Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/fV2NxLFzv5pBbBpRfsbvjPDWGGw.roa
File:                     fV2NxLFzv5pBbBpRfsbvjPDWGGw.roa (raw, json)
Hash identifier:          0bY89c8h2pI2fp2Rc1Cxlgu8nXaBUtldPveLdR1nvk4=
Subject key identifier:   7D:5D:8D:C4:B1:73:BF:9A:41:6C:1A:51:7E:C6:EF:8C:F0:D6:18:6C
Certificate issuer:       /CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Certificate serial:       018AB36ECB372B2C07364860FD2B91D0DB28
Authority key identifier: FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/fV2NxLFzv5pBbBpRfsbvjPDWGGw.roa
Signing time:             Wed 20 Sep 2023 16:31:37 +0000
ROA not before:           Wed 20 Sep 2023 16:31:37 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        109.122.192.0/24 maxlen: 24
                          109.122.201.0/24 maxlen: 24
                          109.122.203.0/24 maxlen: 24
                          109.122.212.0/24 maxlen: 24
                          109.122.213.0/24 maxlen: 24
                          109.122.215.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:b3:6e:cb:37:2b:2c:07:36:48:60:fd:2b:91:d0:db:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
        Validity
            Not Before: Sep 20 16:31:37 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=7d5d8dc4b173bf9a416c1a517ec6ef8cf0d6186c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:50:d4:2e:83:b5:18:20:d7:c5:e6:87:fa:e0:
                    60:41:e8:cb:0d:e3:89:eb:4e:a3:c6:13:cb:69:9c:
                    82:c9:a0:c7:c2:33:ec:df:29:77:e1:13:56:ab:01:
                    35:6f:27:56:31:29:5d:95:0f:14:2b:69:0c:29:79:
                    78:5f:87:d6:cb:d2:7a:70:ec:9a:76:f0:47:67:0d:
                    cc:6d:88:fd:b8:32:4e:43:c7:27:de:bf:84:84:89:
                    fa:6a:cc:02:fa:4a:da:95:b9:ca:69:f7:23:2c:19:
                    c7:e5:87:d3:eb:c6:7a:e0:fa:fc:0a:18:91:67:3f:
                    b5:cc:b1:4a:2b:43:47:f6:e8:2a:e9:53:1c:c7:05:
                    41:4d:92:c1:a5:40:e6:27:89:69:1e:b9:a8:d3:97:
                    9e:61:60:ae:e6:38:08:6f:e0:24:4e:00:e2:39:47:
                    35:c1:dd:5b:3a:fb:48:ef:1d:a7:56:8f:27:af:01:
                    0b:44:ad:b6:6c:49:ff:ed:56:dc:7b:d0:eb:29:be:
                    dd:c5:00:7d:bb:a0:23:9e:9a:2f:6b:50:2f:84:5b:
                    d0:c7:4f:7f:ee:c9:62:9e:9f:db:72:17:cb:19:d3:
                    06:0e:ed:a1:71:b1:7c:0c:4b:59:3b:b4:fb:36:7c:
                    5b:a2:d8:3f:92:00:da:10:5d:e2:7c:18:58:ca:8b:
                    dd:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:5D:8D:C4:B1:73:BF:9A:41:6C:1A:51:7E:C6:EF:8C:F0:D6:18:6C
            X509v3 Authority Key Identifier:
                keyid:FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/fV2NxLFzv5pBbBpRfsbvjPDWGGw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/_4fgqwMrDAXrXnTMLAhpjdMk2WM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.192.0/24
