:54:2b:51:2d:ca:
                    25:e7:b2:6e:11:bc:4c:c8:8f:71:ac:9d:a7:bd:3d:
                    c9:6f:61:b2:0d:d5:5c:1b:b6:0c:66:d3:eb:ae:96:
                    46:f9:36:bc:f2:8e:14:c9:e6:4a:b4:85:3c:61:7b:
                    72:20:b3:ed:ba:af:98:64:9d:e1:8a:92:6e:b2:8e:
                    47:11:0e:81:cc:ac:4f:71:cf:d1:c7:c5:65:98:3a:
                    26:9e:12:f0:05:3b:0d:8e:a0:1d:3b:99:0c:03:0c:
                    92:5d:c5:e1:72:23:af:03:98:ed:19:70:cc:1c:5d:
                    f1:fb:95:48:6d:35:ca:7e:ed:89:6e:44:7c:8f:e7:
                    71:2d:60:7b:cc:3b:7c:f5:10:0a:55:fb:55:db:bd:
                    47:c8:0b:a0:c9:1c:b1:1d:25:f3:56:aa:93:b1:79:
                    f2:2a:1e:6b:28:68:e4:81:3e:38:e3:8b:ac:a1:1d:
                    f2:28:59:5a:2a:23:ca:a9:7f:bf:87:87:38:e0:e7:
                    f1:47:5b:4c:b2:91:74:15:2c:95:f1:a7:c0:8d:0c:
                    d4:a4:b6:6b:c6:63:8b:73:d3:fb:62:61:19:f5:ac:
                    2f:57:61:ab:5a:90:55:81:b0:39:2e:3b:86:35:d7:
                    eb:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:3A:77:BE:13:19:67:1C:DF:F3:6A:E2:8C:8C:70:7D:EA:37:21:0A
            X509v3 Authority Key Identifier:
                keyid:45:8D:12:F0:95:05:3C:35:87:6B:88:B4:76:85:D6:43:54:21:FC:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RY0S8JUFPDWHa4i0doXWQ1Qh_PI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/7cecc7-f63d-43fc-b219-3955959eaf81/1/rTp3vhMZZxzf82rijIxwfeo3IQo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/7cecc7-f63d-43fc-b219-3955959eaf81/1/RY0S8JUFPDWHa4i0doXWQ1Qh_PI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.132.136.0/24
                  79.132.138.0/24
                  79.132.140.0/24
                  79.132.142.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a4:7e:cb:75:d3:c6:69:4f:ef:24:bc:93:80:9e:d6:1b:cc:14:
         8d:8b:23:9a:75:bd:bf:71:b2:46:40:c3:c8:c6:7f:5d:4a:14:
         4b:e5:c7:ca:8f:37:61:f9:0e:99:b0:2c:02:3e:2a:0b:f8:cf:
         e7:ea:cf:df:50:33:a7:15:a9:c9:18:c3:c5:71:5d:a8:35:96:
         74:50:13:de:b0:13:4d:59:c9:be:47:9e:e6:af:91:7d:14:07:
         bf:c7:b5:b8:8a:50:b2:44:f3:ab:24:bc:4d:db:72:7b:a6:c1:
         2e:44:2f:2d:ba:29:02:d5:3f:1a:4c:0e:c2:eb:96:1f:41:0f:
         e1:e6:dd:a0:d1:39:6d:c0:05:c0:a5:01:f4:48:0b:d1:a4:68:
         f6:c1:04:43:96:46:ba:8f:54:8c:c0:ba:f2:00:ec:0c:6a:7b:
         07:76:1a:58:7b:bd:5a:2c:a7:21:04:dd:a7:74:bf:b4:d0:13:
         0c:d5:01:c8:fb:bc:29:cd:d0:3f:99:23:ea:43:13:39:a0:8b:
         c1:e9:15:84:af:de:16:8e:46:14:21:4f:a8:a1:58:a5:ca:14:
         16:cb:ce:18:aa:b4:39:80:e1:c1:79:37:06:88:e9:61:7c:b6:
         1e:17:cd:00:9b:f5:52:98:59:29:f5:09:d7:56:97:8a:d7:fa:
         1f:d1:2a:13
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYoacSOsT/ShtzkDwUPRTxlrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1OGQxMmYwOTUwNTNjMzU4NzZiODhiNDc2ODVkNjQzNTQy
MWZjZjIwHhcNMjMwODIxMjMzMjE2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDNhNzdiZTEzMTk2NzFjZGZmMzZhZTI4YzhjNzA3ZGVhMzcyMTBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzPam8Yt+Yif6sudee5LrLPDRQakC
gibpVCtRLcol57JuEbxMyI9xrJ2nvT3Jb2GyDdVcG7YMZtPrrpZG+Ta88o4UyeZK
tIU8YXtyILPtuq+YZJ3hipJuso5HEQ6BzKxPcc/Rx8VlmDomnhLwBTsNjqAdO5kM
AwySXcXhciOvA5jtGXDMHF3x+5VIbTXKfu2JbkR8j+dxLWB7zDt89RAKVftV271H
yAugyRyxHSXzVqqTsXnyKh5rKGjkgT4444usoR3yKFlaKiPKqX+/h4c44OfxR1tM
spF0FSyV8afAjQzUpLZrxmOLc9P7YmEZ9awvV2GrWpBVgbA5LjuGNdfrKQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFK06d74TGWcc3/Nq4oyMcH3qNyEKMB8GA1UdIwQY
MBaAFEWNEvCVBTw1h2uItHaF1kNUIfzyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUlkwUzhKVUZQRFdIYTRpMGRvWFdRMVFoX1BJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS83Y2VjYzctZjYzZC00M2ZjLWIyMTkt
Mzk1NTk1OWVhZjgxLzEvclRwM3ZoTVpaeHpmODJyaWpJeHdmZW8zSVFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS83Y2VjYzctZjYzZC00M2ZjLWIyMTktMzk1NTk1OWVhZjgx
LzEvUlkwUzhKVUZQRFdIYTRpMGRvWFdRMVFoX1BJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAT4SIAwQA
T4SKAwQAT4SMAwQBT4SOMA0GCSqGSIb3DQEBCwUAA4IBAQCkfst108ZpT+8kvJOA
ntYbzBSNiyOadb2/cbJGQMPIxn9dShRL5cfKjzdh+Q6ZsCwCPioL+M/n6s/fUDOn
FanJGMPFcV2oNZZ0UBPesBNNWcm+R57mr5F9FAe/x7W4ilCyRPOrJLxN23J7psEu
RC8tuikC1T8aTA7C65YfQQ/h5t2g0TltwAXApQH0SAvRpGj2wQRDlka6j1SMwLry
AOwMansHdhpYe71aLKchBN2ndL+00BMM1QHI+7wpzdA/mSPqQxM5oIvB6RWEr94W
jkYUIU+ooVilyhQWy84YqrQ5gOHBeTcGiOlhfLYeF80Am/VSmFkp9QnXVpeK1/of
0SoT
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:26:02 2024 by rpki-client on console-fra.rpki-client.org