Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/e744bd-f6d9-4f74-8c01-8c4bc45927a3/1/n9tWB4DR1UFxzXPzRH7R_q4fI0U.roa
File:                     n9tWB4DR1UFxzXPzRH7R_q4fI0U.roa (raw, json)
Hash identifier:          r7yz6PJJ9K8a9EFFZdR6iAbni/lEnlp8/1iuqCYaZBc=
Subject key identifier:   9F:DB:56:07:80:D1:D5:41:71:CD:73:F3:44:7E:D1:FE:AE:1F:23:45
Certificate issuer:       /CN=5dd7336fa915721ce3bfee217f4e99164db9532b
Certificate serial:       062A278C
Authority key identifier: 5D:D7:33:6F:A9:15:72:1C:E3:BF:EE:21:7F:4E:99:16:4D:B9:53:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xdczb6kVchzjv-4hf06ZFk25Uys.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/e744bd-f6d9-4f74-8c01-8c4bc45927a3/1/n9tWB4DR1UFxzXPzRH7R_q4fI0U.roa
Signing time:             Sat 01 Jan 2022 12:04:23 +0000
ROA not before:           Sat 01 Jan 2022 12:04:23 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     14618
IP address blocks:        213.156.160.0/19 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 103425932 (0x62a278c)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5dd7336fa915721ce3bfee217f4e99164db9532b
        Validity
            Not Before: Jan  1 12:04:23 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=9fdb560780d1d54171cd73f3447ed1feae1f2345
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:c5:87:9c:54:47:22:d8:d5:f8:79:4b:4c:f0:
                    da:0b:1b:2d:13:19:c5:97:d5:a8:62:2b:98:5b:da:
                    96:74:da:bc:30:01:43:c5:a8:11:dc:4d:84:76:5f:
                    eb:b7:f8:34:98:e1:38:fd:a1:a2:ae:f3:25:b7:af:
                    07:a6:30:40:8a:b0:3c:e4:e0:c7:51:81:87:61:ba:
                    db:5d:1b:50:44:d0:9b:5c:ce:1c:08:33:f5:9f:06:
                    59:2d:48:79:6a:71:ba:c9:62:af:c2:7d:48:b5:e7:
                    51:f6:ea:62:16:0e:3d:23:ec:ec:fa:4c:f3:ff:ed:
                    92:12:c7:04:92:3b:fc:db:b1:1a:75:c5:20:13:54:
                    29:df:9b:6b:93:b9:dd:ca:f5:71:0f:0c:79:4c:54:
                    c9:9a:8a:7e:f8:db:df:12:2d:26:55:a6:28:32:ce:
                    0a:da:4b:10:33:f7:f6:ce:97:c5:fd:52:c2:6c:fb:
                    3e:7a:15:05:f3:71:ba:5b:f1:56:b6:f6:69:d5:64:
                    b5:99:76:e7:85:bc:41:6c:91:d8:71:91:e5:c7:4c:
                    3b:ec:0e:8b:1e:f9:98:29:2e:5e:05:b7:a0:f6:92:
                    9f:02:eb:6d:93:34:e3:2d:7a:62:87:26:1f:97:28:
                    fc:07:74:97:54:be:f4:54:f9:c2:1a:5c:db:36:8f:
                    e1:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:DB:56:07:80:D1:D5:41:71:CD:73:F3:44:7E:D1:FE:AE:1F:23:45
            X509v3 Authority Key Identifier:
                keyid:5D:D7:33:6F:A9:15:72:1C:E3:BF:EE:21:7F:4E:99:16:4D:B9:53:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xdczb6kVchzjv-4hf06ZFk25Uys.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/e744bd-f6d9-4f74-8c01-8c4bc45927a3/1/n9tWB4DR1UFxzXPzRH7R_q4fI0U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/e744bd-f6d9-4f74-8c01-8c4bc45927a3/1/Xdczb6kVchzjv-4hf06ZFk25Uys.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.156.160.0/19

