Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/d4b835-f5b5-4704-ae97-c26328561030/1/lMNSPFx5IifFukHjNNHEqp7_bFU.roa
File:                     lMNSPFx5IifFukHjNNHEqp7_bFU.roa (raw, json)
Hash identifier:          mNC2HIKb09Q0GusKPoWYv/gvA7QsOtK0q9v7wmm+WPM=
Subject key identifier:   94:C3:52:3C:5C:79:22:27:C5:BA:41:E3:34:D1:C4:AA:9E:FF:6C:55
Certificate issuer:       /CN=1d4404c8392e82d4b7029b69cb6ee290b9b42c00
Certificate serial:       018CC726F4C88F42362EBE7FF1002A55570D
Authority key identifier: 1D:44:04:C8:39:2E:82:D4:B7:02:9B:69:CB:6E:E2:90:B9:B4:2C:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HUQEyDkugtS3Aptpy27ikLm0LAA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/d4b835-f5b5-4704-ae97-c26328561030/1/lMNSPFx5IifFukHjNNHEqp7_bFU.roa
Signing time:             Mon 01 Jan 2024 22:31:08 +0000
ROA not before:           Mon 01 Jan 2024 22:31:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204175
IP address blocks:        185.112.77.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:f4:c8:8f:42:36:2e:be:7f:f1:00:2a:55:57:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1d4404c8392e82d4b7029b69cb6ee290b9b42c00
        Validity
            Not Before: Jan  1 22:31:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=94c3523c5c792227c5ba41e334d1c4aa9eff6c55
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:10:1a:c4:96:d3:b1:c3:01:84:9f:88:c1:e8:
                    56:de:0b:ad:d5:88:d6:3d:b2:e1:a0:53:db:f5:ac:
                    74:b5:b8:16:b9:03:69:17:6e:93:02:24:93:00:7f:
                    d0:6f:1c:70:19:c6:e4:6e:b1:8e:28:39:07:22:d7:
                    33:15:31:bd:0e:e5:47:26:ec:6b:be:04:3c:c3:44:
                    da:8c:c9:15:66:20:6b:cf:9a:c0:e9:25:80:5a:61:
                    30:cb:f3:5f:f9:54:73:19:74:eb:4d:bf:f7:aa:94:
                    fc:a3:f0:f0:f1:66:86:43:c8:b7:51:09:fd:b2:74:
                    65:2a:96:d0:a3:6c:5c:b0:a3:a1:31:a5:3a:7c:11:
                    e5:a8:b9:69:32:56:b9:23:84:e3:ef:20:c4:b9:5d:
                    24:66:17:fb:46:90:89:f0:28:e8:d1:32:ec:63:a3:
                    05:6f:6a:0c:e6:e1:9c:6d:38:9c:b1:5a:5d:34:25:
                    ab:a7:5a:92:a8:06:02:55:9d:09:7d:3e:3b:b7:ff:
                    f3:8e:fb:6c:97:03:41:07:ab:d1:d2:39:ac:fd:b2:
                    7a:e1:dd:64:e5:ed:ee:35:6f:c6:51:4d:9d:43:d3:
                    3f:2d:ce:9a:14:71:f9:89:fc:04:71:4d:6d:23:13:
                    b3:7b:df:89:a3:3c:89:b7:9b:b1:22:e7:99:ba:38:
                    9e:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:C3:52:3C:5C:79:22:27:C5:BA:41:E3:34:D1:C4:AA:9E:FF:6C:55
            X509v3 Authority Key Identifier:
