Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/mvRZJbaguqZY4JkEC8bnVJ200FU.roa
File:                     mvRZJbaguqZY4JkEC8bnVJ200FU.roa (raw, json)
Hash identifier:          ktjGNmLdc5AKZB2MEqLtLScIosd1JupBv2OnLPuFjBU=
Subject key identifier:   9A:F4:59:25:B6:A0:BA:A6:58:E0:99:04:0B:C6:E7:54:9D:B4:D0:55
Certificate issuer:       /CN=fe779e56238b6f2ea068ede4e20aef00c904132b
Certificate serial:       01856D4192C8670F49737974F638845F0563
Authority key identifier: FE:77:9E:56:23:8B:6F:2E:A0:68:ED:E4:E2:0A:EF:00:C9:04:13:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_neeViOLby6gaO3k4grvAMkEEys.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/mvRZJbaguqZY4JkEC8bnVJ200FU.roa
Signing time:             Sun 01 Jan 2023 12:14:51 +0000
ROA not before:           Sun 01 Jan 2023 12:14:51 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     0
IP address blocks:        92.53.188.0/22 maxlen: 24
                          176.52.128.0/22 maxlen: 24
                          176.52.132.0/22 maxlen: 24
                          176.52.136.0/22 maxlen: 22
                          176.52.144.0/22 maxlen: 24
                          176.52.140.0/22 maxlen: 22
                          176.52.152.0/22 maxlen: 22
                          176.52.148.0/22 maxlen: 24
                          176.52.156.0/22 maxlen: 22

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6d:41:92:c8:67:0f:49:73:79:74:f6:38:84:5f:05:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fe779e56238b6f2ea068ede4e20aef00c904132b
        Validity
            Not Before: Jan  1 12:14:51 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=9af45925b6a0baa658e099040bc6e7549db4d055
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:90:ac:a7:bf:e7:dc:4b:71:12:e5:e0:87:47:
                    64:7e:69:d6:3e:e0:a6:55:77:78:16:cf:44:c2:a3:
                    ba:4f:a4:39:b7:94:95:1d:e4:d2:35:2d:46:f6:6d:
                    40:7b:62:d6:f9:37:03:42:5c:d6:e1:f6:21:d5:10:
                    3a:48:6b:a2:ac:b7:9b:b2:81:d8:e9:bd:6e:a3:b0:
                    2b:0b:ed:ac:d2:df:92:58:92:4c:24:e0:7b:91:5d:
                    a5:46:d0:5c:6f:8c:3e:1c:64:16:b4:63:3c:2b:aa:
                    98:20:6f:d5:91:1c:52:aa:fe:60:f7:8c:84:ed:19:
                    c4:71:57:9c:ca:e7:3e:1b:2a:24:f1:67:ca:43:02:
                    95:81:12:57:78:8c:da:86:a3:a6:b1:50:dd:c0:92:
                    c6:f4:26:39:0a:68:b5:ba:04:98:45:de:c6:fa:b6:
                    0c:68:d3:bb:0b:97:36:c8:fb:41:00:60:cc:a5:89:
                    2c:be:0f:f5:f7:9d:3d:17:a0:89:7c:7c:17:7e:de:
                    d0:8b:da:0a:ed:a2:99:bf:8f:e0:c3:50:cb:03:3d:
                    de:7a:81:d2:71:17:26:32:68:27:84:f1:0f:73:d3:
                    d8:04:2d:94:6c:f1:6c:52:33:ef:6d:ee:d3:9c:1d:
                    e6:3f:d5:00:34:38:54:10:9a:15:05:de:f5:4d:63:
                    9a:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:F4:59:25:B6:A0:BA:A6:58:E0:99:04:0B:C6:E7:54:9D:B4:D0:55
            X509v3 Authority Key Identifier:
