Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/_akt3rCV9WIUiSbJVxx-9seHBro.roa
File:                     _akt3rCV9WIUiSbJVxx-9seHBro.roa (raw, json)
Hash identifier:          2nlYrQNye8wED5GSZgvmjU0FwAxcObtPcxqs7qoLCGY=
Subject key identifier:   FD:A9:2D:DE:B0:95:F5:62:14:89:26:C9:57:1C:7E:F6:C7:87:06:BA
Certificate issuer:       /CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Certificate serial:       018D37973320D56DFD27DD6DEAC03181DB3E
Authority key identifier: FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/_akt3rCV9WIUiSbJVxx-9seHBro.roa
Signing time:             Tue 23 Jan 2024 18:31:12 +0000
ROA not before:           Tue 23 Jan 2024 18:31:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49981
IP address blocks:        109.122.208.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:37:97:33:20:d5:6d:fd:27:dd:6d:ea:c0:31:81:db:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
        Validity
            Not Before: Jan 23 18:31:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fda92ddeb095f562148926c9571c7ef6c78706ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:f9:18:4d:b1:d6:ad:bb:09:e8:17:e7:96:b2:
                    cc:74:c1:91:07:c5:12:96:75:ea:f3:4e:7b:bf:4e:
                    86:37:25:d3:d8:72:e3:56:c6:b1:ab:b1:4e:84:4f:
                    8e:c4:ce:1f:c6:d8:d6:7b:aa:67:32:5c:f6:00:4a:
                    5c:0f:aa:a7:7f:dc:ee:ca:31:0f:a3:6a:9e:53:8d:
                    06:a0:6a:12:50:a1:0e:78:a0:c2:af:a4:87:38:93:
                    03:c2:8b:57:27:3d:2d:53:20:c5:c9:9f:63:6a:37:
                    18:e1:bd:ef:9a:f5:58:82:a3:10:8a:f1:15:7a:d5:
                    d8:d3:77:31:29:56:39:af:9b:c2:30:a0:43:2a:ee:
                    90:4f:09:39:f6:fd:6a:bb:2f:00:40:fe:64:77:b1:
                    c4:67:81:b0:ae:58:8e:a8:3f:72:34:40:ea:fb:fb:
                    49:14:5a:31:91:38:62:79:0e:fb:77:73:0c:d3:e5:
                    b4:e7:b2:df:bc:a4:ef:c1:21:b9:fb:80:4d:9b:dd:
                    21:03:a6:c2:31:c2:61:9e:77:0b:0b:45:e0:fa:95:
                    50:d1:ab:a5:0a:16:87:ea:2a:b4:72:43:2c:e3:15:
                    5d:19:c3:43:04:62:b1:ff:91:f6:a9:39:b8:72:aa:
                    e3:81:12:47:83:d5:b2:b2:28:50:b5:98:44:dc:83:
                    a4:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:A9:2D:DE:B0:95:F5:62:14:89:26:C9:57:1C:7E:F6:C7:87:06:BA
            X509v3 Authority Key Identifier:
                keyid:FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/_akt3rCV9WIUiSbJVxx-9seHBro.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/_4fgqwMrDAXrXnTMLAhpjdMk2WM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.208.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:0d:30:a5:a4:a9:04:59:be:4b:8a:38:da:cc:cf:1d:56:f5:
         9e:35:89:96:c6:12:4c:25:32:9c:ad:15:9f:3c:54:f9:88:47:
         9f:24:fc:13:3b:f3:60:a2:0f:c1:e7:5a:43:fc:4b:2e:f6:93:
         f8:a6:c1:e3:66:b9:ea:49:34:ca:1e:34:02:7e:24:5e:34:db:
         f4:aa:79:9a:37:18:22:6e:69:d3:b2:d4:9d:fe:15:5e:c9:99:
         9d:8f:62:c3:bc:45:fd:37:8a:ee:eb:2b:55:cf:af:fe:c7:ba:
         f6:f6:98:bb:73:4e:7d:eb:23:58:a3:38:ee:32:bc:31:eb:60:
         7e:50:1a:6a:4b:2f:d7:b7:1d:f2:f0:19:4e:a9:14:89:87:1b:
         7e:48:d3:81:7c:3c:41:70:0c:3e:66:52:e4:89:85:ef:3a:6e:
         78:70:fa:74:a3:30:b9:e4:98:f1:90:b2:8d:d6:e6:b1:19:cc:
         dd:64:66:72:1e:b9:7b:05:f7:83:f5:98:e8:eb:02:3d:4e:c7:
         44:e2:4a:a9:63:16:99:32:ba:75:50:ea:a8:2d:e4:a7:4f:79:
         37:3f:77:ae:6a:ae:ef:c1:e3:97:96:fc:b2:4a:97:66:ab:62:
         7e:9d:33:fb:8f:3f:ad:cc:e7:31:c9:71:9b:24:70:68:59:3b:
         fc:91:60:3a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY03lzMg1W39J91t6sAxgds+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODdlMGFiMDMyYjBjMDVlYjVlNzRjYzJjMDg2OThkZDMy
NGQ5NjMwHhcNMjQwMTIzMTgzMTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZGE5MmRkZWIwOTVmNTYyMTQ4OTI2Yzk1NzFjN2VmNmM3ODcwNmJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhfkYTbHWrbsJ6BfnlrLMdMGRB8US
lnXq8057v06GNyXT2HLjVsaxq7FOhE+OxM4fxtjWe6pnMlz2AEpcD6qnf9zuyjEP
o2qeU40GoGoSUKEOeKDCr6SHOJMDwotXJz0tUyDFyZ9jajcY4b3vmvVYgqMQivEV
etXY03cxKVY5r5vCMKBDKu6QTwk59v1quy8AQP5kd7HEZ4GwrliOqD9yNEDq+/tJ
FFoxkThieQ77d3MM0+W057LfvKTvwSG5+4BNm90hA6bCMcJhnncLC0Xg+pVQ0aul
ChaH6iq0ckMs4xVdGcNDBGKx/5H2qTm4cqrjgRJHg9WysihQtZhE3IOkrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP2pLd6wlfViFIkmyVccfvbHhwa6MB8GA1UdIwQY
MBaAFP+H4KsDKwwF6150zCwIaY3TJNljMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEt
NzFlYjk1ZjUwZTViLzEvX2FrdDNyQ1Y5V0lVaVNiSlZ4eC05c2VIQnJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEtNzFlYjk1ZjUwZTVi
LzEvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXrQMA0G
CSqGSIb3DQEBCwUAA4IBAQAkDTClpKkEWb5LijjazM8dVvWeNYmWxhJMJTKcrRWf
PFT5iEefJPwTO/Ngog/B51pD/Esu9pP4psHjZrnqSTTKHjQCfiReNNv0qnmaNxgi
bmnTstSd/hVeyZmdj2LDvEX9N4ru6ytVz6/+x7r29pi7c0596yNYozjuMrwx62B+
UBpqSy/Xtx3y8BlOqRSJhxt+SNOBfDxBcAw+ZlLkiYXvOm54cPp0ozC55JjxkLKN
1uaxGczdZGZyHrl7BfeD9Zjo6wI9TsdE4kqpYxaZMrp1UOqoLeSnT3k3P3euaq7v
weOXlvyySpdmq2J+nTP7jz+tzOcxyXGbJHBoWTv8kWA6
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:02:04 2024 by rpki-client on console-ams.rpki-client.org