Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/A0t1x0zYX1vdDEYXk7QytWl4lh0.roa
File:                     A0t1x0zYX1vdDEYXk7QytWl4lh0.roa (raw, json)
Hash identifier:          epMNGajHpONGjD0m2OPnei9iTLE1dfwLR2K5j6oX+lE=
Subject key identifier:   03:4B:75:C7:4C:D8:5F:5B:DD:0C:46:17:93:B4:32:B5:69:78:96:1D
Certificate issuer:       /CN=fe779e56238b6f2ea068ede4e20aef00c904132b
Certificate serial:       018595EBE08898042356EF393EC428B4E4B0
Authority key identifier: FE:77:9E:56:23:8B:6F:2E:A0:68:ED:E4:E2:0A:EF:00:C9:04:13:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_neeViOLby6gaO3k4grvAMkEEys.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/A0t1x0zYX1vdDEYXk7QytWl4lh0.roa
Signing time:             Mon 09 Jan 2023 09:45:41 +0000
ROA not before:           Mon 09 Jan 2023 09:45:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     0
IP address blocks:        176.52.128.0/20 maxlen: 24
                          176.52.144.0/20 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:95:eb:e0:88:98:04:23:56:ef:39:3e:c4:28:b4:e4:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fe779e56238b6f2ea068ede4e20aef00c904132b
        Validity
            Not Before: Jan  9 09:45:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=034b75c74cd85f5bdd0c461793b432b56978961d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:66:8c:d0:fc:86:69:fa:da:fa:16:06:99:af:
                    c0:09:e1:29:f0:9f:49:b4:4b:6c:b8:db:17:73:49:
                    9d:e8:65:22:7e:d5:ac:fc:8a:1c:48:97:51:19:0c:
                    37:31:2f:84:9e:45:1a:84:51:22:69:85:7b:b8:c3:
                    5d:60:a6:5d:39:9b:5f:d9:5b:76:ab:59:23:b2:94:
                    a1:fe:8d:03:a9:3d:cc:81:0c:2a:c9:7d:6f:81:ed:
                    fb:6a:45:8b:a2:06:95:e7:a0:b8:b5:79:70:ae:dd:
                    6e:06:12:67:2d:86:e4:28:5f:93:dc:6a:54:e5:91:
                    56:1a:b8:ed:6b:19:25:1b:04:88:e2:d5:d8:9e:50:
                    67:ef:85:77:e5:6a:fa:d8:8e:67:05:34:d0:52:0d:
                    7d:16:25:b0:f5:76:eb:d3:f5:3f:23:69:21:7d:57:
                    7a:46:eb:95:db:84:3f:c3:83:fe:68:fa:b5:0b:fc:
                    dd:5d:82:a2:99:d8:e1:69:40:0a:8a:d5:e2:cc:2e:
                    59:55:6f:93:38:a2:13:9a:a9:1e:75:23:09:e4:d3:
                    3c:cc:cb:b3:b1:24:bf:16:52:9d:77:33:ed:08:97:
                    5a:42:b7:ff:c0:81:d2:36:b4:b4:b5:91:6c:e2:09:
                    b5:4a:05:8a:db:77:7c:c8:fb:21:29:cc:76:b1:70:
                    76:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:4B:75:C7:4C:D8:5F:5B:DD:0C:46:17:93:B4:32:B5:69:78:96:1D
            X509v3 Authority Key Identifier:
                keyid:FE:77:9E:56:23:8B:6F:2E:A0:68:ED:E4:E2:0A:EF:00:C9:04:13:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_neeViOLby6gaO3k4grvAMkEEys.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/A0t1x0zYX1vdDEYXk7QytWl4lh0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/_neeViOLby6gaO3k4grvAMkEEys.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.52.128.0/19

