Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/42dfc0-a764-4d5d-a634-3454f490fd96/1/ir8xgkAWTlPTL6PklSy1kqSdOls.roa
File:                     ir8xgkAWTlPTL6PklSy1kqSdOls.roa (raw, json)
Hash identifier:          bMi7ht+j28k8o+BB6qDUZ8wq9Gl6R/imcuyu5e9dUpc=
Subject key identifier:   8A:BF:31:82:40:16:4E:53:D3:2F:A3:E4:95:2C:B5:92:A4:9D:3A:5B
Certificate issuer:       /CN=6278a768c910badcd5c4aef7c172a9f061547e8c
Certificate serial:       018CC8DF79C0399DC7353E153362D405FEBC
Authority key identifier: 62:78:A7:68:C9:10:BA:DC:D5:C4:AE:F7:C1:72:A9:F0:61:54:7E:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YninaMkQutzVxK73wXKp8GFUfow.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/42dfc0-a764-4d5d-a634-3454f490fd96/1/ir8xgkAWTlPTL6PklSy1kqSdOls.roa
Signing time:             Tue 02 Jan 2024 06:32:18 +0000
ROA not before:           Tue 02 Jan 2024 06:32:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198691
IP address blocks:        178.20.206.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:79:c0:39:9d:c7:35:3e:15:33:62:d4:05:fe:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6278a768c910badcd5c4aef7c172a9f061547e8c
        Validity
            Not Before: Jan  2 06:32:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8abf318240164e53d32fa3e4952cb592a49d3a5b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:28:d2:1d:4f:36:10:57:61:58:1b:95:9f:fe:
                    df:49:63:85:a0:30:b0:2a:17:bd:7a:a4:21:f5:86:
                    82:22:93:e3:01:01:92:dd:c7:6a:6d:49:3d:01:ba:
                    a8:01:c8:1e:a6:3a:52:8a:5b:38:d5:d4:b6:21:e7:
                    49:ae:3d:91:0d:7b:04:19:a9:0c:38:2c:fe:02:6a:
                    45:40:95:aa:61:c2:22:2d:4a:3d:3e:85:b7:09:47:
                    76:a4:ff:3d:c9:e7:92:30:4b:89:ef:88:81:0c:94:
                    9e:12:c4:69:8d:90:9f:7f:0b:3e:c1:70:ed:fc:a3:
                    f9:50:a9:9c:f6:e1:93:78:7d:d6:2c:08:8a:97:13:
                    bc:51:14:d4:8a:84:4e:59:13:0a:0c:17:74:0f:05:
                    7e:18:35:30:61:1b:f8:df:82:63:ca:f2:55:0d:8a:
                    ac:4f:4d:c7:2f:f9:a0:83:dc:7a:35:a4:08:8e:b4:
                    e0:0f:2c:b0:57:ce:3c:ff:7f:7c:01:ba:f4:3d:3a:
                    e6:7f:1d:aa:33:94:bb:9c:ea:aa:63:35:b7:c9:c0:
                    71:ca:c0:43:85:a7:74:eb:43:b6:e6:1b:b1:95:64:
                    19:f8:0b:90:f3:f7:b4:e7:6f:dd:9d:e7:2b:d7:dc:
                    4b:af:50:ac:71:4a:ef:51:31:0b:6a:bb:42:1a:a3:
                    3a:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:BF:31:82:40:16:4E:53:D3:2F:A3:E4:95:2C:B5:92:A4:9D:3A:5B
            X509v3 Authority Key Identifier:
