Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/41f6f5-cef0-4a57-8e47-0a85986208a9/1/dVg2zLB5iEm_Mt6XwM-SIoRVw2E.roa
File:                     dVg2zLB5iEm_Mt6XwM-SIoRVw2E.roa (raw, json)
Hash identifier:          DA94uYqpBcqEg4FYKXz+hJZhWf/o6EwVSlCkdV/1ajQ=
Subject key identifier:   75:58:36:CC:B0:79:88:49:BF:32:DE:97:C0:CF:92:22:84:55:C3:61
Certificate issuer:       /CN=5f51bcd89eb7f5b3ab08806ef51a7c2f6eb98efc
Certificate serial:       018CC801C52905436958675EA38D2A2999FC
Authority key identifier: 5F:51:BC:D8:9E:B7:F5:B3:AB:08:80:6E:F5:1A:7C:2F:6E:B9:8E:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/X1G82J639bOrCIBu9Rp8L265jvw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/41f6f5-cef0-4a57-8e47-0a85986208a9/1/dVg2zLB5iEm_Mt6XwM-SIoRVw2E.roa
Signing time:             Tue 02 Jan 2024 02:30:08 +0000
ROA not before:           Tue 02 Jan 2024 02:30:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12697
IP address blocks:        109.95.60.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:c5:29:05:43:69:58:67:5e:a3:8d:2a:29:99:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5f51bcd89eb7f5b3ab08806ef51a7c2f6eb98efc
        Validity
            Not Before: Jan  2 02:30:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=755836ccb0798849bf32de97c0cf92228455c361
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:fb:81:dd:c3:e2:b2:90:11:3a:62:d4:09:a6:
                    d1:b1:9e:94:01:ef:be:ef:b5:00:56:84:4c:4a:33:
                    cb:f8:dc:6f:b3:ef:7f:48:91:b0:07:25:22:bc:1e:
                    72:8a:8b:8d:d7:07:b7:93:e6:2e:e3:ab:07:00:e5:
                    30:a2:a4:68:02:9e:db:a9:69:cc:9e:f3:39:d4:35:
                    1f:26:53:f8:57:05:92:9e:da:6f:a9:33:b1:f5:c6:
                    14:24:5a:17:4a:61:bb:67:ad:43:c3:a0:5c:4e:e0:
                    31:b8:df:30:be:68:ce:36:a7:5e:d3:91:2b:7b:ad:
                    98:49:b4:50:08:f0:c1:3c:3d:19:ca:43:57:23:0a:
                    0b:76:2e:9e:90:37:9a:bc:da:70:31:93:66:99:51:
                    5e:7b:04:39:72:e2:27:e6:79:5c:fd:3e:57:db:ab:
                    1d:18:ec:87:e5:e2:e7:51:ad:1f:97:de:04:30:49:
                    d8:02:b9:da:0a:51:a2:88:13:f8:ca:7d:e6:41:77:
                    9f:fb:64:29:2f:0e:db:2c:87:6e:87:0f:bf:6f:70:
                    3f:83:1d:03:8b:a2:d5:8b:bb:4a:34:c4:b7:0f:19:
                    96:91:41:55:f9:23:bd:4b:a3:02:1e:ac:2e:88:ac:
                    bf:bc:38:99:dd:4e:3e:8c:1c:33:41:1b:13:f2:46:
                    c3:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:58:36:CC:B0:79:88:49:BF:32:DE:97:C0:CF:92:22:84:55:C3:61
            X509v3 Authority Key Identifier:
