Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/EmbF_uzmJL9s-GgDLi1qs0_h2ZU.roa
File:                     EmbF_uzmJL9s-GgDLi1qs0_h2ZU.roa (raw, json)
Hash identifier:          CjzaE+y0xKMHZyJz1hPZP4jVOz7n+7ZfVcWjzpBS0jY=
Subject key identifier:   12:66:C5:FE:EC:E6:24:BF:6C:F8:68:03:2E:2D:6A:B3:4F:E1:D9:95
Certificate issuer:       /CN=fe779e56238b6f2ea068ede4e20aef00c904132b
Certificate serial:       03990E80
Authority key identifier: FE:77:9E:56:23:8B:6F:2E:A0:68:ED:E4:E2:0A:EF:00:C9:04:13:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_neeViOLby6gaO3k4grvAMkEEys.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/EmbF_uzmJL9s-GgDLi1qs0_h2ZU.roa
Signing time:             Sat 01 Jan 2022 11:01:29 +0000
ROA not before:           Sat 01 Jan 2022 11:01:29 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     211585
IP address blocks:        176.52.156.0/22 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 60362368 (0x3990e80)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fe779e56238b6f2ea068ede4e20aef00c904132b
        Validity
            Not Before: Jan  1 11:01:29 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=1266c5feece624bf6cf868032e2d6ab34fe1d995
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:0f:36:76:a5:85:d2:f7:ec:73:9a:ba:12:c6:
                    47:2f:62:fb:85:e9:67:b7:ed:fa:2e:52:92:87:36:
                    6e:91:6e:74:5c:c4:db:06:7d:06:6c:ea:8f:cb:4f:
                    7f:dc:45:77:c4:40:44:92:e6:52:1a:53:29:c3:c3:
                    6b:6c:c9:15:eb:ae:1c:3f:8b:7d:86:5b:f6:4d:30:
                    cf:d5:80:e3:df:f2:68:40:8c:a9:dc:e8:99:5e:d3:
                    27:aa:0e:b4:40:6a:b9:88:fb:09:31:74:aa:af:82:
                    5f:21:ed:e8:21:7d:71:88:d0:98:73:d0:10:f6:ac:
                    b1:50:a9:ae:f4:98:41:7b:0d:b7:dd:cd:8d:f0:e9:
                    0f:99:34:1d:fc:7e:58:40:ed:92:b3:d1:77:c3:e6:
                    3e:c8:4b:92:96:1b:f7:b4:2d:7d:1d:72:ec:aa:24:
                    ba:21:19:6f:7e:5d:ea:e3:a0:c9:df:23:2e:40:a5:
                    b2:11:80:8d:0e:3b:02:cb:03:b5:3f:a6:51:a8:05:
                    67:ba:38:d1:1e:c8:36:54:35:e1:40:e1:b9:3e:24:
                    41:25:ad:a5:73:94:d6:61:5c:92:a9:e1:25:53:c1:
                    93:80:0c:65:09:1d:53:1b:b2:c5:70:b5:08:a6:db:
                    30:fa:43:f1:fe:1c:4c:68:42:6b:85:61:57:f2:da:
                    55:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:66:C5:FE:EC:E6:24:BF:6C:F8:68:03:2E:2D:6A:B3:4F:E1:D9:95
            X509v3 Authority Key Identifier:
                keyid:FE:77:9E:56:23:8B:6F:2E:A0:68:ED:E4:E2:0A:EF:00:C9:04:13:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_neeViOLby6gaO3k4grvAMkEEys.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/EmbF_uzmJL9s-GgDLi1qs0_h2ZU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/_neeViOLby6gaO3k4grvAMkEEys.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.52.156.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8d:2a:23:61:8d:30:f1:a1:12:68:92:4f:9a:d8:5f:f3:e2:27:
