Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/QuBNELF2qBBEI9yBH0WdSmeIFeE.roa
File:                     QuBNELF2qBBEI9yBH0WdSmeIFeE.roa (raw, json)
Hash identifier:          h9YuCpnEZMJu0CSXQmTM9C5KE8E1Gamkqf2cm5xZe0w=
Subject key identifier:   42:E0:4D:10:B1:76:A8:10:44:23:DC:81:1F:45:9D:4A:67:88:15:E1
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       01849E7DD059ADBE0FFC681D4DAE35141D9D
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/QuBNELF2qBBEI9yBH0WdSmeIFeE.roa
Signing time:             Tue 22 Nov 2022 08:39:16 +0000
ROA not before:           Tue 22 Nov 2022 08:39:16 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     212669
IP address blocks:        178.210.253.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:9e:7d:d0:59:ad:be:0f:fc:68:1d:4d:ae:35:14:1d:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Nov 22 08:39:16 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=42e04d10b176a8104423dc811f459d4a678815e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:2a:18:5b:8c:5c:df:99:ca:89:3b:fb:0e:fe:
                    fa:e0:f9:40:ac:f3:06:47:32:c6:9d:77:2f:5d:92:
                    95:92:95:70:28:2d:37:36:16:54:64:16:80:4f:30:
                    28:38:0d:71:ae:2f:f0:70:91:4d:b2:34:32:83:f5:
                    8f:c1:8e:a2:6e:71:dc:57:50:45:30:ac:b8:b1:75:
                    6c:93:b5:19:46:30:99:62:23:7d:40:19:26:d5:40:
                    bd:9d:33:c6:1f:5a:60:e4:a1:a4:fd:65:8e:32:6b:
                    10:83:6b:2c:40:09:60:68:a8:fb:e4:6b:9d:a3:18:
                    3a:eb:3a:45:2c:c6:40:10:ec:a7:38:da:bb:da:43:
                    8c:e4:d4:c1:19:98:bf:3c:a2:d2:fa:d8:0e:a2:b0:
                    ac:d6:00:e1:8f:be:a2:81:47:dc:a1:3b:d5:72:3d:
                    1f:93:68:62:4c:87:9a:9f:b5:56:f8:3a:36:c1:99:
                    b5:cf:32:a7:d8:2b:bb:bb:28:00:ea:a8:13:4a:76:
                    a0:c2:6b:49:db:33:7c:22:9c:aa:2a:07:99:b5:8e:
                    fb:76:3d:ed:b6:69:9a:ea:89:e4:e8:dc:fd:28:fc:
                    93:cd:0c:b8:69:31:ed:82:f7:e4:ed:a3:57:cc:25:
                    9c:b9:33:a3:71:5c:f1:2c:3a:b5:27:27:b9:9a:8f:
                    0c:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:E0:4D:10:B1:76:A8:10:44:23:DC:81:1F:45:9D:4A:67:88:15:E1
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/QuBNELF2qBBEI9yBH0WdSmeIFeE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.210.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:7b:f9:74:cd:51:bd:31:89:ac:10:de:8b:6b:2c:ad:55:30:
         ab:79:ef:7f:8a:72:2d:91:39:5b:27:f1:cb:33:d3:b0:c3:89:
         68:42:c1:77:47:83:43:fa:c1:2c:a8:d6:dc:b5:1f:6a:8d:86:
         4e:b6:94:05:da:c1:6d:b9:b1:54:e5:67:ba:e6:f1:ea:8f:06:
         eb:98:87:0b:7c:6f:68:7f:af:1d:f3:c7:de:8d:ba:d0:e9:30:
         20:63:60:5f:8b:fd:08:1e:ee:d5:67:28:85:17:c6:0e:f5:38:
         97:6e:15:5b:1f:3a:5d:c6:98:f7:b5:44:3a:f9:7c:35:ec:a6:
         58:61:7d:f2:77:9a:90:1b:a5:a3:51:6a:51:2e:bc:ed:3d:51:
         c2:0e:5a:1c:af:78:32:79:06:13:7d:e7:bf:2e:c0:c7:ce:07:
         9a:83:e6:a4:c0:1a:25:21:30:e9:be:f4:ba:ef:38:ab:08:7c:
         6a:bd:d3:98:eb:a2:14:37:7e:ea:ca:63:ce:61:b1:10:32:ef:
         97:12:cb:3c:15:66:84:d4:60:de:9d:db:d2:32:27:61:73:9d:
         17:49:7b:8c:65:5d:2f:ac:6f:12:5d:a6:66:60:1d:c7:f7:9a:
         62:cb:30:64:8e:c0:9f:19:f0:1a:d8:f8:10:de:09:6c:fe:d2:
         9c:f0:33:e5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYSefdBZrb4P/GgdTa41FB2dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjIxMTIyMDgzOTE2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MmUwNGQxMGIxNzZhODEwNDQyM2RjODExZjQ1OWQ0YTY3ODgxNWUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlioYW4xc35nKiTv7Dv764PlArPMG
RzLGnXcvXZKVkpVwKC03NhZUZBaATzAoOA1xri/wcJFNsjQyg/WPwY6ibnHcV1BF
MKy4sXVsk7UZRjCZYiN9QBkm1UC9nTPGH1pg5KGk/WWOMmsQg2ssQAlgaKj75Gud
oxg66zpFLMZAEOynONq72kOM5NTBGZi/PKLS+tgOorCs1gDhj76igUfcoTvVcj0f
k2hiTIean7VW+Do2wZm1zzKn2Cu7uygA6qgTSnagwmtJ2zN8IpyqKgeZtY77dj3t
tmma6onk6Nz9KPyTzQy4aTHtgvfk7aNXzCWcuTOjcVzxLDq1Jye5mo8MUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFELgTRCxdqgQRCPcgR9FnUpniBXhMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvUXVCTkVMRjJxQkJFSTl5QkgwV2RTbWVJRmVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAstL9MA0G
CSqGSIb3DQEBCwUAA4IBAQAme/l0zVG9MYmsEN6LayytVTCree9/inItkTlbJ/HL
M9Oww4loQsF3R4ND+sEsqNbctR9qjYZOtpQF2sFtubFU5We65vHqjwbrmIcLfG9o
f68d88fejbrQ6TAgY2Bfi/0IHu7VZyiFF8YO9TiXbhVbHzpdxpj3tUQ6+Xw17KZY
YX3yd5qQG6WjUWpRLrztPVHCDlocr3gyeQYTfee/LsDHzgeag+akwBolITDpvvS6
7zirCHxqvdOY66IUN37qymPOYbEQMu+XEss8FWaE1GDendvSMidhc50XSXuMZV0v
rG8SXaZmYB3H95piyzBkjsCfGfAa2PgQ3gls/tKc8DPl
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:56:27 2024 by rpki-client on console-fra.rpki-client.org