Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/xPBsWd55si-jZLEEe2B5P8Fyg54.roa
File:                     xPBsWd55si-jZLEEe2B5P8Fyg54.roa (raw, json)
Hash identifier:          8xjRcv5viotVtSa1mdMFX+X3sAsCx0MG0aosm82r3uU=
Subject key identifier:   C4:F0:6C:59:DE:79:B2:2F:A3:64:B1:04:7B:60:79:3F:C1:72:83:9E
Certificate issuer:       /CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Certificate serial:       018CC5013FE4360C2FDCD80BB59C2530A688
Authority key identifier: FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/xPBsWd55si-jZLEEe2B5P8Fyg54.roa
Signing time:             Mon 01 Jan 2024 12:30:42 +0000
ROA not before:           Mon 01 Jan 2024 12:30:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        109.122.218.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:3f:e4:36:0c:2f:dc:d8:0b:b5:9c:25:30:a6:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
        Validity
            Not Before: Jan  1 12:30:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c4f06c59de79b22fa364b1047b60793fc172839e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:15:ce:c8:82:85:25:eb:a4:98:ba:d2:22:f2:
                    bc:c7:16:75:a4:42:f8:29:83:15:4b:df:f7:72:14:
                    33:cf:3c:f2:c1:c7:c2:e5:88:88:d2:b2:12:ea:ad:
                    37:d7:70:ba:f0:52:f2:b3:bb:3e:d8:c4:01:71:f5:
                    43:22:1c:d2:27:29:70:fc:b4:59:2d:db:4b:bd:52:
                    08:9d:11:2a:b3:1a:0e:a0:05:d8:05:53:be:67:c7:
                    72:48:5e:6f:df:af:ed:cc:83:46:7f:ae:7a:a0:c1:
                    51:f0:a0:31:7d:db:a1:18:82:08:53:15:37:00:de:
                    b2:43:eb:e5:7d:e6:7e:aa:30:f7:6e:26:6f:e3:c2:
                    bf:17:60:03:d5:29:e4:f9:ca:57:2b:b6:a8:14:79:
                    0a:4f:53:e4:f7:02:d0:91:36:be:14:b2:b6:94:7f:
                    ba:8a:1a:74:b0:0e:a1:e8:34:7f:1e:ea:76:91:54:
                    8a:0b:ed:db:bd:ea:fe:bc:ca:b1:b3:34:93:a9:29:
                    6f:63:15:76:5d:9b:28:97:5a:6f:34:48:75:88:f3:
                    53:e5:1a:b1:73:60:9c:44:40:b4:43:72:6a:a2:a0:
                    80:93:ca:4d:8f:8b:ea:3c:6d:34:52:13:84:0c:06:
                    76:93:74:b6:be:d0:24:26:97:5c:f5:d2:5d:c1:14:
                    cb:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:F0:6C:59:DE:79:B2:2F:A3:64:B1:04:7B:60:79:3F:C1:72:83:9E
            X509v3 Authority Key Identifier:
                keyid:FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/xPBsWd55si-jZLEEe2B5P8Fyg54.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/_4fgqwMrDAXrXnTMLAhpjdMk2WM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.218.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:f7:f9:52:ee:ae:78:11:35:5b:12:77:8c:de:b4:18:85:9d:
         23:3e:66:1f:ff:af:32:64:17:d8:a4:da:42:4a:33:53:b9:e7:
         c5:49:db:64:25:b2:19:28:10:ed:a6:9d:2a:7c:fc:29:c8:2a:
         fc:67:97:15:e1:56:9d:50:62:9c:64:bb:6f:a6:05:87:81:4a:
         43:91:c9:e1:75:92:52:26:4b:45:c8:5f:07:1d:c9:60:0b:12:
         dd:6a:c5:92:26:90:4f:e0:c1:69:90:bc:37:c6:eb:8b:9a:52:
         c2:57:2f:ec:cb:b9:0d:a7:f5:b9:6d:d4:07:d8:50:ec:a1:32:
         3a:3f:76:77:96:55:b2:3f:ab:4b:ef:db:cc:28:8f:7f:7f:0b:
         df:dd:45:3b:a9:bb:b8:1c:50:af:81:62:94:ba:73:77:e5:49:
         88:07:07:c6:f0:a0:92:f3:b2:54:26:24:6d:37:d4:2b:0b:11:
         95:35:9b:8d:51:74:f3:6d:3b:62:4d:4a:40:f0:bd:97:22:63:
         59:c7:2a:1c:30:05:06:bc:f6:fd:8f:f4:27:bf:dd:82:7e:d7:
         b4:33:2e:45:de:9b:a6:40:c1:38:81:dd:e1:4c:af:8a:bf:56:
         68:bd:61:e1:fa:59:e9:5d:06:58:c3:64:d0:6c:ee:44:9a:cf:
         3b:1a:10:e0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAT/kNgwv3NgLtZwlMKaIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODdlMGFiMDMyYjBjMDVlYjVlNzRjYzJjMDg2OThkZDMy
NGQ5NjMwHhcNMjQwMTAxMTIzMDQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNGYwNmM1OWRlNzliMjJmYTM2NGIxMDQ3YjYwNzkzZmMxNzI4MzllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhRXOyIKFJeukmLrSIvK8xxZ1pEL4
KYMVS9/3chQzzzzywcfC5YiI0rIS6q0313C68FLys7s+2MQBcfVDIhzSJylw/LRZ
LdtLvVIInREqsxoOoAXYBVO+Z8dySF5v36/tzINGf656oMFR8KAxfduhGIIIUxU3
AN6yQ+vlfeZ+qjD3biZv48K/F2AD1Snk+cpXK7aoFHkKT1Pk9wLQkTa+FLK2lH+6
ihp0sA6h6DR/Hup2kVSKC+3bver+vMqxszSTqSlvYxV2XZsol1pvNEh1iPNT5Rqx
c2CcREC0Q3JqoqCAk8pNj4vqPG00UhOEDAZ2k3S2vtAkJpdc9dJdwRTLBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMTwbFneebIvo2SxBHtgeT/BcoOeMB8GA1UdIwQY
MBaAFP+H4KsDKwwF6150zCwIaY3TJNljMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEt
NzFlYjk1ZjUwZTViLzEveFBCc1dkNTVzaS1qWkxFRWUyQjVQOEZ5ZzU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEtNzFlYjk1ZjUwZTVi
LzEvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXraMA0G
CSqGSIb3DQEBCwUAA4IBAQCF9/lS7q54ETVbEneM3rQYhZ0jPmYf/68yZBfYpNpC
SjNTuefFSdtkJbIZKBDtpp0qfPwpyCr8Z5cV4VadUGKcZLtvpgWHgUpDkcnhdZJS
JktFyF8HHclgCxLdasWSJpBP4MFpkLw3xuuLmlLCVy/sy7kNp/W5bdQH2FDsoTI6
P3Z3llWyP6tL79vMKI9/fwvf3UU7qbu4HFCvgWKUunN35UmIBwfG8KCS87JUJiRt
N9QrCxGVNZuNUXTzbTtiTUpA8L2XImNZxyocMAUGvPb9j/Qnv92Cfte0My5F3pum
QME4gd3hTK+Kv1ZovWHh+lnpXQZYw2TQbO5Ems87GhDg
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:02:04 2024 by rpki-client on console-ams.rpki-client.org