Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/25cdb4-e508-4b37-81bc-36f82bd379bd/1/Un0Fsb7bTVGwu5eIFhYK_89QXHA.roa
File:                     Un0Fsb7bTVGwu5eIFhYK_89QXHA.roa (raw, json)
Hash identifier:          vnw/0ncBSWUU8xbBYh2BOiK5njrn0jYTEvwS+kkMIA4=
Subject key identifier:   52:7D:05:B1:BE:DB:4D:51:B0:BB:97:88:16:16:0A:FF:CF:50:5C:70
Certificate issuer:       /CN=b10c3cf3dc53ca549c03e4f5f46d91ce90b8e070
Certificate serial:       018CC500CE5864E8FFC109DBE93669C82DA7
Authority key identifier: B1:0C:3C:F3:DC:53:CA:54:9C:03:E4:F5:F4:6D:91:CE:90:B8:E0:70
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sQw889xTylScA-T19G2RzpC44HA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/25cdb4-e508-4b37-81bc-36f82bd379bd/1/Un0Fsb7bTVGwu5eIFhYK_89QXHA.roa
Signing time:             Mon 01 Jan 2024 12:30:13 +0000
ROA not before:           Mon 01 Jan 2024 12:30:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31008
IP address blocks:        217.168.247.0/24 maxlen: 24
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:ce:58:64:e8:ff:c1:09:db:e9:36:69:c8:2d:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b10c3cf3dc53ca549c03e4f5f46d91ce90b8e070
        Validity
            Not Before: Jan  1 12:30:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=527d05b1bedb4d51b0bb978816160affcf505c70
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:76:2c:3d:cc:7c:37:ac:51:59:86:77:5a:4c:
                    07:e8:88:df:ce:29:fe:bc:39:19:b5:78:68:fe:6c:
                    00:20:c5:ea:97:27:9d:56:f2:45:28:f2:64:65:33:
                    fd:b4:82:3b:da:99:d8:9a:93:31:ee:7d:c4:bd:c3:
                    c2:fe:e4:dc:3d:4b:fc:6e:b3:1c:a3:5d:5f:b0:de:
                    37:19:6e:7c:ae:d3:05:db:85:ef:e0:c0:06:33:02:
                    6c:e0:3c:ef:18:8d:8e:86:2e:4d:34:b3:f2:f5:b2:
                    c2:d9:69:3f:1c:bd:ac:81:b7:f0:a3:da:8c:cd:87:
                    e8:21:d9:80:ad:70:ac:f0:30:1c:38:b7:7f:d6:46:
                    a4:57:2b:8e:a7:29:a2:f2:67:04:4e:3a:27:2f:d3:
                    ce:1d:86:2d:ad:98:b9:7d:9a:1c:af:31:d6:ee:06:
                    94:4b:02:b7:4a:31:6f:b7:55:b5:33:33:33:fd:06:
                    8f:c7:a6:69:2b:6d:a2:45:82:66:89:7e:a0:2f:d5:
                    b4:1e:78:e4:19:80:8c:8a:36:4a:5b:5a:36:ba:93:
                    85:c5:2d:55:bf:ea:ad:a6:09:19:3b:be:ed:74:6c:
                    f5:b8:4d:29:87:37:ae:96:aa:b5:5e:35:7b:ec:ca:
                    b9:13:9a:ce:9e:bf:77:3c:74:65:df:9c:7d:a2:23:
                    08:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:7D:05:B1:BE:DB:4D:51:B0:BB:97:88:16:16:0A:FF:CF:50:5C:70
            X509v3 Authority Key Identifier:
                keyid:B1:0C:3C:F3:DC:53:CA:54:9C:03:E4:F5:F4:6D:91:CE:90:B8:E0:70

