Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/wkF9o894j_kBgfSJM_b_wv7KMgM.roa
File:                     wkF9o894j_kBgfSJM_b_wv7KMgM.roa (raw, json)
Hash identifier:          HmFWg6xWLglpvbPEOeHM+ijgTTftu16oGkspcn0gG0M=
Subject key identifier:   C2:41:7D:A3:CF:78:8F:F9:01:81:F4:89:33:F6:FF:C2:FE:CA:32:03
Certificate issuer:       /CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Certificate serial:       018CC0FE44C796915218AAE9EB632008E631
Authority key identifier: FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/wkF9o894j_kBgfSJM_b_wv7KMgM.roa
Signing time:             Sun 31 Dec 2023 17:48:58 +0000
ROA not before:           Sun 31 Dec 2023 17:48:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     48678
IP address blocks:        109.122.196.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c0:fe:44:c7:96:91:52:18:aa:e9:eb:63:20:08:e6:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
        Validity
            Not Before: Dec 31 17:48:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c2417da3cf788ff90181f48933f6ffc2feca3203
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:ab:ba:3a:f8:6c:1e:5f:03:89:ae:91:64:8d:
                    c0:a6:97:10:f7:34:8b:57:df:5f:c4:ce:61:cb:e8:
                    e8:b7:05:9c:3e:b5:06:aa:98:7e:2d:72:54:e0:c2:
                    b4:fa:e6:4c:0b:91:2f:a2:37:db:4b:34:ed:d9:f5:
                    60:da:2e:f1:eb:78:b5:37:d9:2a:05:83:cd:24:5c:
                    06:79:27:4a:52:02:bb:c2:d3:e5:77:1b:26:64:f7:
                    78:38:14:97:ac:9b:9b:b9:d0:e9:73:db:29:4f:02:
                    69:61:c9:ab:88:00:72:82:b8:b6:0b:1b:c7:df:d7:
                    a1:34:ac:09:e1:2f:ad:7c:13:ef:c8:5d:cf:7a:f8:
                    62:51:6d:57:49:cd:be:d1:c0:a0:ee:4b:e0:cb:49:
                    71:34:8b:fa:ec:09:52:43:86:76:54:0e:5d:8f:89:
                    78:a6:d4:5f:13:d0:8d:b3:f1:69:57:c6:32:24:0a:
                    53:6e:1e:75:a3:69:95:e5:91:9f:cb:d2:ea:7f:60:
                    48:69:cc:b6:d9:36:6d:19:5b:b4:e1:6f:38:24:6d:
                    a2:57:c3:f0:e7:96:84:16:f3:25:17:a8:48:e7:58:
                    33:0c:1d:59:11:99:43:2b:31:94:26:b2:e5:40:dd:
                    b0:d9:26:81:e3:e1:1e:be:4e:26:96:5b:7d:f9:37:
                    ac:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:41:7D:A3:CF:78:8F:F9:01:81:F4:89:33:F6:FF:C2:FE:CA:32:03
            X509v3 Authority Key Identifier:
                keyid:FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/wkF9o894j_kBgfSJM_b_wv7KMgM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/_4fgqwMrDAXrXnTMLAhpjdMk2WM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.196.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:73:15:e8:df:79:e4:8d:2f:48:73:f5:71:14:e9:1b:8a:ac:
         32:05:c2:ef:80:b2:a2:aa:0f:69:ca:92:b9:b9:06:27:e4:fe:
         e8:0c:19:0f:9e:11:32:74:da:d7:11:db:fd:9e:a9:2e:78:a9:
         98:2d:a8:aa:c8:05:f6:99:b5:f7:99:38:a9:d2:c5:31:8c:d2:
         a7:e3:29:e2:38:b5:96:15:6b:d4:c0:58:47:a9:2a:61:86:3c:
         32:0e:fa:52:b0:35:01:73:29:b2:1b:24:03:c8:26:05:42:4e:
         9a:6f:ce:18:73:19:0d:85:0b:8a:9e:1a:7c:cd:ef:ef:a1:87:
         1e:93:9c:e1:61:75:a5:f8:c8:3b:45:a7:37:a6:b0:45:f3:89:
         ca:13:7b:a6:2e:a2:ba:a2:28:ae:3c:fb:64:8d:9e:b6:d9:66:
         2b:fe:8d:02:53:29:ea:a9:ec:c1:49:25:8b:2b:18:0b:a3:e1:
         fe:bb:35:ee:23:a2:cd:7f:75:a1:1d:b5:da:16:5f:d4:83:e5:
         aa:c2:6e:d5:fc:73:e1:51:aa:8b:7f:f0:34:bc:87:e9:fe:dc:
         fb:67:91:2f:52:37:f8:f2:da:cd:f3:3d:f3:13:7a:5c:1b:c7:
         66:a3:e8:f0:be:69:3e:c3:89:a7:15:8b:41:f9:bf:be:ea:5c:
         09:e8:ce:08
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzA/kTHlpFSGKrp62MgCOYxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODdlMGFiMDMyYjBjMDVlYjVlNzRjYzJjMDg2OThkZDMy
NGQ5NjMwHhcNMjMxMjMxMTc0ODU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMjQxN2RhM2NmNzg4ZmY5MDE4MWY0ODkzM2Y2ZmZjMmZlY2EzMjAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhqu6OvhsHl8Dia6RZI3AppcQ9zSL
V99fxM5hy+jotwWcPrUGqph+LXJU4MK0+uZMC5EvojfbSzTt2fVg2i7x63i1N9kq
BYPNJFwGeSdKUgK7wtPldxsmZPd4OBSXrJubudDpc9spTwJpYcmriABygri2CxvH
39ehNKwJ4S+tfBPvyF3PevhiUW1XSc2+0cCg7kvgy0lxNIv67AlSQ4Z2VA5dj4l4
ptRfE9CNs/FpV8YyJApTbh51o2mV5ZGfy9Lqf2BIacy22TZtGVu04W84JG2iV8Pw
55aEFvMlF6hI51gzDB1ZEZlDKzGUJrLlQN2w2SaB4+Eevk4mllt9+TesgQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMJBfaPPeI/5AYH0iTP2/8L+yjIDMB8GA1UdIwQY
MBaAFP+H4KsDKwwF6150zCwIaY3TJNljMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEt
NzFlYjk1ZjUwZTViLzEvd2tGOW84OTRqX2tCZ2ZTSk1fYl93djdLTWdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEtNzFlYjk1ZjUwZTVi
LzEvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXrEMA0G
CSqGSIb3DQEBCwUAA4IBAQBOcxXo33nkjS9Ic/VxFOkbiqwyBcLvgLKiqg9pypK5
uQYn5P7oDBkPnhEydNrXEdv9nqkueKmYLaiqyAX2mbX3mTip0sUxjNKn4yniOLWW
FWvUwFhHqSphhjwyDvpSsDUBcymyGyQDyCYFQk6ab84YcxkNhQuKnhp8ze/voYce
k5zhYXWl+Mg7Rac3prBF84nKE3umLqK6oiiuPPtkjZ622WYr/o0CUynqqezBSSWL
KxgLo+H+uzXuI6LNf3WhHbXaFl/Ug+Wqwm7V/HPhUaqLf/A0vIfp/tz7Z5EvUjf4
8trN8z3zE3pcG8dmo+jwvmk+w4mnFYtB+b++6lwJ6M4I
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:24:48 2024 by rpki-client on console-fra.rpki-client.org