Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/95eebb-0a9d-4f71-b3f9-5649e1b192bb/1/WQkZs7tth_0A1BsFYWuaNb8gwPc.roa
File:                     WQkZs7tth_0A1BsFYWuaNb8gwPc.roa (raw, json)
Hash identifier:          zyHvZUEHGI4gMVphqxwxuWLrohXCUAsXaYNU1zPTiHs=
Subject key identifier:   59:09:19:B3:BB:6D:87:FD:00:D4:1B:05:61:6B:9A:35:BF:20:C0:F7
Certificate issuer:       /CN=fbf62f7606273f41a6ccc8e2956076f3c0a1eb54
Certificate serial:       0D2AA9D3
Authority key identifier: FB:F6:2F:76:06:27:3F:41:A6:CC:C8:E2:95:60:76:F3:C0:A1:EB:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-_YvdgYnP0GmzMjilWB288Ch61Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/23/95eebb-0a9d-4f71-b3f9-5649e1b192bb/1/WQkZs7tth_0A1BsFYWuaNb8gwPc.roa
Signing time:             Wed 22 Jun 2022 20:29:32 +0000
ROA not before:           Wed 22 Jun 2022 20:29:32 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     208485
IP address blocks:        109.104.147.0/24 maxlen: 24
                          109.104.150.0/24 maxlen: 24
                          109.104.151.0/24 maxlen: 24
                          109.104.152.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 220899795 (0xd2aa9d3)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fbf62f7606273f41a6ccc8e2956076f3c0a1eb54
        Validity
            Not Before: Jun 22 20:29:32 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=590919b3bb6d87fd00d41b05616b9a35bf20c0f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f7:15:a6:b8:69:69:84:b1:74:1c:2e:34:91:23:
                    65:67:fd:06:e2:eb:43:45:31:ba:08:b2:bf:59:09:
                    10:66:11:95:7b:b7:d3:b5:21:f1:11:96:b5:b0:87:
                    80:70:e8:2b:63:2a:ca:cd:4b:0e:e8:12:af:b4:04:
                    c7:41:f1:b4:5e:bf:93:06:fc:51:18:49:04:68:fc:
                    78:89:be:eb:2b:30:af:1a:2f:16:9b:a3:f1:d6:f3:
                    af:d7:85:5e:dd:fb:70:42:c7:c7:2c:b7:c6:5b:63:
                    b7:94:25:bc:f6:ec:88:d5:90:6a:cb:6a:2b:83:87:
                    e7:65:43:b6:07:d2:66:2c:64:dd:65:26:d3:91:74:
                    ed:ee:42:18:dd:02:73:e7:47:ea:8d:7d:81:1b:46:
                    20:10:bc:f5:3c:5f:b6:a8:ef:26:a8:21:7f:cc:b0:
                    b5:7b:35:89:c1:1d:e6:c2:a3:08:a5:3c:30:61:d2:
                    6a:cc:13:2c:07:94:e7:08:39:17:48:4e:b7:43:e4:
                    db:03:b5:ac:f7:8f:65:1c:76:71:94:a2:b0:2f:55:
                    7d:74:7c:f4:a4:44:81:f7:6e:71:c7:81:20:30:5d:
                    c5:ef:83:87:4f:42:15:50:83:03:12:f6:48:23:bb:
                    47:2f:83:80:52:2d:ff:71:f3:ce:cc:7b:46:93:0a:
                    59:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:09:19:B3:BB:6D:87:FD:00:D4:1B:05:61:6B:9A:35:BF:20:C0:F7
            X509v3 Authority Key Identifier:
                keyid:FB:F6:2F:76:06:27:3F:41:A6:CC:C8:E2:95:60:76:F3:C0:A1:EB:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-_YvdgYnP0GmzMjilWB288Ch61Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/95eebb-0a9d-4f71-b3f9-5649e1b192bb/1/WQkZs7tth_0A1BsFYWuaNb8gwPc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/23/95eebb-0a9d-4f71-b3f9-5649e1b192bb/1/1-_YvdgYnP0GmzMjilWB288Ch61Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.104.147.0/24
