Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/C9Bcf8GCMiBEzaYDn6Lbw7ruTnA.roa
File:                     C9Bcf8GCMiBEzaYDn6Lbw7ruTnA.roa (raw, json)
Hash identifier:          FkXtu+IoXa45PbnevBHCexfxYfeVgByOpTe/Q6IsHP8=
Subject key identifier:   0B:D0:5C:7F:C1:82:32:20:44:CD:A6:03:9F:A2:DB:C3:BA:EE:4E:70
Certificate issuer:       /CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Certificate serial:       0187A865E3E579CE0AB3D4303DB7CE8062A3
Authority key identifier: FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/C9Bcf8GCMiBEzaYDn6Lbw7ruTnA.roa
Signing time:             Sat 22 Apr 2023 09:57:42 +0000
ROA not before:           Sat 22 Apr 2023 09:57:42 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     48678
IP address blocks:        109.122.196.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:a8:65:e3:e5:79:ce:0a:b3:d4:30:3d:b7:ce:80:62:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
        Validity
            Not Before: Apr 22 09:57:42 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=0bd05c7fc182322044cda6039fa2dbc3baee4e70
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:8c:c2:39:62:42:82:ee:84:3d:b4:b4:1f:aa:
                    5f:bf:c7:31:83:c3:6f:10:74:6c:be:5e:4b:8e:26:
                    57:ce:9d:97:f3:a1:c1:05:80:4b:49:6b:39:18:4b:
                    8c:85:62:58:9e:13:41:26:4f:85:dd:e6:4a:ff:c8:
                    17:81:e4:50:15:26:0e:b5:c2:8a:94:d7:18:28:46:
                    34:eb:c8:2d:53:42:e4:8b:a4:f0:e2:7c:62:75:72:
                    0f:61:a8:32:98:f3:6e:98:5f:dc:fd:52:8c:2f:95:
                    30:59:ef:f9:c6:bb:26:8d:dd:79:cb:1a:0f:fd:13:
                    e7:65:11:8b:f1:02:2c:5c:97:85:13:ca:6a:cd:f3:
                    ed:15:e7:f4:0a:a1:5a:27:66:02:b6:28:9a:b9:b9:
                    0d:f4:61:ce:2f:40:23:bd:65:d8:74:d1:dd:70:84:
                    3f:1e:11:66:bf:4c:54:6f:83:42:14:18:6e:04:7e:
                    6a:33:71:ac:a3:0f:2d:3c:68:99:87:59:01:bd:06:
                    29:df:61:bd:7f:5f:38:fc:6a:3b:ff:d2:13:5e:2e:
                    04:82:ff:f7:6d:b8:1f:7e:2a:0d:e1:fd:0e:b3:5a:
                    84:f0:1d:e0:16:79:c9:d2:d8:71:1f:ff:99:bd:3f:
                    c7:fc:86:c4:3a:a6:66:f3:a7:d2:be:65:c5:2d:06:
                    16:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:D0:5C:7F:C1:82:32:20:44:CD:A6:03:9F:A2:DB:C3:BA:EE:4E:70
            X509v3 Authority Key Identifier:
                keyid:FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/C9Bcf8GCMiBEzaYDn6Lbw7ruTnA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/_4fgqwMrDAXrXnTMLAhpjdMk2WM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.196.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:73:b1:da:71:26:12:d2:6f:7a:5b:b3:47:39:bd:49:a3:1e:
         41:8b:21:72:23:8c:b1:7e:60:43:75:c8:70:dd:de:df:09:f4:
         9d:e6:1d:c6:c3:28:71:5b:4c:b9:fd:a9:d6:69:0d:bc:80:95:
         29:6b:8a:41:6f:dc:ad:42:53:24:4a:33:ec:f9:22:4c:55:66:
         4a:85:13:7c:e7:47:79:5e:b5:1f:a0:dd:6c:3f:5b:22:24:65:
         02:32:a8:75:ee:f5:29:b5:b7:a0:20:e6:11:0f:51:93:f1:a2:
         89:5e:2f:3a:57:db:3c:bd:ac:bc:b0:00:66:fc:24:41:84:13:
         99:12:82:b1:17:98:82:e7:4e:45:bd:2d:56:e3:23:f4:79:e3:
         dc:53:a8:fa:ae:11:d8:94:d0:68:a6:13:91:c4:72:1f:f4:f6:
         4d:4c:b3:e9:e4:99:97:57:f8:88:7e:ea:bd:93:94:d9:10:f4:
         57:65:c6:5c:b6:39:40:41:d5:ea:51:8f:de:66:0a:16:55:f4:
         b1:ef:fd:2a:91:06:b2:05:90:ed:cf:16:e4:77:17:9f:20:0c:
         af:63:15:ca:49:8f:24:cc:7e:a0:e2:13:f8:b2:a3:96:04:98:
         b7:30:09:be:90:47:48:3c:ee:14:0f:70:b9:a1:56:3e:74:94:
         d4:83:7c:a5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYeoZePlec4Ks9QwPbfOgGKjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODdlMGFiMDMyYjBjMDVlYjVlNzRjYzJjMDg2OThkZDMy
NGQ5NjMwHhcNMjMwNDIyMDk1NzQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYmQwNWM3ZmMxODIzMjIwNDRjZGE2MDM5ZmEyZGJjM2JhZWU0ZTcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgIzCOWJCgu6EPbS0H6pfv8cxg8Nv
EHRsvl5LjiZXzp2X86HBBYBLSWs5GEuMhWJYnhNBJk+F3eZK/8gXgeRQFSYOtcKK
lNcYKEY068gtU0Lki6Tw4nxidXIPYagymPNumF/c/VKML5UwWe/5xrsmjd15yxoP
/RPnZRGL8QIsXJeFE8pqzfPtFef0CqFaJ2YCtiiaubkN9GHOL0AjvWXYdNHdcIQ/
HhFmv0xUb4NCFBhuBH5qM3Gsow8tPGiZh1kBvQYp32G9f184/Go7/9ITXi4Egv/3
bbgffioN4f0Os1qE8B3gFnnJ0thxH/+ZvT/H/IbEOqZm86fSvmXFLQYWzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAvQXH/BgjIgRM2mA5+i28O67k5wMB8GA1UdIwQY
MBaAFP+H4KsDKwwF6150zCwIaY3TJNljMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEt
NzFlYjk1ZjUwZTViLzEvQzlCY2Y4R0NNaUJFemFZRG42TGJ3N3J1VG5BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEtNzFlYjk1ZjUwZTVi
LzEvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXrEMA0G
CSqGSIb3DQEBCwUAA4IBAQAcc7HacSYS0m96W7NHOb1Jox5BiyFyI4yxfmBDdchw
3d7fCfSd5h3GwyhxW0y5/anWaQ28gJUpa4pBb9ytQlMkSjPs+SJMVWZKhRN850d5
XrUfoN1sP1siJGUCMqh17vUptbegIOYRD1GT8aKJXi86V9s8vay8sABm/CRBhBOZ
EoKxF5iC505FvS1W4yP0eePcU6j6rhHYlNBophORxHIf9PZNTLPp5JmXV/iIfuq9
k5TZEPRXZcZctjlAQdXqUY/eZgoWVfSx7/0qkQayBZDtzxbkdxefIAyvYxXKSY8k
zH6g4hP4sqOWBJi3MAm+kEdIPO4UD3C5oVY+dJTUg3yl
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:02:04 2024 by rpki-client on console-ams.rpki-client.org