Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/yrvLw4Yx8ubIkv20nip4mZQouPQ.roa
File:                     yrvLw4Yx8ubIkv20nip4mZQouPQ.roa (raw, json)
Hash identifier:          +Y8O6MSTh/pML8fyCBdi+tuPpazNiYABkkrEO1aLEiQ=
Subject key identifier:   CA:BB:CB:C3:86:31:F2:E6:C8:92:FD:B4:9E:2A:78:99:94:28:B8:F4
Certificate issuer:       /CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
Certificate serial:       01856F1DCC9856AD7F3FAF36C311DFBD58B4
Authority key identifier: 5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/yrvLw4Yx8ubIkv20nip4mZQouPQ.roa
Signing time:             Sun 01 Jan 2023 20:55:02 +0000
ROA not before:           Sun 01 Jan 2023 20:55:02 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     201211
IP address blocks:        185.219.52.0/23 maxlen: 23

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:1d:cc:98:56:ad:7f:3f:af:36:c3:11:df:bd:58:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
        Validity
            Not Before: Jan  1 20:55:02 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=cabbcbc38631f2e6c892fdb49e2a78999428b8f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:26:4f:28:ae:f7:ca:fe:9c:39:b2:21:0c:fa:
                    5e:8f:94:fb:7c:21:77:22:66:8f:5b:92:00:4d:1b:
                    42:e3:4a:34:23:57:5c:d3:5a:5a:b7:df:5a:c4:ff:
                    bf:a1:aa:90:e5:43:66:0b:2b:35:33:b1:8b:9a:85:
                    0e:68:75:0e:d6:6a:f3:48:45:08:c2:2e:cd:e8:0f:
                    d7:d3:b6:7f:99:69:39:18:5e:4a:94:bc:ac:c6:29:
                    eb:41:0e:63:a0:9c:90:c6:a6:0e:4c:28:6a:7b:79:
                    c5:a6:b3:ac:be:c4:17:8b:26:ab:62:cc:8d:de:8e:
                    33:40:11:28:4f:46:1f:42:8c:a2:7a:e7:de:ac:d1:
                    04:8b:39:25:79:db:a3:1d:fa:ea:e9:bf:80:de:dd:
                    7a:78:3b:e2:93:e1:48:19:4a:ff:e1:1d:55:f0:7d:
                    eb:65:85:a0:bc:1c:e7:1a:8d:7d:a5:41:a1:b8:ac:
                    e0:d2:53:86:23:ab:1e:55:d6:b5:2e:8e:28:d8:b7:
                    57:c8:1f:7a:57:a8:16:24:0a:19:b1:84:c0:30:96:
                    4d:8b:27:86:76:b8:32:2a:63:dd:e2:36:c0:ff:9d:
                    92:c0:e2:3f:5d:d3:bc:22:7c:9e:93:80:0a:0f:1c:
                    b3:12:c1:d9:ad:97:af:dc:72:28:5f:f8:5c:a5:69:
                    4d:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:BB:CB:C3:86:31:F2:E6:C8:92:FD:B4:9E:2A:78:99:94:28:B8:F4
            X509v3 Authority Key Identifier:
                keyid:5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/yrvLw4Yx8ubIkv20nip4mZQouPQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/XaOUHCfP5cI0xL8iHssqV5st6qs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.219.52.0/23

