Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/0v6tChbC_xUtQfc6DO5kYQs9010.roa
File:                     0v6tChbC_xUtQfc6DO5kYQs9010.roa (raw, json)
Hash identifier:          B3mnETzhy/VRvaUOGVMdWDvG5O7fR34yMJPPIvxNhvs=
Subject key identifier:   D2:FE:AD:0A:16:C2:FF:15:2D:41:F7:3A:0C:EE:64:61:0B:3D:D3:5D
Certificate issuer:       /CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Certificate serial:       0187A865E8AF12F7F0273539241D9CE81995
Authority key identifier: FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/0v6tChbC_xUtQfc6DO5kYQs9010.roa
Signing time:             Sat 22 Apr 2023 09:57:43 +0000
ROA not before:           Sat 22 Apr 2023 09:57:43 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     132335
IP address blocks:        109.122.200.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:a8:65:e8:af:12:f7:f0:27:35:39:24:1d:9c:e8:19:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
        Validity
            Not Before: Apr 22 09:57:43 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d2fead0a16c2ff152d41f73a0cee64610b3dd35d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:bd:41:b9:ae:20:82:e8:8c:c1:bc:39:32:19:
                    1c:0d:27:96:7c:9e:e8:5f:44:5b:e6:07:43:37:35:
                    ea:0d:4f:ca:c7:ff:76:00:f2:51:1c:fe:38:7a:cf:
                    7e:e0:1d:55:d6:ed:5b:84:16:36:dc:fa:ff:4b:ed:
                    fc:88:fd:48:54:27:c5:66:b2:68:ef:1e:3b:88:92:
                    c6:d5:d4:ec:8c:78:65:96:40:9f:0c:9e:97:bb:94:
                    46:b9:be:34:dc:da:72:69:5b:b2:f5:c7:78:d4:83:
                    be:a4:77:de:d3:ac:fa:32:15:0c:e2:1e:2e:3f:b2:
                    1b:3f:61:f1:19:49:c5:38:6b:f5:00:60:07:dc:dc:
                    fc:d0:af:d4:b6:59:6f:e6:62:44:f4:78:b8:b1:9a:
                    45:aa:ca:0c:8c:15:93:fb:a8:00:0d:be:b8:a8:b5:
                    0d:5c:f4:20:20:19:92:10:36:3c:59:5e:5b:3f:2c:
                    90:41:a2:40:f4:9d:2c:18:26:5c:8c:f8:80:d3:05:
                    7f:4e:36:0c:dd:a3:56:43:6f:45:26:ce:e6:b0:b5:
                    9e:f4:07:0a:ba:7e:94:fa:20:3b:c0:08:9e:af:90:
                    d5:ce:c9:bf:2c:db:3e:ff:5b:45:cf:69:93:b7:25:
                    0a:0c:19:20:7a:ac:c4:3b:bc:5e:e3:35:fe:f4:6d:
                    80:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:FE:AD:0A:16:C2:FF:15:2D:41:F7:3A:0C:EE:64:61:0B:3D:D3:5D
            X509v3 Authority Key Identifier:
                keyid:FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/0v6tChbC_xUtQfc6DO5kYQs9010.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/_4fgqwMrDAXrXnTMLAhpjdMk2WM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.200.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:b2:e0:24:0d:bc:b5:58:e4:a5:a5:b1:70:e7:d1:66:92:42:
         c2:1a:39:73:23:22:80:c8:af:96:46:f8:90:97:b7:4d:90:d4:
         e7:d2:3c:1f:d4:0a:a0:d2:ac:8e:94:b4:23:ac:c3:9a:ba:b1:
         cf:cc:54:b4:8a:65:78:96:5e:a6:1a:d8:a7:6a:ae:e9:07:59:
         88:47:0d:a0:bb:9f:24:02:06:b0:18:21:63:2c:32:5f:36:5c:
         a9:d3:c3:7c:d1:ae:bd:b6:0d:59:15:8c:0b:d8:70:40:86:7b:
         2d:15:9b:ed:84:15:5a:42:e9:46:49:8a:ac:ac:7a:cf:f9:24:
         6a:7d:86:03:c8:f5:d6:53:fe:a7:b4:ac:95:bc:4c:40:11:fa:
         d9:19:0c:74:d8:f3:9a:bc:c2:ed:e2:83:2c:36:53:fd:21:cb:
         84:02:87:be:6b:05:6d:d3:aa:79:5b:db:0a:b3:5e:d0:43:c4:
         df:a7:06:e9:ca:44:33:ad:cd:e1:42:51:ee:d2:05:f1:75:7b:
         a0:91:26:5f:7a:83:cb:8a:71:e9:e1:0f:2b:d9:3f:00:9f:04:
         ec:1b:96:20:ab:f1:61:97:61:28:bb:96:a4:53:89:2b:f0:98:
         79:f6:8e:41:c9:4d:52:54:ae:b4:f7:20:a3:a9:c7:54:5d:49:
         d4:fe:3e:84
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYeoZeivEvfwJzU5JB2c6BmVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODdlMGFiMDMyYjBjMDVlYjVlNzRjYzJjMDg2OThkZDMy
NGQ5NjMwHhcNMjMwNDIyMDk1NzQzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMmZlYWQwYTE2YzJmZjE1MmQ0MWY3M2EwY2VlNjQ2MTBiM2RkMzVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvL1Bua4gguiMwbw5MhkcDSeWfJ7o
X0Rb5gdDNzXqDU/Kx/92APJRHP44es9+4B1V1u1bhBY23Pr/S+38iP1IVCfFZrJo
7x47iJLG1dTsjHhllkCfDJ6Xu5RGub403NpyaVuy9cd41IO+pHfe06z6MhUM4h4u
P7IbP2HxGUnFOGv1AGAH3Nz80K/Utllv5mJE9Hi4sZpFqsoMjBWT+6gADb64qLUN
XPQgIBmSEDY8WV5bPyyQQaJA9J0sGCZcjPiA0wV/TjYM3aNWQ29FJs7msLWe9AcK
un6U+iA7wAier5DVzsm/LNs+/1tFz2mTtyUKDBkgeqzEO7xe4zX+9G2A7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNL+rQoWwv8VLUH3OgzuZGELPdNdMB8GA1UdIwQY
MBaAFP+H4KsDKwwF6150zCwIaY3TJNljMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEt
NzFlYjk1ZjUwZTViLzEvMHY2dENoYkNfeFV0UWZjNkRPNWtZUXM5MDEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEtNzFlYjk1ZjUwZTVi
LzEvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXrIMA0G
CSqGSIb3DQEBCwUAA4IBAQBTsuAkDby1WOSlpbFw59FmkkLCGjlzIyKAyK+WRviQ
l7dNkNTn0jwf1Aqg0qyOlLQjrMOaurHPzFS0imV4ll6mGtinaq7pB1mIRw2gu58k
AgawGCFjLDJfNlyp08N80a69tg1ZFYwL2HBAhnstFZvthBVaQulGSYqsrHrP+SRq
fYYDyPXWU/6ntKyVvExAEfrZGQx02POavMLt4oMsNlP9IcuEAoe+awVt06p5W9sK
s17QQ8TfpwbpykQzrc3hQlHu0gXxdXugkSZfeoPLinHp4Q8r2T8AnwTsG5Ygq/Fh
l2Eou5akU4kr8Jh59o5ByU1SVK609yCjqcdUXUnU/j6E
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:02:04 2024 by rpki-client on console-ams.rpki-client.org