Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/c800c9-51b5-4589-9260-063fcdd3a057/1/ppflGIwAs5bUNZeMm1Jwn-gDX9A.roa
File:                     ppflGIwAs5bUNZeMm1Jwn-gDX9A.roa (raw, json)
Hash identifier:          bEp1iaE6Wv52xlIwzdGTWXKIsZTFgKuM4OWPP1H7dS4=
Subject key identifier:   A6:97:E5:18:8C:00:B3:96:D4:35:97:8C:9B:52:70:9F:E8:03:5F:D0
Certificate issuer:       /CN=7c3c39d1899e699bf5177418ee381489edff4380
Certificate serial:       01856E5413F8E60B240463E8895EB55F155E
Authority key identifier: 7C:3C:39:D1:89:9E:69:9B:F5:17:74:18:EE:38:14:89:ED:FF:43:80
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fDw50YmeaZv1F3QY7jgUie3_Q4A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/c800c9-51b5-4589-9260-063fcdd3a057/1/ppflGIwAs5bUNZeMm1Jwn-gDX9A.roa
Signing time:             Sun 01 Jan 2023 17:14:41 +0000
ROA not before:           Sun 01 Jan 2023 17:14:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     1239
IP address blocks:        109.246.240.0/20 maxlen: 24
                          109.246.144.0/20 maxlen: 24
                          109.246.160.0/20 maxlen: 24
                          109.246.176.0/20 maxlen: 24
                          109.246.192.0/20 maxlen: 24
                          109.246.208.0/20 maxlen: 24
                          109.246.224.0/20 maxlen: 24
                          109.246.128.0/20 maxlen: 24
                          109.246.128.0/17 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6e:54:13:f8:e6:0b:24:04:63:e8:89:5e:b5:5f:15:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c3c39d1899e699bf5177418ee381489edff4380
        Validity
            Not Before: Jan  1 17:14:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a697e5188c00b396d435978c9b52709fe8035fd0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:49:e6:d3:82:78:59:71:5d:5a:b7:08:51:a3:
                    c7:88:7d:67:a6:8c:07:11:30:6c:32:ad:52:e2:01:
                    16:cb:42:da:4e:2a:e3:01:d2:3a:ba:b6:64:45:e0:
                    6d:b7:cb:ed:38:e3:49:f9:41:b4:1b:13:ce:90:07:
                    04:6f:14:3d:ec:07:c1:4d:bd:83:72:29:ee:fe:86:
                    4d:87:60:70:70:ed:0f:21:f2:1a:54:09:2b:ef:3a:
                    33:94:e4:4e:6a:9f:a9:55:9b:a3:bd:c6:47:1c:6a:
                    0d:54:f8:c2:ec:44:08:00:43:48:20:4b:a4:24:ea:
                    8a:8e:58:fa:a4:bb:bb:e0:ac:f0:b5:7c:6f:50:10:
                    24:fc:9a:0b:58:f2:88:0f:89:ff:44:46:bf:9f:e5:
                    bd:52:aa:8e:74:3a:6f:a9:c2:74:13:ad:21:eb:fa:
                    0b:f6:b5:72:00:f5:6b:70:1f:01:7f:df:a4:73:2e:
                    e1:96:4f:bd:74:ff:49:c5:a0:aa:06:9c:11:ab:cd:
                    16:1f:d8:a3:bb:0f:66:28:f6:6c:e6:c1:b6:c8:0a:
                    ff:f6:cf:60:80:99:cd:d4:7c:a4:e0:c0:d3:24:0e:
                    e9:c2:a1:b0:d6:37:d1:7e:f9:53:84:1c:ed:fe:8e:
                    c8:09:0d:bd:f2:ad:bc:bf:85:43:26:56:2a:9d:19:
                    81:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:97:E5:18:8C:00:B3:96:D4:35:97:8C:9B:52:70:9F:E8:03:5F:D0
            X509v3 Authority Key Identifier:
                keyid:7C:3C:39:D1:89:9E:69:9B:F5:17:74:18:EE:38:14:89:ED:FF:43:80

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fDw50YmeaZv1F3QY7jgUie3_Q4A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/c800c9-51b5-4589-9260-063fcdd3a057/1/ppflGIwAs5bUNZeMm1Jwn-gDX9A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/c800c9-51b5-4589-9260-063fcdd3a057/1/fDw50YmeaZv1F3QY7jgUie3_Q4A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.246.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         2e:c8:e9:3f:94:71:93:44:f4:56:fd:0b:5b:2a:b5:f2:32:1d:
         58:6f:39:31:f0:60:7d:a9:61:9d:f1:ab:a1:a3:14:c5:7d:1c:
         ca:e3:35:3a:a2:4f:6f:71:d5:13:42:d5:12:c1:52:57:c6:5e:
         e4:5a:d2:fc:8a:f8:a6:41:45:58:4b:ce:3c:3b:17:34:e5:44:
         5d:ea:15:f6:0b:ec:c2:f2:c8:3e:1f:55:78:7b:40:cf:1d:0f:
         1f:b4:82:b5:ad:e2:b8:55:a0:0f:d1:f5:60:6c:b3:be:21:00:
         e9:a4:e3:e9:79:0d:f0:66:ca:e3:0d:1e:ac:e6:d3:43:61:ff:
         f1:1d:3c:e2:6a:f9:77:3b:9a:12:ce:38:0d:47:f1:93:a3:21:
         71:be:8e:b0:07:f3:ab:ed:0a:80:2f:c8:c0:29:bb:f5:fc:af:
         e3:6d:3b:e7:c2:75:46:c6:89:af:b5:70:b4:86:0f:11:38:8a:
         f9:76:6e:7d:0a:e1:cd:29:81:42:e1:78:26:7a:f2:11:ef:d1:
         74:aa:e7:2d:4f:49:0c:ec:b3:0f:52:e0:eb:64:42:fd:b5:9a:
         64:00:07:48:72:b0:d9:db:d2:41:85:e4:7d:4e:81:db:68:e6:
         f5:c8:b1:f0:02:d7:ad:81:3b:ad:f3:65:a6:9a:36:bf:3a:30:
         9e:94:f7:d6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVuVBP45gskBGPoiV61XxVeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjM2MzOWQxODk5ZTY5OWJmNTE3NzQxOGVlMzgxNDg5ZWRm
ZjQzODAwHhcNMjMwMTAxMTcxNDQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNjk3ZTUxODhjMDBiMzk2ZDQzNTk3OGM5YjUyNzA5ZmU4MDM1ZmQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsUnm04J4WXFdWrcIUaPHiH1npowH
ETBsMq1S4gEWy0LaTirjAdI6urZkReBtt8vtOONJ+UG0GxPOkAcEbxQ97AfBTb2D
cinu/oZNh2BwcO0PIfIaVAkr7zozlOROap+pVZujvcZHHGoNVPjC7EQIAENIIEuk
JOqKjlj6pLu74KzwtXxvUBAk/JoLWPKID4n/REa/n+W9UqqOdDpvqcJ0E60h6/oL
9rVyAPVrcB8Bf9+kcy7hlk+9dP9JxaCqBpwRq80WH9ijuw9mKPZs5sG2yAr/9s9g
gJnN1Hyk4MDTJA7pwqGw1jfRfvlThBzt/o7ICQ298q28v4VDJlYqnRmB/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKaX5RiMALOW1DWXjJtScJ/oA1/QMB8GA1UdIwQY
MBaAFHw8OdGJnmmb9Rd0GO44FInt/0OAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkR3NTBZbWVhWnYxRjNRWTdqZ1VpZTNfUTRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9jODAwYzktNTFiNS00NTg5LTkyNjAt
MDYzZmNkZDNhMDU3LzEvcHBmbEdJd0FzNWJVTlplTW0xSnduLWdEWDlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9jODAwYzktNTFiNS00NTg5LTkyNjAtMDYzZmNkZDNhMDU3
LzEvZkR3NTBZbWVhWnYxRjNRWTdqZ1VpZTNfUTRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQHbfaAMA0G
CSqGSIb3DQEBCwUAA4IBAQAuyOk/lHGTRPRW/QtbKrXyMh1Ybzkx8GB9qWGd8auh
oxTFfRzK4zU6ok9vcdUTQtUSwVJXxl7kWtL8ivimQUVYS848Oxc05URd6hX2C+zC
8sg+H1V4e0DPHQ8ftIK1reK4VaAP0fVgbLO+IQDppOPpeQ3wZsrjDR6s5tNDYf/x
HTziavl3O5oSzjgNR/GToyFxvo6wB/Or7QqAL8jAKbv1/K/jbTvnwnVGxomvtXC0
hg8ROIr5dm59CuHNKYFC4XgmevIR79F0quctT0kM7LMPUuDrZEL9tZpkAAdIcrDZ
29JBheR9ToHbaOb1yLHwAtetgTut82Wmmja/OjCelPfW
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:03:02 2024 by rpki-client on console-ams.rpki-client.org