Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/RbCaeOEN-30TRGtDd8dC-xcHmKU.roa
File:                     RbCaeOEN-30TRGtDd8dC-xcHmKU.roa (raw, json)
Hash identifier:          YHkNVUwqqKJNkrMBhUyDF8bE+RxcBBoPmLGynRjo0YM=
Subject key identifier:   45:B0:9A:78:E1:0D:FB:7D:13:44:6B:43:77:C7:42:FB:17:07:98:A5
Certificate issuer:       /CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Certificate serial:       018A86B2A8A09D21FA260D5FAF1FE14443DA
Authority key identifier: FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/RbCaeOEN-30TRGtDd8dC-xcHmKU.roa
Signing time:             Tue 12 Sep 2023 00:02:50 +0000
ROA not before:           Tue 12 Sep 2023 00:02:50 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        109.122.192.0/24 maxlen: 24
                          109.122.201.0/24 maxlen: 24
                          109.122.203.0/24 maxlen: 24
                          109.122.212.0/24 maxlen: 24
                          109.122.215.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:86:b2:a8:a0:9d:21:fa:26:0d:5f:af:1f:e1:44:43:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
        Validity
            Not Before: Sep 12 00:02:50 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=45b09a78e10dfb7d13446b4377c742fb170798a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:a3:7e:7a:d5:70:25:f1:4d:6a:c9:2f:27:31:
                    53:8e:99:b6:58:d3:10:16:05:1a:be:de:75:17:64:
                    e1:29:29:2d:b8:34:e8:69:97:27:2d:ea:42:bd:4f:
                    e8:6a:fe:23:0f:d4:d4:c9:32:74:7c:6d:b6:e4:36:
                    60:2a:50:e9:a8:ce:2a:91:32:75:2d:f7:01:79:65:
                    5b:75:41:b2:fc:f5:ef:0c:9d:2e:20:84:8e:7e:c9:
                    22:6c:5e:75:7a:a6:3a:1a:fa:31:d7:42:29:b8:6e:
                    51:5d:ae:28:f2:0d:a2:88:9e:9b:7c:7e:04:95:78:
                    c8:f3:a5:be:ed:69:e4:97:79:52:6c:d7:d4:d8:0b:
                    ba:63:ed:fd:11:bf:32:1e:1e:e4:e7:6a:52:7d:fb:
                    80:4c:c9:36:7b:58:c9:b9:0e:74:b0:90:13:05:87:
                    d5:d0:24:0b:e5:6e:13:2c:0d:51:d6:8c:54:50:65:
                    19:03:9b:13:e0:76:d8:82:04:f4:fd:d5:dc:cb:98:
                    92:bd:09:67:0f:cb:1e:6d:ff:d8:96:aa:54:99:fa:
                    fc:f6:23:ac:2a:45:7a:7b:d5:6a:e4:54:7a:e5:d0:
                    ea:13:be:9f:99:a6:e6:e5:05:97:8b:5f:94:e2:27:
                    dc:26:a9:d2:8b:18:79:4b:d7:dc:0a:88:22:53:67:
                    18:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:B0:9A:78:E1:0D:FB:7D:13:44:6B:43:77:C7:42:FB:17:07:98:A5
            X509v3 Authority Key Identifier:
                keyid:FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/RbCaeOEN-30TRGtDd8dC-xcHmKU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/_4fgqwMrDAXrXnTMLAhpjdMk2WM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.192.0/24
