Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/2171be-b083-479b-a580-6a06b7502bd7/1/dPlVCk4xjx3m2KnzQmKf1llI6co.roa
File:                     dPlVCk4xjx3m2KnzQmKf1llI6co.roa (raw, json)
Hash identifier:          WJYV27MXXmDMYZ4XmSKw/LrRVjdxCM/2+m6Bo1XS5II=
Subject key identifier:   74:F9:55:0A:4E:31:8F:1D:E6:D8:A9:F3:42:62:9F:D6:59:48:E9:CA
Certificate issuer:       /CN=37ed49efac9795987771acdc77a0e228904277ad
Certificate serial:       018CC348BBB8E3362AEE3295C9C894F2FCED
Authority key identifier: 37:ED:49:EF:AC:97:95:98:77:71:AC:DC:77:A0:E2:28:90:42:77:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/N-1J76yXlZh3cazcd6DiKJBCd60.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2f/2171be-b083-479b-a580-6a06b7502bd7/1/dPlVCk4xjx3m2KnzQmKf1llI6co.roa
Signing time:             Mon 01 Jan 2024 04:29:32 +0000
ROA not before:           Mon 01 Jan 2024 04:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202984
IP address blocks:        109.172.4.0/22 maxlen: 22
                          109.172.112.0/22 maxlen: 22
                          109.172.108.0/22 maxlen: 22

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:bb:b8:e3:36:2a:ee:32:95:c9:c8:94:f2:fc:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=37ed49efac9795987771acdc77a0e228904277ad
        Validity
            Not Before: Jan  1 04:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=74f9550a4e318f1de6d8a9f342629fd65948e9ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:b5:78:34:d6:39:1e:ff:da:b0:f3:1f:87:31:
                    91:a6:1f:3b:0f:86:b7:97:0b:34:5e:b8:cf:39:0c:
                    7e:df:9a:61:69:6a:85:9e:5e:9f:ac:91:24:22:60:
                    f5:86:a3:8d:e7:d9:ae:49:17:5e:09:bf:9e:8f:71:
                    96:4c:47:d8:1a:8a:85:4e:28:78:6a:02:a6:cc:80:
                    25:2d:64:70:86:b3:d4:34:e9:8c:3a:2d:a5:b3:9b:
                    e7:41:af:30:02:2d:3d:fd:9c:1c:30:1d:72:db:df:
                    11:45:a2:ed:09:a3:4f:85:d5:43:82:ed:8b:55:38:
                    e7:a3:c6:6a:e0:2c:62:b4:b7:ec:f5:6b:b5:7e:05:
                    49:6e:1c:c8:39:4c:12:1c:47:2c:89:9d:32:d8:dc:
                    c9:1a:a8:0d:d1:c7:5b:23:fb:28:c6:6c:00:23:2e:
                    c2:da:dd:a1:2a:b2:ce:29:7a:98:95:ba:ae:2d:06:
                    ae:e5:8b:a3:97:34:91:ba:af:e1:e6:2c:39:c7:83:
                    2e:89:cf:a3:67:6b:6e:74:5e:fb:00:56:cc:50:36:
                    6b:84:48:44:2a:82:26:fc:3a:24:fa:01:7f:06:c7:
                    2a:6a:29:3a:86:a3:32:7a:8e:76:23:81:58:fb:c2:
                    00:44:a8:0f:40:7a:55:a6:e6:1d:6e:9f:85:26:48:
                    fb:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:F9:55:0A:4E:31:8F:1D:E6:D8:A9:F3:42:62:9F:D6:59:48:E9:CA
            X509v3 Authority Key Identifier:
                keyid:37:ED:49:EF:AC:97:95:98:77:71:AC:DC:77:A0:E2:28:90:42:77:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N-1J76yXlZh3cazcd6DiKJBCd60.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/2171be-b083-479b-a580-6a06b7502bd7/1/dPlVCk4xjx3m2KnzQmKf1llI6co.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/2171be-b083-479b-a580-6a06b7502bd7/1/N-1J76yXlZh3cazcd6DiKJBCd60.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.172.4.0/22
