Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/2171be-b083-479b-a580-6a06b7502bd7/1/OCIrdp8Y_UWnXXuHtsEt76ePvxQ.roa
File:                     OCIrdp8Y_UWnXXuHtsEt76ePvxQ.roa (raw, json)
Hash identifier:          +ni72viJbDMlIYau1Hc0mIeKw8Qnag2lsIyVGksXQ0o=
Subject key identifier:   38:22:2B:76:9F:18:FD:45:A7:5D:7B:87:B6:C1:2D:EF:A7:8F:BF:14
Certificate issuer:       /CN=37ed49efac9795987771acdc77a0e228904277ad
Certificate serial:       01856D4AACC0CC627B1B901F69FB19E322BB
Authority key identifier: 37:ED:49:EF:AC:97:95:98:77:71:AC:DC:77:A0:E2:28:90:42:77:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/N-1J76yXlZh3cazcd6DiKJBCd60.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2f/2171be-b083-479b-a580-6a06b7502bd7/1/OCIrdp8Y_UWnXXuHtsEt76ePvxQ.roa
Signing time:             Sun 01 Jan 2023 12:24:48 +0000
ROA not before:           Sun 01 Jan 2023 12:24:48 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     202984
IP address blocks:        109.172.108.0/22 maxlen: 22
                          109.172.4.0/22 maxlen: 22
                          109.172.112.0/22 maxlen: 22

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6d:4a:ac:c0:cc:62:7b:1b:90:1f:69:fb:19:e3:22:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=37ed49efac9795987771acdc77a0e228904277ad
        Validity
            Not Before: Jan  1 12:24:48 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=38222b769f18fd45a75d7b87b6c12defa78fbf14
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:df:56:cd:e3:e7:a3:b2:84:aa:1f:fe:51:e8:
                    77:6f:34:90:39:20:51:64:fa:67:c4:e4:2f:f6:3d:
                    cc:2c:11:e0:a7:5d:12:23:25:66:5c:eb:95:c4:73:
                    6e:1f:7a:ec:01:d5:28:48:33:62:d6:70:39:64:e1:
                    bf:0b:20:70:4a:82:c3:93:b8:24:13:e1:0d:53:36:
                    6e:37:40:ca:3e:6b:c9:aa:db:02:b5:21:43:15:cd:
                    dd:64:0f:98:d5:b8:c0:ed:37:69:59:b0:45:51:14:
                    93:c0:59:b4:06:31:e9:b2:91:c3:9a:df:0d:99:15:
                    a0:fd:78:02:da:c2:51:4a:b4:d3:51:54:41:6a:84:
                    c7:c4:7b:73:26:8d:9c:74:1e:be:24:f4:9e:01:6d:
                    4f:32:f5:13:e3:f6:fc:24:94:e1:97:61:4f:9c:5f:
                    99:ff:1f:d9:0c:45:1e:e3:23:07:82:f1:ac:62:2a:
                    fd:75:7e:62:4b:ed:12:fd:66:af:15:08:48:7e:ac:
                    fa:dd:b7:54:a4:6d:db:2a:be:71:2b:62:f5:d7:dd:
                    b7:24:45:a6:16:3f:da:95:cd:d6:3f:0c:07:6b:76:
                    fc:f9:f4:01:f7:a8:fe:e9:0b:e0:c3:69:80:12:87:
                    12:5b:1a:1d:31:a7:70:54:94:95:4b:73:09:16:fe:
                    63:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:22:2B:76:9F:18:FD:45:A7:5D:7B:87:B6:C1:2D:EF:A7:8F:BF:14
            X509v3 Authority Key Identifier:
                keyid:37:ED:49:EF:AC:97:95:98:77:71:AC:DC:77:A0:E2:28:90:42:77:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N-1J76yXlZh3cazcd6DiKJBCd60.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/2171be-b083-479b-a580-6a06b7502bd7/1/OCIrdp8Y_UWnXXuHtsEt76ePvxQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/2171be-b083-479b-a580-6a06b7502bd7/1/N-1J76yXlZh3cazcd6DiKJBCd60.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.172.4.0/22
                  109.172.108.0-109.172.115.255

    Signature Algorithm: sha256WithRSAEncryption
         32:d1:85:eb:89:c5:72:9a:ef:28:ee:61:32:dd:b1:25:52:23:
         9b:37:d0:3f:e1:67:97:cf:b1:6a:fa:25:b0:4e:18:17:3c:09:
         9a:88:b0:09:f7:d4:9e:8a:cd:8f:45:32:6f:e6:93:d3:10:fb:
         42:ef:30:4d:86:fa:7b:b3:65:73:36:b7:7b:7f:6b:62:e8:73:
         e6:7c:e6:d7:bd:76:f9:87:e8:18:94:29:c7:d2:a7:f4:75:82:
         4c:3d:d5:22:99:d1:27:e2:e3:6f:ae:f5:f1:46:de:c3:98:1d:
         22:e1:c6:2f:79:9f:1b:8c:4b:8e:c8:4b:6f:f6:2c:a8:bc:23:
         23:45:5a:29:88:05:b4:2e:de:b2:19:19:41:dc:91:d6:26:c1:
         65:36:f4:eb:33:36:a9:f7:f9:49:5a:36:bd:41:9a:1d:ff:6f:
         25:6b:31:01:d5:20:da:70:16:0b:c7:d2:21:82:5a:f7:3f:e4:
         8f:93:2f:40:02:29:81:e5:db:05:7f:eb:37:a1:01:da:3d:bc:
         65:a5:54:e1:99:d3:88:74:ad:a3:f9:cb:f6:11:c2:08:bc:90:
         7a:40:b6:d2:a7:eb:94:c8:0b:b7:eb:87:33:e9:27:60:71:33:
         33:75:28:63:61:78:b8:ef:be:a9:96:04:3f:e2:f7:14:ee:ed:
         ee:1f:44:f5
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYVtSqzAzGJ7G5AfafsZ4yK7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3ZWQ0OWVmYWM5Nzk1OTg3NzcxYWNkYzc3YTBlMjI4OTA0
Mjc3YWQwHhcNMjMwMTAxMTIyNDQ4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODIyMmI3NjlmMThmZDQ1YTc1ZDdiODdiNmMxMmRlZmE3OGZiZjE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAit9WzePno7KEqh/+Ueh3bzSQOSBR
ZPpnxOQv9j3MLBHgp10SIyVmXOuVxHNuH3rsAdUoSDNi1nA5ZOG/CyBwSoLDk7gk
E+ENUzZuN0DKPmvJqtsCtSFDFc3dZA+Y1bjA7TdpWbBFURSTwFm0BjHpspHDmt8N
mRWg/XgC2sJRSrTTUVRBaoTHxHtzJo2cdB6+JPSeAW1PMvUT4/b8JJThl2FPnF+Z
/x/ZDEUe4yMHgvGsYir9dX5iS+0S/WavFQhIfqz63bdUpG3bKr5xK2L11923JEWm
Fj/alc3WPwwHa3b8+fQB96j+6Qvgw2mAEocSWxodMadwVJSVS3MJFv5j1QIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFDgiK3afGP1Fp117h7bBLe+nj78UMB8GA1UdIwQY
MBaAFDftSe+sl5WYd3Gs3Heg4iiQQnetMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTi0xSjc2eVhsWmgzY2F6Y2Q2RGlLSkJDZDYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi8yMTcxYmUtYjA4My00NzliLWE1ODAt
NmEwNmI3NTAyYmQ3LzEvT0NJcmRwOFlfVVduWFh1SHRzRXQ3NmVQdnhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi8yMTcxYmUtYjA4My00NzliLWE1ODAtNmEwNmI3NTAyYmQ3
LzEvTi0xSjc2eVhsWmgzY2F6Y2Q2RGlLSkJDZDYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQCbawEMAwD
BAJtrGwDBAJtrHAwDQYJKoZIhvcNAQELBQADggEBADLRheuJxXKa7yjuYTLdsSVS
I5s30D/hZ5fPsWr6JbBOGBc8CZqIsAn31J6KzY9FMm/mk9MQ+0LvME2G+nuzZXM2
t3t/a2Loc+Z85te9dvmH6BiUKcfSp/R1gkw91SKZ0Sfi42+u9fFG3sOYHSLhxi95
nxuMS47IS2/2LKi8IyNFWimIBbQu3rIZGUHckdYmwWU29OszNqn3+UlaNr1Bmh3/
byVrMQHVINpwFgvH0iGCWvc/5I+TL0ACKYHl2wV/6zehAdo9vGWlVOGZ04h0raP5
y/YRwgi8kHpAttKn65TIC7frhzPpJ2BxMzN1KGNheLjvvqmWBD/i9xTu7e4fRPU=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:01:02 2024 by rpki-client on console-ams.rpki-client.org