Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/14yR8RKVjqvW30tfArscNLHl6JI.roa
File:                     14yR8RKVjqvW30tfArscNLHl6JI.roa (raw, json)
Hash identifier:          /BJPp6qjDgqt8/PR3V1kX1JG+dZ3c5mdgEq20IHZGK4=
Subject key identifier:   D7:8C:91:F1:12:95:8E:AB:D6:DF:4B:5F:02:BB:1C:34:B1:E5:E8:92
Certificate issuer:       /CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Certificate serial:       018CC501401A71FA8088DB88D4A7903266E6
Authority key identifier: FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/14yR8RKVjqvW30tfArscNLHl6JI.roa
Signing time:             Mon 01 Jan 2024 12:30:42 +0000
ROA not before:           Mon 01 Jan 2024 12:30:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7354
IP address blocks:        109.122.214.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:40:1a:71:fa:80:88:db:88:d4:a7:90:32:66:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
        Validity
            Not Before: Jan  1 12:30:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d78c91f112958eabd6df4b5f02bb1c34b1e5e892
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:55:ca:4b:8f:cf:cf:2b:c7:9d:6e:e5:b9:ec:
                    6f:07:6a:f8:ca:18:82:6e:5f:69:70:cb:71:49:d1:
                    72:42:51:6d:ac:09:6e:84:c0:b6:cf:83:70:5c:7f:
                    a4:90:d4:fe:d7:ea:f8:14:d8:2c:96:ad:7b:09:88:
                    c4:36:36:88:e4:1e:32:68:72:92:06:4f:5a:cf:26:
                    4f:4c:a5:9c:0d:69:69:ad:e7:b5:35:aa:a4:57:fe:
                    b2:b9:f5:02:6b:af:44:fb:d9:c0:ba:90:d0:ec:83:
                    c5:ca:28:f6:fc:12:85:8f:04:9d:11:78:c6:b6:eb:
                    9b:98:8b:3e:46:53:a5:58:ee:2a:da:18:a0:ed:e5:
                    80:70:df:72:9a:a1:f9:4f:80:22:3f:b5:50:80:1c:
                    71:d3:97:86:56:9e:23:9a:e4:7f:ce:eb:67:2e:de:
                    54:35:bf:c8:79:0a:c7:82:46:ea:43:3d:34:7f:dd:
                    dc:34:a9:e2:6c:1d:2c:23:ef:97:4d:f0:95:2d:30:
                    61:22:57:e6:cf:7c:73:c3:16:d9:c7:22:08:ac:2f:
                    46:d4:99:60:90:bd:3a:a6:01:a7:fc:12:44:09:29:
                    8b:f2:27:4e:61:39:45:65:c5:be:9b:52:0f:70:91:
                    7c:ab:d0:82:f0:47:7e:8d:8c:51:7b:29:68:6c:54:
                    3f:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:8C:91:F1:12:95:8E:AB:D6:DF:4B:5F:02:BB:1C:34:B1:E5:E8:92
            X509v3 Authority Key Identifier:
                keyid:FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/14yR8RKVjqvW30tfArscNLHl6JI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/_4fgqwMrDAXrXnTMLAhpjdMk2WM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.214.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:ae:a3:a2:68:09:9f:03:15:05:6d:f6:0d:dd:f4:0f:8e:c2:
         8a:ce:4d:b5:f5:64:13:8d:85:40:ef:8e:82:d9:31:9a:de:6a:
         72:8c:fc:71:7c:33:b8:a5:fe:a0:f8:0f:ae:a5:a3:d4:d8:79:
         f9:57:cb:8f:32:8e:ab:0b:5e:fb:0a:27:64:7c:ef:0c:64:d7:
         59:e2:9b:9e:67:29:66:46:94:40:9d:c3:1d:51:af:34:ff:3f:
         85:5d:b3:03:87:96:c8:ef:1e:d6:de:b5:b7:0c:f5:47:54:da:
         8f:38:8a:88:a8:34:c1:de:72:79:6b:c8:1b:a1:ef:8c:a4:50:
         00:df:3d:a1:96:d7:06:9f:d1:1f:ad:08:7b:4e:e9:81:1d:5a:
         53:d9:dc:84:4d:86:01:5b:d3:87:2c:cd:30:07:0b:36:b1:bc:
         e8:ab:6e:c7:c2:eb:4f:46:e2:98:b3:c9:91:91:ba:92:f5:fc:
         05:c5:51:01:7f:22:a7:68:38:e4:56:c7:a2:9c:64:92:ee:af:
         2f:62:75:03:8e:23:5f:8e:71:86:bd:ba:dd:37:29:96:9f:5b:
         fa:ed:c2:b3:d1:03:e9:7e:5a:2e:da:a0:e4:17:3b:6a:b3:be:
         c5:8f:7e:da:77:92:73:de:c4:0d:21:42:9a:bf:57:52:1b:aa:
         db:ce:ca:56
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAUAacfqAiNuI1KeQMmbmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODdlMGFiMDMyYjBjMDVlYjVlNzRjYzJjMDg2OThkZDMy
NGQ5NjMwHhcNMjQwMTAxMTIzMDQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzhjOTFmMTEyOTU4ZWFiZDZkZjRiNWYwMmJiMWMzNGIxZTVlODkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApVXKS4/PzyvHnW7luexvB2r4yhiC
bl9pcMtxSdFyQlFtrAluhMC2z4NwXH+kkNT+1+r4FNgslq17CYjENjaI5B4yaHKS
Bk9azyZPTKWcDWlpree1NaqkV/6yufUCa69E+9nAupDQ7IPFyij2/BKFjwSdEXjG
tuubmIs+RlOlWO4q2hig7eWAcN9ymqH5T4AiP7VQgBxx05eGVp4jmuR/zutnLt5U
Nb/IeQrHgkbqQz00f93cNKnibB0sI++XTfCVLTBhIlfmz3xzwxbZxyIIrC9G1Jlg
kL06pgGn/BJECSmL8idOYTlFZcW+m1IPcJF8q9CC8Ed+jYxReylobFQ/bQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNeMkfESlY6r1t9LXwK7HDSx5eiSMB8GA1UdIwQY
MBaAFP+H4KsDKwwF6150zCwIaY3TJNljMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEt
NzFlYjk1ZjUwZTViLzEvMTR5UjhSS1ZqcXZXMzB0ZkFyc2NOTEhsNkpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEtNzFlYjk1ZjUwZTVi
LzEvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXrWMA0G
CSqGSIb3DQEBCwUAA4IBAQCVrqOiaAmfAxUFbfYN3fQPjsKKzk219WQTjYVA746C
2TGa3mpyjPxxfDO4pf6g+A+upaPU2Hn5V8uPMo6rC177CidkfO8MZNdZ4pueZylm
RpRAncMdUa80/z+FXbMDh5bI7x7W3rW3DPVHVNqPOIqIqDTB3nJ5a8gboe+MpFAA
3z2hltcGn9EfrQh7TumBHVpT2dyETYYBW9OHLM0wBws2sbzoq27HwutPRuKYs8mR
kbqS9fwFxVEBfyKnaDjkVseinGSS7q8vYnUDjiNfjnGGvbrdNymWn1v67cKz0QPp
flou2qDkFztqs77Fj37ad5Jz3sQNIUKav1dSG6rbzspW
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:24:48 2024 by rpki-client on console-fra.rpki-client.org