Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/95eebb-0a9d-4f71-b3f9-5649e1b192bb/1/dD-MI4oS_5VyD7Kk2itdDrNavsE.roa
File:                     dD-MI4oS_5VyD7Kk2itdDrNavsE.roa (raw, json)
Hash identifier:          ncoFYdXiJu/BUa53y+N+iUggV7wnT/Q2P6nM8R0E8Bo=
Subject key identifier:   74:3F:8C:23:8A:12:FF:95:72:0F:B2:A4:DA:2B:5D:0E:B3:5A:BE:C1
Certificate issuer:       /CN=fbf62f7606273f41a6ccc8e2956076f3c0a1eb54
Certificate serial:       0D0C6370
Authority key identifier: FB:F6:2F:76:06:27:3F:41:A6:CC:C8:E2:95:60:76:F3:C0:A1:EB:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-_YvdgYnP0GmzMjilWB288Ch61Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/23/95eebb-0a9d-4f71-b3f9-5649e1b192bb/1/dD-MI4oS_5VyD7Kk2itdDrNavsE.roa
Signing time:             Wed 15 Jun 2022 14:32:44 +0000
ROA not before:           Wed 15 Jun 2022 14:32:44 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     197706
IP address blocks:        109.104.149.0/24 maxlen: 24
                          109.104.147.0/24 maxlen: 24
                          109.104.148.0/24 maxlen: 24
                          109.104.146.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 218915696 (0xd0c6370)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fbf62f7606273f41a6ccc8e2956076f3c0a1eb54
        Validity
            Not Before: Jun 15 14:32:44 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=743f8c238a12ff95720fb2a4da2b5d0eb35abec1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:4d:fb:0c:a6:63:41:94:71:84:d8:b1:6e:0a:
                    07:8a:d4:37:3e:8e:ab:b1:22:48:2a:ea:ac:56:a4:
                    22:80:81:9c:6a:93:85:8d:2b:e9:5b:b9:dc:ce:ef:
                    a5:e1:3a:2c:d8:4f:5e:94:6a:e8:cb:17:4e:1d:5e:
                    8e:b5:e7:85:e2:51:75:d6:6c:a3:18:7f:aa:79:0b:
                    d1:b3:23:2a:1b:3d:3e:7c:6c:84:fc:3e:6d:4d:7d:
                    2f:ae:33:75:b8:e6:fc:f7:86:f6:02:b2:d7:05:90:
                    f2:e0:f6:4a:47:42:bd:2b:e1:0a:85:7e:45:6e:18:
                    60:f9:40:9b:d7:a6:43:1d:bd:b9:fc:1a:10:7c:df:
                    87:1c:16:2b:0e:cb:ab:27:4b:15:c8:8a:11:5b:84:
                    7c:4a:ce:c9:fc:ae:99:12:2b:47:c6:95:73:a5:38:
                    4d:da:e3:4c:a4:99:03:2e:7b:0c:f3:4a:77:0b:ee:
                    55:39:44:63:a5:45:88:ec:5e:c2:67:f6:f9:a5:2e:
                    67:40:ca:76:85:77:30:ff:e1:10:cf:0b:fd:fb:65:
                    74:37:6a:f5:74:d1:9b:0c:ab:52:42:ae:6a:59:41:
                    72:5d:f2:d5:f3:d4:d0:3f:a6:9e:62:a7:ed:3e:1a:
                    77:77:80:aa:ff:c5:f6:38:c1:6a:1f:c2:46:c9:20:
                    1b:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:3F:8C:23:8A:12:FF:95:72:0F:B2:A4:DA:2B:5D:0E:B3:5A:BE:C1
            X509v3 Authority Key Identifier:
                keyid:FB:F6:2F:76:06:27:3F:41:A6:CC:C8:E2:95:60:76:F3:C0:A1:EB:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-_YvdgYnP0GmzMjilWB288Ch61Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/95eebb-0a9d-4f71-b3f9-5649e1b192bb/1/dD-MI4oS_5VyD7Kk2itdDrNavsE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/23/95eebb-0a9d-4f71-b3f9-5649e1b192bb/1/1-_YvdgYnP0GmzMjilWB288Ch61Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.104.146.0-109.104.149.255

