Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Y5MbvoXWoSV2wfuXdZKEK4KnEro.roa
File:                     Y5MbvoXWoSV2wfuXdZKEK4KnEro.roa (raw, json)
Hash identifier:          9oI4K3jgmeTXT9olJcZDGUjYe1Lopqs/lhmTeiA37gs=
Subject key identifier:   63:93:1B:BE:85:D6:A1:25:76:C1:FB:97:75:92:84:2B:82:A7:12:BA
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       1E1AB2E0
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Y5MbvoXWoSV2wfuXdZKEK4KnEro.roa
Signing time:             Thu 21 Apr 2022 12:46:18 +0000
ROA not before:           Thu 21 Apr 2022 12:46:18 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     211252
IP address blocks:        185.252.178.0/24 maxlen: 24
                          185.252.179.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 505066208 (0x1e1ab2e0)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Apr 21 12:46:18 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=63931bbe85d6a12576c1fb977592842b82a712ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:38:b5:ee:70:90:14:32:3a:d9:ea:3d:ab:df:
                    1f:fb:b3:4c:9c:8f:04:cf:51:16:09:f0:ac:36:7d:
                    40:ea:01:09:0d:22:e3:c6:54:03:78:53:90:db:54:
                    e7:9e:48:b5:fa:e2:0e:2a:f5:1d:ee:92:d8:8f:8f:
                    05:83:a7:ed:6e:b0:7e:fa:07:20:ac:33:d9:06:62:
                    81:6e:48:58:e4:18:19:10:fd:98:b5:75:64:80:f2:
                    26:c2:8e:9f:c9:1d:e4:7f:8e:44:69:26:fa:01:e6:
                    f8:9c:46:0d:b2:c3:e4:97:cb:d0:bb:b9:2c:10:14:
                    af:f3:d2:3a:b3:ee:cc:c8:f1:68:34:7f:c5:fd:d0:
                    b5:80:51:08:f5:1a:fa:5b:4a:db:e7:35:f4:ac:14:
                    72:2e:4e:76:d4:d8:e8:0c:b4:27:6a:aa:92:c5:33:
                    71:e9:f1:a5:5b:e6:92:46:84:f1:f2:17:d6:d6:52:
                    e9:db:f2:89:fc:d6:3c:73:41:09:57:f6:7b:0c:7e:
                    7d:41:99:f2:12:6b:78:71:a3:93:9e:eb:20:2c:99:
                    54:91:06:5b:d5:93:2d:40:b1:b6:8c:af:e5:e5:cd:
                    f6:ed:aa:ec:9a:e7:29:2f:9f:b9:1f:2b:e3:1b:37:
                    f2:26:86:2a:bb:58:a8:57:e0:26:24:ac:db:6c:c1:
                    dc:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:93:1B:BE:85:D6:A1:25:76:C1:FB:97:75:92:84:2B:82:A7:12:BA
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Y5MbvoXWoSV2wfuXdZKEK4KnEro.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.252.178.0/23

    Signature Algorithm: sha256WithRSAEncryption
         83:97:31:15:76:1b:20:cd:9c:0a:c4:86:83:8a:ae:c6:d0:17:
         39:4f:45:36:78:81:21:41:26:60:f7:ca:fe:c2:f9:1d:13:e8:
         03:71:ab:52:b1:a7:8e:99:07:60:f0:02:bf:25:8f:78:17:18:
         4c:5a:c6:ed:0a:f6:21:72:b3:1e:5f:6a:14:41:80:cf:54:35:
         18:51:71:28:56:a0:6a:b0:5a:d1:2b:1b:0b:f3:c4:f8:3a:20:
         87:d9:e1:8e:59:f4:a6:e4:5c:5d:ca:a4:81:82:42:d1:9f:19:
         01:f8:d4:0a:76:08:60:72:82:d7:5e:24:56:42:be:11:e8:ee:
         49:b8:95:40:fb:ca:39:cd:6f:b5:ee:5f:56:66:2b:15:49:4c:
         b0:c8:1a:7f:d2:81:e2:12:fc:a7:28:77:0b:be:65:78:ee:73:
         4a:8d:bc:b3:6a:60:70:32:da:5a:4d:da:d4:1d:5f:62:8a:c9:
         8c:72:1e:33:fa:9c:56:2a:5e:d5:e5:13:cb:d0:66:11:56:ff:
         82:e9:42:0b:5d:ee:cd:80:28:5d:0a:98:55:45:a3:1f:9c:85:
         0b:2e:d8:b4:25:2e:c3:a8:db:bd:10:8c:02:76:7c:b2:95:75:
         2f:9f:bb:0c:db:7d:94:63:98:dc:10:6c:c5:7e:95:9f:9f:23:
         22:f1:a4:b6
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEHhqy4DANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygy
MmM0YWMzZTNjNDNkNzBkMDUzNDljODE1YmFhZGQzOGFkNzc1ZTlkMB4XDTIyMDQy
MTEyNDYxOFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNjM5MzFiYmU4NWQ2
YTEyNTc2YzFmYjk3NzU5Mjg0MmI4MmE3MTJiYTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJE4te5wkBQyOtnqPavfH/uzTJyPBM9RFgnwrDZ9QOoBCQ0i
48ZUA3hTkNtU555ItfriDir1He6S2I+PBYOn7W6wfvoHIKwz2QZigW5IWOQYGRD9
mLV1ZIDyJsKOn8kd5H+ORGkm+gHm+JxGDbLD5JfL0Lu5LBAUr/PSOrPuzMjxaDR/
xf3QtYBRCPUa+ltK2+c19KwUci5OdtTY6Ay0J2qqksUzcenxpVvmkkaE8fIX1tZS
6dvyifzWPHNBCVf2ewx+fUGZ8hJreHGjk57rICyZVJEGW9WTLUCxtoyv5eXN9u2q
7JrnKS+fuR8r4xs38iaGKrtYqFfgJiSs22zB3EkCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBRjkxu+hdahJXbB+5d1koQrgqcSujAfBgNVHSMEGDAWgBQixKw+PEPXDQU0
nIFbqt04rXdenTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0lzU3NQanhEMXcwRk5KeUJXNnJkT0sxM1hwMC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMDMvOTEzYTNhLWY1NTAtNDZmMC1hY2M3LWNkM2NhNTk3NTcxMi8x
L1k1TWJ2b1hXb1NWMndmdVhkWktFSzRLbkVyby5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDMv
OTEzYTNhLWY1NTAtNDZmMC1hY2M3LWNkM2NhNTk3NTcxMi8xL0lzU3NQanhEMXcw
Rk5KeUJXNnJkT0sxM1hwMC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAbn8sjANBgkqhkiG9w0BAQsFAAOC
AQEAg5cxFXYbIM2cCsSGg4quxtAXOU9FNniBIUEmYPfK/sL5HRPoA3GrUrGnjpkH
YPACvyWPeBcYTFrG7Qr2IXKzHl9qFEGAz1Q1GFFxKFagarBa0SsbC/PE+Dogh9nh
jln0puRcXcqkgYJC0Z8ZAfjUCnYIYHKC114kVkK+EejuSbiVQPvKOc1vte5fVmYr
FUlMsMgaf9KB4hL8pyh3C75leO5zSo28s2pgcDLaWk3a1B1fYorJjHIeM/qcVipe
1eUTy9BmEVb/gulCC13uzYAoXQqYVUWjH5yFCy7YtCUuw6jbvRCMAnZ8spV1L5+7
DNt9lGOY3BBsxX6Vn58jIvGktg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:36 2024 by rpki-client on console-ams.rpki-client.org