Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/515608-5012-4a40-b324-27bf83cded6b/1/JoKEXFOujnjYX8AOcvwvLImVGEs.roa
File:                     JoKEXFOujnjYX8AOcvwvLImVGEs.roa (raw, json)
Hash identifier:          tmKea6ONyvCwUARrmvhX+CS3nvNMrHnIZdv0+jillVA=
Subject key identifier:   26:82:84:5C:53:AE:8E:78:D8:5F:C0:0E:72:FC:2F:2C:89:95:18:4B
Certificate issuer:       /CN=a4f8436003d37602026b65531755ca8fcd31bed2
Certificate serial:       018CC86F4A34B97911004A776FB3E3A53B3A
Authority key identifier: A4:F8:43:60:03:D3:76:02:02:6B:65:53:17:55:CA:8F:CD:31:BE:D2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pPhDYAPTdgICa2VTF1XKj80xvtI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/515608-5012-4a40-b324-27bf83cded6b/1/JoKEXFOujnjYX8AOcvwvLImVGEs.roa
Signing time:             Tue 02 Jan 2024 04:29:45 +0000
ROA not before:           Tue 02 Jan 2024 04:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     33916
IP address blocks:        78.109.208.0/20 maxlen: 20

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:4a:34:b9:79:11:00:4a:77:6f:b3:e3:a5:3b:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a4f8436003d37602026b65531755ca8fcd31bed2
        Validity
            Not Before: Jan  2 04:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2682845c53ae8e78d85fc00e72fc2f2c8995184b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:d4:ac:c9:0c:3e:b9:68:4d:26:20:c3:d8:07:
                    5a:f9:4c:a5:42:d1:bc:58:e6:47:83:cc:28:67:07:
                    51:47:4f:65:0d:30:c6:27:40:62:cd:81:64:03:7f:
                    1c:a0:66:88:27:69:9a:b8:02:b0:8f:09:0b:5f:a7:
                    70:34:c9:7f:76:6b:4c:9f:82:ff:60:43:20:66:d0:
                    4a:65:5e:98:03:c0:28:cc:37:f4:27:79:9f:30:07:
                    d0:db:d2:7b:e5:bf:0b:c5:28:c2:47:f3:83:6d:8b:
                    96:ff:72:57:2b:17:d8:69:2e:86:7c:09:e5:5a:06:
                    4c:ed:21:78:29:95:61:ca:dc:3a:42:df:9e:c7:2d:
                    1a:b0:33:39:57:36:56:d1:a1:92:d5:cf:2c:09:63:
                    26:3c:27:64:b7:ea:41:f3:3d:0a:f2:5a:08:b6:c3:
                    d2:60:24:7a:f1:31:de:82:bc:fd:6e:98:6f:25:d1:
                    d2:d2:85:eb:2c:d7:65:94:6b:a4:fc:ff:20:93:b1:
                    bf:ef:f4:8e:5d:3c:9c:a7:11:ab:b5:da:62:ac:ea:
                    90:c1:7a:fd:53:52:c7:33:25:ce:dc:44:70:cf:c9:
                    a3:af:d9:86:60:5e:66:48:a3:df:10:b0:28:d9:5d:
                    e2:79:c1:08:0e:29:16:64:a6:15:a6:d7:e3:f2:54:
                    b1:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:82:84:5C:53:AE:8E:78:D8:5F:C0:0E:72:FC:2F:2C:89:95:18:4B
            X509v3 Authority Key Identifier:
                keyid:A4:F8:43:60:03:D3:76:02:02:6B:65:53:17:55:CA:8F:CD:31:BE:D2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pPhDYAPTdgICa2VTF1XKj80xvtI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/515608-5012-4a40-b324-27bf83cded6b/1/JoKEXFOujnjYX8AOcvwvLImVGEs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/515608-5012-4a40-b324-27bf83cded6b/1/pPhDYAPTdgICa2VTF1XKj80xvtI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.109.208.0/20

