Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/8oPRLuHPeb8_BEDsbD09j2zOIp8.roa
File:                     8oPRLuHPeb8_BEDsbD09j2zOIp8.roa (raw, json)
Hash identifier:          Jg+u2Ue9yTW1N5xQDtclz7/Y+7bHAzlerPCXjiYCMf4=
Subject key identifier:   F2:83:D1:2E:E1:CF:79:BF:3F:04:40:EC:6C:3D:3D:8F:6C:CE:22:9F
Certificate issuer:       /CN=fe779e56238b6f2ea068ede4e20aef00c904132b
Certificate serial:       01860A140F1F33CD249DE81D19A70CDCF3BC
Authority key identifier: FE:77:9E:56:23:8B:6F:2E:A0:68:ED:E4:E2:0A:EF:00:C9:04:13:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_neeViOLby6gaO3k4grvAMkEEys.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/8oPRLuHPeb8_BEDsbD09j2zOIp8.roa
Signing time:             Tue 31 Jan 2023 23:05:32 +0000
ROA not before:           Tue 31 Jan 2023 23:05:32 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     0
IP address blocks:        176.52.128.0/20 maxlen: 24
                          176.52.144.0/20 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:0a:14:0f:1f:33:cd:24:9d:e8:1d:19:a7:0c:dc:f3:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fe779e56238b6f2ea068ede4e20aef00c904132b
        Validity
            Not Before: Jan 31 23:05:32 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f283d12ee1cf79bf3f0440ec6c3d3d8f6cce229f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:50:43:6f:0f:d0:3a:5c:60:03:06:c1:aa:32:
                    34:b2:d8:65:f3:8f:23:38:54:c6:8f:37:d7:c6:7c:
                    4c:c4:75:aa:3d:32:4d:fa:62:14:33:22:2a:c3:7c:
                    8f:60:40:47:58:9d:24:aa:17:e7:ac:fb:72:73:a3:
                    34:e3:23:b1:d2:a7:ff:6f:07:7a:cf:fd:a7:eb:3c:
                    43:a3:22:43:53:c3:86:f7:2a:bd:90:ed:e1:b7:ad:
                    31:7c:8c:7f:07:20:83:1d:73:5f:f6:59:b3:63:5e:
                    fb:02:b1:a0:88:38:9a:b5:ee:e4:78:ce:4c:2f:76:
                    07:cb:f9:bf:39:20:e2:63:6b:3c:a7:57:12:09:ab:
                    66:70:d1:ca:a1:11:99:4c:4a:84:e8:54:2d:9a:f6:
                    27:f0:97:9c:84:79:77:71:d1:17:11:05:82:4d:16:
                    3b:9c:75:4e:55:7c:f4:b3:49:d1:32:5c:5e:41:f2:
                    50:02:02:23:c5:9c:dd:c3:a1:52:bb:4c:db:1e:0e:
                    bc:07:2c:fd:ec:fb:69:a1:1a:35:75:2a:9a:6a:c9:
                    30:7c:8f:2a:c0:7b:41:b3:0f:e4:92:56:ee:7a:de:
                    62:87:b4:6f:22:e3:a6:e8:bf:8f:b5:de:a6:a3:cd:
                    6f:ba:1d:9a:a9:1b:bc:ac:d5:29:e0:09:98:dc:8c:
                    b7:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:83:D1:2E:E1:CF:79:BF:3F:04:40:EC:6C:3D:3D:8F:6C:CE:22:9F
            X509v3 Authority Key Identifier:
                keyid:FE:77:9E:56:23:8B:6F:2E:A0:68:ED:E4:E2:0A:EF:00:C9:04:13:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_neeViOLby6gaO3k4grvAMkEEys.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/8oPRLuHPeb8_BEDsbD09j2zOIp8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/_neeViOLby6gaO3k4grvAMkEEys.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.52.128.0/19