                  109.122.201.0/24
                  109.122.203.0/24
                  109.122.212.0/24
                  109.122.215.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:fd:ad:63:c8:a0:2f:2f:e9:a1:2e:d0:31:c4:42:99:d6:37:
         f7:bd:c5:bb:e9:2b:f3:43:34:ef:9a:41:65:0c:98:e3:5f:b2:
         aa:05:9a:07:52:d2:9d:3f:6e:f9:a9:2f:f4:a9:ff:bb:8a:70:
         59:b3:c1:8e:fc:ed:79:0b:9e:3a:b4:97:e2:2a:be:fb:bc:4e:
         57:d3:e6:e8:de:c4:d0:3b:a0:19:e2:e2:f6:e7:54:c1:2b:81:
         ad:b0:74:e3:39:62:36:d2:ad:41:08:e1:98:74:ec:7b:37:e2:
         e6:ee:81:02:be:eb:3c:9a:74:4e:35:26:b8:29:09:a3:13:96:
         01:b0:a7:6e:23:07:35:ae:b3:4b:f8:2a:ad:7d:d9:ef:89:55:
         95:f2:c9:ab:2f:a4:bb:79:92:ba:40:86:73:b0:24:20:63:fc:
         df:5e:da:38:2a:a8:a1:45:8e:40:09:28:f2:15:b5:fc:53:5d:
         54:03:54:f7:5d:ae:7b:82:01:ac:95:30:a3:ac:7b:fa:0e:f1:
         78:24:1a:bd:1a:35:65:b5:33:c7:9d:1d:29:0c:0b:2d:73:65:
         5a:1f:91:7d:48:9c:aa:73:14:70:41:d1:47:f4:e4:67:5f:85:
         2b:2d:77:07:93:e3:19:82:cc:83:4f:e7:7f:0f:4f:4d:68:e0:
         8d:d8:18:de
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYqGsqignSH6Jg1frx/hREPaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODdlMGFiMDMyYjBjMDVlYjVlNzRjYzJjMDg2OThkZDMy
NGQ5NjMwHhcNMjMwOTEyMDAwMjUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NWIwOWE3OGUxMGRmYjdkMTM0NDZiNDM3N2M3NDJmYjE3MDc5OGE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsqN+etVwJfFNaskvJzFTjpm2WNMQ
FgUavt51F2ThKSktuDToaZcnLepCvU/oav4jD9TUyTJ0fG225DZgKlDpqM4qkTJ1
LfcBeWVbdUGy/PXvDJ0uIISOfskibF51eqY6Gvox10IpuG5RXa4o8g2iiJ6bfH4E
lXjI86W+7Wnkl3lSbNfU2Au6Y+39Eb8yHh7k52pSffuATMk2e1jJuQ50sJATBYfV
0CQL5W4TLA1R1oxUUGUZA5sT4HbYggT0/dXcy5iSvQlnD8sebf/YlqpUmfr89iOs
KkV6e9Vq5FR65dDqE76fmabm5QWXi1+U4ifcJqnSixh5S9fcCogiU2cYPwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFEWwmnjhDft9E0RrQ3fHQvsXB5ilMB8GA1UdIwQY
MBaAFP+H4KsDKwwF6150zCwIaY3TJNljMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEt
NzFlYjk1ZjUwZTViLzEvUmJDYWVPRU4tMzBUUkd0RGQ4ZEMteGNIbUtVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEtNzFlYjk1ZjUwZTVi
LzEvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQAbXrAAwQA
bXrJAwQAbXrLAwQAbXrUAwQAbXrXMA0GCSqGSIb3DQEBCwUAA4IBAQAi/a1jyKAv
L+mhLtAxxEKZ1jf3vcW76SvzQzTvmkFlDJjjX7KqBZoHUtKdP275qS/0qf+7inBZ
s8GO/O15C546tJfiKr77vE5X0+bo3sTQO6AZ4uL251TBK4GtsHTjOWI20q1BCOGY
dOx7N+Lm7oECvus8mnRONSa4KQmjE5YBsKduIwc1rrNL+CqtfdnviVWV8smrL6S7
eZK6QIZzsCQgY/zfXto4KqihRY5ACSjyFbX8U11UA1T3Xa57ggGslTCjrHv6DvF4
JBq9GjVltTPHnR0pDAstc2VaH5F9SJyqcxRwQdFH9ORnX4UrLXcHk+MZgsyDT+d/
D09NaOCN2Bje
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:24:48 2024 by rpki-client on console-fra.rpki-client.org