Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/e744bd-f6d9-4f74-8c01-8c4bc45927a3/1/2yVNmxBrH_lXW2y5Efu0089uvU4.roa
File:                     2yVNmxBrH_lXW2y5Efu0089uvU4.roa (raw, json)
Hash identifier:          v8LubArIpnWhKUIk4dpBfe5W1qjAxKhCBcas20mxLng=
Subject key identifier:   DB:25:4D:9B:10:6B:1F:F9:57:5B:6C:B9:11:FB:B4:D3:CF:6E:BD:4E
Certificate issuer:       /CN=5dd7336fa915721ce3bfee217f4e99164db9532b
Certificate serial:       062BD8A0
Authority key identifier: 5D:D7:33:6F:A9:15:72:1C:E3:BF:EE:21:7F:4E:99:16:4D:B9:53:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xdczb6kVchzjv-4hf06ZFk25Uys.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/e744bd-f6d9-4f74-8c01-8c4bc45927a3/1/2yVNmxBrH_lXW2y5Efu0089uvU4.roa
Signing time:             Sat 01 Jan 2022 12:04:24 +0000
ROA not before:           Sat 01 Jan 2022 12:04:24 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     26282
IP address blocks:        213.156.160.0/19 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 103536800 (0x62bd8a0)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5dd7336fa915721ce3bfee217f4e99164db9532b
        Validity
            Not Before: Jan  1 12:04:24 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=db254d9b106b1ff9575b6cb911fbb4d3cf6ebd4e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:81:06:55:0e:33:66:09:38:a5:b2:4b:db:29:
                    5e:77:47:27:63:51:14:e6:9f:88:0d:16:5a:4e:54:
                    0a:5f:26:fc:08:ea:20:38:c5:22:91:79:9d:a7:eb:
                    b3:6c:40:59:bb:06:c7:ca:c6:59:17:03:fe:ea:ed:
                    d3:c7:ef:bf:d8:7e:5e:f1:de:14:3a:99:8f:00:b5:
                    fd:13:75:cd:1e:13:dd:5a:89:f7:e6:60:a7:4c:c9:
                    fc:a2:8c:5f:4a:78:6c:7a:d1:2e:e4:c8:e6:4f:8e:
                    10:61:10:99:e2:53:fb:6e:fa:43:ab:fd:ea:f1:ef:
                    55:ac:39:20:74:ed:b3:1c:40:ae:3f:1a:54:70:a6:
                    64:2b:1b:a5:9e:12:30:f4:0d:37:72:1e:0a:ae:6e:
                    f0:91:9e:da:e8:be:ff:23:7a:01:55:a5:9b:87:28:
                    b5:7d:69:89:24:10:df:a3:df:e1:96:9e:4a:56:7e:
                    e2:d8:b6:b3:36:5b:49:e5:19:4e:bd:ec:21:a5:a8:
                    c7:24:a7:c8:6a:66:e0:84:99:05:65:3f:87:22:95:
                    b4:68:40:41:9d:71:0d:73:82:0b:df:b7:a9:43:7a:
                    4d:70:dd:ae:22:44:8c:13:55:56:0b:8f:28:6e:25:
                    e9:ba:5d:ed:78:ed:e7:49:f2:4e:9a:f3:aa:42:f8:
                    59:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:25:4D:9B:10:6B:1F:F9:57:5B:6C:B9:11:FB:B4:D3:CF:6E:BD:4E
            X509v3 Authority Key Identifier:
                keyid:5D:D7:33:6F:A9:15:72:1C:E3:BF:EE:21:7F:4E:99:16:4D:B9:53:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xdczb6kVchzjv-4hf06ZFk25Uys.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/e744bd-f6d9-4f74-8c01-8c4bc45927a3/1/2yVNmxBrH_lXW2y5Efu0089uvU4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/e744bd-f6d9-4f74-8c01-8c4bc45927a3/1/Xdczb6kVchzjv-4hf06ZFk25Uys.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.156.160.0/19