                keyid:62:78:A7:68:C9:10:BA:DC:D5:C4:AE:F7:C1:72:A9:F0:61:54:7E:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YninaMkQutzVxK73wXKp8GFUfow.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/42dfc0-a764-4d5d-a634-3454f490fd96/1/ir8xgkAWTlPTL6PklSy1kqSdOls.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/42dfc0-a764-4d5d-a634-3454f490fd96/1/YninaMkQutzVxK73wXKp8GFUfow.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.20.206.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:f4:1c:52:15:22:80:19:17:da:2a:b1:f6:6a:22:97:0c:c7:
         94:8e:45:b7:53:bd:f2:2a:ab:fc:03:d8:2c:16:08:b6:c3:43:
         31:62:d4:12:4d:5e:fd:2b:06:80:7e:d8:80:82:de:b1:77:20:
         8b:d7:2f:9f:90:2c:dc:33:7a:95:c0:37:ae:54:1d:9b:6e:bf:
         ff:8e:bc:d8:95:a9:de:5a:d1:df:bd:3c:fb:9b:9c:95:4a:03:
         d1:73:14:3f:c1:ed:fb:74:bc:93:64:eb:f8:ef:32:5f:5f:b4:
         6a:9f:78:97:7b:b3:aa:81:5f:0c:61:1c:9a:e7:1e:8d:0c:81:
         60:a5:e3:73:84:6b:1b:fe:fb:88:67:d0:ab:74:fb:61:aa:fe:
         ab:89:97:53:09:7c:9e:8a:0a:fc:6f:69:7e:db:80:ea:e6:33:
         32:41:c4:13:2b:9e:1f:c3:fd:97:32:b4:2c:af:d7:d7:4c:4d:
         d4:4a:c6:5a:84:f5:e2:e0:75:42:41:32:67:b9:f4:8a:71:08:
         36:69:6d:0e:4e:07:91:db:7d:b2:0c:43:b6:b7:e2:70:31:45:
         67:4f:72:60:6c:92:83:c1:76:06:02:e2:a8:fe:78:3b:6b:1c:
         cf:db:88:9a:bd:27:99:14:c7:ce:ac:03:77:27:e5:1a:ef:1f:
         ff:60:72:de
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI33nAOZ3HNT4VM2LUBf68MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyNzhhNzY4YzkxMGJhZGNkNWM0YWVmN2MxNzJhOWYwNjE1
NDdlOGMwHhcNMjQwMTAyMDYzMjE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YWJmMzE4MjQwMTY0ZTUzZDMyZmEzZTQ5NTJjYjU5MmE0OWQzYTViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiijSHU82EFdhWBuVn/7fSWOFoDCw
Khe9eqQh9YaCIpPjAQGS3cdqbUk9AbqoAcgepjpSils41dS2IedJrj2RDXsEGakM
OCz+AmpFQJWqYcIiLUo9PoW3CUd2pP89yeeSMEuJ74iBDJSeEsRpjZCffws+wXDt
/KP5UKmc9uGTeH3WLAiKlxO8URTUioROWRMKDBd0DwV+GDUwYRv434JjyvJVDYqs
T03HL/mgg9x6NaQIjrTgDyywV848/398Abr0PTrmfx2qM5S7nOqqYzW3ycBxysBD
had060O25huxlWQZ+AuQ8/e052/dnecr19xLr1CscUrvUTELartCGqM6qQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIq/MYJAFk5T0y+j5JUstZKknTpbMB8GA1UdIwQY
MBaAFGJ4p2jJELrc1cSu98FyqfBhVH6MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWW5pbmFNa1F1dHpWeEs3M3dYS3A4R0ZVZm93LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi80MmRmYzAtYTc2NC00ZDVkLWE2MzQt
MzQ1NGY0OTBmZDk2LzEvaXI4eGdrQVdUbFBUTDZQa2xTeTFrcVNkT2xzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi80MmRmYzAtYTc2NC00ZDVkLWE2MzQtMzQ1NGY0OTBmZDk2
LzEvWW5pbmFNa1F1dHpWeEs3M3dYS3A4R0ZVZm93LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAshTOMA0G
CSqGSIb3DQEBCwUAA4IBAQB09BxSFSKAGRfaKrH2aiKXDMeUjkW3U73yKqv8A9gs
Fgi2w0MxYtQSTV79KwaAftiAgt6xdyCL1y+fkCzcM3qVwDeuVB2bbr//jrzYlane
WtHfvTz7m5yVSgPRcxQ/we37dLyTZOv47zJfX7Rqn3iXe7OqgV8MYRya5x6NDIFg
peNzhGsb/vuIZ9CrdPthqv6riZdTCXyeigr8b2l+24Dq5jMyQcQTK54fw/2XMrQs
r9fXTE3USsZahPXi4HVCQTJnufSKcQg2aW0OTgeR232yDEO2t+JwMUVnT3JgbJKD
wXYGAuKo/ng7axzP24iavSeZFMfOrAN3J+Ua7x//YHLe
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:18:30 2024 by rpki-client on console-fra.rpki-client.org