Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/nLBsLNV9E95ueoCL05lP43lVQMc.roa
File:                     nLBsLNV9E95ueoCL05lP43lVQMc.roa (raw, json)
Hash identifier:          e+XP99FLMcTjdYiQD3mt3jrVEoBSaqIWFqiPerKFra4=
Subject key identifier:   9C:B0:6C:2C:D5:7D:13:DE:6E:7A:80:8B:D3:99:4F:E3:79:55:40:C7
Certificate issuer:       /CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
Certificate serial:       018D13D7EDAE1656668C838A901613B919E0
Authority key identifier: C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/nLBsLNV9E95ueoCL05lP43lVQMc.roa
Signing time:             Tue 16 Jan 2024 19:55:34 +0000
ROA not before:           Tue 16 Jan 2024 19:55:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212667
IP address blocks:        178.212.78.0/24 maxlen: 24
                          188.93.136.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:13:d7:ed:ae:16:56:66:8c:83:8a:90:16:13:b9:19:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
        Validity
            Not Before: Jan 16 19:55:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9cb06c2cd57d13de6e7a808bd3994fe3795540c7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:22:ac:3f:21:61:5d:8c:20:cd:48:91:f4:75:
                    dc:8b:a0:82:73:50:eb:56:fe:2f:15:e3:26:b3:00:
                    da:9d:0e:e6:f3:3f:86:e7:1e:e4:a2:72:69:72:50:
                    d8:1d:a4:c1:10:8b:63:7f:ad:d7:14:aa:bb:13:47:
                    1a:9b:ec:59:31:8f:7c:3e:31:c2:32:c2:2c:d7:33:
                    d2:b3:ed:00:66:5a:71:00:b1:94:c4:25:66:cd:5b:
                    7f:7f:6a:02:1c:9b:fc:0e:87:2b:17:11:9d:45:12:
                    5b:e1:db:ee:2c:d2:76:74:e3:c4:ef:59:45:47:88:
                    08:6e:46:94:9b:57:67:21:2f:a7:47:b1:5e:cc:c4:
                    25:24:bf:67:dc:3c:8f:99:17:d2:14:bc:cb:d2:82:
                    e4:d1:3a:64:a3:ed:c8:4d:23:b1:3a:32:a7:27:fa:
                    5b:4f:c3:05:65:7a:19:25:a0:58:29:1d:f7:a6:af:
                    71:50:a2:21:1c:84:33:c1:cd:91:01:b5:28:b4:43:
                    ff:65:16:19:51:d9:4c:37:05:c2:b5:f1:52:20:a6:
                    5f:c8:ee:a8:45:2d:c7:c9:16:d7:97:e3:9b:ab:c8:
                    09:50:d5:5e:d6:97:d9:4b:77:f5:0a:bb:bd:14:a5:
                    41:97:31:ef:63:36:f5:38:dd:ad:43:60:9c:76:b2:
                    c0:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:B0:6C:2C:D5:7D:13:DE:6E:7A:80:8B:D3:99:4F:E3:79:55:40:C7
            X509v3 Authority Key Identifier:
                keyid:C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/nLBsLNV9E95ueoCL05lP43lVQMc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.212.78.0/24
                  188.93.136.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ce:87:25:dc:a9:3a:c5:b4:15:0e:a0:97:56:3c:26:9d:a8:44:
         86:74:5f:18:bb:17:3a:c1:ce:e1:1a:f6:4d:b1:32:c3:73:b8:
         0d:1a:6e:df:59:b1:55:f6:e8:9a:dd:4e:72:54:89:7c:8d:06:
         c3:0f:4b:0b:48:ce:bc:9b:b5:de:f5:40:5e:f9:c6:aa:51:7d:
         b4:58:b7:12:2c:1c:18:f2:c8:b3:ae:23:99:b6:76:07:91:08:
         6c:7d:30:3c:af:40:10:bd:17:1d:76:81:ce:fe:63:04:20:a5:
         0a:d3:c7:6e:b3:d7:1e:ff:27:97:26:30:af:7b:a2:65:dd:26:
         e1:a7:3e:fa:b1:e2:78:3d:62:60:7f:d8:f8:b7:ce:f7:82:4f:
         2b:db:9e:b4:15:3f:46:e0:ff:3a:ab:55:88:9a:ab:9b:4f:e9:
         90:40:30:8b:2e:43:62:db:fc:f7:f0:0a:b0:89:56:02:af:9e:
         0b:fa:48:f9:c1:bb:c5:53:9a:54:76:47:e2:ef:11:bf:c5:02:
         0d:e0:6e:80:f1:b7:c1:49:61:6e:67:9a:56:b5:aa:ff:70:5a:
         4e:1d:e9:80:a7:3c:db:5b:85:44:5a:d4:30:77:31:f2:d5:fb:
         78:33:4a:71:fa:fd:cb:0c:8e:8d:46:b4:b6:2a:d4:9c:b1:77:
         e0:80:46:59
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY0T1+2uFlZmjIOKkBYTuRngMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzODI4MGM1MzAwYjc0ODg4YWM3ZWI0YmZhNjQxN2Q5YTJl
N2IwYmUwHhcNMjQwMTE2MTk1NTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Y2IwNmMyY2Q1N2QxM2RlNmU3YTgwOGJkMzk5NGZlMzc5NTU0MGM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqyKsPyFhXYwgzUiR9HXci6CCc1Dr
Vv4vFeMmswDanQ7m8z+G5x7konJpclDYHaTBEItjf63XFKq7E0cam+xZMY98PjHC
MsIs1zPSs+0AZlpxALGUxCVmzVt/f2oCHJv8DocrFxGdRRJb4dvuLNJ2dOPE71lF
R4gIbkaUm1dnIS+nR7FezMQlJL9n3DyPmRfSFLzL0oLk0Tpko+3ITSOxOjKnJ/pb
T8MFZXoZJaBYKR33pq9xUKIhHIQzwc2RAbUotEP/ZRYZUdlMNwXCtfFSIKZfyO6o
RS3HyRbXl+Obq8gJUNVe1pfZS3f1Cru9FKVBlzHvYzb1ON2tQ2CcdrLArwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJywbCzVfRPebnqAi9OZT+N5VUDHMB8GA1UdIwQY
MBaAFMOCgMUwC3SIisfrS/pkF9mi57C+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2Yt
NDFiYjIxYWMyODAxLzEvbkxCc0xOVjlFOTV1ZW9DTDA1bFA0M2xWUU1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2YtNDFiYjIxYWMyODAx
LzEvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAstROAwQA
vF2IMA0GCSqGSIb3DQEBCwUAA4IBAQDOhyXcqTrFtBUOoJdWPCadqESGdF8Yuxc6
wc7hGvZNsTLDc7gNGm7fWbFV9uia3U5yVIl8jQbDD0sLSM68m7Xe9UBe+caqUX20
WLcSLBwY8sizriOZtnYHkQhsfTA8r0AQvRcddoHO/mMEIKUK08dus9ce/yeXJjCv
e6Jl3Sbhpz76seJ4PWJgf9j4t873gk8r2560FT9G4P86q1WImqubT+mQQDCLLkNi
2/z38AqwiVYCr54L+kj5wbvFU5pUdkfi7xG/xQIN4G6A8bfBSWFuZ5pWtar/cFpO
HemApzzbW4VEWtQwdzHy1ft4M0px+v3LDI6NRrS2KtScsXfggEZZ
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:59:31 2024 by rpki-client on console-fra.rpki-client.org