Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/838iGHmE8KASAwkQiT52XyO2qxs.roa
File:                     838iGHmE8KASAwkQiT52XyO2qxs.roa (raw, json)
Hash identifier:          oXPaQU93ul3xwaaFpvR7LUW6gaAaOKIfCnhm6xdRRxY=
Subject key identifier:   F3:7F:22:18:79:84:F0:A0:12:03:09:10:89:3E:76:5F:23:B6:AB:1B
Certificate issuer:       /CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Certificate serial:       0189223D9E0A88DAC6010C2C87CE510718D6
Authority key identifier: FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/838iGHmE8KASAwkQiT52XyO2qxs.roa
Signing time:             Tue 04 Jul 2023 18:50:10 +0000
ROA not before:           Tue 04 Jul 2023 18:50:10 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     43260
IP address blocks:        109.122.195.0/24 maxlen: 24
                          109.122.197.0/24 maxlen: 24
                          109.122.210.0/24 maxlen: 24
                          109.122.222.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:22:3d:9e:0a:88:da:c6:01:0c:2c:87:ce:51:07:18:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
        Validity
            Not Before: Jul  4 18:50:10 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f37f22187984f0a012030910893e765f23b6ab1b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:7a:39:61:d9:03:48:35:9f:9f:03:63:8c:64:
                    b3:0e:8f:e8:20:4d:4c:84:e0:99:73:51:c5:26:da:
                    e3:1e:3f:1d:42:b7:38:9f:5c:ff:eb:40:f0:50:13:
                    95:57:f2:e7:84:f8:44:d5:ac:f8:66:c2:56:ba:6d:
                    67:3c:66:00:95:f9:df:7e:16:08:30:fc:78:a3:94:
                    4b:bb:3a:c6:17:ad:59:09:35:de:e3:76:dc:58:bb:
                    cb:fe:ed:c7:14:cd:0a:12:53:53:15:b9:0d:d5:77:
                    2b:32:35:5c:06:e7:94:9f:09:45:2a:e6:85:79:ed:
                    37:fa:c9:47:e4:ab:c0:90:4c:2d:37:9f:4b:96:7e:
                    43:ab:d8:70:d2:c7:26:3a:1a:be:68:e7:ee:4a:74:
                    7a:11:0c:36:6f:d9:d6:8a:1e:67:94:b0:d3:28:b5:
                    2a:0c:40:42:21:52:d2:a5:2f:69:61:cd:e6:df:62:
                    f1:71:12:b0:c0:40:4f:14:2d:ca:cb:39:48:61:8e:
                    86:4c:c8:3c:21:12:cc:fe:da:2a:e4:86:c7:92:9e:
                    52:20:4c:91:fc:5a:c0:b5:7f:b1:87:82:f8:1c:60:
                    8c:18:71:52:7d:86:e3:1e:b2:a2:5a:25:77:7c:23:
                    df:af:f8:53:d6:b7:d7:11:15:8c:a3:26:72:11:1f:
                    c0:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:7F:22:18:79:84:F0:A0:12:03:09:10:89:3E:76:5F:23:B6:AB:1B
            X509v3 Authority Key Identifier:
                keyid:FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/838iGHmE8KASAwkQiT52XyO2qxs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/_4fgqwMrDAXrXnTMLAhpjdMk2WM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.195.0/24