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sQw889xTylScA-T19G2RzpC44HA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/25cdb4-e508-4b37-81bc-36f82bd379bd/1/Un0Fsb7bTVGwu5eIFhYK_89QXHA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/25cdb4-e508-4b37-81bc-36f82bd379bd/1/sQw889xTylScA-T19G2RzpC44HA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.168.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:e7:a4:e3:ae:5d:4c:cf:03:c4:3a:47:2d:6e:ee:dc:1b:8c:
         61:2f:c1:3f:1c:f0:8f:6f:38:88:e9:83:a1:d5:a3:7a:58:b6:
         a7:2f:b9:42:47:ce:52:8e:92:32:fe:37:73:f5:43:bb:46:da:
         32:03:5b:fd:14:f3:ae:07:7c:e1:dc:18:23:c6:f8:bb:91:14:
         c6:5c:94:64:78:0e:63:87:10:f1:7b:cb:ae:79:76:c3:26:f6:
         16:b5:cd:5e:69:4f:6e:96:4e:e8:3b:80:52:a8:e0:55:27:8b:
         38:2b:49:cd:a5:f5:96:26:b2:53:43:87:98:5a:2c:fc:82:f3:
         a9:74:de:1c:4c:81:09:56:e6:00:02:a7:b3:8e:4a:63:ec:59:
         be:64:67:00:2e:b6:f0:b2:29:78:02:a4:75:52:d5:b9:d2:46:
         3a:a1:a8:83:0d:e3:6a:20:84:37:e2:1c:1f:80:7e:50:48:a2:
         bf:c0:9c:be:de:75:29:36:66:cc:df:2a:6d:b6:72:31:12:38:
         4c:d2:01:d3:60:05:49:f8:62:53:a4:27:67:99:ac:d7:02:c2:
         4a:95:e4:47:2e:39:7f:22:58:8d:a6:1f:ef:5a:bb:0a:a9:da:
         bd:72:17:46:19:4e:0b:8a:6b:1d:f6:0d:b2:32:5c:ef:bd:7b:
         61:0f:5a:37
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAM5YZOj/wQnb6TZpyC2nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxMGMzY2YzZGM1M2NhNTQ5YzAzZTRmNWY0NmQ5MWNlOTBi
OGUwNzAwHhcNMjQwMTAxMTIzMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjdkMDViMWJlZGI0ZDUxYjBiYjk3ODgxNjE2MGFmZmNmNTA1YzcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjXYsPcx8N6xRWYZ3WkwH6Ijfzin+
vDkZtXho/mwAIMXqlyedVvJFKPJkZTP9tII72pnYmpMx7n3EvcPC/uTcPUv8brMc
o11fsN43GW58rtMF24Xv4MAGMwJs4DzvGI2Ohi5NNLPy9bLC2Wk/HL2sgbfwo9qM
zYfoIdmArXCs8DAcOLd/1kakVyuOpymi8mcETjonL9POHYYtrZi5fZocrzHW7gaU
SwK3SjFvt1W1MzMz/QaPx6ZpK22iRYJmiX6gL9W0HnjkGYCMijZKW1o2upOFxS1V
v+qtpgkZO77tdGz1uE0phzeulqq1XjV77Mq5E5rOnr93PHRl35x9oiMIUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFJ9BbG+201RsLuXiBYWCv/PUFxwMB8GA1UdIwQY
MBaAFLEMPPPcU8pUnAPk9fRtkc6QuOBwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1F3ODg5eFR5bFNjQS1UMTlHMlJ6cEM0NEhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8yNWNkYjQtZTUwOC00YjM3LTgxYmMt
MzZmODJiZDM3OWJkLzEvVW4wRnNiN2JUVkd3dTVlSUZoWUtfODlRWEhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS8yNWNkYjQtZTUwOC00YjM3LTgxYmMtMzZmODJiZDM3OWJk
LzEvc1F3ODg5eFR5bFNjQS1UMTlHMlJ6cEM0NEhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2aj3MA0G
CSqGSIb3DQEBCwUAA4IBAQBe56Tjrl1MzwPEOkctbu7cG4xhL8E/HPCPbziI6YOh
1aN6WLanL7lCR85SjpIy/jdz9UO7RtoyA1v9FPOuB3zh3Bgjxvi7kRTGXJRkeA5j
hxDxe8uueXbDJvYWtc1eaU9ulk7oO4BSqOBVJ4s4K0nNpfWWJrJTQ4eYWiz8gvOp
dN4cTIEJVuYAAqezjkpj7Fm+ZGcALrbwsil4AqR1UtW50kY6oaiDDeNqIIQ34hwf
gH5QSKK/wJy+3nUpNmbM3ypttnIxEjhM0gHTYAVJ+GJTpCdnmazXAsJKleRHLjl/
IliNph/vWrsKqdq9chdGGU4Limsd9g2yMlzvvXthD1o3
-----END CERTIFICATE-----
Generated at Mon Jun 9 14:33:17 2025 by rpki-client