Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/yyn-FHr83kRLpwr_gMXT7Pfmy6k.roa
File:                     yyn-FHr83kRLpwr_gMXT7Pfmy6k.roa (raw, json)
Hash identifier:          mgRHe67UmTiRBu8QiaWNWbwsgIczHQSxZY3a9+fd0aM=
Subject key identifier:   CB:29:FE:14:7A:FC:DE:44:4B:A7:0A:FF:80:C5:D3:EC:F7:E6:CB:A9
Certificate issuer:       /CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Certificate serial:       018BD60C0F3754047612F14ED289C8EF4680
Authority key identifier: FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/yyn-FHr83kRLpwr_gMXT7Pfmy6k.roa
Signing time:             Thu 16 Nov 2023 02:53:16 +0000
ROA not before:           Thu 16 Nov 2023 02:53:16 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     60117
IP address blocks:        109.122.196.0/24 maxlen: 24
                          109.122.194.0/24 maxlen: 24
                          109.122.211.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:d6:0c:0f:37:54:04:76:12:f1:4e:d2:89:c8:ef:46:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
        Validity
            Not Before: Nov 16 02:53:16 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=cb29fe147afcde444ba70aff80c5d3ecf7e6cba9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:eb:11:e1:51:db:ca:3d:1a:9a:98:57:ce:02:
                    78:43:4f:fe:83:89:c6:00:20:6f:9b:18:61:17:1e:
                    70:50:b0:2f:ff:18:46:9d:e2:18:15:9b:d9:c6:8b:
                    aa:bb:c8:e2:48:96:5f:51:ff:0a:48:8f:f4:18:15:
                    1a:69:7f:dd:17:cf:d2:68:ef:6e:bf:03:8e:3e:28:
                    8a:6d:48:99:99:47:4a:35:18:4b:10:bb:2c:64:dc:
                    af:70:5d:1f:08:90:0a:7a:6d:e9:3f:d4:9e:1d:4f:
                    ec:a6:8e:b6:b4:dd:4d:37:4e:36:aa:7e:ad:f8:86:
                    1e:58:09:e2:f7:87:d3:a5:c1:88:40:ca:84:e3:c8:
                    72:bb:9e:b4:b8:35:4e:03:89:b2:ad:e4:fb:80:d6:
                    e6:88:5d:6f:d5:cd:6c:a6:3d:2c:cb:d2:38:6e:d4:
                    bf:6c:ca:82:2e:11:6f:51:4e:35:0d:1d:48:95:a6:
                    00:ed:bb:5a:d6:e8:27:c2:0e:5e:48:92:7c:ce:c2:
                    c0:18:66:c4:5b:b0:cc:ca:4f:4c:07:ab:88:a8:f3:
                    25:73:c0:e2:9a:d1:b5:bc:74:9f:44:45:78:e4:83:
                    58:33:25:d8:0c:9f:de:c7:4f:15:27:a5:1b:df:54:
                    18:20:00:07:d1:1c:f1:fb:70:bc:ec:f4:44:22:48:
                    91:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:29:FE:14:7A:FC:DE:44:4B:A7:0A:FF:80:C5:D3:EC:F7:E6:CB:A9
            X509v3 Authority Key Identifier:
                keyid:FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/yyn-FHr83kRLpwr_gMXT7Pfmy6k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/_4fgqwMrDAXrXnTMLAhpjdMk2WM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.194.0/24
