Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/F_F3QGvwhCTTw8fLRrmLK9Dg4Ic.roa
File:                     F_F3QGvwhCTTw8fLRrmLK9Dg4Ic.roa (raw, json)
Hash identifier:          GfiIjmT5/R5ZKfpzvKWSqddsfdayUB0EGk0SF+2HxYE=
Subject key identifier:   17:F1:77:40:6B:F0:84:24:D3:C3:C7:CB:46:B9:8B:2B:D0:E0:E0:87
Certificate issuer:       /CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Certificate serial:       018BE929A14893049F8ADF1BED10961C261C
Authority key identifier: FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/F_F3QGvwhCTTw8fLRrmLK9Dg4Ic.roa
Signing time:             Sun 19 Nov 2023 19:58:21 +0000
ROA not before:           Sun 19 Nov 2023 19:58:21 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     60117
IP address blocks:        109.122.196.0/24 maxlen: 24
                          109.122.195.0/24 maxlen: 24
                          109.122.194.0/24 maxlen: 24
                          109.122.203.0/24 maxlen: 24
                          109.122.211.0/24 maxlen: 24
                          109.122.212.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:e9:29:a1:48:93:04:9f:8a:df:1b:ed:10:96:1c:26:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
        Validity
            Not Before: Nov 19 19:58:21 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=17f177406bf08424d3c3c7cb46b98b2bd0e0e087
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:f5:55:36:06:1f:b3:17:3b:9a:bf:53:ad:22:
                    1f:3c:49:0b:d3:e5:62:9a:6c:cc:12:a0:d3:fa:c8:
                    ae:ae:67:5a:24:61:e8:7d:fb:a6:9a:1b:e9:f3:25:
                    0c:94:b3:67:cd:91:10:12:2c:95:dd:b6:b3:1c:e1:
                    c7:65:70:08:48:96:1c:4a:1e:df:72:81:2e:9b:e7:
                    df:ea:ab:51:24:c8:d0:f3:60:34:3b:bb:3a:42:df:
                    4f:de:90:ae:9f:46:ee:19:5b:0e:d7:63:57:07:42:
                    6d:ff:c4:6c:23:a5:a0:49:bb:a7:c7:46:7e:f3:87:
                    be:cb:af:7f:f9:9a:46:76:28:7c:97:70:c0:59:08:
                    6b:45:b4:99:1e:e6:58:e4:15:ea:1d:56:8b:8d:2c:
                    89:8d:bc:ec:f9:d9:40:7a:35:ff:0e:76:dd:80:af:
                    97:c6:fa:56:2b:53:16:8e:13:ae:93:b2:2d:34:ce:
                    df:a5:a7:12:57:2b:7e:0f:20:0d:36:94:6e:e1:f9:
                    4a:c6:c1:88:ef:36:b7:a0:5b:96:2b:65:92:07:48:
                    7e:c3:e4:de:69:ec:62:4c:f3:88:a5:2a:58:65:62:
                    12:e6:74:7e:dc:dd:99:94:d7:d2:f9:93:ef:0c:2d:
                    31:1b:45:51:8e:b5:fa:da:24:67:df:88:cf:d0:aa:
                    87:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:F1:77:40:6B:F0:84:24:D3:C3:C7:CB:46:B9:8B:2B:D0:E0:E0:87
            X509v3 Authority Key Identifier:
                keyid:FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/F_F3QGvwhCTTw8fLRrmLK9Dg4Ic.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/_4fgqwMrDAXrXnTMLAhpjdMk2WM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.194.0-109.122.196.255
