Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/dNOAciTeygeNGEnIgBNsOU4SAj8.roa
File:                     dNOAciTeygeNGEnIgBNsOU4SAj8.roa (raw, json)
Hash identifier:          RTOc1wwfcIG6+uNRIEA2rkmKx6Y1DxUi1Xgd9gXHC4Q=
Subject key identifier:   74:D3:80:72:24:DE:CA:07:8D:18:49:C8:80:13:6C:39:4E:12:02:3F
Certificate issuer:       /CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Certificate serial:       018D3797353805E66C15C0EBA9A3305B4138
Authority key identifier: FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/dNOAciTeygeNGEnIgBNsOU4SAj8.roa
Signing time:             Tue 23 Jan 2024 18:31:12 +0000
ROA not before:           Tue 23 Jan 2024 18:31:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198652
IP address blocks:        109.122.203.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:37:97:35:38:05:e6:6c:15:c0:eb:a9:a3:30:5b:41:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
        Validity
            Not Before: Jan 23 18:31:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=74d3807224deca078d1849c880136c394e12023f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:07:b4:df:8a:03:40:76:38:fa:94:34:a0:78:
                    99:bc:25:ab:8f:6c:71:87:6e:3b:8f:3e:0d:f8:09:
                    9e:87:16:88:3f:cb:ac:40:27:38:46:b3:76:a6:96:
                    24:4f:b7:74:0d:4e:92:62:7e:aa:80:53:a2:a5:19:
                    e9:f4:24:c2:15:81:59:25:f1:c8:80:c5:2d:0a:1d:
                    08:1b:c7:d2:16:48:a7:68:11:ae:0e:82:a5:1b:2c:
                    80:1f:14:30:55:a8:c4:2b:9d:7b:93:1f:32:fb:bd:
                    61:93:1d:1f:54:7a:1e:02:b0:41:47:7e:81:53:ac:
                    3a:58:0d:e2:76:fc:b3:7a:f5:69:f6:d7:e3:b0:41:
                    87:39:ba:d8:0b:86:6b:bb:e2:bc:db:5b:55:9e:18:
                    31:72:2a:c3:a6:59:92:db:b5:9a:92:f5:a3:d8:c4:
                    0c:6f:ae:f5:c7:a5:40:ca:73:31:6b:fc:69:06:f3:
                    cf:8a:bc:21:b1:9d:10:1f:ce:b6:de:0a:5a:79:bc:
                    9d:f7:09:2e:5e:14:25:c2:fb:72:17:0c:f6:ee:b0:
                    3a:bd:ef:bd:d6:1f:4e:e0:47:8b:69:81:89:27:35:
                    a7:f4:b4:48:57:52:e4:63:16:a9:9c:61:cc:be:bc:
                    46:16:4f:93:e1:33:29:a5:62:53:f4:56:25:b6:d0:
                    85:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:D3:80:72:24:DE:CA:07:8D:18:49:C8:80:13:6C:39:4E:12:02:3F
            X509v3 Authority Key Identifier:
                keyid:FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/dNOAciTeygeNGEnIgBNsOU4SAj8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/_4fgqwMrDAXrXnTMLAhpjdMk2WM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:2e:c7:73:fd:fb:71:5d:88:d0:9f:4e:1c:e5:56:41:ef:2a:
         ef:fa:4e:43:61:99:84:16:0f:6c:82:0b:d3:3b:01:b9:da:b2:
         63:49:1f:0e:e8:85:d6:72:a7:74:08:e8:73:9c:56:31:02:cf:
         5d:6f:1e:8e:7a:19:c8:0d:12:58:53:02:24:14:7e:96:80:4e:
         2f:33:b1:a5:4f:81:20:91:da:12:40:04:11:c5:fb:79:04:89:
         fb:38:d5:77:6d:8b:c9:eb:ed:74:78:61:f1:2a:ec:3e:fa:c1:
         4c:1a:56:5f:19:be:92:59:a8:9d:90:24:ca:9c:78:ed:5a:6b:
         c1:9b:5f:50:ed:31:e4:d2:68:da:ea:28:8c:10:8f:eb:2f:99:
         46:84:18:14:2b:a4:7a:41:1a:00:3d:42:40:b4:e7:96:f8:e2:
         81:5a:1a:7a:71:15:5b:5f:5a:16:03:b7:ae:b8:8e:f9:f4:ba:
         d0:21:d9:77:b4:17:2a:b5:9d:b5:38:c9:d1:2d:17:7d:b2:c2:
         77:4d:40:5e:41:28:2d:3f:57:c2:e4:78:de:0f:2f:cd:43:fc:
         6c:64:f5:31:e3:56:0a:b6:80:c1:7d:2b:97:98:a0:4c:1e:c7:
         23:cc:0b:95:69:c7:a2:27:45:c1:16:ea:45:e2:ea:73:fe:e8:
         a2:61:72:01
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY03lzU4BeZsFcDrqaMwW0E4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODdlMGFiMDMyYjBjMDVlYjVlNzRjYzJjMDg2OThkZDMy
NGQ5NjMwHhcNMjQwMTIzMTgzMTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NGQzODA3MjI0ZGVjYTA3OGQxODQ5Yzg4MDEzNmMzOTRlMTIwMjNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnAe034oDQHY4+pQ0oHiZvCWrj2xx
h247jz4N+AmehxaIP8usQCc4RrN2ppYkT7d0DU6SYn6qgFOipRnp9CTCFYFZJfHI
gMUtCh0IG8fSFkinaBGuDoKlGyyAHxQwVajEK517kx8y+71hkx0fVHoeArBBR36B
U6w6WA3idvyzevVp9tfjsEGHObrYC4Zru+K821tVnhgxcirDplmS27WakvWj2MQM
b671x6VAynMxa/xpBvPPirwhsZ0QH8623gpaebyd9wkuXhQlwvtyFwz27rA6ve+9
1h9O4EeLaYGJJzWn9LRIV1LkYxapnGHMvrxGFk+T4TMppWJT9FYlttCFPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHTTgHIk3soHjRhJyIATbDlOEgI/MB8GA1UdIwQY
MBaAFP+H4KsDKwwF6150zCwIaY3TJNljMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEt
NzFlYjk1ZjUwZTViLzEvZE5PQWNpVGV5Z2VOR0VuSWdCTnNPVTRTQWo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEtNzFlYjk1ZjUwZTVi
LzEvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXrLMA0G
CSqGSIb3DQEBCwUAA4IBAQBCLsdz/ftxXYjQn04c5VZB7yrv+k5DYZmEFg9sggvT
OwG52rJjSR8O6IXWcqd0COhznFYxAs9dbx6OehnIDRJYUwIkFH6WgE4vM7GlT4Eg
kdoSQAQRxft5BIn7ONV3bYvJ6+10eGHxKuw++sFMGlZfGb6SWaidkCTKnHjtWmvB
m19Q7THk0mja6iiMEI/rL5lGhBgUK6R6QRoAPUJAtOeW+OKBWhp6cRVbX1oWA7eu
uI759LrQIdl3tBcqtZ21OMnRLRd9ssJ3TUBeQSgtP1fC5HjeDy/NQ/xsZPUx41YK
toDBfSuXmKBMHscjzAuVaceiJ0XBFupF4upz/uiiYXIB
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:02:04 2024 by rpki-client on console-ams.rpki-client.org