Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/42dfc0-a764-4d5d-a634-3454f490fd96/1/OwqHK4N7G2CxMZKGqPjKor3YGBM.roa
File:                     OwqHK4N7G2CxMZKGqPjKor3YGBM.roa (raw, json)
Hash identifier:          mGKs9JSERFVl4nRZAy4oTA+gqvzRjIekg70Snbbqmx8=
Subject key identifier:   3B:0A:87:2B:83:7B:1B:60:B1:31:92:86:A8:F8:CA:A2:BD:D8:18:13
Certificate issuer:       /CN=6278a768c910badcd5c4aef7c172a9f061547e8c
Certificate serial:       01856D5CEF218B5C73A895AF2DDAC393E151
Authority key identifier: 62:78:A7:68:C9:10:BA:DC:D5:C4:AE:F7:C1:72:A9:F0:61:54:7E:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YninaMkQutzVxK73wXKp8GFUfow.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/42dfc0-a764-4d5d-a634-3454f490fd96/1/OwqHK4N7G2CxMZKGqPjKor3YGBM.roa
Signing time:             Sun 01 Jan 2023 12:44:45 +0000
ROA not before:           Sun 01 Jan 2023 12:44:45 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     50693
IP address blocks:        178.20.204.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6d:5c:ef:21:8b:5c:73:a8:95:af:2d:da:c3:93:e1:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6278a768c910badcd5c4aef7c172a9f061547e8c
        Validity
            Not Before: Jan  1 12:44:45 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3b0a872b837b1b60b1319286a8f8caa2bdd81813
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:f0:e4:0e:01:98:88:06:09:91:e8:be:ba:d9:
                    20:24:93:2f:e9:bb:88:4f:8d:52:6b:a4:8a:4f:02:
                    54:cf:de:8d:f8:27:1b:04:47:5f:f7:95:41:37:b9:
                    68:ec:15:b8:a6:e4:a2:4c:7b:ed:61:b6:82:b3:e7:
                    d1:06:fa:23:de:60:47:d1:e4:e0:08:78:bf:47:bf:
                    b7:97:ae:8b:da:0c:e5:e6:66:55:46:a5:05:de:43:
                    6e:4b:07:9c:a0:0d:19:f0:0d:a5:af:02:b8:06:c0:
                    47:63:2d:01:53:5d:4a:3e:fb:dd:db:c3:20:4a:60:
                    75:4c:09:94:d9:43:fe:bd:ce:d4:bc:c8:3a:e3:f9:
                    41:80:c1:1e:3d:b3:9d:ec:21:40:b8:51:07:c8:b6:
                    97:4c:6b:b8:36:99:ab:39:ee:83:7a:1e:36:cb:54:
                    20:26:ea:7e:67:fe:14:8f:c2:95:1c:97:31:a5:6d:
                    41:7b:3c:88:74:30:bf:a6:19:21:e8:86:b4:0b:d3:
                    27:d5:e6:b4:2e:64:c7:5e:88:9b:43:6a:d2:77:1f:
                    70:06:f7:ce:28:2f:62:94:b8:d9:64:ef:67:1b:a5:
                    d3:23:59:cd:c5:ac:df:d8:ad:16:de:a7:58:48:de:
                    01:f1:c1:8e:a0:33:a4:44:49:d9:8a:40:ce:0a:f2:
                    81:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:0A:87:2B:83:7B:1B:60:B1:31:92:86:A8:F8:CA:A2:BD:D8:18:13
            X509v3 Authority Key Identifier:
                keyid:62:78:A7:68:C9:10:BA:DC:D5:C4:AE:F7:C1:72:A9:F0:61:54:7E:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YninaMkQutzVxK73wXKp8GFUfow.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/42dfc0-a764-4d5d-a634-3454f490fd96/1/OwqHK4N7G2CxMZKGqPjKor3YGBM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/42dfc0-a764-4d5d-a634-3454f490fd96/1/YninaMkQutzVxK73wXKp8GFUfow.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.20.204.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:31:6b:86:96:32:99:14:7d:49:ed:5b:f1:71:b7:b4:52:51:
         96:18:43:04:21:34:87:5b:cf:cb:3e:b4:97:14:ff:ce:c1:42:
         d9:9a:cd:5b:fe:61:4b:1e:4f:91:47:90:dc:01:74:84:ad:e8:
         1a:95:8c:e7:1c:07:b1:ae:63:e4:32:0d:3d:9a:5c:b1:5f:1a:
         2c:c0:4d:a9:7c:8f:05:ce:94:17:0c:d9:6c:6a:0e:8a:7b:89:
         77:7f:55:c9:01:85:ab:bf:24:2f:0b:fa:ce:35:17:c8:ea:20:
         94:1c:62:aa:db:11:c0:99:30:4c:35:e8:a5:9d:d7:30:6a:5f:
         7d:ab:a1:e0:0a:eb:ac:63:3e:b3:3d:3d:bf:31:1a:02:1b:1f:
         c2:32:6c:5f:ec:84:13:a4:44:1b:00:1f:a7:19:89:07:b6:10:
         51:85:28:42:ae:60:c0:95:2c:92:6f:1f:2c:52:6d:22:ac:86:
         74:a3:7a:b0:63:32:e2:fb:68:3d:ce:ef:0a:c1:35:7e:fa:0e:
         ef:a3:c2:18:cc:49:d6:d1:00:d8:17:d9:a4:3f:69:d4:e6:d5:
         df:61:38:1c:18:7a:dc:0f:ad:78:48:8b:20:77:5c:02:d7:a0:
         28:4e:a4:b3:18:50:83:23:95:76:40:1b:12:58:5a:18:bd:52:
         6c:9d:fc:ef
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVtXO8hi1xzqJWvLdrDk+FRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyNzhhNzY4YzkxMGJhZGNkNWM0YWVmN2MxNzJhOWYwNjE1
NDdlOGMwHhcNMjMwMTAxMTI0NDQ1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjBhODcyYjgzN2IxYjYwYjEzMTkyODZhOGY4Y2FhMmJkZDgxODEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt/DkDgGYiAYJkei+utkgJJMv6buI
T41Sa6SKTwJUz96N+CcbBEdf95VBN7lo7BW4puSiTHvtYbaCs+fRBvoj3mBH0eTg
CHi/R7+3l66L2gzl5mZVRqUF3kNuSwecoA0Z8A2lrwK4BsBHYy0BU11KPvvd28Mg
SmB1TAmU2UP+vc7UvMg64/lBgMEePbOd7CFAuFEHyLaXTGu4NpmrOe6Deh42y1Qg
Jup+Z/4Uj8KVHJcxpW1BezyIdDC/phkh6Ia0C9Mn1ea0LmTHXoibQ2rSdx9wBvfO
KC9ilLjZZO9nG6XTI1nNxazf2K0W3qdYSN4B8cGOoDOkREnZikDOCvKB6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDsKhyuDextgsTGShqj4yqK92BgTMB8GA1UdIwQY
MBaAFGJ4p2jJELrc1cSu98FyqfBhVH6MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWW5pbmFNa1F1dHpWeEs3M3dYS3A4R0ZVZm93LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi80MmRmYzAtYTc2NC00ZDVkLWE2MzQt
MzQ1NGY0OTBmZDk2LzEvT3dxSEs0TjdHMkN4TVpLR3FQaktvcjNZR0JNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi80MmRmYzAtYTc2NC00ZDVkLWE2MzQtMzQ1NGY0OTBmZDk2
LzEvWW5pbmFNa1F1dHpWeEs3M3dYS3A4R0ZVZm93LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAshTMMA0G
CSqGSIb3DQEBCwUAA4IBAQAyMWuGljKZFH1J7Vvxcbe0UlGWGEMEITSHW8/LPrSX
FP/OwULZms1b/mFLHk+RR5DcAXSEregalYznHAexrmPkMg09mlyxXxoswE2pfI8F
zpQXDNlsag6Ke4l3f1XJAYWrvyQvC/rONRfI6iCUHGKq2xHAmTBMNeilndcwal99
q6HgCuusYz6zPT2/MRoCGx/CMmxf7IQTpEQbAB+nGYkHthBRhShCrmDAlSySbx8s
Um0irIZ0o3qwYzLi+2g9zu8KwTV++g7vo8IYzEnW0QDYF9mkP2nU5tXfYTgcGHrc
D614SIsgd1wC16AoTqSzGFCDI5V2QBsSWFoYvVJsnfzv
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:18:30 2024 by rpki-client on console-fra.rpki-client.org