Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/1-1_KYrREiRBIavKxlvM3ZvdgRFA.roa
File:                     1-1_KYrREiRBIavKxlvM3ZvdgRFA.roa (raw, json)
Hash identifier:          XNuHuedWjQQIRaKsgYYsBodJB6eUUupzqLUwf1xeKXY=
Subject key identifier:   FB:5F:CA:62:B4:44:89:10:48:6A:F2:B1:96:F3:37:66:F7:60:44:50
Certificate issuer:       /CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Certificate serial:       0187A8689F6342E5BE444D92F79FB2F0BD61
Authority key identifier: FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/1-1_KYrREiRBIavKxlvM3ZvdgRFA.roa
Signing time:             Sat 22 Apr 2023 10:00:41 +0000
ROA not before:           Sat 22 Apr 2023 10:00:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     20473
IP address blocks:        109.122.210.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:a8:68:9f:63:42:e5:be:44:4d:92:f7:9f:b2:f0:bd:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
        Validity
            Not Before: Apr 22 10:00:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=fb5fca62b4448910486af2b196f33766f7604450
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:a0:9e:c4:cf:65:3a:8f:74:c5:c7:dd:37:67:
                    f1:f7:be:2c:19:19:6b:66:b6:72:15:c2:e6:80:4c:
                    3f:5e:f0:30:92:8d:6e:18:6d:56:a5:77:ba:a6:60:
                    63:3f:90:54:d4:a3:e1:1d:ba:4d:28:b4:90:ad:5a:
                    9f:c4:9c:f0:03:9a:11:bf:52:c7:c8:37:f5:64:87:
                    80:eb:b4:08:9f:47:78:87:42:7b:fc:a0:08:b1:f3:
                    4e:a6:1a:8a:45:bf:6a:3c:4c:bd:83:d2:cd:8c:0a:
                    22:15:9e:df:79:bf:c3:47:2d:b0:aa:19:d3:d2:4a:
                    a5:e7:1c:90:35:a2:e2:ba:fd:2e:d4:7e:20:0a:d5:
                    12:72:f0:ca:97:fb:2c:7e:90:78:14:30:2f:51:12:
                    4f:d1:8d:1b:63:bd:55:da:0e:a4:22:49:83:35:4e:
                    2e:00:5f:71:ea:9e:24:f2:9f:b6:40:80:96:e5:b5:
                    70:62:08:bc:77:ec:2c:2f:b4:4d:5b:46:46:05:19:
                    61:a8:75:51:52:c2:16:60:24:8c:18:f7:5f:bf:a2:
                    83:0c:06:e6:6b:97:f6:b1:7e:9d:c9:03:9c:10:68:
                    76:6d:66:12:11:62:47:ff:26:0b:70:37:5d:8a:b5:
                    05:cf:6b:3d:05:c0:9e:2d:35:dc:37:3d:f9:0e:02:
                    8a:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:5F:CA:62:B4:44:89:10:48:6A:F2:B1:96:F3:37:66:F7:60:44:50
            X509v3 Authority Key Identifier:
                keyid:FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/1-1_KYrREiRBIavKxlvM3ZvdgRFA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/_4fgqwMrDAXrXnTMLAhpjdMk2WM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.210.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:48:bd:b4:46:38:b4:87:56:59:00:ae:28:8b:6e:4b:e7:95:
         e6:c6:75:fd:81:fe:80:70:83:a0:3b:e7:1f:8a:8d:d0:12:04:
         b8:97:af:f6:ad:67:05:5c:6d:a7:01:42:7c:97:92:d5:cc:b7:
         34:bc:a2:c2:80:66:74:97:1a:da:ef:3a:88:76:8b:5e:b9:53:
         9e:69:d0:d7:9f:82:7f:04:88:07:ca:b0:ca:8f:05:c5:d4:a7:
         86:41:36:31:e4:b5:d1:92:2d:30:b0:8c:ca:8c:b3:96:87:86:
         63:f6:55:b9:80:1a:81:33:4a:07:a3:48:2b:f6:0a:08:30:b4:
         9f:b5:5d:cb:92:6f:64:a9:99:6f:93:1f:40:c2:4b:49:5a:80:
         17:da:06:15:a9:98:e4:20:5e:d7:95:a1:76:3e:10:fd:b3:51:
         d5:b8:ca:48:76:d0:5f:fd:43:b6:85:73:da:c7:40:75:53:4e:
         5d:90:84:aa:5b:fa:70:ba:45:a1:ad:bb:c9:b6:5e:ec:e2:6c:
         83:6b:1b:b1:f6:9d:15:68:cc:b2:c5:39:e3:dd:02:be:a8:96:
         66:af:0a:03:5e:52:5c:0d:88:1b:2e:79:57:7a:1b:d7:e9:65:
         a2:0a:c1:55:32:5b:7d:52:2c:be:74:f3:5c:0c:e1:de:d5:f3:
         fc:b9:92:e4
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYeoaJ9jQuW+RE2S95+y8L1hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODdlMGFiMDMyYjBjMDVlYjVlNzRjYzJjMDg2OThkZDMy
NGQ5NjMwHhcNMjMwNDIyMTAwMDQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYjVmY2E2MmI0NDQ4OTEwNDg2YWYyYjE5NmYzMzc2NmY3NjA0NDUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgKCexM9lOo90xcfdN2fx974sGRlr
ZrZyFcLmgEw/XvAwko1uGG1WpXe6pmBjP5BU1KPhHbpNKLSQrVqfxJzwA5oRv1LH
yDf1ZIeA67QIn0d4h0J7/KAIsfNOphqKRb9qPEy9g9LNjAoiFZ7feb/DRy2wqhnT
0kql5xyQNaLiuv0u1H4gCtUScvDKl/ssfpB4FDAvURJP0Y0bY71V2g6kIkmDNU4u
AF9x6p4k8p+2QICW5bVwYgi8d+wsL7RNW0ZGBRlhqHVRUsIWYCSMGPdfv6KDDAbm
a5f2sX6dyQOcEGh2bWYSEWJH/yYLcDddirUFz2s9BcCeLTXcNz35DgKK1wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPtfymK0RIkQSGrysZbzN2b3YERQMB8GA1UdIwQY
MBaAFP+H4KsDKwwF6150zCwIaY3TJNljMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEt
NzFlYjk1ZjUwZTViLzEvMS0xX0tZclJFaVJCSWF2S3hsdk0zWnZkZ1JGQS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMzMvMWRmMThlLTZjNGQtNDM0Yi04ZTMxLTcxZWI5NWY1MGU1
Yi8xL180Zmdxd01yREFYclhuVE1MQWhwamRNazJXTS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAG160jAN
BgkqhkiG9w0BAQsFAAOCAQEAnUi9tEY4tIdWWQCuKItuS+eV5sZ1/YH+gHCDoDvn
H4qN0BIEuJev9q1nBVxtpwFCfJeS1cy3NLyiwoBmdJca2u86iHaLXrlTnmnQ15+C
fwSIB8qwyo8FxdSnhkE2MeS10ZItMLCMyoyzloeGY/ZVuYAagTNKB6NIK/YKCDC0
n7Vdy5JvZKmZb5MfQMJLSVqAF9oGFamY5CBe15Whdj4Q/bNR1bjKSHbQX/1DtoVz
2sdAdVNOXZCEqlv6cLpFoa27ybZe7OJsg2sbsfadFWjMssU5490CvqiWZq8KA15S
XA2IGy55V3ob1+llogrBVTJbfVIsvnTzXAzh3tXz/LmS5A==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:24:48 2024 by rpki-client on console-fra.rpki-client.org