Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/ZEcFjQhfiGLVigYyzjYYBGBJ44k.roa
File:                     ZEcFjQhfiGLVigYyzjYYBGBJ44k.roa (raw, json)
Hash identifier:          NfCWzaMyzh2aalKB5pCz6U09OSYCmaqfUUz+3sSzibc=
Subject key identifier:   64:47:05:8D:08:5F:88:62:D5:8A:06:32:CE:36:18:04:60:49:E3:89
Certificate issuer:       /CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Certificate serial:       018E1A88919E7125A0D0459862E5F73F939D
Authority key identifier: FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/ZEcFjQhfiGLVigYyzjYYBGBJ44k.roa
Signing time:             Thu 07 Mar 2024 20:09:01 +0000
ROA not before:           Thu 07 Mar 2024 20:09:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39368
IP address blocks:        109.122.199.0/24 maxlen: 24
                          109.122.209.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:1a:88:91:9e:71:25:a0:d0:45:98:62:e5:f7:3f:93:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
        Validity
            Not Before: Mar  7 20:09:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6447058d085f8862d58a0632ce3618046049e389
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:ea:76:8b:03:50:31:90:c0:98:18:8b:e4:50:
                    87:d5:e5:70:42:99:75:cb:54:18:14:43:7c:0d:67:
                    68:23:19:2c:49:45:8c:9b:1f:90:71:ed:74:2e:61:
                    59:8f:17:4e:28:64:7e:e4:94:b9:3b:e0:67:a8:4e:
                    42:eb:0d:83:19:b3:c7:98:cd:c6:cf:57:1e:05:b3:
                    b2:b2:cf:59:18:21:49:3f:6e:af:ee:e9:58:11:69:
                    14:62:29:8c:15:12:f8:19:02:f7:07:9a:70:66:cc:
                    3c:c9:c9:45:30:fe:d3:22:4b:b5:df:ab:79:df:d4:
                    e5:49:5d:a9:00:68:2f:51:7d:dd:39:58:18:98:45:
                    15:b1:1d:15:37:91:5f:aa:75:7b:63:03:bb:fd:f8:
                    67:c4:6a:77:75:6a:7f:82:43:fb:c0:43:fb:73:45:
                    d8:81:35:d4:0f:f1:8b:38:a9:83:05:11:64:e2:1c:
                    89:90:89:32:2a:fb:e4:2c:c1:18:ca:57:16:12:36:
                    f4:64:87:99:e3:14:7a:2d:af:73:39:aa:78:9f:5e:
                    d9:ad:ce:ec:37:ba:9f:2a:f9:3c:28:da:75:62:7a:
                    c8:2d:75:97:aa:b0:ee:99:7f:49:20:a5:51:4c:da:
                    10:ea:39:8b:27:14:03:e2:0f:2f:4e:09:6c:54:db:
                    86:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:47:05:8D:08:5F:88:62:D5:8A:06:32:CE:36:18:04:60:49:E3:89
            X509v3 Authority Key Identifier:
                keyid:FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/ZEcFjQhfiGLVigYyzjYYBGBJ44k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/_4fgqwMrDAXrXnTMLAhpjdMk2WM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.199.0/24
                  109.122.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:49:76:fc:d9:09:01:4c:2c:72:6f:b7:f7:92:bd:a3:36:ae:
         f6:ac:51:72:7b:0e:72:26:16:4b:ca:9d:d8:6d:27:95:b7:67:
         2a:92:38:d8:c9:c7:99:95:e6:25:4a:d6:b7:fd:79:cb:a3:69:
         a8:17:02:7e:c1:bd:7f:94:0e:9d:94:ce:3f:7a:e2:07:ea:b5:
         40:07:cd:9d:e6:7f:53:b9:bd:86:26:1f:9f:c7:3e:8d:5e:81:
         0c:d4:aa:1b:4b:3f:94:6e:0f:c9:de:bc:e9:a7:b7:1e:97:fc:
         ba:a5:35:6e:0e:b4:e7:0a:4d:4c:13:86:6b:f5:85:ba:ef:bf:
         e8:08:81:09:b8:fc:51:d9:30:73:43:34:6b:3b:3a:bd:a3:b7:
         81:40:38:c5:c1:71:bb:86:2b:76:a0:8d:cc:56:b3:6f:72:4b:
         f2:09:fd:17:af:8c:fd:b1:53:87:aa:e3:9a:d9:a5:4e:61:4f:
         24:1f:55:8c:f1:e0:18:88:e6:40:9c:6e:61:aa:1f:d2:48:58:
         04:5f:d7:fb:fb:2c:e4:02:15:a5:ef:96:42:96:62:31:3d:62:
         d5:c5:6b:33:61:dc:75:3a:96:14:1a:fd:c6:6a:27:86:ab:20:
         b4:ad:ca:13:b8:b1:5c:47:89:b9:db:c9:44:a6:85:1a:1b:8a:
         21:3e:a6:b0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY4aiJGecSWg0EWYYuX3P5OdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODdlMGFiMDMyYjBjMDVlYjVlNzRjYzJjMDg2OThkZDMy
NGQ5NjMwHhcNMjQwMzA3MjAwOTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDQ3MDU4ZDA4NWY4ODYyZDU4YTA2MzJjZTM2MTgwNDYwNDllMzg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjOp2iwNQMZDAmBiL5FCH1eVwQpl1
y1QYFEN8DWdoIxksSUWMmx+Qce10LmFZjxdOKGR+5JS5O+BnqE5C6w2DGbPHmM3G
z1ceBbOyss9ZGCFJP26v7ulYEWkUYimMFRL4GQL3B5pwZsw8yclFMP7TIku136t5
39TlSV2pAGgvUX3dOVgYmEUVsR0VN5FfqnV7YwO7/fhnxGp3dWp/gkP7wEP7c0XY
gTXUD/GLOKmDBRFk4hyJkIkyKvvkLMEYylcWEjb0ZIeZ4xR6La9zOap4n17Zrc7s
N7qfKvk8KNp1YnrILXWXqrDumX9JIKVRTNoQ6jmLJxQD4g8vTglsVNuGgwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGRHBY0IX4hi1YoGMs42GARgSeOJMB8GA1UdIwQY
MBaAFP+H4KsDKwwF6150zCwIaY3TJNljMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEt
NzFlYjk1ZjUwZTViLzEvWkVjRmpRaGZpR0xWaWdZeXpqWVlCR0JKNDRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEtNzFlYjk1ZjUwZTVi
LzEvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAbXrHAwQA
bXrRMA0GCSqGSIb3DQEBCwUAA4IBAQAaSXb82QkBTCxyb7f3kr2jNq72rFFyew5y
JhZLyp3YbSeVt2cqkjjYyceZleYlSta3/XnLo2moFwJ+wb1/lA6dlM4/euIH6rVA
B82d5n9Tub2GJh+fxz6NXoEM1KobSz+Ubg/J3rzpp7cel/y6pTVuDrTnCk1ME4Zr
9YW677/oCIEJuPxR2TBzQzRrOzq9o7eBQDjFwXG7hit2oI3MVrNvckvyCf0Xr4z9
sVOHquOa2aVOYU8kH1WM8eAYiOZAnG5hqh/SSFgEX9f7+yzkAhWl75ZClmIxPWLV
xWszYdx1OpYUGv3GaieGqyC0rcoTuLFcR4m528lEpoUaG4ohPqaw
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:02:04 2024 by rpki-client on console-ams.rpki-client.org