                  109.122.201.0/24
                  109.122.203.0/24
                  109.122.212.0/23
                  109.122.215.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:3e:b6:7f:33:c7:cd:61:89:52:70:dd:b6:83:59:1a:46:f0:
         06:89:87:f8:aa:29:04:aa:38:ae:e7:86:fd:fa:b8:2f:23:b9:
         4e:f3:9a:2a:08:a9:84:6a:f2:54:06:7f:32:fb:ec:25:1b:c0:
         92:76:08:50:37:bb:77:75:ad:23:00:c2:f2:7b:75:9f:1f:44:
         fe:46:e0:e4:ab:cb:be:cb:94:64:20:71:8e:ad:e7:6b:9d:a7:
         ef:d5:f0:bb:52:b6:27:c0:60:2b:59:85:66:8e:63:eb:30:14:
         07:48:4c:75:e1:99:da:6c:04:39:02:a9:35:95:ff:57:25:b7:
         9c:d4:38:0e:c9:cd:3e:ce:a7:4b:29:51:1b:62:7e:05:c8:79:
         61:a6:0a:b4:b9:b8:4e:1a:75:55:3b:ce:4f:bf:b7:14:0f:44:
         7e:38:2a:e7:2f:21:37:fa:08:c3:6f:34:65:a2:68:06:0f:64:
         7e:c4:66:28:aa:99:6e:25:03:e8:2d:65:63:dc:51:8e:89:7b:
         3d:07:51:96:ae:d4:d1:64:25:2e:02:9b:f1:74:c5:e8:88:8e:
         eb:21:6b:cc:95:85:f0:37:e2:9b:eb:44:09:ba:71:8e:38:5e:
         b7:26:86:d2:3a:2b:8f:cb:e6:31:ce:05:d8:d0:ca:bb:32:eb:
         66:53:30:9f
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYqzbss3KywHNkhg/SuR0NsoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODdlMGFiMDMyYjBjMDVlYjVlNzRjYzJjMDg2OThkZDMy
NGQ5NjMwHhcNMjMwOTIwMTYzMTM3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDVkOGRjNGIxNzNiZjlhNDE2YzFhNTE3ZWM2ZWY4Y2YwZDYxODZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg1DULoO1GCDXxeaH+uBgQejLDeOJ
606jxhPLaZyCyaDHwjPs3yl34RNWqwE1bydWMSldlQ8UK2kMKXl4X4fWy9J6cOya
dvBHZw3MbYj9uDJOQ8cn3r+EhIn6aswC+kralbnKafcjLBnH5YfT68Z64Pr8ChiR
Zz+1zLFKK0NH9ugq6VMcxwVBTZLBpUDmJ4lpHrmo05eeYWCu5jgIb+AkTgDiOUc1
wd1bOvtI7x2nVo8nrwELRK22bEn/7Vbce9DrKb7dxQB9u6Ajnpova1AvhFvQx09/
7slinp/bchfLGdMGDu2hcbF8DEtZO7T7Nnxbotg/kgDaEF3ifBhYyovdwwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFH1djcSxc7+aQWwaUX7G74zw1hhsMB8GA1UdIwQY
MBaAFP+H4KsDKwwF6150zCwIaY3TJNljMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEt
NzFlYjk1ZjUwZTViLzEvZlYyTnhMRnp2NXBCYkJwUmZzYnZqUERXR0d3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEtNzFlYjk1ZjUwZTVi
LzEvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQAbXrAAwQA
bXrJAwQAbXrLAwQBbXrUAwQAbXrXMA0GCSqGSIb3DQEBCwUAA4IBAQBfPrZ/M8fN
YYlScN22g1kaRvAGiYf4qikEqjiu54b9+rgvI7lO85oqCKmEavJUBn8y++wlG8CS
dghQN7t3da0jAMLye3WfH0T+RuDkq8u+y5RkIHGOredrnafv1fC7UrYnwGArWYVm
jmPrMBQHSEx14ZnabAQ5Aqk1lf9XJbec1DgOyc0+zqdLKVEbYn4FyHlhpgq0ubhO
GnVVO85Pv7cUD0R+OCrnLyE3+gjDbzRlomgGD2R+xGYoqpluJQPoLWVj3FGOiXs9
B1GWrtTRZCUuApvxdMXoiI7rIWvMlYXwN+Kb60QJunGOOF63JobSOiuPy+YxzgXY
0Mq7MutmUzCf
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:02:04 2024 by rpki-client on console-ams.rpki-client.org