Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/e45ad6-e5ae-4819-9f24-f577aa46de83/1/NnsAJd1SywJ_om_yxBRiwzCTWQg.roa
File:                     NnsAJd1SywJ_om_yxBRiwzCTWQg.roa (raw, json)
Hash identifier:          OqvqDL1SqtJdF9TXwZul3pNe2YLQP5XXpA3gticSEc4=
Subject key identifier:   36:7B:00:25:DD:52:CB:02:7F:A2:6F:F2:C4:14:62:C3:30:93:59:08
Certificate issuer:       /CN=813e051cb831d1989607bb76c0bc5693ff947b53
Certificate serial:       094E5303
Authority key identifier: 81:3E:05:1C:B8:31:D1:98:96:07:BB:76:C0:BC:56:93:FF:94:7B:53
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gT4FHLgx0ZiWB7t2wLxWk_-Ue1M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/e45ad6-e5ae-4819-9f24-f577aa46de83/1/NnsAJd1SywJ_om_yxBRiwzCTWQg.roa
Signing time:             Mon 14 Mar 2022 07:52:24 +0000
ROA not before:           Mon 14 Mar 2022 07:52:24 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     25124
IP address blocks:        185.232.152.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 156128003 (0x94e5303)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=813e051cb831d1989607bb76c0bc5693ff947b53
        Validity
            Not Before: Mar 14 07:52:24 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=367b0025dd52cb027fa26ff2c41462c330935908
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:46:2c:a6:36:b4:1e:5f:78:c8:ee:aa:9a:4e:
                    bc:70:98:1b:c9:66:aa:29:8d:3c:1f:01:23:a9:a3:
                    aa:57:04:f8:ef:80:90:08:24:30:11:e2:26:59:b4:
                    bc:42:31:eb:a7:a2:06:e9:88:6d:71:c6:28:e9:c2:
                    74:01:9f:78:19:8f:e0:84:5b:88:4c:4f:84:fa:9e:
                    8a:f7:75:6a:42:c1:13:73:5a:02:78:10:61:36:52:
                    77:74:ed:64:25:6a:f8:be:a2:d1:c3:72:0a:1b:14:
                    cf:67:1d:2d:6e:01:4e:26:86:ab:ad:81:7f:a4:47:
                    66:c0:7d:d3:1b:43:a3:69:93:0b:52:22:5a:ff:11:
                    54:3a:b1:10:a7:71:5a:49:c3:ab:11:69:78:f8:b7:
                    c4:72:42:21:c9:11:3d:cf:5c:7f:02:85:ba:22:60:
                    07:73:bb:77:2e:47:0c:33:97:a3:36:72:86:64:31:
                    30:b3:4f:c0:e5:63:b4:42:e5:35:38:dd:9b:b4:db:
                    16:73:8e:39:ca:6d:2e:20:c1:4a:ae:79:6c:6c:71:
                    aa:0d:f4:f6:1d:a0:8d:74:08:76:e1:0e:2f:53:65:
                    f8:05:37:a6:57:78:49:fb:eb:80:39:10:72:35:b6:
                    c7:aa:d9:a4:bf:03:a6:0a:fa:0c:b6:0e:76:b5:b8:
                    66:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:7B:00:25:DD:52:CB:02:7F:A2:6F:F2:C4:14:62:C3:30:93:59:08
            X509v3 Authority Key Identifier:
                keyid:81:3E:05:1C:B8:31:D1:98:96:07:BB:76:C0:BC:56:93:FF:94:7B:53

