Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/9ysbIXagMr4ieh_sdY0DlsHW42g.roa
File:                     9ysbIXagMr4ieh_sdY0DlsHW42g.roa (raw, json)
Hash identifier:          4Vyueg1hlR5BBsv84SPYfZCJers0j0LawiqQxXQKt0Y=
Subject key identifier:   F7:2B:1B:21:76:A0:32:BE:22:7A:1F:EC:75:8D:03:96:C1:D6:E3:68
Certificate issuer:       /CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Certificate serial:       018E1A8891DDA1E7CC410F2C187BD9E188A5
Authority key identifier: FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/9ysbIXagMr4ieh_sdY0DlsHW42g.roa
Signing time:             Thu 07 Mar 2024 20:09:01 +0000
ROA not before:           Thu 07 Mar 2024 20:09:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44620
IP address blocks:        109.122.196.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:1a:88:91:dd:a1:e7:cc:41:0f:2c:18:7b:d9:e1:88:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
        Validity
            Not Before: Mar  7 20:09:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f72b1b2176a032be227a1fec758d0396c1d6e368
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:7c:23:80:ef:1e:c5:8a:90:32:53:28:15:f9:
                    a6:8a:c4:f9:2a:4f:71:0b:e5:4a:bb:1f:81:6b:5f:
                    d1:1e:40:79:b0:a6:f4:ac:15:85:87:74:1d:8e:97:
                    90:48:92:b1:0b:2a:b0:46:b7:20:bb:72:d4:16:e5:
                    ac:26:13:a3:1b:d0:63:43:0b:b7:e7:72:e1:6f:6d:
                    ac:cc:cb:fc:cf:54:e8:ee:3c:13:0e:53:a8:6c:3b:
                    93:25:8a:5c:ea:d4:64:ce:15:6e:70:01:19:6f:89:
                    33:82:a2:e1:8b:1c:0c:20:e2:e6:79:da:85:0a:20:
                    59:77:fe:d9:01:50:1a:e6:36:b8:38:b1:91:3b:38:
                    b4:7a:58:29:d1:df:1b:f9:59:97:7a:a4:c1:ba:9c:
                    0d:13:ec:9d:08:fb:a1:42:df:e4:a2:92:78:3c:0f:
                    12:cc:69:a3:cf:cd:80:71:63:7d:65:83:d2:fd:e1:
                    08:1b:ec:35:e0:21:50:ed:8f:ea:4e:37:af:1f:b3:
                    e9:2a:d7:18:5a:cd:0c:22:b5:b3:3d:1e:34:70:23:
                    e4:97:c9:58:74:77:f0:48:14:ce:c6:9d:4d:17:e4:
                    fe:49:78:da:81:c8:03:e5:04:a6:ea:9b:cb:75:5e:
                    1f:f1:9f:a9:5b:dc:98:46:2f:a4:9a:01:30:7d:e4:
                    90:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:2B:1B:21:76:A0:32:BE:22:7A:1F:EC:75:8D:03:96:C1:D6:E3:68
            X509v3 Authority Key Identifier:
                keyid:FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/9ysbIXagMr4ieh_sdY0DlsHW42g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/_4fgqwMrDAXrXnTMLAhpjdMk2WM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.196.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:08:e6:51:ab:70:96:8a:6a:b7:8f:97:ee:71:6d:9f:ea:80:
         7c:d9:2c:85:05:92:21:e9:2b:d8:81:d2:03:d1:b1:a9:be:f4:
         1f:3f:c2:a9:59:e2:14:18:1f:39:6a:53:8d:48:af:02:6a:36:
         0e:df:d5:11:84:a5:b9:19:a7:18:75:38:b2:6a:b5:0e:56:a6:
         f5:80:03:51:0b:ab:e4:f5:01:02:c2:3a:40:6e:dc:12:37:98:
         38:4e:c5:31:a1:96:0f:2d:3c:31:f3:32:5e:17:94:5a:b4:29:
         57:87:3c:bf:07:8c:49:60:1f:24:a8:dd:18:07:9b:06:06:6b:
         c9:30:94:cd:f0:05:a3:bf:85:d4:05:a1:8f:ed:7a:6b:49:64:
         03:59:c0:54:da:cb:b3:2e:d0:d7:11:d1:5e:72:1a:02:f6:4f:
         71:1f:00:3f:06:97:67:66:07:12:49:b0:c4:1e:85:ce:04:5c:
         e4:d9:06:3b:9e:ba:9c:e7:b8:6c:a8:a2:a6:eb:1c:3b:08:bb:
         24:24:f9:37:0d:ed:82:3d:72:3d:7b:ed:ef:10:1d:20:96:a9:
         35:85:71:df:13:37:47:3d:73:b1:19:01:0b:50:70:66:1c:dc:
         22:cb:0a:02:cc:56:7e:20:ba:0c:df:6b:a0:2c:31:22:ce:98:
         ee:69:31:58
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4aiJHdoefMQQ8sGHvZ4YilMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODdlMGFiMDMyYjBjMDVlYjVlNzRjYzJjMDg2OThkZDMy
NGQ5NjMwHhcNMjQwMzA3MjAwOTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzJiMWIyMTc2YTAzMmJlMjI3YTFmZWM3NThkMDM5NmMxZDZlMzY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApXwjgO8exYqQMlMoFfmmisT5Kk9x
C+VKux+Ba1/RHkB5sKb0rBWFh3QdjpeQSJKxCyqwRrcgu3LUFuWsJhOjG9BjQwu3
53Lhb22szMv8z1To7jwTDlOobDuTJYpc6tRkzhVucAEZb4kzgqLhixwMIOLmedqF
CiBZd/7ZAVAa5ja4OLGROzi0elgp0d8b+VmXeqTBupwNE+ydCPuhQt/kopJ4PA8S
zGmjz82AcWN9ZYPS/eEIG+w14CFQ7Y/qTjevH7PpKtcYWs0MIrWzPR40cCPkl8lY
dHfwSBTOxp1NF+T+SXjagcgD5QSm6pvLdV4f8Z+pW9yYRi+kmgEwfeSQEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPcrGyF2oDK+Inof7HWNA5bB1uNoMB8GA1UdIwQY
MBaAFP+H4KsDKwwF6150zCwIaY3TJNljMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEt
NzFlYjk1ZjUwZTViLzEvOXlzYklYYWdNcjRpZWhfc2RZMERsc0hXNDJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEtNzFlYjk1ZjUwZTVi
LzEvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXrEMA0G
CSqGSIb3DQEBCwUAA4IBAQA5COZRq3CWimq3j5fucW2f6oB82SyFBZIh6SvYgdID
0bGpvvQfP8KpWeIUGB85alONSK8CajYO39URhKW5GacYdTiyarUOVqb1gANRC6vk
9QECwjpAbtwSN5g4TsUxoZYPLTwx8zJeF5RatClXhzy/B4xJYB8kqN0YB5sGBmvJ
MJTN8AWjv4XUBaGP7XprSWQDWcBU2suzLtDXEdFechoC9k9xHwA/BpdnZgcSSbDE
HoXOBFzk2QY7nrqc57hsqKKm6xw7CLskJPk3De2CPXI9e+3vEB0glqk1hXHfEzdH
PXOxGQELUHBmHNwiywoCzFZ+ILoM32ugLDEizpjuaTFY
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:02:04 2024 by rpki-client on console-ams.rpki-client.org