Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/blbaWWZQkm7O3xCtawD0icjnB78.roa
File:                     blbaWWZQkm7O3xCtawD0icjnB78.roa (raw, json)
Hash identifier:          wWgA1cppi/5PwPC4KUEHbT4/NnezLJMGXklnOEtPNO0=
Subject key identifier:   6E:56:DA:59:66:50:92:6E:CE:DF:10:AD:6B:00:F4:89:C8:E7:07:BF
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       0184662A0F42CE76A9AA2DE07148BF380027
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/blbaWWZQkm7O3xCtawD0icjnB78.roa
Signing time:             Fri 11 Nov 2022 10:09:03 +0000
ROA not before:           Fri 11 Nov 2022 10:09:03 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     206873
IP address blocks:        178.210.233.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:66:2a:0f:42:ce:76:a9:aa:2d:e0:71:48:bf:38:00:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Nov 11 10:09:03 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=6e56da596650926ecedf10ad6b00f489c8e707bf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:1e:c1:0c:90:e7:e8:78:6f:b5:5a:40:d5:aa:
                    bd:4a:d8:c2:6a:8a:11:5a:7b:fd:3c:d5:1a:5a:5f:
                    9b:1d:4f:6c:e7:da:b7:84:c8:e8:83:c9:92:0d:34:
                    3a:1d:fe:d9:1c:10:a5:be:66:b6:8d:4c:74:53:73:
                    2a:05:ec:87:99:2b:42:30:26:a8:12:1a:c8:4f:1e:
                    43:0f:60:eb:9b:91:a9:70:1d:cc:c3:be:dd:14:33:
                    d5:ce:84:75:37:9f:e1:f9:0c:13:04:a8:85:be:e3:
                    21:dd:2b:7a:9c:2f:b5:1a:52:76:b5:ad:c7:1b:de:
                    d8:5c:4d:72:13:5d:ac:3a:05:b5:54:96:f8:f6:c6:
                    37:12:36:2f:d6:a2:e3:2f:92:2e:b9:a7:d3:6a:51:
                    31:a5:82:ce:35:19:fd:f6:45:3a:e8:6d:b5:6a:1e:
                    6d:6a:29:1f:06:d8:27:23:df:aa:ff:b6:cf:79:51:
                    0f:ae:6d:47:3f:ff:f1:e2:ee:e2:9d:ab:b7:59:09:
                    49:b9:38:c6:c7:ec:c4:ed:59:94:97:ee:c8:40:35:
                    43:8c:18:fa:5d:69:03:c4:46:d5:a8:13:9d:8a:5b:
                    f8:52:eb:f1:9a:3f:7b:f3:4a:98:4b:d7:35:a7:2e:
                    24:f1:0c:64:db:6e:a2:5a:72:65:88:70:90:74:d4:
                    4e:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:56:DA:59:66:50:92:6E:CE:DF:10:AD:6B:00:F4:89:C8:E7:07:BF
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/blbaWWZQkm7O3xCtawD0icjnB78.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.210.233.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:14:6e:92:6a:e5:f3:b4:a0:cc:6a:b0:2c:fd:32:33:65:b1:
         be:c1:1e:ce:8f:34:b9:1d:fc:2a:6f:d8:df:90:ef:17:0a:ee:
         dd:e4:bb:f2:cd:da:6e:59:e8:79:a9:5e:70:c7:68:35:c1:c7:
         9e:66:c0:4c:e8:70:96:ad:12:0b:5b:bd:2a:5a:2c:37:c9:2b:
         b8:dd:32:c6:46:93:e0:aa:ee:fe:dd:3b:18:bb:7e:e0:7c:82:
         7c:44:5b:98:3d:64:d8:cd:9a:72:f6:d1:21:2c:0a:76:3f:99:
         8d:24:3b:93:f8:ca:39:97:32:c9:97:a7:a9:6e:99:e1:3f:3d:
         86:2d:2b:94:43:ec:da:a2:da:8e:6b:b6:6a:19:16:c4:a8:ad:
         d9:1f:b1:86:bf:7c:3f:01:3e:40:04:96:71:ff:71:25:45:84:
         18:3d:10:6d:09:83:94:85:e1:30:32:76:bf:29:f2:c8:8e:e1:
         3d:94:00:d3:3d:5d:a5:e6:f8:d7:5c:f2:d2:5c:39:8b:c9:34:
         d8:3a:dc:2c:1e:ac:5a:c6:21:c1:dd:1e:98:ba:40:6e:93:bd:
         e0:ee:8b:5f:95:76:80:9e:2b:cf:79:64:de:23:9a:25:63:68:
         f2:ac:ee:88:97:c3:a7:f5:3e:d5:74:a2:b5:64:a9:56:77:54:
         40:d7:f1:b9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYRmKg9Cznapqi3gcUi/OAAnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjIxMTExMTAwOTAzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTU2ZGE1OTY2NTA5MjZlY2VkZjEwYWQ2YjAwZjQ4OWM4ZTcwN2JmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiB7BDJDn6HhvtVpA1aq9StjCaooR
Wnv9PNUaWl+bHU9s59q3hMjog8mSDTQ6Hf7ZHBClvma2jUx0U3MqBeyHmStCMCao
EhrITx5DD2Drm5GpcB3Mw77dFDPVzoR1N5/h+QwTBKiFvuMh3St6nC+1GlJ2ta3H
G97YXE1yE12sOgW1VJb49sY3EjYv1qLjL5IuuafTalExpYLONRn99kU66G21ah5t
aikfBtgnI9+q/7bPeVEPrm1HP//x4u7inau3WQlJuTjGx+zE7VmUl+7IQDVDjBj6
XWkDxEbVqBOdilv4Uuvxmj9780qYS9c1py4k8Qxk226iWnJliHCQdNRO4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG5W2llmUJJuzt8QrWsA9InI5we/MB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvYmxiYVdXWlFrbTdPM3hDdGF3RDBpY2puQjc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAstLpMA0G
CSqGSIb3DQEBCwUAA4IBAQA7FG6SauXztKDMarAs/TIzZbG+wR7OjzS5Hfwqb9jf
kO8XCu7d5LvyzdpuWeh5qV5wx2g1wceeZsBM6HCWrRILW70qWiw3ySu43TLGRpPg
qu7+3TsYu37gfIJ8RFuYPWTYzZpy9tEhLAp2P5mNJDuT+Mo5lzLJl6epbpnhPz2G
LSuUQ+zaotqOa7ZqGRbEqK3ZH7GGv3w/AT5ABJZx/3ElRYQYPRBtCYOUheEwMna/
KfLIjuE9lADTPV2l5vjXXPLSXDmLyTTYOtwsHqxaxiHB3R6YukBuk73g7otflXaA
nivPeWTeI5olY2jyrO6Il8On9T7VdKK1ZKlWd1RA1/G5
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:56:28 2024 by rpki-client on console-fra.rpki-client.org