    Signature Algorithm: sha256WithRSAEncryption
         2c:1c:66:23:74:c8:d0:4a:d4:7c:ed:7b:64:26:30:0e:96:88:
         10:3f:aa:b1:5e:b7:4e:82:d5:a9:8c:59:44:84:4f:7e:42:bf:
         6d:77:55:d1:b7:15:5c:b3:e6:5e:6c:1b:9c:39:71:6b:bd:6c:
         ea:8c:81:b9:e5:21:bc:be:b1:a2:03:29:3b:8e:e6:ba:77:e3:
         50:7f:41:45:56:90:60:77:a4:82:0f:99:de:32:0f:e5:6b:32:
         5f:7c:e1:d7:c5:93:38:5a:86:48:8d:6e:9a:73:fd:e6:54:c8:
         95:14:00:89:e4:80:d6:e2:39:a7:b8:dc:d9:96:53:8b:e0:7a:
         74:8f:29:1b:44:26:f3:a0:cc:b8:a2:b4:1c:56:7e:29:83:19:
         f0:d0:7e:48:02:c6:dd:ee:6c:68:07:ef:31:61:87:73:34:da:
         b7:f3:1e:2a:fe:75:1b:56:da:fd:15:d8:e6:fa:4b:9b:03:5b:
         fe:78:15:71:57:bd:a0:b3:fd:20:79:bb:a7:39:e8:33:f7:c3:
         de:92:88:8b:74:1a:68:7d:65:a2:78:57:2c:a8:c8:ba:9b:bb:
         1b:08:35:f4:9e:e9:65:80:38:5a:22:22:a6:6d:9b:37:8f:53:
         6f:f5:eb:21:ac:5e:89:d2:32:a1:b9:d9:65:3d:a0:da:f3:45:
         e6:34:88:b3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb0o0uXkRAEp3b7PjpTs6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0Zjg0MzYwMDNkMzc2MDIwMjZiNjU1MzE3NTVjYThmY2Qz
MWJlZDIwHhcNMjQwMTAyMDQyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjgyODQ1YzUzYWU4ZTc4ZDg1ZmMwMGU3MmZjMmYyYzg5OTUxODRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhtSsyQw+uWhNJiDD2Ada+UylQtG8
WOZHg8woZwdRR09lDTDGJ0BizYFkA38coGaIJ2mauAKwjwkLX6dwNMl/dmtMn4L/
YEMgZtBKZV6YA8AozDf0J3mfMAfQ29J75b8LxSjCR/ODbYuW/3JXKxfYaS6GfAnl
WgZM7SF4KZVhytw6Qt+exy0asDM5VzZW0aGS1c8sCWMmPCdkt+pB8z0K8loItsPS
YCR68THegrz9bphvJdHS0oXrLNdllGuk/P8gk7G/7/SOXTycpxGrtdpirOqQwXr9
U1LHMyXO3ERwz8mjr9mGYF5mSKPfELAo2V3iecEIDikWZKYVptfj8lSx2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCaChFxTro542F/ADnL8LyyJlRhLMB8GA1UdIwQY
MBaAFKT4Q2AD03YCAmtlUxdVyo/NMb7SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFBoRFlBUFRkZ0lDYTJWVEYxWEtqODB4dnRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS81MTU2MDgtNTAxMi00YTQwLWIzMjQt
MjdiZjgzY2RlZDZiLzEvSm9LRVhGT3VqbmpZWDhBT2N2d3ZMSW1WR0VzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS81MTU2MDgtNTAxMi00YTQwLWIzMjQtMjdiZjgzY2RlZDZi
LzEvcFBoRFlBUFRkZ0lDYTJWVEYxWEtqODB4dnRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQETm3QMA0G
CSqGSIb3DQEBCwUAA4IBAQAsHGYjdMjQStR87XtkJjAOlogQP6qxXrdOgtWpjFlE
hE9+Qr9td1XRtxVcs+ZebBucOXFrvWzqjIG55SG8vrGiAyk7jua6d+NQf0FFVpBg
d6SCD5neMg/lazJffOHXxZM4WoZIjW6ac/3mVMiVFACJ5IDW4jmnuNzZllOL4Hp0
jykbRCbzoMy4orQcVn4pgxnw0H5IAsbd7mxoB+8xYYdzNNq38x4q/nUbVtr9Fdjm
+kubA1v+eBVxV72gs/0gebunOegz98PekoiLdBpofWWieFcsqMi6m7sbCDX0null
gDhaIiKmbZs3j1Nv9eshrF6J0jKhudllPaDa80XmNIiz
-----END CERTIFICATE-----
Generated at Tue Aug 20 12:44:32 2024 by rpki-client on console-fra.rpki-client.org