Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/FnPQiUpt-0wgmvFZXK-qZBkwhNs.roa
File:                     FnPQiUpt-0wgmvFZXK-qZBkwhNs.roa (raw, json)
Hash identifier:          1MOpek16FeqEmrRbFm52HCri1EMbdAArTBW77tX6mb4=
Subject key identifier:   16:73:D0:89:4A:6D:FB:4C:20:9A:F1:59:5C:AF:AA:64:19:30:84:DB
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       018340B4866CEFC18E9537FAB2F2B5105F30
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/FnPQiUpt-0wgmvFZXK-qZBkwhNs.roa
Signing time:             Thu 15 Sep 2022 10:31:56 +0000
ROA not before:           Thu 15 Sep 2022 10:31:56 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     17447
IP address blocks:        178.210.249.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:40:b4:86:6c:ef:c1:8e:95:37:fa:b2:f2:b5:10:5f:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Sep 15 10:31:56 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=1673d0894a6dfb4c209af1595cafaa64193084db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:41:29:6f:7a:91:bb:0e:fb:52:b9:5c:74:db:
                    a6:ea:0a:0a:64:9f:b9:19:45:b5:3c:e4:cc:c8:82:
                    4f:b3:f1:6b:01:22:69:57:fb:ac:04:88:6f:e8:3d:
                    20:aa:46:32:cb:d1:b4:88:a0:33:7e:c5:13:bb:da:
                    ca:e9:80:b9:ed:c0:c4:27:c3:5d:bf:1d:1f:2e:d9:
                    57:26:ff:12:c1:7c:cd:f4:2f:1d:20:7b:de:4a:f7:
                    cd:48:97:96:96:91:27:de:c9:12:c9:bc:fb:5a:1c:
                    9a:1e:7d:42:1e:06:84:bc:fd:8f:23:48:09:b8:12:
                    39:82:b1:ff:22:12:91:43:c0:f5:b9:3f:fc:7d:27:
                    98:a9:30:53:90:0b:81:87:ac:d7:f0:59:6d:b3:99:
                    86:ac:89:63:5f:ad:1e:bc:df:cc:3b:60:40:a1:dc:
                    95:e2:bf:05:4a:08:12:21:fb:a2:d8:c1:1a:f5:60:
                    9d:06:31:e7:ab:3b:23:46:b8:75:37:e2:e7:9c:26:
                    27:6f:30:56:5b:3d:d2:f7:c3:fc:2f:23:2f:82:47:
                    a1:1b:40:c4:7a:b9:8a:de:99:15:f9:db:a5:65:c4:
                    fd:42:94:49:02:be:ae:11:5f:c0:4e:8f:18:11:dd:
                    c9:b7:92:79:7f:e7:ca:97:a9:18:32:0b:e8:c9:ba:
                    97:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:73:D0:89:4A:6D:FB:4C:20:9A:F1:59:5C:AF:AA:64:19:30:84:DB
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/FnPQiUpt-0wgmvFZXK-qZBkwhNs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.210.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:12:f1:6b:ec:fe:47:ea:e2:63:ae:d5:23:c6:ae:94:1c:8f:
         91:11:c6:ac:d6:b3:aa:f2:61:19:ab:22:f0:f1:9e:c1:c4:76:
         a8:a6:ab:fe:51:b1:d8:d2:f3:6e:cb:fd:6a:d2:47:fa:84:9f:
         07:a4:db:8a:96:03:c1:03:9d:34:36:8e:2f:a2:56:47:2c:ae:
         08:39:fa:9e:91:a3:23:1d:ad:f1:d2:ff:ef:43:37:f0:3e:23:
         8d:82:3b:ba:6c:9f:5c:94:2f:34:27:1e:33:93:df:60:e4:45:
         6f:02:e4:51:4d:28:29:12:7c:e2:de:de:df:b3:90:35:cb:6e:
         aa:d2:97:e1:22:5f:78:db:74:d2:57:51:c8:83:a1:80:f4:62:
         33:f8:e4:2d:3a:b8:3f:c8:95:8b:c0:ef:14:8f:de:5c:c3:45:
         59:f0:86:38:7c:1c:1a:d3:5e:58:f2:8f:b5:81:c2:fa:1b:ea:
         80:a9:9f:28:0c:0a:7f:07:74:c3:aa:91:78:97:54:21:b4:18:
         f2:db:85:e0:00:11:f9:1e:84:dc:64:b8:b4:f1:26:9a:74:7f:
         71:1b:33:6e:96:6d:e6:a2:6d:e2:7a:0f:d2:52:fc:48:36:b2:
         13:60:d3:af:36:4f:2c:df:99:74:0a:84:4c:68:6a:56:e3:f0:
         ff:ba:91:d8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYNAtIZs78GOlTf6svK1EF8wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjIwOTE1MTAzMTU2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjczZDA4OTRhNmRmYjRjMjA5YWYxNTk1Y2FmYWE2NDE5MzA4NGRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsEEpb3qRuw77UrlcdNum6goKZJ+5
GUW1POTMyIJPs/FrASJpV/usBIhv6D0gqkYyy9G0iKAzfsUTu9rK6YC57cDEJ8Nd
vx0fLtlXJv8SwXzN9C8dIHveSvfNSJeWlpEn3skSybz7WhyaHn1CHgaEvP2PI0gJ
uBI5grH/IhKRQ8D1uT/8fSeYqTBTkAuBh6zX8Flts5mGrIljX60evN/MO2BAodyV
4r8FSggSIfui2MEa9WCdBjHnqzsjRrh1N+LnnCYnbzBWWz3S98P8LyMvgkehG0DE
ermK3pkV+dulZcT9QpRJAr6uEV/ATo8YEd3Jt5J5f+fKl6kYMgvoybqXEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBZz0IlKbftMIJrxWVyvqmQZMITbMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvRm5QUWlVcHQtMHdnbXZGWlhLLXFaQmt3aE5zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAstL5MA0G
CSqGSIb3DQEBCwUAA4IBAQCREvFr7P5H6uJjrtUjxq6UHI+REcas1rOq8mEZqyLw
8Z7BxHaopqv+UbHY0vNuy/1q0kf6hJ8HpNuKlgPBA500No4volZHLK4IOfqekaMj
Ha3x0v/vQzfwPiONgju6bJ9clC80Jx4zk99g5EVvAuRRTSgpEnzi3t7fs5A1y26q
0pfhIl9423TSV1HIg6GA9GIz+OQtOrg/yJWLwO8Uj95cw0VZ8IY4fBwa015Y8o+1
gcL6G+qAqZ8oDAp/B3TDqpF4l1QhtBjy24XgABH5HoTcZLi08SaadH9xGzNulm3m
om3ieg/SUvxINrITYNOvNk8s35l0CoRMaGpW4/D/upHY
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:56:27 2024 by rpki-client on console-fra.rpki-client.org