Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/pjiLRx33pZP37NitVkHzRL7P-iY.roa
File:                     pjiLRx33pZP37NitVkHzRL7P-iY.roa (raw, json)
Hash identifier:          eVHKIQr3/Fv5unN3ao3IDmZ4LMPJiznaYcInB9naUGo=
Subject key identifier:   A6:38:8B:47:1D:F7:A5:93:F7:EC:D8:AD:56:41:F3:44:BE:CF:FA:26
Certificate issuer:       /CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Certificate serial:       018C3092E24EB69B5095B55A2AD1C1BDFE37
Authority key identifier: FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/pjiLRx33pZP37NitVkHzRL7P-iY.roa
Signing time:             Sun 03 Dec 2023 16:46:21 +0000
ROA not before:           Sun 03 Dec 2023 16:46:21 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     43260
IP address blocks:        109.122.192.0/24 maxlen: 24
                          109.122.201.0/24 maxlen: 24
                          109.122.205.0/24 maxlen: 24
                          109.122.213.0/24 maxlen: 24
                          109.122.210.0/24 maxlen: 24
                          109.122.220.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:30:92:e2:4e:b6:9b:50:95:b5:5a:2a:d1:c1:bd:fe:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
        Validity
            Not Before: Dec  3 16:46:21 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a6388b471df7a593f7ecd8ad5641f344becffa26
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:8d:49:47:84:4b:a6:a2:be:5c:96:de:92:f9:
                    55:30:11:d8:62:94:4b:7d:21:0b:6b:de:a8:1f:1b:
                    83:ab:b2:b2:00:38:9d:fb:9b:a9:8f:f5:f3:b0:5c:
                    c7:f1:69:45:20:a7:6f:58:8f:bf:ec:66:bd:97:cd:
                    6e:00:14:a8:43:f7:5c:22:4c:4c:9d:a7:b9:bc:a2:
                    ee:e6:62:45:8b:e9:0e:dd:31:51:65:47:5e:57:6e:
                    07:b8:4b:b6:2a:f1:0c:85:33:99:22:c9:96:ba:df:
                    4a:88:43:f7:4e:8c:73:86:8e:59:e6:d4:45:69:1b:
                    ca:67:f8:c2:a5:f6:80:1a:4f:c7:6c:a9:9d:46:34:
                    b2:29:75:8a:fd:10:3a:ef:53:cc:30:c5:a6:da:3d:
                    98:32:90:72:5f:e1:43:7e:d9:13:6b:01:56:94:7d:
                    62:43:5f:27:6a:0b:65:2e:39:39:82:35:b2:24:be:
                    e1:8c:6f:1c:3f:62:1f:24:b8:f0:1a:ed:f3:fc:54:
                    b3:83:f2:1e:c3:1f:e3:c8:b9:c7:38:2d:ab:46:07:
                    5b:ee:fb:ed:49:fb:0c:00:59:27:3c:d5:f0:8f:10:
                    c4:65:18:be:79:fa:29:c2:e9:ac:ae:43:40:64:3b:
                    74:9d:05:b4:db:ea:91:ea:aa:34:1b:d6:9e:fa:a3:
                    79:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:38:8B:47:1D:F7:A5:93:F7:EC:D8:AD:56:41:F3:44:BE:CF:FA:26
            X509v3 Authority Key Identifier:
                keyid:FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/pjiLRx33pZP37NitVkHzRL7P-iY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/_4fgqwMrDAXrXnTMLAhpjdMk2WM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.192.0/24
