Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/vsU3D9qkc9-f2LWSsIlZliuBl-Q.roa
File:                     vsU3D9qkc9-f2LWSsIlZliuBl-Q.roa (raw, json)
Hash identifier:          0M4Wuh4DB961hLwHAj610RO52m9OSIR4QDwJ7HPXT9M=
Subject key identifier:   BE:C5:37:0F:DA:A4:73:DF:9F:D8:B5:92:B0:89:59:96:2B:81:97:E4
Certificate issuer:       /CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Certificate serial:       018C91F71731500284FAEAAD8BAEA15F4F71
Authority key identifier: FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/vsU3D9qkc9-f2LWSsIlZliuBl-Q.roa
Signing time:             Fri 22 Dec 2023 14:38:58 +0000
ROA not before:           Fri 22 Dec 2023 14:38:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     39368
IP address blocks:        109.122.199.0/24 maxlen: 24
                          109.122.209.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:91:f7:17:31:50:02:84:fa:ea:ad:8b:ae:a1:5f:4f:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
        Validity
            Not Before: Dec 22 14:38:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=bec5370fdaa473df9fd8b592b08959962b8197e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:a3:02:4d:b1:07:0c:e7:20:81:ab:9f:b2:23:
                    b8:a2:82:50:45:73:7a:82:9e:e4:21:99:55:8f:2b:
                    90:af:9b:b6:5e:a1:1e:9a:ad:fb:9a:e0:d4:03:d8:
                    07:06:1b:02:76:d2:cb:f0:78:36:c6:79:ec:56:9f:
                    fb:f9:5a:eb:ee:a8:ff:9a:8a:7e:a0:53:03:8c:53:
                    82:51:61:95:5d:37:52:41:e9:30:de:82:e4:4d:11:
                    ca:72:db:91:50:6f:75:e1:96:db:2d:f3:b1:1b:8f:
                    d5:5c:85:06:79:9d:4b:83:ad:5d:fd:40:ae:e1:40:
                    f2:4a:8a:d6:9e:14:7c:5a:1f:04:d1:21:7c:fc:ce:
                    c0:b4:40:fc:be:8e:d2:96:8e:65:4f:f3:11:cb:15:
                    71:28:a3:24:18:8b:7b:51:44:d3:53:d9:5f:87:5d:
                    19:cb:20:db:01:9f:a9:47:5b:96:a2:39:ac:f5:d9:
                    2f:0b:90:81:2e:a8:04:44:01:a6:5c:56:ad:24:f2:
                    63:cc:fc:10:6b:ca:1f:b2:dd:0e:3b:13:55:c1:c5:
                    fd:c6:a8:dd:2f:c2:2b:b6:36:3b:40:64:d6:f5:1e:
                    75:17:f5:af:fd:4e:d3:da:18:61:cd:f3:f1:d5:a6:
                    d4:09:60:50:d2:1e:5d:b8:9f:c2:91:3b:a3:9d:12:
                    4e:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:C5:37:0F:DA:A4:73:DF:9F:D8:B5:92:B0:89:59:96:2B:81:97:E4
            X509v3 Authority Key Identifier:
                keyid:FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/vsU3D9qkc9-f2LWSsIlZliuBl-Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/_4fgqwMrDAXrXnTMLAhpjdMk2WM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.199.0/24
                  109.122.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:f6:6e:d5:b7:8c:d9:0f:18:36:2c:f4:fa:63:f8:cb:67:2d:
         99:52:40:d4:75:49:0a:c6:8f:72:a9:79:89:d3:b3:50:19:54:
         fb:cd:89:47:93:b8:8e:e8:32:0e:6b:cc:8e:31:49:94:40:f2:
         4d:14:de:57:fc:1d:a6:4b:c5:9a:26:6d:fb:fe:e7:3b:a6:07:
         61:e8:61:09:87:b4:f5:17:af:fe:ad:f4:2d:de:87:cd:40:bf:
         58:4d:04:53:2c:48:d2:7b:73:f6:be:a8:51:9a:23:8f:20:35:
         6b:bf:eb:ae:37:a5:26:d3:25:90:ac:57:71:43:1a:4c:88:54:
         12:2e:59:60:4e:8c:fd:b9:e6:ad:c0:8c:3a:e0:af:5d:9d:67:
         76:2d:66:26:98:bd:cd:f0:01:aa:27:d2:f3:95:0a:47:a7:8d:
         f3:82:0c:e2:1e:b1:50:43:8d:cd:cc:e8:d7:af:9f:b8:89:24:
         14:21:63:d1:5a:fd:66:c6:42:c6:ba:f4:af:5c:1c:85:48:66:
         bc:f3:26:c3:62:d8:55:45:4d:c0:ca:e7:9f:e9:ba:d4:2e:a6:
         fc:a9:36:82:70:78:d4:dd:b4:61:44:6a:07:ff:95:17:35:73:
         d6:29:3f:9b:b0:1c:11:71:68:a6:2f:bc:85:8d:28:54:44:a5:
         54:92:33:59
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYyR9xcxUAKE+uqti66hX09xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODdlMGFiMDMyYjBjMDVlYjVlNzRjYzJjMDg2OThkZDMy
NGQ5NjMwHhcNMjMxMjIyMTQzODU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZWM1MzcwZmRhYTQ3M2RmOWZkOGI1OTJiMDg5NTk5NjJiODE5N2U0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgaMCTbEHDOcggaufsiO4ooJQRXN6
gp7kIZlVjyuQr5u2XqEemq37muDUA9gHBhsCdtLL8Hg2xnnsVp/7+Vrr7qj/mop+
oFMDjFOCUWGVXTdSQekw3oLkTRHKctuRUG914ZbbLfOxG4/VXIUGeZ1Lg61d/UCu
4UDySorWnhR8Wh8E0SF8/M7AtED8vo7Slo5lT/MRyxVxKKMkGIt7UUTTU9lfh10Z
yyDbAZ+pR1uWojms9dkvC5CBLqgERAGmXFatJPJjzPwQa8ofst0OOxNVwcX9xqjd
L8IrtjY7QGTW9R51F/Wv/U7T2hhhzfPx1abUCWBQ0h5duJ/CkTujnRJOLwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFL7FNw/apHPfn9i1krCJWZYrgZfkMB8GA1UdIwQY
MBaAFP+H4KsDKwwF6150zCwIaY3TJNljMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEt
NzFlYjk1ZjUwZTViLzEvdnNVM0Q5cWtjOS1mMkxXU3NJbFpsaXVCbC1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEtNzFlYjk1ZjUwZTVi
LzEvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAbXrHAwQA
bXrRMA0GCSqGSIb3DQEBCwUAA4IBAQAo9m7Vt4zZDxg2LPT6Y/jLZy2ZUkDUdUkK
xo9yqXmJ07NQGVT7zYlHk7iO6DIOa8yOMUmUQPJNFN5X/B2mS8WaJm37/uc7pgdh
6GEJh7T1F6/+rfQt3ofNQL9YTQRTLEjSe3P2vqhRmiOPIDVrv+uuN6Um0yWQrFdx
QxpMiFQSLllgToz9ueatwIw64K9dnWd2LWYmmL3N8AGqJ9LzlQpHp43zggziHrFQ
Q43NzOjXr5+4iSQUIWPRWv1mxkLGuvSvXByFSGa88ybDYthVRU3Ayuef6brULqb8
qTaCcHjU3bRhRGoH/5UXNXPWKT+bsBwRcWimL7yFjShURKVUkjNZ
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:24:48 2024 by rpki-client on console-fra.rpki-client.org