Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/42dfc0-a764-4d5d-a634-3454f490fd96/1/8kLkYTLXiZJg7wBvFkwFxas1qts.roa
File:                     8kLkYTLXiZJg7wBvFkwFxas1qts.roa (raw, json)
Hash identifier:          CNnhnidBHxRdY8zjRjPIOPOEFIOLB44Gh58hWtzj25A=
Subject key identifier:   F2:42:E4:61:32:D7:89:92:60:EF:00:6F:16:4C:05:C5:AB:35:AA:DB
Certificate issuer:       /CN=6278a768c910badcd5c4aef7c172a9f061547e8c
Certificate serial:       0188706FA9F065B1F74DCB35580962ED83C4
Authority key identifier: 62:78:A7:68:C9:10:BA:DC:D5:C4:AE:F7:C1:72:A9:F0:61:54:7E:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YninaMkQutzVxK73wXKp8GFUfow.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/42dfc0-a764-4d5d-a634-3454f490fd96/1/8kLkYTLXiZJg7wBvFkwFxas1qts.roa
Signing time:             Wed 31 May 2023 06:12:25 +0000
ROA not before:           Wed 31 May 2023 06:12:25 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     50693
IP address blocks:        178.20.204.0/24 maxlen: 24
                          178.20.207.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:70:6f:a9:f0:65:b1:f7:4d:cb:35:58:09:62:ed:83:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6278a768c910badcd5c4aef7c172a9f061547e8c
        Validity
            Not Before: May 31 06:12:25 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f242e46132d7899260ef006f164c05c5ab35aadb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:01:db:d8:d3:9b:d2:36:eb:95:df:e6:e2:74:
                    d4:f4:3a:93:1f:93:89:5b:66:73:98:30:09:66:da:
                    42:81:70:3f:f4:fb:52:9f:a3:45:7c:14:a6:5a:fa:
                    a6:71:25:51:cb:72:f1:f1:ae:a0:f2:52:f3:d1:bb:
                    6b:c3:5b:d3:4e:de:f0:b7:d9:10:cf:91:01:2d:75:
                    a6:5c:21:5c:32:7b:11:7e:08:68:f6:03:63:cd:d2:
                    3a:4b:a6:d7:cf:84:4c:a6:eb:88:6f:e2:e1:ef:13:
                    64:e3:e3:54:17:e0:96:5e:7b:2f:67:75:00:f8:4e:
                    e9:85:0f:76:2b:29:d2:65:e8:20:5a:4c:f2:5b:05:
                    8c:dd:34:15:56:cc:7e:5c:7d:3a:a5:d1:e8:f3:3c:
                    7a:be:cd:47:12:6c:33:ec:5c:f6:d1:02:13:8d:18:
                    ff:d4:20:34:0d:1a:e9:d0:a7:c7:22:fb:f5:d4:4e:
                    50:cf:c5:6d:e5:2f:31:36:35:0d:4b:ea:83:3a:6c:
                    f6:eb:c6:7f:12:7c:08:af:ab:04:a4:03:f2:8b:81:
                    99:44:5d:54:76:ea:53:b5:04:73:b2:dc:02:79:69:
                    c0:c5:23:73:97:2e:d3:c9:d2:38:51:fd:b3:91:74:
                    f0:b8:d3:f9:df:c7:c7:20:5d:e0:f8:b9:ab:ac:33:
                    84:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:42:E4:61:32:D7:89:92:60:EF:00:6F:16:4C:05:C5:AB:35:AA:DB
            X509v3 Authority Key Identifier:
                keyid:62:78:A7:68:C9:10:BA:DC:D5:C4:AE:F7:C1:72:A9:F0:61:54:7E:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YninaMkQutzVxK73wXKp8GFUfow.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/42dfc0-a764-4d5d-a634-3454f490fd96/1/8kLkYTLXiZJg7wBvFkwFxas1qts.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/42dfc0-a764-4d5d-a634-3454f490fd96/1/YninaMkQutzVxK73wXKp8GFUfow.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.20.204.0/24
