Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/nGpj4bHQa7girfzRlVK2r-K5Y44.roa
File:                     nGpj4bHQa7girfzRlVK2r-K5Y44.roa (raw, json)
Hash identifier:          YWANSxMo2YefG+KIhrDHAUJmtfx51AEM2mbG3uxX24M=
Subject key identifier:   9C:6A:63:E1:B1:D0:6B:B8:22:AD:FC:D1:95:52:B6:AF:E2:B9:63:8E
Certificate issuer:       /CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Certificate serial:       018E1A888F9237654C319640E39F57B073BD
Authority key identifier: FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/nGpj4bHQa7girfzRlVK2r-K5Y44.roa
Signing time:             Thu 07 Mar 2024 20:09:00 +0000
ROA not before:           Thu 07 Mar 2024 20:09:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        109.122.218.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:1a:88:8f:92:37:65:4c:31:96:40:e3:9f:57:b0:73:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
        Validity
            Not Before: Mar  7 20:09:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9c6a63e1b1d06bb822adfcd19552b6afe2b9638e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:3a:9d:c6:a0:b0:7f:de:5b:d5:4a:1f:f2:11:
                    31:5f:08:77:70:38:09:77:5a:0c:8b:4d:07:dd:0b:
                    d8:97:6c:aa:99:2f:45:6f:4a:ca:4e:c4:1a:58:6e:
                    3b:56:e8:26:ec:b9:77:b6:79:3d:dc:78:36:1c:30:
                    71:3e:5e:e1:7e:50:67:1a:2f:38:80:fc:f2:3a:0b:
                    6f:09:51:1c:17:13:c2:f3:24:a0:95:a4:05:19:f1:
                    b0:0f:03:cb:f4:69:c0:16:9f:33:cf:ae:de:94:43:
                    33:e4:2e:81:4c:ee:14:63:a0:46:21:1d:0d:29:f4:
                    67:ac:92:3d:67:26:01:f3:19:37:7b:28:81:31:d7:
                    2b:3e:f7:65:0c:5b:ff:a6:30:d8:76:1e:89:89:4f:
                    23:22:d8:75:4c:e7:c0:3e:0d:9e:1b:3d:82:91:d7:
                    b6:c6:24:c3:ec:47:a6:73:81:34:fc:0a:fe:0a:47:
                    8b:c5:31:13:e6:4f:c6:2d:64:ca:92:c7:0d:9d:40:
                    d5:4d:27:9a:b9:3b:4d:67:02:ff:fe:73:ac:df:fe:
                    30:61:13:72:e0:bb:7a:f8:ed:cc:3d:43:b8:97:e3:
                    6b:da:69:c8:6f:40:95:44:7b:d4:e0:c6:a8:ce:d6:
                    b2:ff:b5:69:d0:b8:fd:b4:69:de:c5:f5:ac:a3:5c:
                    79:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:6A:63:E1:B1:D0:6B:B8:22:AD:FC:D1:95:52:B6:AF:E2:B9:63:8E
            X509v3 Authority Key Identifier:
                keyid:FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/nGpj4bHQa7girfzRlVK2r-K5Y44.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/_4fgqwMrDAXrXnTMLAhpjdMk2WM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.218.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:fb:d8:7b:e1:bc:69:c5:dc:7f:7c:b1:f7:7d:0a:2c:97:5d:
         ee:fd:fd:4f:a1:fc:57:10:85:11:ed:33:4b:0a:b5:a5:17:1c:
         87:6e:d5:26:51:24:30:18:dd:40:fe:5c:48:46:92:f2:3d:dc:
         18:96:95:a4:bd:70:ac:76:4b:8d:bb:a1:c2:1a:62:5d:f5:b7:
         c3:26:40:9d:83:ae:9b:df:86:86:a4:33:b3:80:bf:a7:2f:87:
         63:50:c2:c7:e9:ae:29:9c:b5:2d:40:e8:ce:78:46:df:71:5b:
         f3:7f:ac:88:d7:88:a6:8f:33:3f:95:90:02:c1:de:d1:ca:0d:
         77:bc:f2:f2:53:25:07:d9:80:8f:67:0f:63:6c:da:b9:42:f8:
         69:e4:33:f7:31:fa:2e:77:53:06:c0:ac:f9:0d:39:12:c0:49:
         73:70:cd:bf:b8:d3:e0:4b:7a:47:e0:c3:44:40:1e:9d:a6:93:
         e8:9d:b2:d1:91:1d:6e:81:34:94:fc:70:13:cd:f0:7d:b3:49:
         c1:22:59:73:40:3e:77:53:a1:b9:59:c1:48:f1:03:52:5e:d3:
         0d:5b:d1:5b:60:aa:6e:49:50:d7:14:de:69:c3:27:5c:62:91:
         92:41:f3:68:4a:81:be:7f:fe:56:dc:44:0d:c2:16:37:57:ad:
         2a:d9:3b:5c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4aiI+SN2VMMZZA459XsHO9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODdlMGFiMDMyYjBjMDVlYjVlNzRjYzJjMDg2OThkZDMy
NGQ5NjMwHhcNMjQwMzA3MjAwOTAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzZhNjNlMWIxZDA2YmI4MjJhZGZjZDE5NTUyYjZhZmUyYjk2MzhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyzqdxqCwf95b1Uof8hExXwh3cDgJ
d1oMi00H3QvYl2yqmS9Fb0rKTsQaWG47Vugm7Ll3tnk93Hg2HDBxPl7hflBnGi84
gPzyOgtvCVEcFxPC8ySglaQFGfGwDwPL9GnAFp8zz67elEMz5C6BTO4UY6BGIR0N
KfRnrJI9ZyYB8xk3eyiBMdcrPvdlDFv/pjDYdh6JiU8jIth1TOfAPg2eGz2Ckde2
xiTD7Eemc4E0/Ar+CkeLxTET5k/GLWTKkscNnUDVTSeauTtNZwL//nOs3/4wYRNy
4Lt6+O3MPUO4l+Nr2mnIb0CVRHvU4Maoztay/7Vp0Lj9tGnexfWso1x5WQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJxqY+Gx0Gu4Iq380ZVStq/iuWOOMB8GA1UdIwQY
MBaAFP+H4KsDKwwF6150zCwIaY3TJNljMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEt
NzFlYjk1ZjUwZTViLzEvbkdwajRiSFFhN2dpcmZ6UmxWSzJyLUs1WTQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEtNzFlYjk1ZjUwZTVi
LzEvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXraMA0G
CSqGSIb3DQEBCwUAA4IBAQAn+9h74bxpxdx/fLH3fQosl13u/f1PofxXEIUR7TNL
CrWlFxyHbtUmUSQwGN1A/lxIRpLyPdwYlpWkvXCsdkuNu6HCGmJd9bfDJkCdg66b
34aGpDOzgL+nL4djUMLH6a4pnLUtQOjOeEbfcVvzf6yI14imjzM/lZACwd7Ryg13
vPLyUyUH2YCPZw9jbNq5Qvhp5DP3Mfoud1MGwKz5DTkSwElzcM2/uNPgS3pH4MNE
QB6dppPonbLRkR1ugTSU/HATzfB9s0nBIllzQD53U6G5WcFI8QNSXtMNW9FbYKpu
SVDXFN5pwydcYpGSQfNoSoG+f/5W3EQNwhY3V60q2Ttc
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:02:04 2024 by rpki-client on console-ams.rpki-client.org