Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/8k3a7hb6kukA1dr2c0BZsxNmw1k.roa
File:                     8k3a7hb6kukA1dr2c0BZsxNmw1k.roa (raw, json)
Hash identifier:          IfcSxFS963mJ7v5QztNOk6o642zZQT2KL9qY5vxz1t8=
Subject key identifier:   F2:4D:DA:EE:16:FA:92:E9:00:D5:DA:F6:73:40:59:B3:13:66:C3:59
Certificate issuer:       /CN=c2778de2a9be9802120382e750d159e95872c2ae
Certificate serial:       019427B57FA5502B8346A796DA757976091C
Authority key identifier: C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/8k3a7hb6kukA1dr2c0BZsxNmw1k.roa
Signing time:             Thu 02 Jan 2025 15:49:53 +0000
ROA not before:           Thu 02 Jan 2025 15:49:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20891
IP address blocks:        178.253.56.0/21 maxlen: 21
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:7f:a5:50:2b:83:46:a7:96:da:75:79:76:09:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2778de2a9be9802120382e750d159e95872c2ae
        Validity
            Not Before: Jan  2 15:49:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f24ddaee16fa92e900d5daf6734059b31366c359
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:68:bd:3b:50:4d:b2:cc:47:6c:a7:a0:98:ea:
                    0d:06:26:0e:c4:c3:22:cf:1c:93:bd:c6:ca:da:6c:
                    14:04:67:be:52:e1:ed:a6:43:95:3e:8e:a9:08:59:
                    a1:d5:90:a1:94:fd:c3:d8:72:f5:91:a1:18:b1:bc:
                    ce:27:ef:6f:1a:b9:8c:f5:39:91:79:e7:5e:b3:2d:
                    35:16:3b:60:1e:55:a5:81:d9:9b:b9:bd:ce:1b:ec:
                    ea:3e:6d:cd:cf:d0:3b:fe:57:c1:dc:19:c8:31:17:
                    d7:dd:fe:7b:ff:bd:3e:62:10:b6:59:3c:04:36:7d:
                    47:62:63:4e:95:b0:0a:12:84:e2:ae:ba:d8:22:15:
                    dc:88:bc:04:18:19:ed:24:9e:99:21:e7:20:49:c8:
                    8b:76:9c:40:88:ca:db:3f:d4:4b:9b:82:60:22:e2:
                    c5:3d:c9:f4:1f:6b:25:00:3e:09:0f:b3:bf:9c:32:
                    4e:e0:98:0b:4f:c5:c1:0b:51:7e:55:72:49:4c:c8:
                    d0:66:b6:a7:44:d6:8e:58:b7:a2:76:bd:a0:e0:ea:
                    b4:fb:65:c2:e2:97:4e:41:18:d2:bb:f3:a1:1b:e7:
                    59:21:32:a2:90:65:61:67:6e:d4:47:80:b8:ef:f3:
                    dd:0b:34:f2:fb:8c:73:6a:fb:fe:9a:b1:97:9b:40:
                    64:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:4D:DA:EE:16:FA:92:E9:00:D5:DA:F6:73:40:59:B3:13:66:C3:59
            X509v3 Authority Key Identifier:
                keyid:C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/8k3a7hb6kukA1dr2c0BZsxNmw1k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.253.56.0/21

    Signature Algorithm: sha256WithRSAEncryption
         3c:0c:8c:92:71:26:8a:06:e9:99:80:af:75:7f:de:5e:b7:ab:
         ca:83:0f:fc:ab:c8:a0:b1:1f:5f:f9:ae:a6:29:7c:0b:46:bc:
         91:22:1a:1d:3c:9e:15:9e:96:1e:16:0e:3b:4b:b1:07:3b:0a:
         ea:72:f2:eb:d5:66:76:06:bc:13:d1:68:10:a5:81:a5:b3:9d:
         45:50:8f:5c:9a:14:91:db:75:22:1f:e4:01:ca:34:06:d8:65:
         70:da:4d:ee:94:53:27:c7:4a:c7:8f:41:81:10:12:ff:0b:e1:
         99:bc:2e:0d:40:e6:86:e5:45:a5:0f:ed:ee:8a:7e:c5:3a:e0:
         25:7a:fa:cb:0c:7c:aa:ac:12:19:cc:84:d7:ff:dc:74:71:9d:
         89:65:63:f9:95:f2:5f:09:ed:5c:f3:b8:68:73:a0:78:91:40:
         0f:7b:88:cf:00:da:98:16:f6:fe:8c:54:93:d4:3a:4c:99:14:
         9b:7f:ee:c2:51:54:8a:76:d7:2d:b7:a3:0d:ea:80:78:0a:5e:
         38:98:c8:ce:b6:5e:6d:f2:c8:f4:f5:00:5e:e6:e2:5c:4d:56:
         35:23:2b:a1:76:57:be:a5:b6:fa:33:a1:39:bc:a3:a1:38:f4:
         df:8a:22:9f:52:db:5f:85:f1:9d:d9:d5:7a:4d:d3:28:eb:30:
         08:b3:8b:62
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntX+lUCuDRqeW2nV5dgkcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyNzc4ZGUyYTliZTk4MDIxMjAzODJlNzUwZDE1OWU5NTg3
MmMyYWUwHhcNMjUwMTAyMTU0OTUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjRkZGFlZTE2ZmE5MmU5MDBkNWRhZjY3MzQwNTliMzEzNjZjMzU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA22i9O1BNssxHbKegmOoNBiYOxMMi
zxyTvcbK2mwUBGe+UuHtpkOVPo6pCFmh1ZChlP3D2HL1kaEYsbzOJ+9vGrmM9TmR
eedesy01FjtgHlWlgdmbub3OG+zqPm3Nz9A7/lfB3BnIMRfX3f57/70+YhC2WTwE
Nn1HYmNOlbAKEoTirrrYIhXciLwEGBntJJ6ZIecgSciLdpxAiMrbP9RLm4JgIuLF
Pcn0H2slAD4JD7O/nDJO4JgLT8XBC1F+VXJJTMjQZranRNaOWLeidr2g4Oq0+2XC
4pdOQRjSu/OhG+dZITKikGVhZ27UR4C47/PdCzTy+4xzavv+mrGXm0BkJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPJN2u4W+pLpANXa9nNAWbMTZsNZMB8GA1UdIwQY
MBaAFMJ3jeKpvpgCEgOC51DRWelYcsKuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEt
Zjk4ZGE1NGFmNDM0LzEvOGszYTdoYjZrdWtBMWRyMmMwQlpzeE5tdzFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEtZjk4ZGE1NGFmNDM0
LzEvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDsv04MA0G
CSqGSIb3DQEBCwUAA4IBAQA8DIyScSaKBumZgK91f95et6vKgw/8q8igsR9f+a6m
KXwLRryRIhodPJ4VnpYeFg47S7EHOwrqcvLr1WZ2BrwT0WgQpYGls51FUI9cmhSR
23UiH+QByjQG2GVw2k3ulFMnx0rHj0GBEBL/C+GZvC4NQOaG5UWlD+3uin7FOuAl
evrLDHyqrBIZzITX/9x0cZ2JZWP5lfJfCe1c87hoc6B4kUAPe4jPANqYFvb+jFST
1DpMmRSbf+7CUVSKdtctt6MN6oB4Cl44mMjOtl5t8sj09QBe5uJcTVY1Iyuhdle+
pbb6M6E5vKOhOPTfiiKfUttfhfGd2dV6TdMo6zAIs4ti
-----END CERTIFICATE-----
Generated at Wed Feb 5 10:47:51 2025 by rpki-client