                  178.20.207.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:73:f2:e0:4b:a6:05:cc:f6:e8:d5:72:ac:87:37:38:5a:da:
         e4:e7:f6:e0:c6:57:67:16:97:73:a3:75:35:9c:b8:a6:f3:01:
         0f:3d:40:94:4b:a6:70:f6:59:44:79:3f:ef:95:6e:e6:5d:c7:
         ee:81:1d:2c:5e:d3:ae:6f:6d:cd:4a:22:61:cd:8e:f5:a8:51:
         ee:15:2e:9c:ae:5a:51:5d:87:96:b5:3c:34:e9:98:36:86:46:
         88:71:6e:99:24:38:87:83:29:34:ea:74:9c:dc:ab:b0:3a:19:
         ea:46:e1:bb:eb:f9:19:f1:fb:82:f4:3d:bf:af:d1:c8:b6:28:
         3d:60:18:eb:0f:b2:ec:87:a2:f9:45:1b:53:eb:ad:9e:c1:9a:
         df:d9:7a:70:ff:ef:32:23:18:ba:2f:4d:16:00:9e:fb:be:bc:
         9c:0a:97:ea:aa:48:f8:7b:91:31:24:fc:cb:cf:a8:aa:5f:54:
         a0:6c:cc:c4:8e:54:28:a1:57:82:aa:16:4f:e1:a8:39:9c:10:
         c5:e9:db:b5:60:68:4e:09:e5:97:e6:6a:4f:14:c8:3a:80:d8:
         36:09:f5:fe:e8:f3:13:56:27:d1:d6:ce:b6:f3:71:94:1d:c8:
         db:92:94:36:23:77:b9:50:3e:a2:30:40:c1:e9:79:0f:fd:09:
         d1:06:7b:13
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYhwb6nwZbH3Tcs1WAli7YPEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyNzhhNzY4YzkxMGJhZGNkNWM0YWVmN2MxNzJhOWYwNjE1
NDdlOGMwHhcNMjMwNTMxMDYxMjI1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjQyZTQ2MTMyZDc4OTkyNjBlZjAwNmYxNjRjMDVjNWFiMzVhYWRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsgHb2NOb0jbrld/m4nTU9DqTH5OJ
W2ZzmDAJZtpCgXA/9PtSn6NFfBSmWvqmcSVRy3Lx8a6g8lLz0btrw1vTTt7wt9kQ
z5EBLXWmXCFcMnsRfgho9gNjzdI6S6bXz4RMpuuIb+Lh7xNk4+NUF+CWXnsvZ3UA
+E7phQ92KynSZeggWkzyWwWM3TQVVsx+XH06pdHo8zx6vs1HEmwz7Fz20QITjRj/
1CA0DRrp0KfHIvv11E5Qz8Vt5S8xNjUNS+qDOmz268Z/EnwIr6sEpAPyi4GZRF1U
dupTtQRzstwCeWnAxSNzly7TydI4Uf2zkXTwuNP538fHIF3g+LmrrDOEkQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPJC5GEy14mSYO8AbxZMBcWrNarbMB8GA1UdIwQY
MBaAFGJ4p2jJELrc1cSu98FyqfBhVH6MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWW5pbmFNa1F1dHpWeEs3M3dYS3A4R0ZVZm93LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi80MmRmYzAtYTc2NC00ZDVkLWE2MzQt
MzQ1NGY0OTBmZDk2LzEvOGtMa1lUTFhpWkpnN3dCdkZrd0Z4YXMxcXRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi80MmRmYzAtYTc2NC00ZDVkLWE2MzQtMzQ1NGY0OTBmZDk2
LzEvWW5pbmFNa1F1dHpWeEs3M3dYS3A4R0ZVZm93LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAshTMAwQA
shTPMA0GCSqGSIb3DQEBCwUAA4IBAQAZc/LgS6YFzPbo1XKshzc4Wtrk5/bgxldn
Fpdzo3U1nLim8wEPPUCUS6Zw9llEeT/vlW7mXcfugR0sXtOub23NSiJhzY71qFHu
FS6crlpRXYeWtTw06Zg2hkaIcW6ZJDiHgyk06nSc3KuwOhnqRuG76/kZ8fuC9D2/
r9HItig9YBjrD7Lsh6L5RRtT662ewZrf2Xpw/+8yIxi6L00WAJ77vrycCpfqqkj4
e5ExJPzLz6iqX1SgbMzEjlQooVeCqhZP4ag5nBDF6du1YGhOCeWX5mpPFMg6gNg2
CfX+6PMTVifR1s6283GUHcjbkpQ2I3e5UD6iMEDB6XkP/QnRBnsT
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:18:30 2024 by rpki-client on console-fra.rpki-client.org