Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/95eebb-0a9d-4f71-b3f9-5649e1b192bb/1/Ro2bTx-mYiEFWF7IZ2GWp43RUyM.roa
File:                     Ro2bTx-mYiEFWF7IZ2GWp43RUyM.roa (raw, json)
Hash identifier:          r2TNdVqXRmKXCgCuStpm0ygW3abkoR/YG1ERm55xcWE=
Subject key identifier:   46:8D:9B:4F:1F:A6:62:21:05:58:5E:C8:67:61:96:A7:8D:D1:53:23
Certificate issuer:       /CN=fbf62f7606273f41a6ccc8e2956076f3c0a1eb54
Certificate serial:       0D2E9334
Authority key identifier: FB:F6:2F:76:06:27:3F:41:A6:CC:C8:E2:95:60:76:F3:C0:A1:EB:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-_YvdgYnP0GmzMjilWB288Ch61Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/23/95eebb-0a9d-4f71-b3f9-5649e1b192bb/1/Ro2bTx-mYiEFWF7IZ2GWp43RUyM.roa
Signing time:             Fri 24 Jun 2022 07:34:19 +0000
ROA not before:           Fri 24 Jun 2022 07:34:19 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     197706
IP address blocks:        109.104.149.0/24 maxlen: 24
                          109.104.146.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 221156148 (0xd2e9334)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fbf62f7606273f41a6ccc8e2956076f3c0a1eb54
        Validity
            Not Before: Jun 24 07:34:19 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=468d9b4f1fa6622105585ec8676196a78dd15323
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:2c:e4:1d:3d:d7:7b:a2:2c:05:f7:24:cc:71:
                    8f:07:95:d6:09:f7:a0:61:ac:4f:a1:9f:e1:28:78:
                    73:90:72:44:bf:9a:0f:03:98:dd:f0:de:7a:5a:57:
                    b6:9a:2a:67:7a:8b:c2:25:5f:23:6a:17:7a:3b:42:
                    b2:92:e8:1c:22:cb:fd:4e:da:08:69:b7:fa:69:db:
                    d4:01:71:60:9d:b2:05:59:8f:fe:11:a9:74:e9:5f:
                    d3:b8:c0:86:af:8f:a6:a0:61:be:03:ff:2e:bd:09:
                    f0:34:21:de:7a:a5:25:97:42:ff:d7:9b:f9:f4:32:
                    e3:ac:95:7c:8e:7a:52:5c:9d:52:21:10:70:34:21:
                    04:27:e0:b2:29:18:ae:94:93:03:ba:16:f5:27:60:
                    16:4d:fb:f9:40:07:ee:d0:fa:31:b1:10:11:b8:f3:
                    0f:fd:bf:d7:e5:97:35:5d:0d:2f:d0:ee:fc:71:a3:
                    af:bd:24:4c:fa:0d:ec:e0:01:ce:b6:3b:48:5a:09:
                    fa:e1:e1:72:a0:21:6f:f7:f5:67:c1:d4:d9:2a:bc:
                    b3:5b:63:30:d8:bc:60:c8:e5:6c:69:2a:4d:63:1e:
                    0a:6f:56:b5:79:0c:84:d6:ab:56:84:08:75:5e:6c:
                    1c:2d:84:37:a5:87:31:8f:c4:aa:5c:94:22:27:65:
                    a0:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:8D:9B:4F:1F:A6:62:21:05:58:5E:C8:67:61:96:A7:8D:D1:53:23
            X509v3 Authority Key Identifier:
                keyid:FB:F6:2F:76:06:27:3F:41:A6:CC:C8:E2:95:60:76:F3:C0:A1:EB:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-_YvdgYnP0GmzMjilWB288Ch61Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/95eebb-0a9d-4f71-b3f9-5649e1b192bb/1/Ro2bTx-mYiEFWF7IZ2GWp43RUyM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/23/95eebb-0a9d-4f71-b3f9-5649e1b192bb/1/1-_YvdgYnP0GmzMjilWB288Ch61Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.104.146.0/24
