Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/ND7GiCxRFpiWPs1VCK3gImt0ZnI.roa
File:                     ND7GiCxRFpiWPs1VCK3gImt0ZnI.roa (raw, json)
Hash identifier:          suLg9c5S2FdTE3Omt97jPMu3KP8U6kp0Wm2hQkk4zaI=
Subject key identifier:   34:3E:C6:88:2C:51:16:98:96:3E:CD:55:08:AD:E0:22:6B:74:66:72
Certificate issuer:       /CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Certificate serial:       018D379733ADE1A6976E80E9B9EE04F2A194
Authority key identifier: FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/ND7GiCxRFpiWPs1VCK3gImt0ZnI.roa
Signing time:             Tue 23 Jan 2024 18:31:12 +0000
ROA not before:           Tue 23 Jan 2024 18:31:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60781
IP address blocks:        109.122.214.0/24 maxlen: 24
                          109.122.223.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:37:97:33:ad:e1:a6:97:6e:80:e9:b9:ee:04:f2:a1:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
        Validity
            Not Before: Jan 23 18:31:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=343ec6882c511698963ecd5508ade0226b746672
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:df:6b:ad:d1:92:d0:c1:5f:24:43:24:d5:f9:
                    99:88:0a:61:19:cd:1d:2c:18:d1:c8:aa:4e:2e:56:
                    fe:0b:70:6e:6f:59:06:9a:64:59:3a:b6:0d:14:8d:
                    bc:7a:79:2b:ff:eb:ac:b2:d9:03:30:bf:48:37:c9:
                    c4:9f:73:31:77:16:8e:db:fc:6f:a4:50:26:c9:52:
                    e9:9f:e6:ac:79:c0:2d:8a:a8:de:84:44:37:49:82:
                    f0:00:82:53:6f:e3:b8:0a:f5:4a:d4:2e:f2:56:cb:
                    80:05:c5:46:ee:b2:59:0f:4a:a1:af:27:17:d9:0c:
                    5b:bf:6c:74:d9:95:ad:16:a4:96:9c:8f:67:2a:b2:
                    1c:0d:52:05:96:93:8d:93:d0:95:9d:47:1b:fb:f5:
                    af:55:be:87:58:cc:61:63:a4:f3:1d:53:f6:c3:4c:
                    67:e4:d9:ec:91:bd:71:7c:aa:79:59:5b:53:9b:c0:
                    7a:4f:89:8b:27:56:ed:9a:9f:45:9d:32:5e:dc:71:
                    de:a0:0c:04:5f:b2:cf:a1:29:c1:2f:e1:9a:34:eb:
                    17:b2:11:14:be:e6:c8:c2:36:04:db:45:98:cf:7a:
                    7d:20:06:ac:67:6b:31:13:42:b5:a3:46:a1:9c:6f:
                    1b:9d:9a:09:66:81:c5:dd:80:37:c2:ac:b1:79:e9:
                    bd:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:3E:C6:88:2C:51:16:98:96:3E:CD:55:08:AD:E0:22:6B:74:66:72
            X509v3 Authority Key Identifier:
                keyid:FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/ND7GiCxRFpiWPs1VCK3gImt0ZnI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/_4fgqwMrDAXrXnTMLAhpjdMk2WM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.214.0/24
                  109.122.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:44:2a:8a:af:07:01:04:0f:9f:94:38:a0:50:33:fe:ad:39:
         64:e9:f7:ab:46:c6:1c:6e:8f:2e:fc:08:30:ae:68:b8:07:8b:
         3d:68:7e:59:72:00:6e:5e:02:c0:aa:fd:29:81:47:71:fb:5b:
         3a:ce:a1:a4:39:d0:e2:3d:f9:1a:cb:b0:bb:89:f3:52:6d:24:
         e1:ec:d1:c7:f9:f0:c4:3a:d2:e9:31:0b:c1:54:cf:5d:c4:ab:
         84:3b:bb:e0:e4:c6:ad:30:70:28:e9:37:6c:fa:00:22:5b:15:
         ef:56:3d:e8:18:8a:2f:9e:b4:c5:a0:e6:bd:cc:8a:b2:d4:7a:
         f4:7d:aa:ed:07:82:48:7c:c6:87:76:6e:c3:93:5b:e6:8e:cf:
         13:f1:27:ad:40:b5:ef:c6:0d:b9:ab:aa:9b:27:a0:9a:d7:86:
         e4:96:a3:46:10:46:e1:b1:ef:85:26:02:bb:67:20:00:22:43:
         ed:3d:35:ec:63:9e:00:9d:e7:65:6e:b0:7f:a6:04:55:82:71:
         52:92:b8:43:c7:fe:59:af:22:ec:e9:ac:f4:da:80:1a:f0:12:
         b5:b8:61:b0:cd:70:eb:59:9a:9e:ce:dd:57:9d:4a:99:c6:ba:
         4e:79:80:29:a3:8b:fb:e7:dc:f7:6f:16:c0:2f:ae:8b:4e:dd:
         cb:35:bf:ef
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY03lzOt4aaXboDpue4E8qGUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODdlMGFiMDMyYjBjMDVlYjVlNzRjYzJjMDg2OThkZDMy
NGQ5NjMwHhcNMjQwMTIzMTgzMTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDNlYzY4ODJjNTExNjk4OTYzZWNkNTUwOGFkZTAyMjZiNzQ2NjcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApN9rrdGS0MFfJEMk1fmZiAphGc0d
LBjRyKpOLlb+C3Bub1kGmmRZOrYNFI28enkr/+usstkDML9IN8nEn3MxdxaO2/xv
pFAmyVLpn+asecAtiqjehEQ3SYLwAIJTb+O4CvVK1C7yVsuABcVG7rJZD0qhrycX
2Qxbv2x02ZWtFqSWnI9nKrIcDVIFlpONk9CVnUcb+/WvVb6HWMxhY6TzHVP2w0xn
5Nnskb1xfKp5WVtTm8B6T4mLJ1btmp9FnTJe3HHeoAwEX7LPoSnBL+GaNOsXshEU
vubIwjYE20WYz3p9IAasZ2sxE0K1o0ahnG8bnZoJZoHF3YA3wqyxeem9XwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDQ+xogsURaYlj7NVQit4CJrdGZyMB8GA1UdIwQY
MBaAFP+H4KsDKwwF6150zCwIaY3TJNljMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEt
NzFlYjk1ZjUwZTViLzEvTkQ3R2lDeFJGcGlXUHMxVkNLM2dJbXQwWm5JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEtNzFlYjk1ZjUwZTVi
LzEvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAbXrWAwQA
bXrfMA0GCSqGSIb3DQEBCwUAA4IBAQAURCqKrwcBBA+flDigUDP+rTlk6ferRsYc
bo8u/Agwrmi4B4s9aH5ZcgBuXgLAqv0pgUdx+1s6zqGkOdDiPfkay7C7ifNSbSTh
7NHH+fDEOtLpMQvBVM9dxKuEO7vg5MatMHAo6Tds+gAiWxXvVj3oGIovnrTFoOa9
zIqy1Hr0fartB4JIfMaHdm7Dk1vmjs8T8SetQLXvxg25q6qbJ6Ca14bklqNGEEbh
se+FJgK7ZyAAIkPtPTXsY54AnedlbrB/pgRVgnFSkrhDx/5ZryLs6az02oAa8BK1
uGGwzXDrWZqezt1XnUqZxrpOeYApo4v759z3bxbAL66LTt3LNb/v
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:24:48 2024 by rpki-client on console-fra.rpki-client.org