Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/z4Ao-hv_oYmNv_rBEAqSa-KpqHA.roa
File:                     z4Ao-hv_oYmNv_rBEAqSa-KpqHA.roa (raw, json)
Hash identifier:          h86gF0Aut9p0bv02ct3FTjBiv92GSBr1A4S5TKyiqMo=
Subject key identifier:   CF:80:28:FA:1B:FF:A1:89:8D:BF:FA:C1:10:0A:92:6B:E2:A9:A8:70
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       0184C7901D97FFA829F3B4A680A9F35C0447
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/z4Ao-hv_oYmNv_rBEAqSa-KpqHA.roa
Signing time:             Wed 30 Nov 2022 08:03:41 +0000
ROA not before:           Wed 30 Nov 2022 08:03:41 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     207326
IP address blocks:        178.210.252.0/24 maxlen: 24
                          178.210.248.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:c7:90:1d:97:ff:a8:29:f3:b4:a6:80:a9:f3:5c:04:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Nov 30 08:03:41 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=cf8028fa1bffa1898dbffac1100a926be2a9a870
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:c0:6f:50:4b:29:04:4c:21:c1:c6:7f:f7:40:
                    39:6f:44:55:ad:81:78:c7:95:4e:a0:b3:1f:59:93:
                    12:89:ee:4d:ad:81:4c:a2:4d:e7:86:64:f9:73:3e:
                    61:d3:6d:30:a7:e9:db:34:03:a8:03:78:9b:66:ca:
                    b9:29:17:bf:9a:5f:73:32:c5:74:00:4f:a5:58:f1:
                    ca:36:8c:59:a7:45:bf:f8:9e:d3:b9:e7:1a:fe:a1:
                    95:75:93:cb:20:59:0c:c4:96:1c:48:08:b5:ce:66:
                    06:55:c7:5b:b0:c7:c7:7e:db:0a:e2:9d:93:6c:55:
                    c1:3d:be:0d:ec:54:a2:16:ce:c0:bd:f1:bf:f9:25:
                    44:c8:6d:de:86:9e:5e:cf:42:be:85:98:5d:5e:92:
                    8b:20:b7:5a:38:db:1b:22:10:01:f3:03:3c:28:54:
                    61:e9:05:37:cb:94:b5:9a:1b:a4:0c:63:57:19:d3:
                    fa:c5:6c:5d:1e:a2:6e:13:c0:66:4f:b3:e6:ce:91:
                    3b:54:15:41:6d:c0:e8:b7:78:be:64:01:36:dd:e0:
                    dc:bd:4a:cb:39:dc:b0:89:14:b7:79:82:76:4e:0d:
                    2c:04:89:55:e8:18:ca:29:6f:7c:e7:8c:1b:3e:7b:
                    6d:fd:55:2e:33:b7:e2:9a:ea:78:8c:b6:6e:da:99:
                    c2:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:80:28:FA:1B:FF:A1:89:8D:BF:FA:C1:10:0A:92:6B:E2:A9:A8:70
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/z4Ao-hv_oYmNv_rBEAqSa-KpqHA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.210.248.0/24
                  178.210.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:e3:b9:9e:44:5b:82:77:d7:04:b7:fa:f4:b6:48:46:1d:46:
         ef:5e:40:92:af:52:88:04:64:db:d2:b0:62:29:92:69:9c:d5:
         3e:68:9a:6b:8b:77:47:19:21:88:23:41:66:17:82:ac:89:fc:
         6b:d6:14:60:e2:f0:24:2b:32:d5:14:96:cf:68:49:42:15:59:
         74:32:eb:ce:21:c2:6e:bf:7c:7a:d2:68:f5:fe:e2:50:17:f3:
         d9:d9:08:d6:3c:1f:c6:5e:5b:c0:d8:e3:8f:60:8d:83:b0:f2:
         9c:43:19:12:5b:95:c4:66:9b:cd:d1:e8:7e:d8:81:23:f0:c9:
         a1:93:3f:c9:83:4e:c2:d8:f2:e0:94:18:1a:2d:79:b8:cd:9e:
         49:6e:5a:8e:a7:b7:32:c8:d3:03:e8:36:51:63:d5:7d:e8:5f:
         81:64:cc:fd:c3:9b:98:f5:b0:6c:4b:db:39:3d:90:bf:44:8b:
         c0:4f:0b:a9:90:00:14:61:9a:65:40:a4:c3:d3:40:1e:71:7e:
         a8:2a:69:95:f3:00:89:51:1f:b3:e7:68:3b:31:29:86:59:41:
         5d:f6:15:9f:ce:6f:ce:b7:56:52:21:2b:b8:44:55:cc:43:33:
         46:8c:9c:d2:82:e2:98:e6:ec:d4:fb:37:d4:12:72:e2:18:4a:
         ad:25:dc:31
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYTHkB2X/6gp87SmgKnzXARHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjIxMTMwMDgwMzQxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjgwMjhmYTFiZmZhMTg5OGRiZmZhYzExMDBhOTI2YmUyYTlhODcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAysBvUEspBEwhwcZ/90A5b0RVrYF4
x5VOoLMfWZMSie5NrYFMok3nhmT5cz5h020wp+nbNAOoA3ibZsq5KRe/ml9zMsV0
AE+lWPHKNoxZp0W/+J7Tueca/qGVdZPLIFkMxJYcSAi1zmYGVcdbsMfHftsK4p2T
bFXBPb4N7FSiFs7AvfG/+SVEyG3ehp5ez0K+hZhdXpKLILdaONsbIhAB8wM8KFRh
6QU3y5S1mhukDGNXGdP6xWxdHqJuE8BmT7PmzpE7VBVBbcDot3i+ZAE23eDcvUrL
OdywiRS3eYJ2Tg0sBIlV6BjKKW9854wbPntt/VUuM7fimup4jLZu2pnCzQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFM+AKPob/6GJjb/6wRAKkmviqahwMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvejRBby1odl9vWW1Odl9yQkVBcVNhLUtwcUhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAstL4AwQA
stL8MA0GCSqGSIb3DQEBCwUAA4IBAQBb47meRFuCd9cEt/r0tkhGHUbvXkCSr1KI
BGTb0rBiKZJpnNU+aJpri3dHGSGII0FmF4Ksifxr1hRg4vAkKzLVFJbPaElCFVl0
MuvOIcJuv3x60mj1/uJQF/PZ2QjWPB/GXlvA2OOPYI2DsPKcQxkSW5XEZpvN0eh+
2IEj8Mmhkz/Jg07C2PLglBgaLXm4zZ5JblqOp7cyyNMD6DZRY9V96F+BZMz9w5uY
9bBsS9s5PZC/RIvATwupkAAUYZplQKTD00AecX6oKmmV8wCJUR+z52g7MSmGWUFd
9hWfzm/Ot1ZSISu4RFXMQzNGjJzSguKY5uzU+zfUEnLiGEqtJdwx
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:47:57 2024 by rpki-client on console-ams.rpki-client.org