Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/g0eJcmKmG5DqnuJ8BznwTuxFQaA.roa
File:                     g0eJcmKmG5DqnuJ8BznwTuxFQaA.roa (raw, json)
Hash identifier:          Z/Uv3bn9Mmjk9RxFuogDkCKC7aC2Fx1pidWruiWbbiE=
Subject key identifier:   83:47:89:72:62:A6:1B:90:EA:9E:E2:7C:07:39:F0:4E:EC:45:41:A0
Certificate issuer:       /CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Certificate serial:       018B9BEEBB730A20E414778A7F8A73A3542C
Authority key identifier: FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/g0eJcmKmG5DqnuJ8BznwTuxFQaA.roa
Signing time:             Sat 04 Nov 2023 20:03:15 +0000
ROA not before:           Sat 04 Nov 2023 20:03:15 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        109.122.211.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:9b:ee:bb:73:0a:20:e4:14:77:8a:7f:8a:73:a3:54:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
        Validity
            Not Before: Nov  4 20:03:15 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=8347897262a61b90ea9ee27c0739f04eec4541a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:eb:26:5b:0c:f3:29:74:06:0c:8c:cf:49:17:
                    33:01:87:60:bd:00:e2:74:1c:cc:80:54:60:88:eb:
                    1c:e5:78:85:e9:e0:f3:dc:95:47:9b:bf:2d:7f:06:
                    d4:cc:ae:f5:7a:41:4c:68:57:31:0a:a0:eb:c6:8d:
                    b3:47:b3:af:7b:e4:e1:9c:0c:a6:ce:60:0c:a5:d9:
                    01:b6:59:9b:1d:40:0d:9e:4f:73:7b:02:78:8a:2b:
                    ac:00:01:30:de:60:35:16:1f:77:37:81:0f:fa:de:
                    7c:e5:d5:85:77:f6:02:5c:60:a5:58:cc:a3:a1:9c:
                    5d:63:ec:d6:da:af:a8:ef:0e:be:ec:b7:c2:6b:cf:
                    35:16:9a:ab:bd:2e:9b:f5:9a:bf:4c:93:9a:ac:c4:
                    fe:38:4b:44:b2:c3:d9:b6:31:96:3b:9b:f4:5f:ca:
                    60:e2:ed:4a:9a:47:d4:49:f5:92:86:61:3c:dc:26:
                    1d:19:eb:88:df:5e:a4:dd:6e:55:05:98:c7:bd:fa:
                    18:e3:02:bb:c9:1f:a0:51:7a:5f:70:e2:8d:a3:aa:
                    64:32:2a:b8:41:98:8e:be:5c:62:fd:6a:08:37:5e:
                    f8:4f:9d:72:90:50:a6:3f:28:d5:c1:b8:33:16:e6:
                    7f:55:3b:62:22:6e:6c:63:6d:62:4c:24:3f:53:81:
                    d4:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:47:89:72:62:A6:1B:90:EA:9E:E2:7C:07:39:F0:4E:EC:45:41:A0
            X509v3 Authority Key Identifier:
                keyid:FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/g0eJcmKmG5DqnuJ8BznwTuxFQaA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/_4fgqwMrDAXrXnTMLAhpjdMk2WM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.211.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:70:c5:14:19:02:16:2a:02:da:77:01:6e:36:75:16:27:2f:
         4b:5d:d2:95:d5:bf:47:da:64:e0:48:af:60:e6:e3:28:26:de:
         c9:8c:ce:e2:df:21:06:d9:ee:5f:64:87:67:55:0c:e5:52:44:
         2c:68:ac:fa:44:41:b3:e3:45:cf:a2:e9:5b:e2:1c:d3:a6:47:
         fb:73:89:97:43:2f:aa:7b:4b:fb:fc:a1:9b:95:b0:97:99:bd:
         3b:a0:bd:25:19:2d:66:9f:f2:aa:0d:1f:95:2f:e4:7d:90:c8:
         c1:b8:3a:f4:95:9d:ec:c5:16:a6:31:66:aa:8d:61:50:53:9a:
         9a:55:23:cc:46:60:54:e0:e6:9c:52:18:d9:d1:2b:8d:b3:4d:
         54:e3:aa:a6:7c:43:67:16:e0:7d:be:d0:9a:33:38:03:37:fc:
         30:90:8e:13:62:07:d8:cb:4f:a8:97:36:21:5c:a7:79:26:5d:
         23:aa:f3:9d:a2:21:7a:08:11:7b:a3:fb:a5:ab:03:43:d8:52:
         e5:44:d5:bb:ca:be:e2:47:3e:78:76:0b:3c:25:83:0e:d6:cd:
         98:40:d9:36:ba:06:51:b7:5d:4d:e2:a6:3c:70:00:cd:6a:0a:
         24:98:e4:8a:82:6e:b9:8f:cf:70:ff:31:7b:75:1d:e5:e4:fd:
         a4:21:98:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYub7rtzCiDkFHeKf4pzo1QsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODdlMGFiMDMyYjBjMDVlYjVlNzRjYzJjMDg2OThkZDMy
NGQ5NjMwHhcNMjMxMTA0MjAwMzE1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MzQ3ODk3MjYyYTYxYjkwZWE5ZWUyN2MwNzM5ZjA0ZWVjNDU0MWEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgusmWwzzKXQGDIzPSRczAYdgvQDi
dBzMgFRgiOsc5XiF6eDz3JVHm78tfwbUzK71ekFMaFcxCqDrxo2zR7Ove+ThnAym
zmAMpdkBtlmbHUANnk9zewJ4iiusAAEw3mA1Fh93N4EP+t585dWFd/YCXGClWMyj
oZxdY+zW2q+o7w6+7LfCa881FpqrvS6b9Zq/TJOarMT+OEtEssPZtjGWO5v0X8pg
4u1KmkfUSfWShmE83CYdGeuI316k3W5VBZjHvfoY4wK7yR+gUXpfcOKNo6pkMiq4
QZiOvlxi/WoIN174T51ykFCmPyjVwbgzFuZ/VTtiIm5sY21iTCQ/U4HUMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFINHiXJiphuQ6p7ifAc58E7sRUGgMB8GA1UdIwQY
MBaAFP+H4KsDKwwF6150zCwIaY3TJNljMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEt
NzFlYjk1ZjUwZTViLzEvZzBlSmNtS21HNURxbnVKOEJ6bndUdXhGUWFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEtNzFlYjk1ZjUwZTVi
LzEvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXrTMA0G
CSqGSIb3DQEBCwUAA4IBAQAlcMUUGQIWKgLadwFuNnUWJy9LXdKV1b9H2mTgSK9g
5uMoJt7JjM7i3yEG2e5fZIdnVQzlUkQsaKz6REGz40XPoulb4hzTpkf7c4mXQy+q
e0v7/KGblbCXmb07oL0lGS1mn/KqDR+VL+R9kMjBuDr0lZ3sxRamMWaqjWFQU5qa
VSPMRmBU4OacUhjZ0SuNs01U46qmfENnFuB9vtCaMzgDN/wwkI4TYgfYy0+olzYh
XKd5Jl0jqvOdoiF6CBF7o/ulqwND2FLlRNW7yr7iRz54dgs8JYMO1s2YQNk2ugZR
t11N4qY8cADNagokmOSKgm65j89w/zF7dR3l5P2kIZgx
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:02:04 2024 by rpki-client on console-ams.rpki-client.org