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gT4FHLgx0ZiWB7t2wLxWk_-Ue1M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/e45ad6-e5ae-4819-9f24-f577aa46de83/1/NnsAJd1SywJ_om_yxBRiwzCTWQg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/e45ad6-e5ae-4819-9f24-f577aa46de83/1/gT4FHLgx0ZiWB7t2wLxWk_-Ue1M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.232.152.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:c1:a4:21:34:f8:d8:90:d0:5c:e2:8e:a3:81:14:5b:e9:36:
         51:fd:5c:40:ee:13:11:0f:7d:75:33:8c:53:b8:86:f3:e9:17:
         af:0e:d1:79:62:7a:db:5e:4c:58:72:a5:6d:87:2b:c7:86:50:
         7d:bd:2c:c4:8c:0b:5a:1f:ba:d1:32:73:48:dc:3f:31:5a:5d:
         a2:c8:3c:a5:54:c7:24:3c:ef:7d:0c:2a:35:f5:51:5b:e9:3d:
         80:3a:57:f8:31:f2:c9:16:35:8e:4a:cb:0e:98:bd:ff:4c:88:
         df:04:a7:75:54:b4:9f:15:05:43:cb:15:33:22:70:15:bd:64:
         77:ab:42:1a:10:1b:75:79:f8:8c:d4:20:98:98:53:23:b3:1f:
         79:bb:fe:61:6c:75:67:e0:f1:0c:61:96:5c:4d:e1:00:f5:ea:
         21:68:08:08:48:42:bb:de:48:8a:91:ec:f6:c6:d1:68:a3:09:
         e3:77:8c:51:54:9c:5c:73:71:a8:66:a7:10:c6:b4:f8:b6:5a:
         39:7c:91:66:f1:8e:fe:89:b9:f4:5f:47:a3:4e:7d:d2:6e:c4:
         a5:5f:f0:c4:62:44:49:bd:56:d7:0e:d1:8b:a1:47:4f:e5:2d:
         10:e5:77:57:63:ae:b0:0d:c9:24:4f:a0:9a:16:be:58:e3:fa:
         69:98:0d:80
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIECU5TAzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg4
MTNlMDUxY2I4MzFkMTk4OTYwN2JiNzZjMGJjNTY5M2ZmOTQ3YjUzMB4XDTIyMDMx
NDA3NTIyNFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMzY3YjAwMjVkZDUy
Y2IwMjdmYTI2ZmYyYzQxNDYyYzMzMDkzNTkwODCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANFGLKY2tB5feMjuqppOvHCYG8lmqimNPB8BI6mjqlcE+O+A
kAgkMBHiJlm0vEIx66eiBumIbXHGKOnCdAGfeBmP4IRbiExPhPqeivd1akLBE3Na
AngQYTZSd3TtZCVq+L6i0cNyChsUz2cdLW4BTiaGq62Bf6RHZsB90xtDo2mTC1Ii
Wv8RVDqxEKdxWknDqxFpePi3xHJCIckRPc9cfwKFuiJgB3O7dy5HDDOXozZyhmQx
MLNPwOVjtELlNTjdm7TbFnOOOcptLiDBSq55bGxxqg309h2gjXQIduEOL1Nl+AU3
pld4SfvrgDkQcjW2x6rZpL8Dpgr6DLYOdrW4ZucCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBQ2ewAl3VLLAn+ib/LEFGLDMJNZCDAfBgNVHSMEGDAWgBSBPgUcuDHRmJYH
u3bAvFaT/5R7UzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2dUNEZITGd4MFppV0I3dDJ3THhXa18tVWUxTS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNTkvZTQ1YWQ2LWU1YWUtNDgxOS05ZjI0LWY1NzdhYTQ2ZGU4My8x
L05uc0FKZDFTeXdKX29tX3l4QlJpd3pDVFdRZy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNTkv
ZTQ1YWQ2LWU1YWUtNDgxOS05ZjI0LWY1NzdhYTQ2ZGU4My8xL2dUNEZITGd4MFpp
V0I3dDJ3THhXa18tVWUxTS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALnomDANBgkqhkiG9w0BAQsFAAOC
AQEAJMGkITT42JDQXOKOo4EUW+k2Uf1cQO4TEQ99dTOMU7iG8+kXrw7ReWJ6215M
WHKlbYcrx4ZQfb0sxIwLWh+60TJzSNw/MVpdosg8pVTHJDzvfQwqNfVRW+k9gDpX
+DHyyRY1jkrLDpi9/0yI3wSndVS0nxUFQ8sVMyJwFb1kd6tCGhAbdXn4jNQgmJhT
I7Mfebv+YWx1Z+DxDGGWXE3hAPXqIWgICEhCu95IipHs9sbRaKMJ43eMUVScXHNx
qGanEMa0+LZaOXyRZvGO/om59F9Ho0590m7EpV/wxGJESb1W1w7Ri6FHT+UtEOV3
V2OusA3JJE+gmha+WOP6aZgNgA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:11:26 2024 by rpki-client on console-ams.rpki-client.org