    Signature Algorithm: sha256WithRSAEncryption
         7d:97:f2:91:75:be:d5:5b:50:50:62:4c:e1:24:d2:76:52:32:
         8c:a1:cc:4e:aa:59:b7:f1:9c:28:bb:cb:f7:b5:77:aa:c2:3b:
         6d:b8:fa:09:30:dd:29:b8:13:e2:0d:ea:75:c1:5c:03:94:9c:
         5a:42:54:7c:18:a3:ba:cd:70:11:27:85:e4:07:4f:e1:95:33:
         dd:f1:83:43:47:54:87:42:35:d9:ec:f5:ce:22:fe:c5:19:c3:
         84:44:e5:03:0e:74:5c:ef:83:a4:16:a2:2e:d2:00:2c:34:fd:
         aa:fa:9a:6f:60:82:28:9f:04:a4:40:b0:f9:b0:47:30:13:f0:
         6e:19:ca:e2:7e:d6:eb:a3:6b:13:be:64:33:eb:e6:73:05:ef:
         a8:37:15:b6:48:ee:f2:55:26:03:00:c8:0c:2d:4b:bd:7a:f9:
         45:fc:ee:7e:c3:48:8e:e0:4f:99:ea:75:da:c9:99:f0:5f:cc:
         9b:9a:f4:a2:d8:10:ef:2d:46:cb:1b:d6:ea:4b:56:09:63:87:
         74:4c:5a:ea:37:c8:4c:5c:90:e1:29:8a:88:8f:49:d8:56:21:
         a3:4a:2d:64:82:e4:29:b1:9a:ae:86:44:00:79:26:7d:6d:1b:
         9f:b7:17:02:5a:7b:d1:e2:ce:51:ea:fd:e0:85:1f:e1:04:5b:
         05:8a:da:26
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEBivYoDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg1
ZGQ3MzM2ZmE5MTU3MjFjZTNiZmVlMjE3ZjRlOTkxNjRkYjk1MzJiMB4XDTIyMDEw
MTEyMDQyNFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZGIyNTRkOWIxMDZi
MWZmOTU3NWI2Y2I5MTFmYmI0ZDNjZjZlYmQ0ZTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALuBBlUOM2YJOKWyS9spXndHJ2NRFOafiA0WWk5UCl8m/Ajq
IDjFIpF5nafrs2xAWbsGx8rGWRcD/urt08fvv9h+XvHeFDqZjwC1/RN1zR4T3VqJ
9+Zgp0zJ/KKMX0p4bHrRLuTI5k+OEGEQmeJT+276Q6v96vHvVaw5IHTtsxxArj8a
VHCmZCsbpZ4SMPQNN3IeCq5u8JGe2ui+/yN6AVWlm4cotX1piSQQ36Pf4ZaeSlZ+
4ti2szZbSeUZTr3sIaWoxySnyGpm4ISZBWU/hyKVtGhAQZ1xDXOCC9+3qUN6TXDd
riJEjBNVVguPKG4l6bpd7Xjt50nyTprzqkL4WQsCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBTbJU2bEGsf+VdbbLkR+7TTz269TjAfBgNVHSMEGDAWgBRd1zNvqRVyHOO/
7iF/TpkWTblTKzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1hkY3piNmtWY2h6anYtNGhmMDZaRmsyNVV5cy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNWIvZTc0NGJkLWY2ZDktNGY3NC04YzAxLThjNGJjNDU5MjdhMy8x
LzJ5Vk5teEJySF9sWFcyeTVFZnUwMDg5dXZVNC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNWIv
ZTc0NGJkLWY2ZDktNGY3NC04YzAxLThjNGJjNDU5MjdhMy8xL1hkY3piNmtWY2h6
anYtNGhmMDZaRmsyNVV5cy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBdWcoDANBgkqhkiG9w0BAQsFAAOC
AQEAfZfykXW+1VtQUGJM4STSdlIyjKHMTqpZt/GcKLvL97V3qsI7bbj6CTDdKbgT
4g3qdcFcA5ScWkJUfBijus1wESeF5AdP4ZUz3fGDQ0dUh0I12ez1ziL+xRnDhETl
Aw50XO+DpBaiLtIALDT9qvqab2CCKJ8EpECw+bBHMBPwbhnK4n7W66NrE75kM+vm
cwXvqDcVtkju8lUmAwDIDC1LvXr5RfzufsNIjuBPmep12smZ8F/Mm5r0otgQ7y1G
yxvW6ktWCWOHdExa6jfITFyQ4SmKiI9J2FYho0otZILkKbGaroZEAHkmfW0bn7cX
Alp70eLOUer94IUf4QRbBYraJg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:11:56 2024 by rpki-client on console-ams.rpki-client.org