                  109.104.149.0/24

    Signature Algorithm: sha256WithRSAEncryption
         db:0d:e7:1d:6c:a9:9e:6e:ec:c8:12:38:17:6b:2b:f2:8e:b1:
         c8:90:70:37:85:00:2d:be:b8:c2:67:53:a8:db:18:bc:58:5b:
         ff:a8:c2:a9:2f:3f:4b:01:b5:b3:12:12:7d:f5:aa:2f:cb:56:
         56:13:01:a5:59:5d:78:24:13:18:c2:c0:8c:2f:78:ff:46:d8:
         06:f0:15:47:59:cf:91:3c:5c:a1:9a:ce:76:2b:7d:f7:c3:6c:
         78:4e:63:75:1d:40:15:48:81:7b:4c:42:06:1f:e2:5f:99:88:
         62:a7:70:dc:1c:2d:61:d9:5b:bd:54:51:0d:f7:c0:e4:aa:f0:
         2e:28:59:b6:e0:f7:92:7f:54:61:d8:33:8a:fe:65:40:3d:29:
         b3:a0:cc:49:ff:b3:29:87:ae:34:dd:97:2a:e8:77:42:b2:09:
         63:11:5c:80:53:29:f3:4c:ea:1a:59:81:7e:03:12:f7:4e:a2:
         28:4a:8d:b4:86:c9:04:6f:34:6a:cf:00:b0:f1:93:66:c4:23:
         1a:15:64:d0:66:13:aa:50:4f:c1:aa:ee:35:39:2e:36:c4:47:
         6d:b2:6f:54:55:45:75:37:05:15:01:59:93:74:f3:3f:8a:e7:
         c3:45:83:b4:a7:36:cd:d8:b7:91:3b:23:53:47:ef:59:36:11:
         2e:a9:5a:34
-----BEGIN CERTIFICATE-----
MIIE9zCCA9+gAwIBAgIEDS6TNDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhm
YmY2MmY3NjA2MjczZjQxYTZjY2M4ZTI5NTYwNzZmM2MwYTFlYjU0MB4XDTIyMDYy
NDA3MzQxOVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNDY4ZDliNGYxZmE2
NjIyMTA1NTg1ZWM4Njc2MTk2YTc4ZGQxNTMyMzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKMs5B0913uiLAX3JMxxjweV1gn3oGGsT6Gf4Sh4c5ByRL+a
DwOY3fDeelpXtpoqZ3qLwiVfI2oXejtCspLoHCLL/U7aCGm3+mnb1AFxYJ2yBVmP
/hGpdOlf07jAhq+PpqBhvgP/Lr0J8DQh3nqlJZdC/9eb+fQy46yVfI56UlydUiEQ
cDQhBCfgsikYrpSTA7oW9SdgFk37+UAH7tD6MbEQEbjzD/2/1+WXNV0NL9Du/HGj
r70kTPoN7OABzrY7SFoJ+uHhcqAhb/f1Z8HU2Sq8s1tjMNi8YMjlbGkqTWMeCm9W
tXkMhNarVoQIdV5sHC2EN6WHMY/EqlyUIidloDECAwEAAaOCAhEwggINMB0GA1Ud
DgQWBBRGjZtPH6ZiIQVYXshnYZanjdFTIzAfBgNVHSMEGDAWgBT79i92Bic/QabM
yOKVYHbzwKHrVDAOBgNVHQ8BAf8EBAMCB4AwZQYIKwYBBQUHAQEEWTBXMFUGCCsG
AQUFBzAChklyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzEtX1l2ZGdZblAwR216TWppbFdCMjg4Q2g2MVEuY2VyMIGNBggrBgEFBQcBCwSB
gDB+MHwGCCsGAQUFBzALhnByc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS9ERUZBVUxULzIzLzk1ZWViYi0wYTlkLTRmNzEtYjNmOS01NjQ5ZTFiMTkyYmIv
MS9SbzJiVHgtbVlpRUZXRjdJWjJHV3A0M1JVeU0ucm9hMIGCBgNVHR8EezB5MHeg
daBzhnFyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzIz
Lzk1ZWViYi0wYTlkLTRmNzEtYjNmOS01NjQ5ZTFiMTkyYmIvMS8xLV9ZdmRnWW5Q
MEdtek1qaWxXQjI4OENoNjFRLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4C
MCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAbWiSAwQAbWiVMA0GCSqGSIb3
DQEBCwUAA4IBAQDbDecdbKmebuzIEjgXayvyjrHIkHA3hQAtvrjCZ1Oo2xi8WFv/
qMKpLz9LAbWzEhJ99aovy1ZWEwGlWV14JBMYwsCML3j/RtgG8BVHWc+RPFyhms52
K333w2x4TmN1HUAVSIF7TEIGH+JfmYhip3DcHC1h2Vu9VFEN98DkqvAuKFm24PeS
f1Rh2DOK/mVAPSmzoMxJ/7Mph6403Zcq6HdCsgljEVyAUynzTOoaWYF+AxL3TqIo
So20hskEbzRqzwCw8ZNmxCMaFWTQZhOqUE/Bqu41OS42xEdtsm9UVUV1NwUVAVmT
dPM/iufDRYO0pzbN2LeROyNTR+9ZNhEuqVo0
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:22:26 2024 by rpki-client on console-fra.rpki-client.org