                  109.104.150.0-109.104.152.255

    Signature Algorithm: sha256WithRSAEncryption
         7b:aa:ec:62:a1:25:ae:68:51:e2:ee:54:ae:e7:8b:44:84:9b:
         33:dd:a6:33:b2:aa:19:4d:bf:39:43:82:15:3f:e4:1d:53:7d:
         6d:48:34:13:d3:9f:db:e4:f2:42:95:db:81:80:78:92:fe:a8:
         b8:4f:ab:99:09:f4:61:86:d5:b7:44:3a:7e:dc:7c:b7:78:24:
         0c:c3:2d:64:9c:fd:a3:74:8e:d3:7c:07:65:cc:15:87:d3:f8:
         0e:2f:60:fe:90:a5:d9:19:04:71:df:be:9b:33:b0:fc:c6:3a:
         e3:e1:b3:fb:b8:d5:58:2a:34:fc:f4:bd:9b:58:33:3e:15:63:
         67:eb:09:b3:44:65:13:51:a0:47:22:c0:0c:14:5c:01:3a:6d:
         3a:bf:c8:c1:77:11:23:90:e5:8a:bd:a9:7a:7d:52:be:29:3d:
         d7:9a:c1:f5:26:6f:26:a5:90:c0:61:c9:23:1c:0e:ec:13:a3:
         ca:14:f2:5a:09:01:a0:b0:58:a6:b2:21:59:bf:4c:04:9d:c8:
         14:e4:5d:77:d3:bc:8d:88:b4:ae:79:99:9d:b9:ee:6d:15:ac:
         8c:da:a2:ba:32:96:77:4c:e6:b7:72:ef:2b:35:b0:df:60:c6:
         81:c1:4c:9d:c2:4b:0c:52:4e:e5:30:b9:2b:6d:80:86:90:10:
         31:75:98:20
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIEDSqp0zANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhm
YmY2MmY3NjA2MjczZjQxYTZjY2M4ZTI5NTYwNzZmM2MwYTFlYjU0MB4XDTIyMDYy
MjIwMjkzMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNTkwOTE5YjNiYjZk
ODdmZDAwZDQxYjA1NjE2YjlhMzViZjIwYzBmNzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAPcVprhpaYSxdBwuNJEjZWf9BuLrQ0Uxugiyv1kJEGYRlXu3
07Uh8RGWtbCHgHDoK2Mqys1LDugSr7QEx0HxtF6/kwb8URhJBGj8eIm+6yswrxov
Fpuj8dbzr9eFXt37cELHxyy3xltjt5QlvPbsiNWQastqK4OH52VDtgfSZixk3WUm
05F07e5CGN0Cc+dH6o19gRtGIBC89TxftqjvJqghf8ywtXs1icEd5sKjCKU8MGHS
aswTLAeU5wg5F0hOt0Pk2wO1rPePZRx2cZSisC9VfXR89KREgfducceBIDBdxe+D
h09CFVCDAxL2SCO7Ry+DgFIt/3Hzzsx7RpMKWR0CAwEAAaOCAhkwggIVMB0GA1Ud
DgQWBBRZCRmzu22H/QDUGwVha5o1vyDA9zAfBgNVHSMEGDAWgBT79i92Bic/QabM
yOKVYHbzwKHrVDAOBgNVHQ8BAf8EBAMCB4AwZQYIKwYBBQUHAQEEWTBXMFUGCCsG
AQUFBzAChklyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzEtX1l2ZGdZblAwR216TWppbFdCMjg4Q2g2MVEuY2VyMIGNBggrBgEFBQcBCwSB
gDB+MHwGCCsGAQUFBzALhnByc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS9ERUZBVUxULzIzLzk1ZWViYi0wYTlkLTRmNzEtYjNmOS01NjQ5ZTFiMTkyYmIv
MS9XUWtaczd0dGhfMEExQnNGWVd1YU5iOGd3UGMucm9hMIGCBgNVHR8EezB5MHeg
daBzhnFyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzIz
Lzk1ZWViYi0wYTlkLTRmNzEtYjNmOS01NjQ5ZTFiMTkyYmIvMS8xLV9ZdmRnWW5Q
MEdtek1qaWxXQjI4OENoNjFRLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4C
MC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQAbWiTMAwDBAFtaJYDBABtaJgw
DQYJKoZIhvcNAQELBQADggEBAHuq7GKhJa5oUeLuVK7ni0SEmzPdpjOyqhlNvzlD
ghU/5B1TfW1INBPTn9vk8kKV24GAeJL+qLhPq5kJ9GGG1bdEOn7cfLd4JAzDLWSc
/aN0jtN8B2XMFYfT+A4vYP6QpdkZBHHfvpszsPzGOuPhs/u41VgqNPz0vZtYMz4V
Y2frCbNEZRNRoEciwAwUXAE6bTq/yMF3ESOQ5Yq9qXp9Ur4pPdeawfUmbyalkMBh
ySMcDuwTo8oU8loJAaCwWKayIVm/TASdyBTkXXfTvI2ItK55mZ257m0VrIzaoroy
lndM5rdy7ys1sN9gxoHBTJ3CSwxSTuUwuSttgIaQEDF1mCA=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:58:14 2024 by rpki-client on console-ams.rpki-client.org