    Signature Algorithm: sha256WithRSAEncryption
         2a:dc:a3:f8:e7:4b:83:c8:57:55:9c:2a:4e:a3:ca:12:86:06:
         df:6e:5d:58:cf:4f:50:df:a1:70:3c:b6:8b:0e:28:1e:20:45:
         d4:02:f4:37:76:5e:32:3b:b5:d1:b7:70:b1:fb:d7:cd:b7:56:
         07:be:ef:2e:52:f3:0b:17:84:25:ea:d3:1b:86:2f:71:62:78:
         e2:d0:e8:69:be:3c:8a:2b:f4:1c:55:82:79:26:5c:a2:e1:05:
         1e:c0:da:16:50:47:0e:ab:47:a0:e5:19:83:6e:28:bb:ef:8e:
         02:ab:bf:1c:9a:03:c7:94:83:04:6b:06:f5:ca:c0:62:ec:41:
         de:b4:92:a9:54:9c:9b:9b:88:4f:bc:ad:d7:4a:9a:43:6c:8c:
         65:1a:4f:a3:e6:e9:aa:54:64:41:3a:91:49:b2:42:af:80:b4:
         21:e4:34:c3:80:6e:a9:36:80:a5:40:9d:3e:ac:2c:18:fb:ff:
         87:bc:41:07:aa:fb:da:01:85:2d:0b:c3:c2:c8:7a:82:2b:f5:
         1e:05:65:51:83:e4:80:04:ad:67:6a:55:78:7d:09:85:1c:b3:
         03:67:de:25:13:08:48:bf:41:71:3d:b1:97:1e:4c:b0:08:49:
         07:34:93:13:76:ea:5e:15:95:5b:27:ef:80:a8:5b:26:1d:e0:
         5a:f9:56:51
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEBionjDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg1
ZGQ3MzM2ZmE5MTU3MjFjZTNiZmVlMjE3ZjRlOTkxNjRkYjk1MzJiMB4XDTIyMDEw
MTEyMDQyM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOWZkYjU2MDc4MGQx
ZDU0MTcxY2Q3M2YzNDQ3ZWQxZmVhZTFmMjM0NTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKrFh5xURyLY1fh5S0zw2gsbLRMZxZfVqGIrmFvalnTavDAB
Q8WoEdxNhHZf67f4NJjhOP2hoq7zJbevB6YwQIqwPOTgx1GBh2G6210bUETQm1zO
HAgz9Z8GWS1IeWpxuslir8J9SLXnUfbqYhYOPSPs7PpM8//tkhLHBJI7/NuxGnXF
IBNUKd+ba5O53cr1cQ8MeUxUyZqKfvjb3xItJlWmKDLOCtpLEDP39s6Xxf1Swmz7
PnoVBfNxulvxVrb2adVktZl254W8QWyR2HGR5cdMO+wOix75mCkuXgW3oPaSnwLr
bZM04y16YocmH5co/Ad0l1S+9FT5whpc2zaP4acCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBSf21YHgNHVQXHNc/NEftH+rh8jRTAfBgNVHSMEGDAWgBRd1zNvqRVyHOO/
7iF/TpkWTblTKzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1hkY3piNmtWY2h6anYtNGhmMDZaRmsyNVV5cy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNWIvZTc0NGJkLWY2ZDktNGY3NC04YzAxLThjNGJjNDU5MjdhMy8x
L245dFdCNERSMVVGeHpYUHpSSDdSX3E0ZkkwVS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNWIv
ZTc0NGJkLWY2ZDktNGY3NC04YzAxLThjNGJjNDU5MjdhMy8xL1hkY3piNmtWY2h6
anYtNGhmMDZaRmsyNVV5cy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBdWcoDANBgkqhkiG9w0BAQsFAAOC
AQEAKtyj+OdLg8hXVZwqTqPKEoYG325dWM9PUN+hcDy2iw4oHiBF1AL0N3ZeMju1
0bdwsfvXzbdWB77vLlLzCxeEJerTG4YvcWJ44tDoab48iiv0HFWCeSZcouEFHsDa
FlBHDqtHoOUZg24ou++OAqu/HJoDx5SDBGsG9crAYuxB3rSSqVScm5uIT7yt10qa
Q2yMZRpPo+bpqlRkQTqRSbJCr4C0IeQ0w4BuqTaApUCdPqwsGPv/h7xBB6r72gGF
LQvDwsh6giv1HgVlUYPkgAStZ2pVeH0JhRyzA2feJRMISL9BcT2xlx5MsAhJBzST
E3bqXhWVWyfvgKhbJh3gWvlWUQ==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:52:41 2023 by rpki-client on console-ams.rpki-client.org