    Signature Algorithm: sha256WithRSAEncryption
         81:ce:0f:71:92:3f:cb:f7:d1:ea:f2:78:ad:f9:44:0c:6b:41:
         c0:fa:d1:bc:69:18:9a:bb:6d:65:bf:90:9b:bf:13:c9:87:18:
         0c:7d:06:c3:f3:db:50:79:f6:2f:3f:7a:7e:22:db:cc:45:78:
         82:c5:96:6d:52:09:37:89:3c:bf:e6:91:10:3d:7e:60:1d:55:
         1d:f4:94:da:9d:80:5b:03:57:e6:5e:0d:11:d1:90:4b:9c:0a:
         bd:34:84:b2:5d:3f:47:ea:84:88:03:28:b3:2d:15:bd:c6:c3:
         6a:13:88:81:cc:83:b6:cc:22:ae:75:78:7b:50:97:82:54:80:
         3c:da:64:73:07:83:74:cf:f9:03:88:b2:cf:7f:58:51:1e:1e:
         02:d2:17:c3:bf:62:c9:dc:11:54:60:a4:00:c9:93:35:c9:48:
         3d:57:63:68:36:c7:a3:78:9f:a4:66:87:a5:8d:5e:44:66:61:
         72:05:54:6f:84:df:ce:11:60:d7:2a:fa:86:81:8f:ac:73:39:
         c9:4f:96:3c:d9:09:4a:67:88:cf:c3:24:e4:77:1c:6f:ae:23:
         95:15:3d:b0:28:13:21:74:b8:5a:71:2d:a6:19:bb:fd:ff:e4:
         41:fb:64:7f:ed:5d:32:54:49:d8:08:d4:5d:77:45:46:7a:d9:
         c9:2b:d0:6a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVvHcyYVq1/P682wxHfvVi0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkYTM5NDFjMjdjZmU1YzIzNGM0YmYyMjFlY2IyYTU3OWIy
ZGVhYWIwHhcNMjMwMTAxMjA1NTAyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYWJiY2JjMzg2MzFmMmU2Yzg5MmZkYjQ5ZTJhNzg5OTk0MjhiOGY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxiZPKK73yv6cObIhDPpej5T7fCF3
ImaPW5IATRtC40o0I1dc01pat99axP+/oaqQ5UNmCys1M7GLmoUOaHUO1mrzSEUI
wi7N6A/X07Z/mWk5GF5KlLysxinrQQ5joJyQxqYOTChqe3nFprOsvsQXiyarYsyN
3o4zQBEoT0YfQoyieuferNEEizkledujHfrq6b+A3t16eDvik+FIGUr/4R1V8H3r
ZYWgvBznGo19pUGhuKzg0lOGI6seVda1Lo4o2LdXyB96V6gWJAoZsYTAMJZNiyeG
drgyKmPd4jbA/52SwOI/XdO8Inyek4AKDxyzEsHZrZev3HIoX/hcpWlNkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMq7y8OGMfLmyJL9tJ4qeJmUKLj0MB8GA1UdIwQY
MBaAFF2jlBwnz+XCNMS/Ih7LKlebLeqrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGFPVUhDZlA1Y0kweEw4aUhzc3FWNXN0NnFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC8zMGVkM2UtYzRjNC00ZGU4LWI0ZjEt
ZjExYTM5ZjI2YzNiLzEveXJ2THc0WXg4dWJJa3YyMG5pcDRtWlFvdVBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC8zMGVkM2UtYzRjNC00ZGU4LWI0ZjEtZjExYTM5ZjI2YzNi
LzEvWGFPVUhDZlA1Y0kweEw4aUhzc3FWNXN0NnFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuds0MA0G
CSqGSIb3DQEBCwUAA4IBAQCBzg9xkj/L99Hq8nit+UQMa0HA+tG8aRiau21lv5Cb
vxPJhxgMfQbD89tQefYvP3p+ItvMRXiCxZZtUgk3iTy/5pEQPX5gHVUd9JTanYBb
A1fmXg0R0ZBLnAq9NISyXT9H6oSIAyizLRW9xsNqE4iBzIO2zCKudXh7UJeCVIA8
2mRzB4N0z/kDiLLPf1hRHh4C0hfDv2LJ3BFUYKQAyZM1yUg9V2NoNsejeJ+kZoel
jV5EZmFyBVRvhN/OEWDXKvqGgY+scznJT5Y82QlKZ4jPwyTkdxxvriOVFT2wKBMh
dLhacS2mGbv9/+RB+2R/7V0yVEnYCNRdd0VGetnJK9Bq
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:20:25 2024 by rpki-client on console-ams.rpki-client.org