                  109.122.197.0/24
                  109.122.210.0/24
                  109.122.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:be:d0:c5:73:22:77:51:d0:16:7b:3f:3f:0a:9a:b5:b8:bc:
         01:b6:f8:a7:dc:ef:fc:e1:04:16:eb:1e:2f:e7:8d:5b:60:2f:
         8b:13:d5:89:2e:13:16:36:ff:a8:93:03:2b:32:b5:35:2e:5e:
         dc:40:0f:8c:da:32:77:70:ab:83:31:e5:60:e8:30:4a:4f:73:
         3a:c7:ab:0a:ac:dc:01:36:01:0a:68:00:8c:b2:67:b0:7d:00:
         9c:0f:b8:68:d4:45:c1:87:78:b4:44:ed:31:6f:af:6c:96:07:
         e7:a2:2b:3f:15:81:34:b0:30:48:a2:bb:c6:14:d4:34:a5:f7:
         97:49:69:f5:9b:7b:c4:7c:74:a5:56:36:73:d0:7c:3e:83:c3:
         4a:6a:57:ed:ae:f0:fd:f7:93:01:5b:47:d0:08:56:ce:a8:36:
         c7:dc:fb:cf:26:ad:0f:bc:f6:a1:6b:a7:f4:e2:6e:fc:4a:fa:
         78:51:df:5b:82:95:88:ab:a8:b9:eb:69:de:da:b2:c9:f0:3d:
         e0:45:e2:54:47:60:7c:d7:87:f2:6d:0c:94:55:9c:31:4a:c0:
         8b:07:5d:56:47:47:0b:e0:80:63:ec:ff:82:76:e4:00:bb:04:
         61:b8:50:27:6f:78:97:90:a1:d7:16:82:d1:a8:97:51:0f:a5:
         00:d9:f1:99
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYkiPZ4KiNrGAQwsh85RBxjWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODdlMGFiMDMyYjBjMDVlYjVlNzRjYzJjMDg2OThkZDMy
NGQ5NjMwHhcNMjMwNzA0MTg1MDEwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzdmMjIxODc5ODRmMGEwMTIwMzA5MTA4OTNlNzY1ZjIzYjZhYjFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs3o5YdkDSDWfnwNjjGSzDo/oIE1M
hOCZc1HFJtrjHj8dQrc4n1z/60DwUBOVV/LnhPhE1az4ZsJWum1nPGYAlfnffhYI
MPx4o5RLuzrGF61ZCTXe43bcWLvL/u3HFM0KElNTFbkN1XcrMjVcBueUnwlFKuaF
ee03+slH5KvAkEwtN59Lln5Dq9hw0scmOhq+aOfuSnR6EQw2b9nWih5nlLDTKLUq
DEBCIVLSpS9pYc3m32LxcRKwwEBPFC3KyzlIYY6GTMg8IRLM/toq5IbHkp5SIEyR
/FrAtX+xh4L4HGCMGHFSfYbjHrKiWiV3fCPfr/hT1rfXERWMoyZyER/A0wIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFPN/Ihh5hPCgEgMJEIk+dl8jtqsbMB8GA1UdIwQY
MBaAFP+H4KsDKwwF6150zCwIaY3TJNljMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEt
NzFlYjk1ZjUwZTViLzEvODM4aUdIbUU4S0FTQXdrUWlUNTJYeU8ycXhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEtNzFlYjk1ZjUwZTVi
LzEvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAbXrDAwQA
bXrFAwQAbXrSAwQAbXreMA0GCSqGSIb3DQEBCwUAA4IBAQCdvtDFcyJ3UdAWez8/
Cpq1uLwBtvin3O/84QQW6x4v541bYC+LE9WJLhMWNv+okwMrMrU1Ll7cQA+M2jJ3
cKuDMeVg6DBKT3M6x6sKrNwBNgEKaACMsmewfQCcD7ho1EXBh3i0RO0xb69slgfn
ois/FYE0sDBIorvGFNQ0pfeXSWn1m3vEfHSlVjZz0Hw+g8NKalftrvD995MBW0fQ
CFbOqDbH3PvPJq0PvPaha6f04m78Svp4Ud9bgpWIq6i562ne2rLJ8D3gReJUR2B8
14fybQyUVZwxSsCLB11WR0cL4IBj7P+CduQAuwRhuFAnb3iXkKHXFoLRqJdRD6UA
2fGZ
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:02:04 2024 by rpki-client on console-ams.rpki-client.org