Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/dVvNI-EadWU-UGGUolEHB7I9Bto.roa
File:                     dVvNI-EadWU-UGGUolEHB7I9Bto.roa (raw, json)
Hash identifier:          LyTwsFMnxA2og1YEVKy0uAz6x24JM4T+11apNJMje7c=
Subject key identifier:   75:5B:CD:23:E1:1A:75:65:3E:50:61:94:A2:51:07:07:B2:3D:06:DA
Certificate issuer:       /CN=fe779e56238b6f2ea068ede4e20aef00c904132b
Certificate serial:       04C453BD
Authority key identifier: FE:77:9E:56:23:8B:6F:2E:A0:68:ED:E4:E2:0A:EF:00:C9:04:13:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_neeViOLby6gaO3k4grvAMkEEys.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/dVvNI-EadWU-UGGUolEHB7I9Bto.roa
Signing time:             Wed 27 Apr 2022 19:08:41 +0000
ROA not before:           Wed 27 Apr 2022 19:08:41 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     2914
IP address blocks:        176.52.136.0/22 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 79975357 (0x4c453bd)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fe779e56238b6f2ea068ede4e20aef00c904132b
        Validity
            Not Before: Apr 27 19:08:41 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=755bcd23e11a75653e506194a2510707b23d06da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:d1:d3:db:50:42:94:dd:33:7a:79:3a:d4:2d:
                    7a:c2:a3:95:c9:b3:38:c8:4d:29:35:a2:29:df:69:
                    4b:2e:23:8f:96:41:be:ea:2d:1c:b1:53:fb:54:27:
                    9e:ad:8a:d6:43:7e:b8:0f:f0:bd:96:30:48:27:dd:
                    f5:43:0c:98:e9:2a:d0:03:bb:e9:8e:dd:a4:69:45:
                    98:7b:22:b5:5d:27:f9:bf:0a:2a:4a:26:15:5e:88:
                    ad:e5:4d:0a:51:03:58:62:3b:07:4f:7f:cb:dc:df:
                    c8:c8:c3:71:92:11:d5:16:54:fe:35:4c:f5:0e:f1:
                    72:a6:13:53:65:8b:8f:57:8b:e4:9f:0b:29:3d:bd:
                    a1:72:da:de:a9:70:94:e8:78:d2:c2:9d:fe:e2:b0:
                    d8:ef:ba:9b:e4:f2:59:da:75:9a:45:3f:08:4a:00:
                    6d:3a:8c:2a:4e:74:c4:65:8c:9c:29:d9:f5:3a:9d:
                    0a:3e:76:2c:b3:46:db:f7:96:da:5a:d0:13:53:eb:
                    83:20:b1:43:fa:ab:29:8d:dc:cb:c0:33:cb:8f:18:
                    70:1d:6e:30:fd:92:9e:d6:b3:c3:a8:ef:ac:24:a1:
                    6f:ea:e8:bf:58:67:28:07:99:6b:2c:5c:28:a9:b7:
                    34:49:f6:26:06:59:38:40:d6:4a:27:ea:83:b7:f8:
                    ee:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:5B:CD:23:E1:1A:75:65:3E:50:61:94:A2:51:07:07:B2:3D:06:DA
            X509v3 Authority Key Identifier:
                keyid:FE:77:9E:56:23:8B:6F:2E:A0:68:ED:E4:E2:0A:EF:00:C9:04:13:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_neeViOLby6gaO3k4grvAMkEEys.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/dVvNI-EadWU-UGGUolEHB7I9Bto.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/_neeViOLby6gaO3k4grvAMkEEys.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.52.136.0/22

