Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/nPCQKmvjAvY1-i-OQig3lYohMwg.roa
File:                     nPCQKmvjAvY1-i-OQig3lYohMwg.roa (raw, json)
Hash identifier:          NecC38jv0IQBDSMPAgHOPD1zmmIbJm71FiVBLAsC3+0=
Subject key identifier:   9C:F0:90:2A:6B:E3:02:F6:35:FA:2F:8E:42:28:37:95:8A:21:33:08
Certificate issuer:       /CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Certificate serial:       0187BDC9A60D3F4EC650CF39B2E02B3E1A2A
Authority key identifier: FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/nPCQKmvjAvY1-i-OQig3lYohMwg.roa
Signing time:             Wed 26 Apr 2023 13:38:41 +0000
ROA not before:           Wed 26 Apr 2023 13:38:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     210732
IP address blocks:        109.122.210.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:bd:c9:a6:0d:3f:4e:c6:50:cf:39:b2:e0:2b:3e:1a:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
        Validity
            Not Before: Apr 26 13:38:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=9cf0902a6be302f635fa2f8e422837958a213308
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:e2:56:84:a7:32:bc:17:0b:bf:c6:37:fd:e8:
                    c6:7e:a4:75:76:45:2f:3b:e2:fc:f5:08:b8:25:eb:
                    9d:0d:14:5f:d8:5c:6b:10:68:1b:36:ab:99:04:1a:
                    0e:7e:5f:5a:0a:dd:37:51:1c:26:b5:d1:77:da:3c:
                    7e:e6:f7:cc:bd:49:fb:f3:8d:47:bb:74:af:80:27:
                    54:44:c9:b0:d3:83:28:f9:e9:5f:b2:eb:32:54:d1:
                    c8:12:26:60:e8:ac:c6:e2:43:e4:2a:94:62:07:5a:
                    20:34:f2:46:b1:87:fa:5e:cd:3b:0a:3e:9f:4b:b5:
                    59:d4:f5:0d:ac:93:ab:20:33:7f:ff:5c:ef:e5:c2:
                    26:94:32:09:22:cf:d3:55:66:a7:19:65:30:de:29:
                    98:11:7e:d9:ed:e0:8e:5d:1b:87:65:a5:70:f7:13:
                    9d:d0:ee:82:46:d9:5f:4f:39:e4:e2:ee:8b:e5:d5:
                    0c:17:fc:f7:21:f7:4c:48:00:eb:e5:09:62:86:a1:
                    64:ce:be:bc:0f:56:24:e8:cc:11:34:e2:17:8b:a8:
                    1c:50:5c:16:2b:d6:2d:3b:85:77:98:fd:7e:f4:60:
                    ab:a9:12:51:fe:17:c7:8c:4c:7e:c7:30:b9:08:f9:
                    5e:8a:66:af:dc:71:11:d1:03:af:01:77:80:b4:12:
                    5f:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:F0:90:2A:6B:E3:02:F6:35:FA:2F:8E:42:28:37:95:8A:21:33:08
            X509v3 Authority Key Identifier:
                keyid:FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/nPCQKmvjAvY1-i-OQig3lYohMwg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/_4fgqwMrDAXrXnTMLAhpjdMk2WM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.210.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:41:1f:d5:b2:4b:a7:b4:cb:d4:f9:e2:f1:ed:83:79:9d:0f:
         d7:be:e2:01:93:bf:9a:40:af:fd:b7:8c:f7:b3:29:ad:4c:6c:
         5d:d6:10:13:fe:d2:39:09:29:a4:b8:51:42:31:18:df:62:1a:
         ce:1d:62:18:60:8c:27:bf:da:b6:3e:60:a1:85:c3:cb:94:02:
         50:e4:a4:b1:38:d7:d6:87:90:f3:cd:a4:3c:fa:1d:75:27:70:
         29:0f:62:26:98:65:e1:d8:92:9b:cb:f1:07:22:76:c7:6b:34:
         5e:68:85:89:c6:17:39:67:3c:6f:91:66:a0:c1:60:90:dd:3d:
         75:8d:b6:09:63:19:94:cc:73:29:db:11:e2:8f:38:e3:88:06:
         26:90:28:38:b6:1e:a8:a2:59:d6:2f:a7:af:14:b8:80:28:78:
         6d:7c:c4:02:39:42:96:b1:72:4e:38:3a:ce:2e:e3:1b:43:27:
         2f:bc:98:a0:dd:43:f7:37:dc:48:f7:b1:dc:82:50:85:aa:ca:
         c8:d9:e5:0f:d2:08:3a:fb:0e:86:bf:bc:c9:78:c7:77:d6:e1:
         a2:86:a5:ce:db:15:e1:35:c2:56:4a:c3:55:f0:5b:27:8d:70:
         a0:fe:29:d3:9e:9e:87:b4:75:10:e9:b9:f8:fe:92:f0:9a:08:
         24:eb:8c:37
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYe9yaYNP07GUM85suArPhoqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODdlMGFiMDMyYjBjMDVlYjVlNzRjYzJjMDg2OThkZDMy
NGQ5NjMwHhcNMjMwNDI2MTMzODQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Y2YwOTAyYTZiZTMwMmY2MzVmYTJmOGU0MjI4Mzc5NThhMjEzMzA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApeJWhKcyvBcLv8Y3/ejGfqR1dkUv
O+L89Qi4JeudDRRf2FxrEGgbNquZBBoOfl9aCt03URwmtdF32jx+5vfMvUn7841H
u3SvgCdURMmw04Mo+elfsusyVNHIEiZg6KzG4kPkKpRiB1ogNPJGsYf6Xs07Cj6f
S7VZ1PUNrJOrIDN//1zv5cImlDIJIs/TVWanGWUw3imYEX7Z7eCOXRuHZaVw9xOd
0O6CRtlfTznk4u6L5dUMF/z3IfdMSADr5QlihqFkzr68D1Yk6MwRNOIXi6gcUFwW
K9YtO4V3mP1+9GCrqRJR/hfHjEx+xzC5CPleimav3HER0QOvAXeAtBJfbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJzwkCpr4wL2NfovjkIoN5WKITMIMB8GA1UdIwQY
MBaAFP+H4KsDKwwF6150zCwIaY3TJNljMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEt
NzFlYjk1ZjUwZTViLzEvblBDUUttdmpBdlkxLWktT1FpZzNsWW9oTXdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEtNzFlYjk1ZjUwZTVi
LzEvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXrSMA0G
CSqGSIb3DQEBCwUAA4IBAQBsQR/VskuntMvU+eLx7YN5nQ/XvuIBk7+aQK/9t4z3
symtTGxd1hAT/tI5CSmkuFFCMRjfYhrOHWIYYIwnv9q2PmChhcPLlAJQ5KSxONfW
h5DzzaQ8+h11J3ApD2ImmGXh2JKby/EHInbHazReaIWJxhc5ZzxvkWagwWCQ3T11
jbYJYxmUzHMp2xHijzjjiAYmkCg4th6oolnWL6evFLiAKHhtfMQCOUKWsXJOODrO
LuMbQycvvJig3UP3N9xI97HcglCFqsrI2eUP0gg6+w6Gv7zJeMd31uGihqXO2xXh
NcJWSsNV8FsnjXCg/inTnp6HtHUQ6bn4/pLwmggk64w3
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:24:48 2024 by rpki-client on console-fra.rpki-client.org