    Signature Algorithm: sha256WithRSAEncryption
         37:b7:d9:0c:11:29:60:7b:fc:b1:f6:d5:43:11:e5:a1:de:eb:
         e1:d5:f7:85:df:66:81:f0:f0:70:4b:50:9b:80:99:f4:a9:ff:
         18:39:52:91:9b:c5:ba:33:e0:ac:7d:6f:02:13:fb:4d:d5:0a:
         80:86:ad:af:f0:54:60:22:71:dd:de:40:fb:54:e6:cf:52:da:
         31:29:41:4c:ed:6b:cf:05:d1:94:df:77:fc:27:b9:89:45:cb:
         b3:b0:00:d6:38:8a:7e:e7:eb:50:5d:4e:72:76:3e:59:2d:57:
         f3:b0:80:8c:af:31:0d:38:61:92:5c:90:cf:6d:66:ce:1d:04:
         04:1f:0c:d5:18:24:98:8a:6a:4c:38:b4:6b:a7:98:be:07:4e:
         cf:63:87:2f:ef:06:ad:68:42:0c:63:4a:fa:9f:80:b3:01:69:
         3c:8b:57:8d:48:58:d7:9d:4b:25:7b:0c:3c:2b:82:2e:bc:70:
         2f:16:28:fa:fc:3e:45:0f:67:a6:8f:19:9f:3d:c3:32:51:d7:
         e5:15:fb:28:69:24:ee:bc:8a:c8:90:3c:33:0d:73:e2:48:92:
         fa:f9:18:0a:26:f0:7c:85:90:2c:f5:6e:bc:16:4f:87:74:ff:
         12:0e:a4:ad:f1:95:a0:46:b9:b6:f6:48:11:ff:8c:7a:77:86:
         72:bd:ac:03
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYYKFA8fM80knegdGacM3PO8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlNzc5ZTU2MjM4YjZmMmVhMDY4ZWRlNGUyMGFlZjAwYzkw
NDEzMmIwHhcNMjMwMTMxMjMwNTMyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjgzZDEyZWUxY2Y3OWJmM2YwNDQwZWM2YzNkM2Q4ZjZjY2UyMjlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtFBDbw/QOlxgAwbBqjI0sthl848j
OFTGjzfXxnxMxHWqPTJN+mIUMyIqw3yPYEBHWJ0kqhfnrPtyc6M04yOx0qf/bwd6
z/2n6zxDoyJDU8OG9yq9kO3ht60xfIx/ByCDHXNf9lmzY177ArGgiDiate7keM5M
L3YHy/m/OSDiY2s8p1cSCatmcNHKoRGZTEqE6FQtmvYn8JechHl3cdEXEQWCTRY7
nHVOVXz0s0nRMlxeQfJQAgIjxZzdw6FSu0zbHg68Byz97PtpoRo1dSqaaskwfI8q
wHtBsw/kklbuet5ih7RvIuOm6L+Ptd6mo81vuh2aqRu8rNUp4AmY3Iy3uQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPKD0S7hz3m/PwRA7Gw9PY9sziKfMB8GA1UdIwQY
MBaAFP53nlYji28uoGjt5OIK7wDJBBMrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX25lZVZpT0xieTZnYU8zazRncnZBTWtFRXlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS80ZGU1OTgtNmIwMy00YmVmLWFiMTQt
MzM4OTQ5MTNkY2I3LzEvOG9QUkx1SFBlYjhfQkVEc2JEMDlqMnpPSXA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS80ZGU1OTgtNmIwMy00YmVmLWFiMTQtMzM4OTQ5MTNkY2I3
LzEvX25lZVZpT0xieTZnYU8zazRncnZBTWtFRXlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFsDSAMA0G
CSqGSIb3DQEBCwUAA4IBAQA3t9kMESlge/yx9tVDEeWh3uvh1feF32aB8PBwS1Cb
gJn0qf8YOVKRm8W6M+CsfW8CE/tN1QqAhq2v8FRgInHd3kD7VObPUtoxKUFM7WvP
BdGU33f8J7mJRcuzsADWOIp+5+tQXU5ydj5ZLVfzsICMrzENOGGSXJDPbWbOHQQE
HwzVGCSYimpMOLRrp5i+B07PY4cv7wataEIMY0r6n4CzAWk8i1eNSFjXnUsleww8
K4IuvHAvFij6/D5FD2emjxmfPcMyUdflFfsoaSTuvIrIkDwzDXPiSJL6+RgKJvB8
hZAs9W68Fk+HdP8SDqSt8ZWgRrm29kgR/4x6d4ZyvawD
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:39:04 2024 by rpki-client on console-ams.rpki-client.org