Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/e744bd-f6d9-4f74-8c01-8c4bc45927a3/1/2jsNa7_zEXxxltyOGc2DGyfTH7o.roa
File:                     2jsNa7_zEXxxltyOGc2DGyfTH7o.roa (raw, json)
Hash identifier:          Q+13O1Ex+u/OhwXq5yw28GZjWEKMmyRsKqTpgIcGrU4=
Subject key identifier:   DA:3B:0D:6B:BF:F3:11:7C:71:96:DC:8E:19:CD:83:1B:27:D3:1F:BA
Certificate issuer:       /CN=5dd7336fa915721ce3bfee217f4e99164db9532b
Certificate serial:       0185718344929B056878386A4111EB52B30B
Authority key identifier: 5D:D7:33:6F:A9:15:72:1C:E3:BF:EE:21:7F:4E:99:16:4D:B9:53:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xdczb6kVchzjv-4hf06ZFk25Uys.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/e744bd-f6d9-4f74-8c01-8c4bc45927a3/1/2jsNa7_zEXxxltyOGc2DGyfTH7o.roa
Signing time:             Mon 02 Jan 2023 08:05:06 +0000
ROA not before:           Mon 02 Jan 2023 08:05:06 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     26282
IP address blocks:        213.156.160.0/19 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:71:83:44:92:9b:05:68:78:38:6a:41:11:eb:52:b3:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5dd7336fa915721ce3bfee217f4e99164db9532b
        Validity
            Not Before: Jan  2 08:05:06 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=da3b0d6bbff3117c7196dc8e19cd831b27d31fba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:59:55:d8:44:7e:a1:ef:f3:12:ed:2d:1f:6e:
                    ea:95:f6:03:35:29:bb:40:91:5e:79:f9:8e:9d:ba:
                    64:4d:de:7d:b8:a6:7f:2a:dd:fc:94:72:f2:1b:0b:
                    14:44:42:b6:11:8b:ea:46:4f:f0:4f:f5:ff:96:66:
                    a5:75:29:9a:e4:75:8e:32:ec:54:fb:4d:ca:c5:c2:
                    dd:80:4f:f0:a8:78:c4:3d:9c:2c:70:e0:92:f0:3c:
                    f4:11:5f:b1:3c:56:05:58:ad:b3:c6:23:67:69:3d:
                    45:e7:4c:76:51:36:b8:0e:b8:57:1e:e5:41:41:7c:
                    67:24:20:b1:7f:9e:3f:79:07:b0:2f:57:f4:26:41:
                    4b:10:fe:b5:cd:75:49:20:2c:db:45:67:d5:9d:d8:
                    f9:aa:b8:1b:e1:4b:81:5a:ca:48:70:9e:67:00:e6:
                    f7:00:58:55:9f:ab:b2:97:59:09:bf:2c:65:7c:2d:
                    01:94:11:bb:d8:6d:cf:fd:3b:20:71:ac:98:c4:6a:
                    a5:eb:2e:ce:aa:b1:19:a6:7c:12:49:8b:18:6d:45:
                    5c:58:57:f0:c0:12:1d:db:b3:c7:27:54:d7:d7:9e:
                    71:bb:af:49:de:ce:27:38:cc:18:d0:7b:69:40:69:
                    f2:36:73:3a:61:44:a1:77:fd:5a:bf:63:b6:0e:3e:
                    c4:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:3B:0D:6B:BF:F3:11:7C:71:96:DC:8E:19:CD:83:1B:27:D3:1F:BA
            X509v3 Authority Key Identifier:
                keyid:5D:D7:33:6F:A9:15:72:1C:E3:BF:EE:21:7F:4E:99:16:4D:B9:53:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xdczb6kVchzjv-4hf06ZFk25Uys.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/e744bd-f6d9-4f74-8c01-8c4bc45927a3/1/2jsNa7_zEXxxltyOGc2DGyfTH7o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/e744bd-f6d9-4f74-8c01-8c4bc45927a3/1/Xdczb6kVchzjv-4hf06ZFk25Uys.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.156.160.0/19