                  109.122.196.0/24
                  109.122.211.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:a4:ea:48:ec:fe:1d:6a:2f:de:fa:6e:36:f2:82:8b:bc:6d:
         dd:cd:66:b6:f6:e1:26:12:4f:74:ee:92:f9:4f:8f:80:59:14:
         34:91:42:e7:b2:66:36:63:45:52:fb:da:6e:f7:70:2b:ac:74:
         6e:ed:64:42:a1:0d:fc:2a:69:78:25:e9:bd:48:a9:f1:4c:cf:
         bd:92:34:4d:5d:c5:98:3c:17:38:6d:c7:b4:fe:04:98:9c:36:
         0f:f7:3a:27:99:2d:26:b8:e4:74:0a:10:65:87:f6:16:51:55:
         b1:3a:38:73:85:37:ae:7a:8d:55:c7:51:53:26:e1:ea:e9:a7:
         e3:b0:84:b1:dc:85:36:ca:64:08:a2:77:f0:17:50:60:00:1c:
         75:86:37:e9:f8:39:22:16:5f:d3:56:5f:8a:62:5b:37:a3:eb:
         d0:09:cb:d4:9a:00:1a:37:0f:48:f1:ca:03:19:8c:11:18:51:
         9f:25:80:7d:81:47:ad:f5:64:72:4d:21:08:57:3a:e2:33:d4:
         f4:e2:92:db:08:60:0a:79:e8:1a:7f:b8:4d:7b:94:42:ea:5d:
         17:61:76:66:55:67:d3:e7:e4:d0:5e:ce:18:93:74:d0:83:01:
         53:e3:04:4f:3c:73:a5:e1:71:b5:1d:2d:8b:ca:31:70:2b:65:
         01:b7:2d:12
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYvWDA83VAR2EvFO0onI70aAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODdlMGFiMDMyYjBjMDVlYjVlNzRjYzJjMDg2OThkZDMy
NGQ5NjMwHhcNMjMxMTE2MDI1MzE2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjI5ZmUxNDdhZmNkZTQ0NGJhNzBhZmY4MGM1ZDNlY2Y3ZTZjYmE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjOsR4VHbyj0amphXzgJ4Q0/+g4nG
ACBvmxhhFx5wULAv/xhGneIYFZvZxouqu8jiSJZfUf8KSI/0GBUaaX/dF8/SaO9u
vwOOPiiKbUiZmUdKNRhLELssZNyvcF0fCJAKem3pP9SeHU/spo62tN1NN042qn6t
+IYeWAni94fTpcGIQMqE48hyu560uDVOA4myreT7gNbmiF1v1c1spj0sy9I4btS/
bMqCLhFvUU41DR1IlaYA7bta1ugnwg5eSJJ8zsLAGGbEW7DMyk9MB6uIqPMlc8Di
mtG1vHSfREV45INYMyXYDJ/ex08VJ6Ub31QYIAAH0Rzx+3C87PREIkiRdQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFMsp/hR6/N5ES6cK/4DF0+z35supMB8GA1UdIwQY
MBaAFP+H4KsDKwwF6150zCwIaY3TJNljMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEt
NzFlYjk1ZjUwZTViLzEveXluLUZIcjgza1JMcHdyX2dNWFQ3UGZteTZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEtNzFlYjk1ZjUwZTVi
LzEvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAbXrCAwQA
bXrEAwQAbXrTMA0GCSqGSIb3DQEBCwUAA4IBAQB8pOpI7P4dai/e+m428oKLvG3d
zWa29uEmEk907pL5T4+AWRQ0kULnsmY2Y0VS+9pu93ArrHRu7WRCoQ38Kml4Jem9
SKnxTM+9kjRNXcWYPBc4bce0/gSYnDYP9zonmS0muOR0ChBlh/YWUVWxOjhzhTeu
eo1Vx1FTJuHq6afjsISx3IU2ymQIonfwF1BgABx1hjfp+DkiFl/TVl+KYls3o+vQ
CcvUmgAaNw9I8coDGYwRGFGfJYB9gUet9WRyTSEIVzriM9T04pLbCGAKeegaf7hN
e5RC6l0XYXZmVWfT5+TQXs4Yk3TQgwFT4wRPPHOl4XG1HS2LyjFwK2UBty0S
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:24:48 2024 by rpki-client on console-fra.rpki-client.org