                  109.122.203.0/24
                  109.122.211.0-109.122.212.255

    Signature Algorithm: sha256WithRSAEncryption
         40:2d:aa:cc:3f:be:cd:c2:2a:7f:33:b7:ed:77:b6:8f:c4:d0:
         a1:c9:31:dd:ef:5a:fb:0a:70:a7:b5:49:04:b6:58:fc:8a:47:
         08:e5:6e:60:00:fc:d7:84:cb:75:37:d8:a5:b4:b5:63:96:89:
         29:68:92:15:42:c7:f6:78:62:f5:98:82:86:48:a1:3b:c5:90:
         48:a9:ca:f3:17:d5:b5:ae:b4:80:a8:bc:31:62:77:81:67:7e:
         2e:f7:b1:2a:f6:c3:ed:72:00:f3:9e:bd:e1:85:8b:18:ae:a8:
         fe:3f:ad:22:75:6a:70:f6:0b:50:6c:4f:39:24:e2:38:52:59:
         06:32:1d:f5:5d:9c:bc:a0:68:07:4b:14:dd:e0:de:ca:53:77:
         03:8b:4c:86:f4:5c:ad:ee:c5:3b:8a:e3:2c:3b:ec:2e:8e:96:
         52:68:ac:0f:4d:b6:4d:56:4e:f3:e2:0c:56:a0:5b:93:c0:7c:
         bd:03:21:08:3c:d5:33:21:e2:34:bd:51:0b:58:a4:ee:4b:61:
         21:1e:c1:e3:a6:20:a8:84:8c:54:c4:2b:95:66:d9:e8:85:ce:
         51:71:08:88:e3:df:4a:c7:21:41:4d:80:41:11:97:49:e3:a2:
         a1:68:d5:18:fe:4b:2e:e2:8f:87:53:5a:62:44:90:5d:dd:f0:
         c4:cd:8a:49
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAYvpKaFIkwSfit8b7RCWHCYcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODdlMGFiMDMyYjBjMDVlYjVlNzRjYzJjMDg2OThkZDMy
NGQ5NjMwHhcNMjMxMTE5MTk1ODIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxN2YxNzc0MDZiZjA4NDI0ZDNjM2M3Y2I0NmI5OGIyYmQwZTBlMDg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxfVVNgYfsxc7mr9TrSIfPEkL0+Vi
mmzMEqDT+siurmdaJGHoffummhvp8yUMlLNnzZEQEiyV3bazHOHHZXAISJYcSh7f
coEum+ff6qtRJMjQ82A0O7s6Qt9P3pCun0buGVsO12NXB0Jt/8RsI6WgSbunx0Z+
84e+y69/+ZpGdih8l3DAWQhrRbSZHuZY5BXqHVaLjSyJjbzs+dlAejX/DnbdgK+X
xvpWK1MWjhOuk7ItNM7fpacSVyt+DyANNpRu4flKxsGI7za3oFuWK2WSB0h+w+Te
aexiTPOIpSpYZWIS5nR+3N2ZlNfS+ZPvDC0xG0VRjrX62iRn34jP0KqHIQIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFBfxd0Br8IQk08PHy0a5iyvQ4OCHMB8GA1UdIwQY
MBaAFP+H4KsDKwwF6150zCwIaY3TJNljMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEt
NzFlYjk1ZjUwZTViLzEvRl9GM1FHdndoQ1RUdzhmTFJybUxLOURnNEljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEtNzFlYjk1ZjUwZTVi
LzEvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDsGCCsGAQUFBwEHAQH/BCwwKjAoBAIAATAiMAwDBAFtesID
BABtesQDBABtesswDAMEAG160wMEAG161DANBgkqhkiG9w0BAQsFAAOCAQEAQC2q
zD++zcIqfzO37Xe2j8TQockx3e9a+wpwp7VJBLZY/IpHCOVuYAD814TLdTfYpbS1
Y5aJKWiSFULH9nhi9ZiChkihO8WQSKnK8xfVta60gKi8MWJ3gWd+LvexKvbD7XIA
85694YWLGK6o/j+tInVqcPYLUGxPOSTiOFJZBjId9V2cvKBoB0sU3eDeylN3A4tM
hvRcre7FO4rjLDvsLo6WUmisD022TVZO8+IMVqBbk8B8vQMhCDzVMyHiNL1RC1ik
7kthIR7B46YgqISMVMQrlWbZ6IXOUXEIiOPfSschQU2AQRGXSeOioWjVGP5LLuKP
h1NaYkSQXd3wxM2KSQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:02:04 2024 by rpki-client on console-ams.rpki-client.org