Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/SH6SzxHpOdtl01-QtkUAVzg60SI.roa
File:                     SH6SzxHpOdtl01-QtkUAVzg60SI.roa (raw, json)
Hash identifier:          jbF/S0btjOZAN1pqxvXc2598VBLs+hD/GrCTzLwDKFo=
Subject key identifier:   48:7E:92:CF:11:E9:39:DB:65:D3:5F:90:B6:45:00:57:38:3A:D1:22
Certificate issuer:       /CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Certificate serial:       018C91F7147C46364747CBC23FA366DF46B2
Authority key identifier: FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/SH6SzxHpOdtl01-QtkUAVzg60SI.roa
Signing time:             Fri 22 Dec 2023 14:38:58 +0000
ROA not before:           Fri 22 Dec 2023 14:38:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        109.122.218.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:91:f7:14:7c:46:36:47:47:cb:c2:3f:a3:66:df:46:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
        Validity
            Not Before: Dec 22 14:38:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=487e92cf11e939db65d35f90b6450057383ad122
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:5d:7c:4f:c2:47:21:46:bc:c7:e7:a9:3c:e5:
                    1b:12:aa:b4:f7:c0:12:3f:d3:26:35:34:9b:c7:e6:
                    f5:12:97:f1:c2:6f:e7:20:2f:92:93:d9:b5:ad:a5:
                    21:3d:04:08:d0:a8:2c:ae:a9:4a:78:d2:9b:6b:bf:
                    bd:5d:b6:76:61:9e:a0:b3:83:53:a9:3c:bc:ed:62:
                    a8:f1:32:9a:b3:57:b8:1d:db:c5:03:5e:64:8c:9a:
                    bc:4d:fb:b1:16:4d:8c:5b:d9:c7:fe:82:7d:46:ed:
                    43:41:f2:7e:fe:5a:f1:9c:93:a8:9e:34:00:37:c5:
                    f0:c7:6e:6c:ad:24:98:41:07:5e:c4:4f:4e:d1:ce:
                    f5:e5:8a:40:71:94:e6:e9:45:ee:70:d9:35:e4:17:
                    1f:11:db:0f:f9:43:92:62:38:fb:4d:05:96:c2:ae:
                    5e:3c:71:e7:b6:3d:4a:0a:9e:f6:4b:f6:26:3c:ba:
                    5f:e3:d6:0d:e8:17:43:e3:0f:70:e1:e4:e0:c1:ec:
                    7a:d0:9f:ee:2f:5f:90:39:2e:0f:f1:bc:7c:3e:2b:
                    12:07:0a:26:6f:f7:bd:4c:f6:69:5b:81:cb:6e:8b:
                    87:ae:f4:1e:8d:0b:9d:fb:c0:00:fa:28:8a:aa:7e:
                    e1:60:c7:05:71:0f:29:77:27:10:16:65:fd:b0:38:
                    9b:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:7E:92:CF:11:E9:39:DB:65:D3:5F:90:B6:45:00:57:38:3A:D1:22
            X509v3 Authority Key Identifier:
                keyid:FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/SH6SzxHpOdtl01-QtkUAVzg60SI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/_4fgqwMrDAXrXnTMLAhpjdMk2WM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.218.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:a6:f8:ba:8b:0a:b1:20:42:dc:61:c7:7b:dc:23:77:e3:19:
         51:b4:5f:a0:54:b6:6a:08:ca:05:08:8f:01:a7:34:bc:db:05:
         42:20:8a:73:e6:f6:d2:0b:b6:52:33:41:69:ce:ec:3a:8f:3b:
         75:69:7d:5e:65:a2:49:da:a6:9e:4f:ff:da:d9:db:8b:25:37:
         74:2d:ff:c3:8e:11:8c:5a:53:20:1d:83:ff:3d:95:b4:3f:4b:
         ab:dd:3a:79:a9:f9:39:3e:76:13:c9:37:64:be:84:58:88:db:
         d6:e2:1a:ea:38:10:45:c5:1d:b7:28:cd:cb:e0:01:aa:08:4e:
         5b:65:b7:8b:24:95:b2:20:f3:99:db:3c:4d:85:d3:a1:d4:e7:
         d7:ac:5a:71:22:dd:06:b0:63:e0:93:6f:c2:eb:07:60:4c:f7:
         d4:0b:7a:d9:b4:b6:0e:9a:e6:0a:62:7f:b4:31:db:05:20:ca:
         27:0e:97:67:02:bd:9b:5c:cd:d5:7f:2a:0d:88:de:15:fa:9c:
         9b:82:be:d6:7d:e7:52:b3:7d:e8:fd:ea:8e:b1:2c:cd:b3:75:
         35:7f:a6:e0:1d:9c:50:36:35:01:c4:a0:21:9e:40:3e:33:a3:
         fe:75:fd:a0:1f:7f:56:0a:1e:0c:d6:68:53:f0:9a:62:09:b4:
         d5:e8:2b:57
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYyR9xR8RjZHR8vCP6Nm30ayMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODdlMGFiMDMyYjBjMDVlYjVlNzRjYzJjMDg2OThkZDMy
NGQ5NjMwHhcNMjMxMjIyMTQzODU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODdlOTJjZjExZTkzOWRiNjVkMzVmOTBiNjQ1MDA1NzM4M2FkMTIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwV18T8JHIUa8x+epPOUbEqq098AS
P9MmNTSbx+b1Epfxwm/nIC+Sk9m1raUhPQQI0KgsrqlKeNKba7+9XbZ2YZ6gs4NT
qTy87WKo8TKas1e4HdvFA15kjJq8TfuxFk2MW9nH/oJ9Ru1DQfJ+/lrxnJOonjQA
N8Xwx25srSSYQQdexE9O0c715YpAcZTm6UXucNk15BcfEdsP+UOSYjj7TQWWwq5e
PHHntj1KCp72S/YmPLpf49YN6BdD4w9w4eTgwex60J/uL1+QOS4P8bx8PisSBwom
b/e9TPZpW4HLbouHrvQejQud+8AA+iiKqn7hYMcFcQ8pdycQFmX9sDibXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEh+ks8R6TnbZdNfkLZFAFc4OtEiMB8GA1UdIwQY
MBaAFP+H4KsDKwwF6150zCwIaY3TJNljMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEt
NzFlYjk1ZjUwZTViLzEvU0g2U3p4SHBPZHRsMDEtUXRrVUFWemc2MFNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEtNzFlYjk1ZjUwZTVi
LzEvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXraMA0G
CSqGSIb3DQEBCwUAA4IBAQBapvi6iwqxIELcYcd73CN34xlRtF+gVLZqCMoFCI8B
pzS82wVCIIpz5vbSC7ZSM0Fpzuw6jzt1aX1eZaJJ2qaeT//a2duLJTd0Lf/DjhGM
WlMgHYP/PZW0P0ur3Tp5qfk5PnYTyTdkvoRYiNvW4hrqOBBFxR23KM3L4AGqCE5b
ZbeLJJWyIPOZ2zxNhdOh1OfXrFpxIt0GsGPgk2/C6wdgTPfUC3rZtLYOmuYKYn+0
MdsFIMonDpdnAr2bXM3VfyoNiN4V+pybgr7WfedSs33o/eqOsSzNs3U1f6bgHZxQ
NjUBxKAhnkA+M6P+df2gH39WCh4M1mhT8JpiCbTV6CtX
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:24:48 2024 by rpki-client on console-fra.rpki-client.org