                keyid:5F:51:BC:D8:9E:B7:F5:B3:AB:08:80:6E:F5:1A:7C:2F:6E:B9:8E:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/X1G82J639bOrCIBu9Rp8L265jvw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/41f6f5-cef0-4a57-8e47-0a85986208a9/1/dVg2zLB5iEm_Mt6XwM-SIoRVw2E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/41f6f5-cef0-4a57-8e47-0a85986208a9/1/X1G82J639bOrCIBu9Rp8L265jvw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.95.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:a3:c8:1a:a9:e0:65:51:ab:e8:34:3c:ef:2c:e9:1e:02:6f:
         9b:fc:22:2b:0f:de:ce:1f:3d:03:0c:cb:d5:63:53:e4:a6:3c:
         cc:c0:4f:18:b6:1b:fe:f8:e9:8c:f0:c5:42:fe:f7:6b:df:86:
         98:30:f3:95:b9:d7:8d:ad:f0:c0:8d:df:11:67:55:2c:6f:e6:
         31:ea:aa:b4:eb:9a:ea:9b:9b:38:f6:54:29:12:42:b4:84:b5:
         c1:a8:8d:34:06:ed:6f:90:0d:fd:cf:1a:3f:c7:4b:4c:b7:a0:
         8c:06:7e:26:47:97:1d:5a:eb:56:be:ae:ca:0a:97:b6:a9:3d:
         af:1d:31:d1:92:5e:08:16:b1:32:9a:21:1a:1f:b2:4b:cf:18:
         2a:11:a8:7e:ff:2d:bd:f3:2b:16:e5:54:ed:bf:1c:94:5b:12:
         5d:ea:d2:a3:ea:35:b6:b3:1e:f9:fd:07:48:bb:ec:6c:fc:75:
         9c:a8:ed:37:c8:0b:c1:a6:eb:fe:96:ef:19:d9:79:2a:f6:e3:
         be:d1:a3:8c:db:f3:24:4c:57:b3:d0:2d:49:3f:81:ea:e9:8c:
         f9:36:10:2a:41:4d:65:ee:4e:e4:fc:60:1f:72:e8:38:2b:6e:
         0c:bd:f3:0d:57:7f:fc:f7:54:1d:fe:c8:f7:79:22:cb:0e:5b:
         07:a4:f1:b3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAcUpBUNpWGdeo40qKZn8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmNTFiY2Q4OWViN2Y1YjNhYjA4ODA2ZWY1MWE3YzJmNmVi
OThlZmMwHhcNMjQwMTAyMDIzMDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTU4MzZjY2IwNzk4ODQ5YmYzMmRlOTdjMGNmOTIyMjg0NTVjMzYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApvuB3cPispAROmLUCabRsZ6UAe++
77UAVoRMSjPL+Nxvs+9/SJGwByUivB5yiouN1we3k+Yu46sHAOUwoqRoAp7bqWnM
nvM51DUfJlP4VwWSntpvqTOx9cYUJFoXSmG7Z61Dw6BcTuAxuN8wvmjONqde05Er
e62YSbRQCPDBPD0ZykNXIwoLdi6ekDeavNpwMZNmmVFeewQ5cuIn5nlc/T5X26sd
GOyH5eLnUa0fl94EMEnYArnaClGiiBP4yn3mQXef+2QpLw7bLIduhw+/b3A/gx0D
i6LVi7tKNMS3DxmWkUFV+SO9S6MCHqwuiKy/vDiZ3U4+jBwzQRsT8kbDqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHVYNsyweYhJvzLel8DPkiKEVcNhMB8GA1UdIwQY
MBaAFF9RvNiet/WzqwiAbvUafC9uuY78MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWDFHODJKNjM5Yk9yQ0lCdTlScDhMMjY1anZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi80MWY2ZjUtY2VmMC00YTU3LThlNDct
MGE4NTk4NjIwOGE5LzEvZFZnMnpMQjVpRW1fTXQ2WHdNLVNJb1JWdzJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi80MWY2ZjUtY2VmMC00YTU3LThlNDctMGE4NTk4NjIwOGE5
LzEvWDFHODJKNjM5Yk9yQ0lCdTlScDhMMjY1anZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbV88MA0G
CSqGSIb3DQEBCwUAA4IBAQAgo8gaqeBlUavoNDzvLOkeAm+b/CIrD97OHz0DDMvV
Y1PkpjzMwE8Ythv++OmM8MVC/vdr34aYMPOVudeNrfDAjd8RZ1Usb+Yx6qq065rq
m5s49lQpEkK0hLXBqI00Bu1vkA39zxo/x0tMt6CMBn4mR5cdWutWvq7KCpe2qT2v
HTHRkl4IFrEymiEaH7JLzxgqEah+/y298ysW5VTtvxyUWxJd6tKj6jW2sx75/QdI
u+xs/HWcqO03yAvBpuv+lu8Z2Xkq9uO+0aOM2/MkTFez0C1JP4Hq6Yz5NhAqQU1l
7k7k/GAfcug4K24MvfMNV3/891Qd/sj3eSLLDlsHpPGz
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:27:03 2024 by rpki-client on console-fra.rpki-client.org