    Signature Algorithm: sha256WithRSAEncryption
         a0:ea:20:ab:4c:f9:5d:22:3d:e6:1f:1e:f3:72:4b:0f:eb:62:
         fb:e9:06:4f:4b:87:a2:9c:c4:b5:57:69:51:be:dc:b5:3d:bb:
         41:03:7c:90:d5:18:ee:c9:2a:c5:1f:d1:7e:8f:be:62:31:4f:
         50:bb:2a:c6:85:56:8b:4b:78:0c:9e:5a:2d:2c:25:a3:4b:24:
         79:8f:e3:9e:0e:d5:ac:de:07:33:d4:51:bd:ed:0e:be:a4:5e:
         45:40:5a:53:49:b9:f3:60:72:ea:72:36:29:4f:04:60:98:0b:
         61:c8:e5:6e:2c:fd:8c:a3:2d:bf:9b:69:e5:88:ac:f3:c3:db:
         5f:fb:be:ad:43:56:5f:93:18:0a:b7:0e:c7:4e:b1:72:64:8e:
         bc:27:22:db:ec:8c:db:e8:e2:a7:62:e2:82:4d:15:07:e4:b0:
         c8:a8:75:68:4e:30:f2:7c:ae:8b:7d:68:b9:33:24:5e:2f:5f:
         c9:28:63:79:8c:1a:d4:7b:37:5c:db:b8:ff:83:aa:f2:6b:3f:
         4e:5d:f0:b2:b6:e6:38:98:9c:07:d7:dd:2f:89:97:c8:8d:04:
         aa:ee:0b:30:66:c6:cb:a5:9b:9f:95:f6:37:90:3a:10:1a:12:
         16:a3:58:f7:69:6d:64:e3:26:47:61:34:6b:82:c0:7e:0d:08:
         25:31:07:d2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVxg0SSmwVoeDhqQRHrUrMLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkZDczMzZmYTkxNTcyMWNlM2JmZWUyMTdmNGU5OTE2NGRi
OTUzMmIwHhcNMjMwMTAyMDgwNTA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTNiMGQ2YmJmZjMxMTdjNzE5NmRjOGUxOWNkODMxYjI3ZDMxZmJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiFlV2ER+oe/zEu0tH27qlfYDNSm7
QJFeefmOnbpkTd59uKZ/Kt38lHLyGwsUREK2EYvqRk/wT/X/lmaldSma5HWOMuxU
+03KxcLdgE/wqHjEPZwscOCS8Dz0EV+xPFYFWK2zxiNnaT1F50x2UTa4DrhXHuVB
QXxnJCCxf54/eQewL1f0JkFLEP61zXVJICzbRWfVndj5qrgb4UuBWspIcJ5nAOb3
AFhVn6uyl1kJvyxlfC0BlBG72G3P/TsgcayYxGql6y7OqrEZpnwSSYsYbUVcWFfw
wBId27PHJ1TX155xu69J3s4nOMwY0HtpQGnyNnM6YUShd/1av2O2Dj7EgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNo7DWu/8xF8cZbcjhnNgxsn0x+6MB8GA1UdIwQY
MBaAFF3XM2+pFXIc47/uIX9OmRZNuVMrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGRjemI2a1ZjaHpqdi00aGYwNlpGazI1VXlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi9lNzQ0YmQtZjZkOS00Zjc0LThjMDEt
OGM0YmM0NTkyN2EzLzEvMmpzTmE3X3pFWHh4bHR5T0djMkRHeWZUSDdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi9lNzQ0YmQtZjZkOS00Zjc0LThjMDEtOGM0YmM0NTkyN2Ez
LzEvWGRjemI2a1ZjaHpqdi00aGYwNlpGazI1VXlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQF1ZygMA0G
CSqGSIb3DQEBCwUAA4IBAQCg6iCrTPldIj3mHx7zcksP62L76QZPS4einMS1V2lR
vty1PbtBA3yQ1RjuySrFH9F+j75iMU9QuyrGhVaLS3gMnlotLCWjSyR5j+OeDtWs
3gcz1FG97Q6+pF5FQFpTSbnzYHLqcjYpTwRgmAthyOVuLP2Moy2/m2nliKzzw9tf
+76tQ1ZfkxgKtw7HTrFyZI68JyLb7Izb6OKnYuKCTRUH5LDIqHVoTjDyfK6LfWi5
MyReL1/JKGN5jBrUezdc27j/g6ryaz9OXfCytuY4mJwH190viZfIjQSq7gswZsbL
pZuflfY3kDoQGhIWo1j3aW1k4yZHYTRrgsB+DQglMQfS
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:31:11 2024 by rpki-client on console-fra.rpki-client.org