Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/1FXekDeVVOKugv0PC3gPoi1H5bw.roa
File:                     1FXekDeVVOKugv0PC3gPoi1H5bw.roa (raw, json)
Hash identifier:          grVySMUYXDNRSu37Mv4TI6CWq62AggL5BKAxBsQxCjE=
Subject key identifier:   D4:55:DE:90:37:95:54:E2:AE:82:FD:0F:0B:78:0F:A2:2D:47:E5:BC
Certificate issuer:       /CN=3c4ed942e5c742e77bfb9beb954f872534f52848
Certificate serial:       01857195485E80E377115E565F267AE78A1D
Authority key identifier: 3C:4E:D9:42:E5:C7:42:E7:7B:FB:9B:EB:95:4F:87:25:34:F5:28:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PE7ZQuXHQud7-5vrlU-HJTT1KEg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/1FXekDeVVOKugv0PC3gPoi1H5bw.roa
Signing time:             Mon 02 Jan 2023 08:24:46 +0000
ROA not before:           Mon 02 Jan 2023 08:24:46 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     142430
IP address blocks:        62.182.173.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:71:95:48:5e:80:e3:77:11:5e:56:5f:26:7a:e7:8a:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3c4ed942e5c742e77bfb9beb954f872534f52848
        Validity
            Not Before: Jan  2 08:24:46 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d455de90379554e2ae82fd0f0b780fa22d47e5bc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:7b:ec:b3:75:3c:02:c8:38:ba:7d:bd:53:46:
                    08:34:cc:ea:2f:13:58:d7:a5:83:81:d3:6b:4f:c9:
                    0b:5c:0f:29:0c:e0:15:ee:7b:d1:71:da:83:7f:9e:
                    ee:3d:2d:df:8c:bd:10:b6:74:a5:79:13:57:b0:b5:
                    c9:05:84:7d:f0:90:ae:41:f1:44:10:f1:55:4b:dd:
                    52:27:fa:a2:92:f4:a8:01:ea:96:ed:53:ca:00:f1:
                    25:e5:18:12:80:53:6a:f5:c0:e1:39:63:68:07:cf:
                    83:85:4a:60:8d:93:09:aa:76:f4:ea:72:ff:be:b2:
                    a3:ba:f0:31:73:d9:a9:7e:c0:d6:ef:5f:15:24:05:
                    c4:ef:8c:e1:52:23:03:de:05:bc:00:8a:8c:91:70:
                    69:84:8f:d0:cb:d1:ff:bd:19:45:cf:90:ba:82:24:
                    80:5e:4e:5f:fe:2c:fe:1b:1f:65:94:0b:1a:83:2d:
                    5d:e8:8a:7e:7c:65:aa:ff:14:c5:b1:c3:c3:b0:0a:
                    da:f0:40:80:d7:ac:73:99:5b:9a:d9:b6:3b:25:11:
                    79:1c:ac:cb:43:41:de:d6:93:cb:ff:1d:6e:91:51:
                    2d:3b:06:d1:8c:91:a6:bf:f1:d3:7e:61:50:75:a5:
                    52:6d:83:ba:3c:cd:54:3d:43:f0:69:14:61:13:ed:
                    48:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:55:DE:90:37:95:54:E2:AE:82:FD:0F:0B:78:0F:A2:2D:47:E5:BC
            X509v3 Authority Key Identifier:
                keyid:3C:4E:D9:42:E5:C7:42:E7:7B:FB:9B:EB:95:4F:87:25:34:F5:28:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PE7ZQuXHQud7-5vrlU-HJTT1KEg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/1FXekDeVVOKugv0PC3gPoi1H5bw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/PE7ZQuXHQud7-5vrlU-HJTT1KEg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.182.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:66:fb:a9:e0:2d:a1:c2:19:a2:ac:13:ba:44:6f:22:4d:47:
         26:cc:aa:a6:df:bb:b3:e1:a0:a4:58:12:0c:59:e5:58:92:fe:
         eb:a5:16:22:17:5a:ba:ae:5d:aa:ca:c1:8e:aa:1b:ec:29:54:
         c0:10:f2:de:4f:b8:54:59:11:f1:50:68:b2:ff:f1:7a:00:a1:
         22:a7:e7:33:94:3b:1b:63:07:6a:ca:1b:b6:40:9f:97:5b:2b:
         8b:4b:cd:fb:4c:91:ab:6e:1f:5d:81:65:1e:16:39:45:1f:92:
         21:4e:6c:ec:bf:50:f2:37:47:a1:d9:d3:78:29:ca:7a:12:ab:
         5c:58:3e:a8:de:b8:2d:0e:2b:5a:bb:fc:bb:c9:fa:a1:ca:26:
         a3:32:84:9e:cb:a4:55:9a:d0:60:77:7e:9b:f6:56:93:50:25:
         d3:0a:a6:e5:58:9d:fd:00:1f:50:15:c4:d2:1c:d6:b0:51:57:
         1e:cf:19:56:8e:26:07:36:2e:11:73:a3:ae:45:aa:af:d9:a3:
         d5:ce:6d:d0:ad:cd:43:79:17:7d:29:c1:c8:2b:28:23:4c:d8:
         3b:fc:ca:ac:12:4d:f4:54:8c:ec:4e:d7:96:ee:be:f0:18:2f:
         ed:24:ef:2f:83:b7:8d:13:fe:2c:eb:93:5a:e4:23:a8:49:47:
         6d:ca:ad:39
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVxlUhegON3EV5WXyZ654odMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNjNGVkOTQyZTVjNzQyZTc3YmZiOWJlYjk1NGY4NzI1MzRm
NTI4NDgwHhcNMjMwMTAyMDgyNDQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDU1ZGU5MDM3OTU1NGUyYWU4MmZkMGYwYjc4MGZhMjJkNDdlNWJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm3vss3U8Asg4un29U0YINMzqLxNY
16WDgdNrT8kLXA8pDOAV7nvRcdqDf57uPS3fjL0QtnSleRNXsLXJBYR98JCuQfFE
EPFVS91SJ/qikvSoAeqW7VPKAPEl5RgSgFNq9cDhOWNoB8+DhUpgjZMJqnb06nL/
vrKjuvAxc9mpfsDW718VJAXE74zhUiMD3gW8AIqMkXBphI/Qy9H/vRlFz5C6giSA
Xk5f/iz+Gx9llAsagy1d6Ip+fGWq/xTFscPDsAra8ECA16xzmVua2bY7JRF5HKzL
Q0He1pPL/x1ukVEtOwbRjJGmv/HTfmFQdaVSbYO6PM1UPUPwaRRhE+1IuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNRV3pA3lVTiroL9Dwt4D6ItR+W8MB8GA1UdIwQY
MBaAFDxO2ULlx0Lne/ub65VPhyU09ShIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUEU3WlF1WEhRdWQ3LTV2cmxVLUhKVFQxS0VnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8xYmI0NWEtNTUxYy00OTY3LTk1Y2Et
NzczNDRiY2M5MTkxLzEvMUZYZWtEZVZWT0t1Z3YwUEMzZ1BvaTFINWJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8xYmI0NWEtNTUxYy00OTY3LTk1Y2EtNzczNDRiY2M5MTkx
LzEvUEU3WlF1WEhRdWQ3LTV2cmxVLUhKVFQxS0VnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPratMA0G
CSqGSIb3DQEBCwUAA4IBAQA2Zvup4C2hwhmirBO6RG8iTUcmzKqm37uz4aCkWBIM
WeVYkv7rpRYiF1q6rl2qysGOqhvsKVTAEPLeT7hUWRHxUGiy//F6AKEip+czlDsb
Ywdqyhu2QJ+XWyuLS837TJGrbh9dgWUeFjlFH5IhTmzsv1DyN0eh2dN4Kcp6Eqtc
WD6o3rgtDitau/y7yfqhyiajMoSey6RVmtBgd36b9laTUCXTCqblWJ39AB9QFcTS
HNawUVcezxlWjiYHNi4Rc6OuRaqv2aPVzm3Qrc1DeRd9KcHIKygjTNg7/MqsEk30
VIzsTteW7r7wGC/tJO8vg7eNE/4s65Na5COoSUdtyq05
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:15:09 2024 by rpki-client on console-ams.rpki-client.org