Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/WJwWpComfTaeOy31g4YYM4f5hAM.roa
File:                     WJwWpComfTaeOy31g4YYM4f5hAM.roa (raw, json)
Hash identifier:          IHuutYITdOH/iTXHRWqeSaQXtH977se3/+1RxFqW20Y=
Subject key identifier:   58:9C:16:A4:2A:26:7D:36:9E:3B:2D:F5:83:86:18:33:87:F9:84:03
Certificate issuer:       /CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Certificate serial:       0187A865E3416E40053B81AF3CA95904A377
Authority key identifier: FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/WJwWpComfTaeOy31g4YYM4f5hAM.roa
Signing time:             Sat 22 Apr 2023 09:57:42 +0000
ROA not before:           Sat 22 Apr 2023 09:57:42 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     33696
IP address blocks:        109.122.205.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:a8:65:e3:41:6e:40:05:3b:81:af:3c:a9:59:04:a3:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
        Validity
            Not Before: Apr 22 09:57:42 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=589c16a42a267d369e3b2df58386183387f98403
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:db:44:19:d5:eb:85:0b:79:bc:95:4e:d8:93:
                    1f:c6:39:e7:93:ff:cd:9a:c7:bf:03:dc:8a:d8:ec:
                    12:10:ed:a8:62:41:b1:5f:f8:2f:98:ec:58:3f:5e:
                    6b:aa:b2:00:8e:ed:d9:ab:5e:a6:9a:b0:68:a2:09:
                    d3:7a:5e:35:73:2c:c5:2b:26:ae:f4:a9:74:41:c7:
                    7a:d2:fb:6e:cb:e9:17:a3:8a:e7:31:b6:cd:17:98:
                    29:ec:c5:7a:37:43:aa:54:50:29:ed:e7:c0:60:33:
                    be:32:86:35:ad:65:1d:03:9d:10:d2:f3:93:28:34:
                    48:e5:52:83:31:d4:c1:21:ec:26:4d:8b:a8:b8:e5:
                    1d:2d:73:03:c9:3e:61:66:3b:5c:91:5f:4f:e9:54:
                    7d:94:5b:a1:94:c3:b4:19:9c:34:46:ff:97:17:37:
                    38:29:95:46:c8:7e:34:e8:6d:36:23:a6:69:f1:d2:
                    80:e6:e6:0b:92:b9:70:20:ba:8f:ed:91:8c:19:59:
                    cb:ff:0e:19:4f:6e:42:ba:ae:42:8b:ab:b9:bd:3d:
                    2c:70:ee:52:9f:2e:ab:d7:c9:5e:d2:ca:dc:a6:ca:
                    c0:03:5d:50:b3:20:b0:7d:29:4e:91:04:19:20:06:
                    4c:cd:6c:74:6e:12:6f:13:18:d4:d0:55:70:d9:d9:
                    9e:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:9C:16:A4:2A:26:7D:36:9E:3B:2D:F5:83:86:18:33:87:F9:84:03
            X509v3 Authority Key Identifier:
                keyid:FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/WJwWpComfTaeOy31g4YYM4f5hAM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/_4fgqwMrDAXrXnTMLAhpjdMk2WM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:c3:42:31:a7:c2:c4:b3:06:7e:52:09:78:f7:83:80:ce:02:
         86:d7:26:e6:d1:cd:75:71:ba:3e:7d:c6:0c:4f:7a:89:a6:f3:
         e4:ce:58:67:35:f8:65:5c:15:07:d8:31:af:e1:3d:17:cb:d2:
         c6:2d:7e:41:8d:2f:3f:92:dc:64:36:e2:ad:ea:de:b6:e9:18:
         fd:b0:7a:49:28:56:93:31:87:bc:c0:6d:b6:81:4f:30:3a:15:
         cb:e8:c5:61:74:92:de:77:1f:1b:5a:00:68:55:84:29:60:79:
         16:4c:27:69:57:1e:84:8d:29:5a:eb:27:a4:ea:a1:56:14:03:
         cd:ee:a5:f1:6a:ec:ac:87:d3:4f:5e:2d:c4:c0:5d:52:71:7c:
         e7:a5:49:ea:3a:c7:60:28:36:9d:5a:06:97:7c:1e:35:05:87:
         fb:85:1e:bf:93:ad:b6:67:4b:67:59:43:f8:34:77:41:5a:d7:
         9f:d0:47:1f:f1:3c:9e:ba:e6:82:ba:a8:47:46:e0:a6:c1:d4:
         ed:ce:98:fd:7f:7c:f5:17:a9:2a:0a:f3:88:8d:84:3a:e5:6e:
         7f:64:26:af:30:fe:27:91:bf:04:17:f6:f1:2c:fb:ff:3a:38:
         6c:2a:c1:cb:b5:6b:73:b2:e1:60:5a:14:d1:90:c7:a4:dc:00:
         b5:1d:57:1f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYeoZeNBbkAFO4GvPKlZBKN3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODdlMGFiMDMyYjBjMDVlYjVlNzRjYzJjMDg2OThkZDMy
NGQ5NjMwHhcNMjMwNDIyMDk1NzQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ODljMTZhNDJhMjY3ZDM2OWUzYjJkZjU4Mzg2MTgzMzg3Zjk4NDAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxNtEGdXrhQt5vJVO2JMfxjnnk//N
mse/A9yK2OwSEO2oYkGxX/gvmOxYP15rqrIAju3Zq16mmrBoognTel41cyzFKyau
9Kl0Qcd60vtuy+kXo4rnMbbNF5gp7MV6N0OqVFAp7efAYDO+MoY1rWUdA50Q0vOT
KDRI5VKDMdTBIewmTYuouOUdLXMDyT5hZjtckV9P6VR9lFuhlMO0GZw0Rv+XFzc4
KZVGyH406G02I6Zp8dKA5uYLkrlwILqP7ZGMGVnL/w4ZT25Cuq5Ci6u5vT0scO5S
ny6r18le0srcpsrAA11QsyCwfSlOkQQZIAZMzWx0bhJvExjU0FVw2dmeIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFicFqQqJn02njst9YOGGDOH+YQDMB8GA1UdIwQY
MBaAFP+H4KsDKwwF6150zCwIaY3TJNljMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEt
NzFlYjk1ZjUwZTViLzEvV0p3V3BDb21mVGFlT3kzMWc0WVlNNGY1aEFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEtNzFlYjk1ZjUwZTVi
LzEvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXrNMA0G
CSqGSIb3DQEBCwUAA4IBAQCYw0Ixp8LEswZ+Ugl494OAzgKG1ybm0c11cbo+fcYM
T3qJpvPkzlhnNfhlXBUH2DGv4T0Xy9LGLX5BjS8/ktxkNuKt6t626Rj9sHpJKFaT
MYe8wG22gU8wOhXL6MVhdJLedx8bWgBoVYQpYHkWTCdpVx6EjSla6yek6qFWFAPN
7qXxauysh9NPXi3EwF1ScXznpUnqOsdgKDadWgaXfB41BYf7hR6/k622Z0tnWUP4
NHdBWtef0Ecf8TyeuuaCuqhHRuCmwdTtzpj9f3z1F6kqCvOIjYQ65W5/ZCavMP4n
kb8EF/bxLPv/OjhsKsHLtWtzsuFgWhTRkMek3AC1HVcf
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:24:48 2024 by rpki-client on console-fra.rpki-client.org