Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/AYdkhTyOOgFCncgRPp23izuYW7I.roa
File:                     AYdkhTyOOgFCncgRPp23izuYW7I.roa (raw, json)
Hash identifier:          ylBF61fNWlu1S7q8HTCs8vW8BfDB1Xa2Hilo8g95SSg=
Subject key identifier:   01:87:64:85:3C:8E:3A:01:42:9D:C8:11:3E:9D:B7:8B:3B:98:5B:B2
Certificate issuer:       /CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Certificate serial:       0187A865E07B6F0CDA61CD02AF65D155A623
Authority key identifier: FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/AYdkhTyOOgFCncgRPp23izuYW7I.roa
Signing time:             Sat 22 Apr 2023 09:57:41 +0000
ROA not before:           Sat 22 Apr 2023 09:57:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     6939
IP address blocks:        109.122.211.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:a8:65:e0:7b:6f:0c:da:61:cd:02:af:65:d1:55:a6:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
        Validity
            Not Before: Apr 22 09:57:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=018764853c8e3a01429dc8113e9db78b3b985bb2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:be:5c:e5:cf:1a:e0:c6:0b:15:8f:e4:23:6f:
                    8a:b3:83:c0:ae:e1:32:7d:8e:d0:e4:d5:78:9e:ab:
                    b9:e8:b1:8d:ea:46:e9:c1:9d:98:26:0d:82:8f:1f:
                    5d:cf:1d:4f:9f:37:f9:5c:f8:64:6e:00:c5:bb:ae:
                    e5:0e:1a:b9:c8:c4:43:3a:2d:e8:d2:17:2b:f0:40:
                    d8:07:a8:95:9c:17:69:74:cd:bd:fd:94:bd:47:9c:
                    0f:8e:46:60:4a:79:f3:db:88:2d:6f:07:49:4b:9c:
                    66:47:26:d5:f7:d4:16:80:d8:fb:e2:4b:6e:d0:6e:
                    19:9b:fb:32:d4:b7:2c:f4:a1:b6:5f:96:2f:d8:e3:
                    8e:82:ba:71:4c:7d:35:e7:01:20:7c:34:bc:05:67:
                    fa:a9:39:92:13:ee:9c:53:0d:7c:a3:f1:76:73:09:
                    04:f8:79:1d:29:a0:27:ac:06:3c:86:5d:8c:48:6c:
                    28:59:e5:ca:e6:a4:1d:1f:f6:74:f7:16:0b:60:ba:
                    d3:f6:8c:f2:f2:af:9a:89:02:f4:9b:34:30:06:e9:
                    fc:6f:db:00:4b:85:35:87:2a:fb:7f:c0:ba:85:b4:
                    d6:0d:10:a5:db:f6:62:d7:dc:0e:b6:2c:ac:af:90:
                    12:54:0a:4f:e8:b8:b2:fd:04:6f:d6:3d:b6:90:c8:
                    00:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:87:64:85:3C:8E:3A:01:42:9D:C8:11:3E:9D:B7:8B:3B:98:5B:B2
            X509v3 Authority Key Identifier:
                keyid:FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/AYdkhTyOOgFCncgRPp23izuYW7I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/_4fgqwMrDAXrXnTMLAhpjdMk2WM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.211.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:94:2f:2f:30:94:77:a7:f4:47:c1:19:f0:7e:6d:e5:88:e5:
         79:36:5d:aa:6d:5d:11:0b:28:93:39:d9:69:eb:0b:fc:e5:a8:
         7d:d4:1d:e2:a2:c4:ff:65:25:68:a4:87:ea:76:46:44:17:39:
         c9:51:67:81:a4:66:6b:81:a4:3d:4b:ee:25:15:93:85:06:47:
         9b:e8:fe:e7:ec:df:97:dc:6f:30:c4:aa:2d:9d:6b:e2:6a:c3:
         78:cd:1d:8b:25:ce:51:31:6d:31:38:bb:3e:97:89:4c:21:12:
         f6:d0:4d:4c:f4:26:13:a3:47:62:0a:0d:c8:a8:44:39:56:a0:
         b8:c5:98:be:69:3b:d6:48:4a:f4:c5:24:a4:65:de:85:0a:1e:
         06:8a:86:d9:b2:fa:b5:04:c2:0c:a8:f5:f9:59:44:8e:c7:66:
         79:25:4d:8b:c6:3f:11:e0:dc:e7:f7:15:05:31:bf:4a:dc:97:
         92:c7:71:70:69:7d:dc:7b:2f:ca:8f:4b:a1:47:7a:8e:b0:76:
         e2:52:45:13:c4:ca:a4:67:b8:5b:b1:37:84:be:b0:b0:fc:3e:
         50:3a:03:02:68:d8:d4:82:69:99:f2:43:40:34:fc:ea:3e:bd:
         48:e1:be:d9:d7:8f:b1:f0:65:2a:db:e8:51:58:70:6f:be:06:
         2c:c2:fa:ff
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYeoZeB7bwzaYc0Cr2XRVaYjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODdlMGFiMDMyYjBjMDVlYjVlNzRjYzJjMDg2OThkZDMy
NGQ5NjMwHhcNMjMwNDIyMDk1NzQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMTg3NjQ4NTNjOGUzYTAxNDI5ZGM4MTEzZTlkYjc4YjNiOTg1YmIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjb5c5c8a4MYLFY/kI2+Ks4PAruEy
fY7Q5NV4nqu56LGN6kbpwZ2YJg2Cjx9dzx1Pnzf5XPhkbgDFu67lDhq5yMRDOi3o
0hcr8EDYB6iVnBdpdM29/ZS9R5wPjkZgSnnz24gtbwdJS5xmRybV99QWgNj74ktu
0G4Zm/sy1Lcs9KG2X5Yv2OOOgrpxTH015wEgfDS8BWf6qTmSE+6cUw18o/F2cwkE
+HkdKaAnrAY8hl2MSGwoWeXK5qQdH/Z09xYLYLrT9ozy8q+aiQL0mzQwBun8b9sA
S4U1hyr7f8C6hbTWDRCl2/Zi19wOtiysr5ASVApP6Liy/QRv1j22kMgAVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAGHZIU8jjoBQp3IET6dt4s7mFuyMB8GA1UdIwQY
MBaAFP+H4KsDKwwF6150zCwIaY3TJNljMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEt
NzFlYjk1ZjUwZTViLzEvQVlka2hUeU9PZ0ZDbmNnUlBwMjNpenVZVzdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEtNzFlYjk1ZjUwZTVi
LzEvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXrTMA0G
CSqGSIb3DQEBCwUAA4IBAQBalC8vMJR3p/RHwRnwfm3liOV5Nl2qbV0RCyiTOdlp
6wv85ah91B3iosT/ZSVopIfqdkZEFznJUWeBpGZrgaQ9S+4lFZOFBkeb6P7n7N+X
3G8wxKotnWviasN4zR2LJc5RMW0xOLs+l4lMIRL20E1M9CYTo0diCg3IqEQ5VqC4
xZi+aTvWSEr0xSSkZd6FCh4GiobZsvq1BMIMqPX5WUSOx2Z5JU2Lxj8R4Nzn9xUF
Mb9K3JeSx3FwaX3cey/Kj0uhR3qOsHbiUkUTxMqkZ7hbsTeEvrCw/D5QOgMCaNjU
gmmZ8kNANPzqPr1I4b7Z14+x8GUq2+hRWHBvvgYswvr/
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:24:48 2024 by rpki-client on console-fra.rpki-client.org