    Signature Algorithm: sha256WithRSAEncryption
         cf:d5:8a:ce:81:9a:25:a9:ba:17:09:76:d4:6d:fd:db:0c:0e:
         dc:39:bb:b5:1c:41:3c:60:2f:40:89:e2:a8:4f:3a:2b:fb:16:
         bd:47:9d:6e:ec:35:8c:05:ac:0b:a1:fb:2c:63:e7:01:6e:57:
         06:8e:e2:4c:45:27:9b:95:8b:1e:96:b8:ac:4f:0a:94:8b:ba:
         a8:4e:73:4e:a2:6a:2e:b8:03:1f:24:9d:70:70:27:83:4d:bc:
         1f:92:79:83:9e:6a:39:79:75:79:76:7b:36:33:09:a4:c9:0d:
         6f:36:4c:44:9f:ab:bf:8c:be:97:ba:d2:c4:94:31:26:97:5d:
         1d:67:43:40:3b:29:b4:b6:d0:73:07:cb:9e:3d:07:25:e9:66:
         64:81:7c:eb:38:c7:f2:e8:dc:53:c7:47:5a:b1:77:00:10:0f:
         5c:02:a9:77:06:c7:3e:f7:2b:ec:96:62:ad:4c:de:ae:33:b0:
         90:2e:b1:91:c3:66:0d:fc:2c:2a:3c:6d:ea:69:99:11:c7:bd:
         96:af:2a:b6:92:d1:4c:68:bc:74:28:7a:ac:14:8c:56:82:32:
         aa:9c:33:e5:5c:61:ff:cf:95:30:80:2e:c6:63:c7:27:05:d3:
         f1:b4:bc:02:78:85:69:29:6c:ed:39:ea:43:ef:27:cd:69:53:
         84:c7:4e:80
-----BEGIN CERTIFICATE-----
MIIE+TCCA+GgAwIBAgIEDQxjcDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhm
YmY2MmY3NjA2MjczZjQxYTZjY2M4ZTI5NTYwNzZmM2MwYTFlYjU0MB4XDTIyMDYx
NTE0MzI0NFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNzQzZjhjMjM4YTEy
ZmY5NTcyMGZiMmE0ZGEyYjVkMGViMzVhYmVjMTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMJN+wymY0GUcYTYsW4KB4rUNz6Oq7EiSCrqrFakIoCBnGqT
hY0r6Vu53M7vpeE6LNhPXpRq6MsXTh1ejrXnheJRddZsoxh/qnkL0bMjKhs9Pnxs
hPw+bU19L64zdbjm/PeG9gKy1wWQ8uD2SkdCvSvhCoV+RW4YYPlAm9emQx29ufwa
EHzfhxwWKw7LqydLFciKEVuEfErOyfyumRIrR8aVc6U4TdrjTKSZAy57DPNKdwvu
VTlEY6VFiOxewmf2+aUuZ0DKdoV3MP/hEM8L/ftldDdq9XTRmwyrUkKuallBcl3y
1fPU0D+mnmKn7T4ad3eAqv/F9jjBah/CRskgG7kCAwEAAaOCAhMwggIPMB0GA1Ud
DgQWBBR0P4wjihL/lXIPsqTaK10Os1q+wTAfBgNVHSMEGDAWgBT79i92Bic/QabM
yOKVYHbzwKHrVDAOBgNVHQ8BAf8EBAMCB4AwZQYIKwYBBQUHAQEEWTBXMFUGCCsG
AQUFBzAChklyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzEtX1l2ZGdZblAwR216TWppbFdCMjg4Q2g2MVEuY2VyMIGNBggrBgEFBQcBCwSB
gDB+MHwGCCsGAQUFBzALhnByc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS9ERUZBVUxULzIzLzk1ZWViYi0wYTlkLTRmNzEtYjNmOS01NjQ5ZTFiMTkyYmIv
MS9kRC1NSTRvU181VnlEN0trMml0ZERyTmF2c0Uucm9hMIGCBgNVHR8EezB5MHeg
daBzhnFyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzIz
Lzk1ZWViYi0wYTlkLTRmNzEtYjNmOS01NjQ5ZTFiMTkyYmIvMS8xLV9ZdmRnWW5Q
MEdtek1qaWxXQjI4OENoNjFRLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4C
MCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAFtaJIDBAFtaJQwDQYJKoZI
hvcNAQELBQADggEBAM/Vis6BmiWpuhcJdtRt/dsMDtw5u7UcQTxgL0CJ4qhPOiv7
Fr1HnW7sNYwFrAuh+yxj5wFuVwaO4kxFJ5uVix6WuKxPCpSLuqhOc06iai64Ax8k
nXBwJ4NNvB+SeYOeajl5dXl2ezYzCaTJDW82TESfq7+Mvpe60sSUMSaXXR1nQ0A7
KbS20HMHy549ByXpZmSBfOs4x/Lo3FPHR1qxdwAQD1wCqXcGxz73K+yWYq1M3q4z
sJAusZHDZg38LCo8beppmRHHvZavKraS0UxovHQoeqwUjFaCMqqcM+VcYf/PlTCA
LsZjxycF0/G0vAJ4hWkpbO056kPvJ81pU4THToA=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:58:14 2024 by rpki-client on console-ams.rpki-client.org