                  109.122.201.0/24
                  109.122.205.0/24
                  109.122.210.0/24
                  109.122.213.0/24
                  109.122.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:1c:8c:50:7b:e5:5c:e6:3b:93:55:8d:6e:e9:99:04:74:5e:
         2b:2d:82:ef:96:a2:8a:73:a7:8b:71:5a:82:77:42:7d:69:ee:
         20:3b:59:f1:05:90:59:81:95:cc:54:6a:0e:9b:65:23:cd:9d:
         2b:48:bb:73:2d:ec:44:e5:d8:e5:63:69:c0:be:cb:66:92:75:
         c5:2b:43:88:b5:21:11:aa:ce:41:f6:88:39:13:23:6d:bc:8d:
         1d:04:28:d2:22:93:70:46:c9:bf:53:6d:71:0b:1a:fe:0d:67:
         c9:72:9c:48:b3:2a:5c:0b:4c:ab:d0:dd:de:83:de:2a:47:d0:
         0a:45:42:bb:55:a4:cc:c8:68:1b:e9:c1:d1:75:21:6b:82:7a:
         a4:a2:ba:e2:27:50:70:9e:66:62:6e:78:8b:dd:3e:37:f0:4e:
         95:53:7a:45:c0:9b:02:3f:04:07:24:5d:f6:4a:4b:8a:ac:f0:
         89:9d:02:88:ad:72:20:c3:23:f6:db:58:5c:47:d6:6d:ca:0d:
         82:42:b6:36:ce:84:14:93:b8:60:b6:88:e9:68:a4:86:fb:4f:
         33:6e:f2:5c:cc:58:8a:d9:4d:c9:17:8d:26:89:aa:26:6e:64:
         5d:f9:2d:5c:47:a1:f7:bf:25:ff:8d:84:02:82:47:8e:30:97:
         d8:2a:31:26
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYwwkuJOtptQlbVaKtHBvf43MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODdlMGFiMDMyYjBjMDVlYjVlNzRjYzJjMDg2OThkZDMy
NGQ5NjMwHhcNMjMxMjAzMTY0NjIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNjM4OGI0NzFkZjdhNTkzZjdlY2Q4YWQ1NjQxZjM0NGJlY2ZmYTI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuI1JR4RLpqK+XJbekvlVMBHYYpRL
fSELa96oHxuDq7KyADid+5upj/XzsFzH8WlFIKdvWI+/7Ga9l81uABSoQ/dcIkxM
nae5vKLu5mJFi+kO3TFRZUdeV24HuEu2KvEMhTOZIsmWut9KiEP3Toxzho5Z5tRF
aRvKZ/jCpfaAGk/HbKmdRjSyKXWK/RA671PMMMWm2j2YMpByX+FDftkTawFWlH1i
Q18nagtlLjk5gjWyJL7hjG8cP2IfJLjwGu3z/FSzg/Iewx/jyLnHOC2rRgdb7vvt
SfsMAFknPNXwjxDEZRi+efopwumsrkNAZDt0nQW02+qR6qo0G9ae+qN5kQIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFKY4i0cd96WT9+zYrVZB80S+z/omMB8GA1UdIwQY
MBaAFP+H4KsDKwwF6150zCwIaY3TJNljMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEt
NzFlYjk1ZjUwZTViLzEvcGppTFJ4MzNwWlAzN05pdFZrSHpSTDdQLWlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEtNzFlYjk1ZjUwZTVi
LzEvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQAbXrAAwQA
bXrJAwQAbXrNAwQAbXrSAwQAbXrVAwQAbXrcMA0GCSqGSIb3DQEBCwUAA4IBAQBi
HIxQe+Vc5juTVY1u6ZkEdF4rLYLvlqKKc6eLcVqCd0J9ae4gO1nxBZBZgZXMVGoO
m2UjzZ0rSLtzLexE5djlY2nAvstmknXFK0OItSERqs5B9og5EyNtvI0dBCjSIpNw
Rsm/U21xCxr+DWfJcpxIsypcC0yr0N3eg94qR9AKRUK7VaTMyGgb6cHRdSFrgnqk
orriJ1BwnmZibniL3T438E6VU3pFwJsCPwQHJF32SkuKrPCJnQKIrXIgwyP221hc
R9Ztyg2CQrY2zoQUk7hgtojpaKSG+08zbvJczFiK2U3JF40miaombmRd+S1cR6H3
vyX/jYQCgkeOMJfYKjEm
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:02:04 2024 by rpki-client on console-ams.rpki-client.org