                keyid:FE:77:9E:56:23:8B:6F:2E:A0:68:ED:E4:E2:0A:EF:00:C9:04:13:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_neeViOLby6gaO3k4grvAMkEEys.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/mvRZJbaguqZY4JkEC8bnVJ200FU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/_neeViOLby6gaO3k4grvAMkEEys.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.53.188.0/22
                  176.52.128.0/19

    Signature Algorithm: sha256WithRSAEncryption
         a5:b3:14:dd:a5:6a:65:df:93:7e:fb:ed:c5:58:5a:f1:58:53:
         bc:b8:b7:6e:37:6d:58:36:20:b1:88:63:d9:ee:54:d5:46:8f:
         16:8e:0b:eb:7b:fa:91:2a:c0:06:f1:d2:b3:f2:4f:c9:15:a8:
         b0:c9:1b:d9:c4:0f:41:c3:f8:bf:2c:2c:11:b0:53:35:91:14:
         55:aa:d9:ea:93:f5:c3:3e:9c:34:91:61:75:12:31:ee:2d:32:
         b8:34:ac:69:52:e8:e9:a1:93:86:32:e1:17:e4:cc:ff:db:4f:
         fe:8e:19:6e:c7:74:7a:bb:f0:0f:dc:e3:6d:5e:02:1b:db:ca:
         05:8e:99:98:f5:a0:b5:98:18:1b:6d:ac:8d:a5:55:11:80:b2:
         74:81:56:50:3c:c6:90:94:95:42:01:b4:d0:36:30:c0:2d:05:
         f7:b3:61:fa:e5:79:96:c2:a9:af:2a:f7:2b:79:98:f3:a6:18:
         6a:21:2d:2f:a6:34:a0:79:ee:dd:a4:59:a7:13:75:ff:df:60:
         cf:71:e4:57:e8:f6:1a:fc:90:af:8b:be:2c:ee:76:78:a6:2c:
         54:30:22:ff:bc:88:3f:f8:53:43:fb:47:90:8f:62:38:ab:86:
         7c:8a:cc:2e:b5:51:ac:50:78:d6:23:46:14:00:19:15:27:d8:
         88:4c:95:81
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYVtQZLIZw9Jc3l09jiEXwVjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlNzc5ZTU2MjM4YjZmMmVhMDY4ZWRlNGUyMGFlZjAwYzkw
NDEzMmIwHhcNMjMwMTAxMTIxNDUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YWY0NTkyNWI2YTBiYWE2NThlMDk5MDQwYmM2ZTc1NDlkYjRkMDU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAppCsp7/n3EtxEuXgh0dkfmnWPuCm
VXd4Fs9EwqO6T6Q5t5SVHeTSNS1G9m1Ae2LW+TcDQlzW4fYh1RA6SGuirLebsoHY
6b1uo7ArC+2s0t+SWJJMJOB7kV2lRtBcb4w+HGQWtGM8K6qYIG/VkRxSqv5g94yE
7RnEcVecyuc+Gyok8WfKQwKVgRJXeIzahqOmsVDdwJLG9CY5Cmi1ugSYRd7G+rYM
aNO7C5c2yPtBAGDMpYksvg/19509F6CJfHwXft7Qi9oK7aKZv4/gw1DLAz3eeoHS
cRcmMmgnhPEPc9PYBC2UbPFsUjPvbe7TnB3mP9UANDhUEJoVBd71TWOavwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJr0WSW2oLqmWOCZBAvG51SdtNBVMB8GA1UdIwQY
MBaAFP53nlYji28uoGjt5OIK7wDJBBMrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX25lZVZpT0xieTZnYU8zazRncnZBTWtFRXlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS80ZGU1OTgtNmIwMy00YmVmLWFiMTQt
MzM4OTQ5MTNkY2I3LzEvbXZSWkpiYWd1cVpZNEprRUM4Ym5WSjIwMEZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS80ZGU1OTgtNmIwMy00YmVmLWFiMTQtMzM4OTQ5MTNkY2I3
LzEvX25lZVZpT0xieTZnYU8zazRncnZBTWtFRXlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCXDW8AwQF
sDSAMA0GCSqGSIb3DQEBCwUAA4IBAQClsxTdpWpl35N+++3FWFrxWFO8uLduN21Y
NiCxiGPZ7lTVRo8Wjgvre/qRKsAG8dKz8k/JFaiwyRvZxA9Bw/i/LCwRsFM1kRRV
qtnqk/XDPpw0kWF1EjHuLTK4NKxpUujpoZOGMuEX5Mz/20/+jhlux3R6u/AP3ONt
XgIb28oFjpmY9aC1mBgbbayNpVURgLJ0gVZQPMaQlJVCAbTQNjDALQX3s2H65XmW
wqmvKvcreZjzphhqIS0vpjSgee7dpFmnE3X/32DPceRX6PYa/JCvi74s7nZ4pixU
MCL/vIg/+FND+0eQj2I4q4Z8iswutVGsUHjWI0YUABkVJ9iITJWB
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:50:13 2024 by rpki-client on console-fra.rpki-client.org