Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/2171be-b083-479b-a580-6a06b7502bd7/1/1-BhdNWpCRXIsrQcHzc0rxIJ9rbY.roa
File:                     1-BhdNWpCRXIsrQcHzc0rxIJ9rbY.roa (raw, json)
Hash identifier:          I+pi7HsnZR1DBNBhk91rjvzHREOClg7TlLzkPW1gWQk=
Subject key identifier:   F8:18:5D:35:6A:42:45:72:2C:AD:07:07:CD:CD:2B:C4:82:7D:AD:B6
Certificate issuer:       /CN=37ed49efac9795987771acdc77a0e228904277ad
Certificate serial:       01856D4AAD6F07F0914FE1EB0F31FE192078
Authority key identifier: 37:ED:49:EF:AC:97:95:98:77:71:AC:DC:77:A0:E2:28:90:42:77:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/N-1J76yXlZh3cazcd6DiKJBCd60.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2f/2171be-b083-479b-a580-6a06b7502bd7/1/1-BhdNWpCRXIsrQcHzc0rxIJ9rbY.roa
Signing time:             Sun 01 Jan 2023 12:24:48 +0000
ROA not before:           Sun 01 Jan 2023 12:24:48 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     207713
IP address blocks:        109.172.44.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6d:4a:ad:6f:07:f0:91:4f:e1:eb:0f:31:fe:19:20:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=37ed49efac9795987771acdc77a0e228904277ad
        Validity
            Not Before: Jan  1 12:24:48 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f8185d356a4245722cad0707cdcd2bc4827dadb6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:76:ce:9a:5e:6c:03:19:f7:20:e0:c0:27:87:
                    5e:22:84:22:88:5e:7f:12:b9:94:e8:ef:92:f8:8c:
                    14:58:1b:48:82:1e:81:2b:e2:e7:95:55:c2:db:27:
                    6e:ad:d4:7c:1f:86:1f:7a:4e:e9:83:30:34:03:69:
                    89:3c:91:18:d0:07:88:25:9a:5e:88:f8:fe:37:59:
                    41:49:76:39:02:5e:51:e4:5c:2b:58:61:42:d4:f1:
                    2b:77:04:d2:48:c3:a8:71:6b:59:44:56:b3:ae:ea:
                    e7:d4:b9:d2:3b:69:62:de:c4:75:93:90:26:ff:17:
                    b1:f2:c4:02:84:38:f2:88:97:a6:67:3b:dc:31:ac:
                    67:4d:2d:2a:58:3e:69:31:c6:1b:f5:d8:6e:07:3b:
                    7c:db:2d:7c:6b:b5:11:59:4f:d4:ad:cb:11:52:51:
                    ee:5b:a4:a7:09:dd:1b:04:0c:13:96:c3:81:70:b7:
                    43:7b:8b:ec:03:a2:fb:23:09:89:d1:11:35:44:81:
                    1d:66:58:e7:4b:8e:91:c2:f5:59:f3:33:de:7a:75:
                    92:2a:69:c0:6f:73:ef:88:f9:3a:6a:6d:73:3a:c3:
                    62:f6:ae:ce:79:63:27:ec:60:cf:11:48:29:b9:74:
                    c1:dc:f8:c3:26:f1:be:ec:e8:04:54:39:12:cb:7d:
                    ba:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:18:5D:35:6A:42:45:72:2C:AD:07:07:CD:CD:2B:C4:82:7D:AD:B6
            X509v3 Authority Key Identifier:
                keyid:37:ED:49:EF:AC:97:95:98:77:71:AC:DC:77:A0:E2:28:90:42:77:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N-1J76yXlZh3cazcd6DiKJBCd60.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/2171be-b083-479b-a580-6a06b7502bd7/1/1-BhdNWpCRXIsrQcHzc0rxIJ9rbY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/2171be-b083-479b-a580-6a06b7502bd7/1/N-1J76yXlZh3cazcd6DiKJBCd60.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.172.44.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:ce:aa:3e:27:34:e8:d4:74:9a:47:d3:31:88:48:8a:58:7a:
         b7:8e:60:4b:50:42:b9:74:a6:7d:6b:28:fa:4d:35:bb:ce:01:
         4a:f4:14:b7:82:64:fa:ee:ba:f9:b6:8f:07:ad:72:ac:80:6f:
         bc:1a:ee:e4:fe:88:59:97:10:01:b8:6d:83:f5:2d:60:21:9f:
         e2:2f:bc:05:1a:01:22:31:88:0c:2b:d8:81:3b:9c:56:97:83:
         9a:1f:87:14:09:85:14:8c:b8:1e:b1:d2:da:aa:f7:ec:e3:03:
         1e:4c:74:95:80:b2:73:ff:37:f5:38:fb:7a:32:c4:83:77:58:
         f6:e7:c4:63:75:0d:2b:9f:4e:83:47:3c:d2:52:f9:d5:43:d6:
         4b:a1:71:77:26:af:ac:c5:42:aa:e4:05:9a:ab:44:c5:da:2e:
         e1:ab:89:c9:09:86:44:a6:05:5a:b0:3e:1b:a3:aa:e1:87:05:
         1a:02:7c:dd:54:57:32:7c:97:7c:67:70:08:7d:b7:28:b6:12:
         f7:13:4e:f3:14:64:6b:27:ae:f8:2f:5d:93:f6:85:9c:32:90:
         ea:91:38:90:9c:fd:a4:11:52:9b:09:a2:59:54:ec:c1:c4:4d:
         84:ee:eb:85:5d:46:c8:e3:aa:bb:bf:a2:e6:da:0a:61:45:09:
         7b:29:ce:95
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYVtSq1vB/CRT+HrDzH+GSB4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3ZWQ0OWVmYWM5Nzk1OTg3NzcxYWNkYzc3YTBlMjI4OTA0
Mjc3YWQwHhcNMjMwMTAxMTIyNDQ4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmODE4NWQzNTZhNDI0NTcyMmNhZDA3MDdjZGNkMmJjNDgyN2RhZGI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAinbOml5sAxn3IODAJ4deIoQiiF5/
ErmU6O+S+IwUWBtIgh6BK+LnlVXC2ydurdR8H4Yfek7pgzA0A2mJPJEY0AeIJZpe
iPj+N1lBSXY5Al5R5FwrWGFC1PErdwTSSMOocWtZRFazrurn1LnSO2li3sR1k5Am
/xex8sQChDjyiJemZzvcMaxnTS0qWD5pMcYb9dhuBzt82y18a7URWU/UrcsRUlHu
W6SnCd0bBAwTlsOBcLdDe4vsA6L7IwmJ0RE1RIEdZljnS46RwvVZ8zPeenWSKmnA
b3PviPk6am1zOsNi9q7OeWMn7GDPEUgpuXTB3PjDJvG+7OgEVDkSy326JwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPgYXTVqQkVyLK0HB83NK8SCfa22MB8GA1UdIwQY
MBaAFDftSe+sl5WYd3Gs3Heg4iiQQnetMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTi0xSjc2eVhsWmgzY2F6Y2Q2RGlLSkJDZDYwLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi8yMTcxYmUtYjA4My00NzliLWE1ODAt
NmEwNmI3NTAyYmQ3LzEvMS1CaGROV3BDUlhJc3JRY0h6YzByeElKOXJiWS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMmYvMjE3MWJlLWIwODMtNDc5Yi1hNTgwLTZhMDZiNzUwMmJk
Ny8xL04tMUo3NnlYbFpoM2NhemNkNkRpS0pCQ2Q2MC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAG2sLDAN
BgkqhkiG9w0BAQsFAAOCAQEAOM6qPic06NR0mkfTMYhIilh6t45gS1BCuXSmfWso
+k01u84BSvQUt4Jk+u66+baPB61yrIBvvBru5P6IWZcQAbhtg/UtYCGf4i+8BRoB
IjGIDCvYgTucVpeDmh+HFAmFFIy4HrHS2qr37OMDHkx0lYCyc/839Tj7ejLEg3dY
9ufEY3UNK59Og0c80lL51UPWS6FxdyavrMVCquQFmqtExdou4auJyQmGRKYFWrA+
G6Oq4YcFGgJ83VRXMnyXfGdwCH23KLYS9xNO8xRkayeu+C9dk/aFnDKQ6pE4kJz9
pBFSmwmiWVTswcRNhO7rhV1GyOOqu7+i5toKYUUJeynOlQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:24:09 2024 by rpki-client on console-fra.rpki-client.org