    Signature Algorithm: sha256WithRSAEncryption
         6a:f6:01:8b:dc:93:38:73:48:ff:ab:ec:8a:19:98:51:dc:54:
         5d:4a:70:dd:39:49:3c:20:38:89:f3:61:df:b3:96:97:15:ac:
         38:3b:88:68:8c:a7:8d:51:64:0c:7b:5d:b3:53:e9:ae:5d:38:
         f7:77:21:ad:12:98:7e:03:53:f6:ac:9e:78:5c:4b:4b:ae:03:
         d2:ef:b1:30:91:0c:ce:0e:53:16:81:3b:3a:dc:36:e5:11:56:
         8e:eb:7e:b5:1e:42:0e:56:d7:f9:8a:6a:92:8b:e5:3f:7d:d5:
         55:8c:cb:37:d1:20:19:e6:b5:f5:b7:1a:ff:b1:20:47:1a:31:
         66:0b:ae:39:62:9a:c1:d7:9d:aa:71:f6:60:65:c8:4d:aa:23:
         a0:33:34:fa:d6:73:03:77:cf:5c:eb:f2:c1:a1:15:ff:a9:4f:
         a0:8d:18:c8:b7:a7:49:54:55:c7:5d:10:90:40:94:46:1a:6b:
         a0:0a:cc:12:a1:31:b4:09:07:05:b4:8b:f6:d0:b7:29:1c:e2:
         6f:b4:2b:05:2d:29:cf:47:b0:89:1d:c9:ca:c9:f8:9a:af:30:
         de:a8:1a:48:fe:b1:16:35:bf:ef:2a:06:f2:32:8e:af:71:73:
         5b:b2:02:13:31:07:5f:cd:c1:85:d2:de:ae:af:8a:71:cb:a9:
         64:84:ef:d6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYWV6+CImAQjVu85PsQotOSwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlNzc5ZTU2MjM4YjZmMmVhMDY4ZWRlNGUyMGFlZjAwYzkw
NDEzMmIwHhcNMjMwMTA5MDk0NTQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzRiNzVjNzRjZDg1ZjViZGQwYzQ2MTc5M2I0MzJiNTY5Nzg5NjFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtGaM0PyGafra+hYGma/ACeEp8J9J
tEtsuNsXc0md6GUiftWs/IocSJdRGQw3MS+EnkUahFEiaYV7uMNdYKZdOZtf2Vt2
q1kjspSh/o0DqT3MgQwqyX1vge37akWLogaV56C4tXlwrt1uBhJnLYbkKF+T3GpU
5ZFWGrjtaxklGwSI4tXYnlBn74V35Wr62I5nBTTQUg19FiWw9Xbr0/U/I2khfVd6
RuuV24Q/w4P+aPq1C/zdXYKimdjhaUAKitXizC5ZVW+TOKITmqkedSMJ5NM8zMuz
sSS/FlKddzPtCJdaQrf/wIHSNrS0tZFs4gm1SgWK23d8yPshKcx2sXB2ywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFANLdcdM2F9b3QxGF5O0MrVpeJYdMB8GA1UdIwQY
MBaAFP53nlYji28uoGjt5OIK7wDJBBMrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX25lZVZpT0xieTZnYU8zazRncnZBTWtFRXlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS80ZGU1OTgtNmIwMy00YmVmLWFiMTQt
MzM4OTQ5MTNkY2I3LzEvQTB0MXgwellYMXZkREVZWGs3UXl0V2w0bGgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS80ZGU1OTgtNmIwMy00YmVmLWFiMTQtMzM4OTQ5MTNkY2I3
LzEvX25lZVZpT0xieTZnYU8zazRncnZBTWtFRXlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFsDSAMA0G
CSqGSIb3DQEBCwUAA4IBAQBq9gGL3JM4c0j/q+yKGZhR3FRdSnDdOUk8IDiJ82Hf
s5aXFaw4O4hojKeNUWQMe12zU+muXTj3dyGtEph+A1P2rJ54XEtLrgPS77EwkQzO
DlMWgTs63DblEVaO6361HkIOVtf5imqSi+U/fdVVjMs30SAZ5rX1txr/sSBHGjFm
C645YprB152qcfZgZchNqiOgMzT61nMDd89c6/LBoRX/qU+gjRjIt6dJVFXHXRCQ
QJRGGmugCswSoTG0CQcFtIv20LcpHOJvtCsFLSnPR7CJHcnKyfiarzDeqBpI/rEW
Nb/vKgbyMo6vcXNbsgITMQdfzcGF0t6ur4pxy6lkhO/W
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:39:04 2024 by rpki-client on console-ams.rpki-client.org