    Signature Algorithm: sha256WithRSAEncryption
         11:a1:66:55:16:c1:aa:02:d1:23:9a:35:9a:57:2a:41:96:23:
         07:9f:b5:71:bb:a9:35:d0:38:cd:e4:d7:a0:14:2f:1e:8f:15:
         43:7f:6f:52:81:27:89:78:06:a8:8e:51:4d:8d:50:6c:9d:30:
         7a:10:06:da:92:00:ab:d2:10:91:c6:9e:79:4e:80:a6:b3:09:
         b3:c6:c9:40:a5:7f:ba:26:b5:88:7f:49:4b:16:fd:2f:a9:15:
         cc:1b:f8:f0:1c:39:4b:72:08:cc:eb:75:c5:0c:64:38:07:c6:
         ac:8c:31:8d:8e:e3:af:8d:8b:8c:08:30:c8:b2:cf:2b:49:16:
         76:eb:0c:6e:fb:90:bd:1d:90:df:d6:e3:52:f0:39:b1:cf:7b:
         a8:15:19:0f:8f:b0:05:ae:51:ff:68:ea:1f:69:00:f2:f9:80:
         d8:91:95:4a:d0:00:e2:7a:82:9c:3a:34:b0:5e:9d:3f:36:9e:
         6c:c1:3d:9a:d8:26:10:f3:ae:95:90:c2:a7:54:62:23:86:45:
         21:9d:00:2b:ef:65:31:ca:49:54:98:d1:a0:0c:bd:aa:61:54:
         b3:82:f6:54:d5:f1:da:42:69:95:b9:07:59:df:38:a0:b5:27:
         8c:a6:c7:cf:c8:2d:33:7d:d2:15:4f:66:24:df:83:8c:c1:9f:
         e6:0f:94:d7
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEBMRTvTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhm
ZTc3OWU1NjIzOGI2ZjJlYTA2OGVkZTRlMjBhZWYwMGM5MDQxMzJiMB4XDTIyMDQy
NzE5MDg0MVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNzU1YmNkMjNlMTFh
NzU2NTNlNTA2MTk0YTI1MTA3MDdiMjNkMDZkYTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANHR09tQQpTdM3p5OtQtesKjlcmzOMhNKTWiKd9pSy4jj5ZB
vuotHLFT+1Qnnq2K1kN+uA/wvZYwSCfd9UMMmOkq0AO76Y7dpGlFmHsitV0n+b8K
KkomFV6IreVNClEDWGI7B09/y9zfyMjDcZIR1RZU/jVM9Q7xcqYTU2WLj1eL5J8L
KT29oXLa3qlwlOh40sKd/uKw2O+6m+TyWdp1mkU/CEoAbTqMKk50xGWMnCnZ9Tqd
Cj52LLNG2/eW2lrQE1PrgyCxQ/qrKY3cy8Azy48YcB1uMP2Sntazw6jvrCShb+ro
v1hnKAeZayxcKKm3NEn2JgZZOEDWSifqg7f47r0CAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBR1W80j4Rp1ZT5QYZSiUQcHsj0G2jAfBgNVHSMEGDAWgBT+d55WI4tvLqBo
7eTiCu8AyQQTKzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L19uZWVWaU9MYnk2Z2FPM2s0Z3J2QU1rRUV5cy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYjEvNGRlNTk4LTZiMDMtNGJlZi1hYjE0LTMzODk0OTEzZGNiNy8x
L2RWdk5JLUVhZFdVLVVHR1VvbEVIQjdJOUJ0by5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjEv
NGRlNTk4LTZiMDMtNGJlZi1hYjE0LTMzODk0OTEzZGNiNy8xL19uZWVWaU9MYnk2
Z2FPM2s0Z3J2QU1rRUV5cy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEArA0iDANBgkqhkiG9w0BAQsFAAOC
AQEAEaFmVRbBqgLRI5o1mlcqQZYjB5+1cbupNdA4zeTXoBQvHo8VQ39vUoEniXgG
qI5RTY1QbJ0wehAG2pIAq9IQkcaeeU6AprMJs8bJQKV/uia1iH9JSxb9L6kVzBv4
8Bw5S3IIzOt1xQxkOAfGrIwxjY7jr42LjAgwyLLPK0kWdusMbvuQvR2Q39bjUvA5
sc97qBUZD4+wBa5R/2jqH2kA8vmA2JGVStAA4nqCnDo0sF6dPzaebME9mtgmEPOu
lZDCp1RiI4ZFIZ0AK+9lMcpJVJjRoAy9qmFUs4L2VNXx2kJplbkHWd84oLUnjKbH
z8gtM33SFU9mJN+DjMGf5g+U1w==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:50:13 2024 by rpki-client on console-fra.rpki-client.org