         fb:2b:95:b0:a1:0a:96:83:b5:f4:10:30:e9:e7:d1:55:77:b2:
         77:fc:4e:9a:be:46:c4:9d:42:30:18:3d:de:42:6d:c0:46:19:
         8d:26:86:11:65:95:ff:e5:7d:a8:f4:be:fc:3e:61:82:6e:23:
         45:00:81:cc:b9:21:c3:85:bb:ef:93:ee:22:b5:a8:fb:65:59:
         14:64:60:84:67:56:4e:e7:c7:0e:52:80:2e:cd:8a:95:5b:6c:
         18:7f:ef:5b:8a:1b:a6:8a:a3:56:92:53:10:ff:a0:b0:84:37:
         2e:87:76:d6:aa:60:f5:d2:bb:bf:32:2a:6f:9c:cc:07:10:02:
         fa:8b:5e:3a:2f:79:2f:63:15:06:f6:c6:8d:57:54:fb:91:01:
         ae:97:a9:d5:a5:5a:61:d3:ba:33:01:39:04:4d:82:ee:64:9a:
         ad:11:53:16:e9:09:df:fc:38:37:0e:63:f2:a3:b7:df:6f:65:
         ee:4f:e1:7d:f4:3d:be:3e:97:cc:96:9a:4f:ea:40:41:ad:1b:
         81:5e:22:95:39:e5:fa:5d:b6:2a:e8:03:d0:98:2f:53:02:3d:
         9d:b6:fd:75:79:4b:e2:41:23:24:e5:22:b9:d5:42:7b:ef:95:
         d0:87:ca:6f
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEA5kOgDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhm
ZTc3OWU1NjIzOGI2ZjJlYTA2OGVkZTRlMjBhZWYwMGM5MDQxMzJiMB4XDTIyMDEw
MTExMDEyOVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMTI2NmM1ZmVlY2U2
MjRiZjZjZjg2ODAzMmUyZDZhYjM0ZmUxZDk5NTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAOUPNnalhdL37HOauhLGRy9i+4XpZ7ft+i5Skoc2bpFudFzE
2wZ9Bmzqj8tPf9xFd8RARJLmUhpTKcPDa2zJFeuuHD+LfYZb9k0wz9WA49/yaECM
qdzomV7TJ6oOtEBquYj7CTF0qq+CXyHt6CF9cYjQmHPQEPassVCprvSYQXsNt93N
jfDpD5k0Hfx+WEDtkrPRd8PmPshLkpYb97QtfR1y7KokuiEZb35d6uOgyd8jLkCl
shGAjQ47AssDtT+mUagFZ7o40R7INlQ14UDhuT4kQSWtpXOU1mFckqnhJVPBk4AM
ZQkdUxuyxXC1CKbbMPpD8f4cTGhCa4VhV/LaVSsCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBQSZsX+7OYkv2z4aAMuLWqzT+HZlTAfBgNVHSMEGDAWgBT+d55WI4tvLqBo
7eTiCu8AyQQTKzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L19uZWVWaU9MYnk2Z2FPM2s0Z3J2QU1rRUV5cy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYjEvNGRlNTk4LTZiMDMtNGJlZi1hYjE0LTMzODk0OTEzZGNiNy8x
L0VtYkZfdXptSkw5cy1HZ0RMaTFxczBfaDJaVS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjEv
NGRlNTk4LTZiMDMtNGJlZi1hYjE0LTMzODk0OTEzZGNiNy8xL19uZWVWaU9MYnk2
Z2FPM2s0Z3J2QU1rRUV5cy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEArA0nDANBgkqhkiG9w0BAQsFAAOC
AQEAjSojYY0w8aESaJJPmthf8+In+yuVsKEKloO19BAw6efRVXeyd/xOmr5GxJ1C
MBg93kJtwEYZjSaGEWWV/+V9qPS+/D5hgm4jRQCBzLkhw4W775PuIrWo+2VZFGRg
hGdWTufHDlKALs2KlVtsGH/vW4obpoqjVpJTEP+gsIQ3Lod21qpg9dK7vzIqb5zM
BxAC+oteOi95L2MVBvbGjVdU+5EBrpep1aVaYdO6MwE5BE2C7mSarRFTFukJ3/w4
Nw5j8qO3329l7k/hffQ9vj6XzJaaT+pAQa0bgV4ilTnl+l22KugD0JgvUwI9nbb9
dXlL4kEjJOUiudVCe++V0IfKbw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:39:04 2024 by rpki-client on console-ams.rpki-client.org