                  109.172.108.0-109.172.115.255

    Signature Algorithm: sha256WithRSAEncryption
         7d:92:15:89:38:ad:ec:7a:ba:c8:82:89:fb:ea:75:da:45:2d:
         de:70:cb:c8:c0:f9:71:c9:8d:84:92:c2:35:bf:d0:48:f5:a5:
         b1:2c:91:3c:55:7a:42:9f:76:96:0c:ab:0b:5f:08:3c:23:a0:
         dc:d7:21:e4:fb:46:f5:20:c5:48:99:ef:8f:23:32:29:d1:b4:
         d1:80:1a:e0:54:a2:9b:b0:69:89:bd:1d:03:5f:dc:ec:b1:18:
         26:44:d0:08:89:38:c8:78:64:4d:c0:22:76:c0:25:eb:9c:d3:
         22:c5:3f:a9:95:50:30:86:85:e3:be:2b:eb:65:db:68:95:7a:
         b8:b7:e1:f2:af:a2:2c:03:ba:04:b0:bd:b3:cf:3e:68:79:6e:
         60:45:8c:c4:be:7a:ed:d2:f1:29:6d:3a:2d:b4:e7:93:7a:38:
         f2:68:3d:c5:f8:0e:10:11:22:24:10:86:56:cf:00:67:98:db:
         de:3c:73:b0:4a:01:5d:c1:c0:77:3f:c9:2d:6c:49:bd:34:9f:
         d7:3a:88:37:70:2c:63:a4:0b:b8:55:d0:eb:75:06:80:f8:15:
         14:2d:1f:ee:d4:74:af:a9:d5:1a:bb:dd:fa:09:cc:1d:13:69:
         1d:22:8c:c8:4e:bc:b2:9e:59:4f:1a:08:63:d2:e5:fb:af:8a:
         e4:af:40:c6
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYzDSLu44zYq7jKVyciU8vztMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3ZWQ0OWVmYWM5Nzk1OTg3NzcxYWNkYzc3YTBlMjI4OTA0
Mjc3YWQwHhcNMjQwMTAxMDQyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NGY5NTUwYTRlMzE4ZjFkZTZkOGE5ZjM0MjYyOWZkNjU5NDhlOWNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtLV4NNY5Hv/asPMfhzGRph87D4a3
lws0XrjPOQx+35phaWqFnl6frJEkImD1hqON59muSRdeCb+ej3GWTEfYGoqFTih4
agKmzIAlLWRwhrPUNOmMOi2ls5vnQa8wAi09/ZwcMB1y298RRaLtCaNPhdVDgu2L
VTjno8Zq4CxitLfs9Wu1fgVJbhzIOUwSHEcsiZ0y2NzJGqgN0cdbI/soxmwAIy7C
2t2hKrLOKXqYlbquLQau5YujlzSRuq/h5iw5x4Muic+jZ2tudF77AFbMUDZrhEhE
KoIm/Dok+gF/Bscqaik6hqMyeo52I4FY+8IARKgPQHpVpuYdbp+FJkj7IQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFHT5VQpOMY8d5tip80Jin9ZZSOnKMB8GA1UdIwQY
MBaAFDftSe+sl5WYd3Gs3Heg4iiQQnetMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTi0xSjc2eVhsWmgzY2F6Y2Q2RGlLSkJDZDYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi8yMTcxYmUtYjA4My00NzliLWE1ODAt
NmEwNmI3NTAyYmQ3LzEvZFBsVkNrNHhqeDNtMktuelFtS2YxbGxJNmNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi8yMTcxYmUtYjA4My00NzliLWE1ODAtNmEwNmI3NTAyYmQ3
LzEvTi0xSjc2eVhsWmgzY2F6Y2Q2RGlLSkJDZDYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQCbawEMAwD
BAJtrGwDBAJtrHAwDQYJKoZIhvcNAQELBQADggEBAH2SFYk4rex6usiCifvqddpF
Ld5wy8jA+XHJjYSSwjW/0Ej1pbEskTxVekKfdpYMqwtfCDwjoNzXIeT7RvUgxUiZ
748jMinRtNGAGuBUopuwaYm9HQNf3OyxGCZE0AiJOMh4ZE3AInbAJeuc0yLFP6mV
UDCGheO+K+tl22iVeri34fKvoiwDugSwvbPPPmh5bmBFjMS+eu3S8SltOi2055N6
OPJoPcX4DhARIiQQhlbPAGeY2948c7BKAV3BwHc/yS1sSb00n9c6iDdwLGOkC7hV
0Ot1BoD4FRQtH+7UdK+p1Rq73foJzB0TaR0ijMhOvLKeWU8aCGPS5fuviuSvQMY=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:01:02 2024 by rpki-client on console-ams.rpki-client.org