                keyid:1D:44:04:C8:39:2E:82:D4:B7:02:9B:69:CB:6E:E2:90:B9:B4:2C:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HUQEyDkugtS3Aptpy27ikLm0LAA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/d4b835-f5b5-4704-ae97-c26328561030/1/lMNSPFx5IifFukHjNNHEqp7_bFU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/d4b835-f5b5-4704-ae97-c26328561030/1/HUQEyDkugtS3Aptpy27ikLm0LAA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.112.77.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:cf:46:9d:ce:43:be:49:7c:1e:89:b9:91:99:2e:94:c3:ba:
         86:1f:f5:6d:a7:c0:6a:ab:43:4b:d6:c2:2c:04:86:54:ec:63:
         af:d7:af:ca:43:56:da:54:ae:4c:03:a0:72:d5:1c:c9:da:74:
         ea:12:53:10:62:51:8a:c4:d1:e5:6f:f2:5d:f4:30:e6:5d:ea:
         0a:ac:be:bf:64:d1:18:0d:ee:75:6c:94:24:1d:cb:e0:c5:77:
         61:e0:98:6d:1b:49:45:d6:d5:3e:85:da:d0:f1:93:7f:df:12:
         62:60:67:a8:a5:bd:45:4c:c3:84:bc:75:ff:e7:91:db:8c:fa:
         53:a7:c1:c5:c0:07:2a:f4:54:6d:46:42:cd:49:af:ff:0f:70:
         ad:34:05:c9:95:f5:7f:b1:91:e2:77:85:47:3e:b2:ec:a8:61:
         92:45:1d:b1:86:cc:50:dd:26:bf:f9:4a:47:10:72:67:67:58:
         90:f3:72:ae:2a:ae:7b:46:1f:10:44:66:71:92:a7:c1:5a:70:
         de:92:d4:e6:88:76:46:18:fe:30:15:44:53:41:44:ae:d2:c9:
         07:83:ae:f8:56:d5:ee:19:f6:bd:ae:4c:31:8e:6f:dc:43:46:
         cc:a7:62:d4:89:39:f1:c0:2a:d3:36:77:36:0b:cd:4c:fa:0c:
         86:ef:78:ac
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJvTIj0I2Lr5/8QAqVVcNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkNDQwNGM4MzkyZTgyZDRiNzAyOWI2OWNiNmVlMjkwYjli
NDJjMDAwHhcNMjQwMTAxMjIzMTA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NGMzNTIzYzVjNzkyMjI3YzViYTQxZTMzNGQxYzRhYTllZmY2YzU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvBAaxJbTscMBhJ+IwehW3gut1YjW
PbLhoFPb9ax0tbgWuQNpF26TAiSTAH/QbxxwGcbkbrGOKDkHItczFTG9DuVHJuxr
vgQ8w0TajMkVZiBrz5rA6SWAWmEwy/Nf+VRzGXTrTb/3qpT8o/Dw8WaGQ8i3UQn9
snRlKpbQo2xcsKOhMaU6fBHlqLlpMla5I4Tj7yDEuV0kZhf7RpCJ8Cjo0TLsY6MF
b2oM5uGcbTicsVpdNCWrp1qSqAYCVZ0JfT47t//zjvtslwNBB6vR0jms/bJ64d1k
5e3uNW/GUU2dQ9M/Lc6aFHH5ifwEcU1tIxOze9+JozyJt5uxIueZujie7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJTDUjxceSInxbpB4zTRxKqe/2xVMB8GA1UdIwQY
MBaAFB1EBMg5LoLUtwKbactu4pC5tCwAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFVRRXlEa3VndFMzQXB0cHkyN2lrTG0wTEFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC9kNGI4MzUtZjViNS00NzA0LWFlOTct
YzI2MzI4NTYxMDMwLzEvbE1OU1BGeDVJaWZGdWtIak5OSEVxcDdfYkZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC9kNGI4MzUtZjViNS00NzA0LWFlOTctYzI2MzI4NTYxMDMw
LzEvSFVRRXlEa3VndFMzQXB0cHkyN2lrTG0wTEFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXBNMA0G
CSqGSIb3DQEBCwUAA4IBAQBwz0adzkO+SXweibmRmS6Uw7qGH/Vtp8Bqq0NL1sIs
BIZU7GOv16/KQ1baVK5MA6By1RzJ2nTqElMQYlGKxNHlb/Jd9DDmXeoKrL6/ZNEY
De51bJQkHcvgxXdh4JhtG0lF1tU+hdrQ8ZN/3xJiYGeopb1FTMOEvHX/55HbjPpT
p8HFwAcq9FRtRkLNSa//D3CtNAXJlfV/sZHid4VHPrLsqGGSRR2xhsxQ3Sa/+UpH
EHJnZ1iQ83KuKq57Rh8QRGZxkqfBWnDektTmiHZGGP4wFURTQUSu0skHg674VtXu
Gfa9rkwxjm/cQ0bMp2LUiTnxwCrTNnc2C81M+gyG73is
-----END CERTIFICATE-----
Generated at Mon Aug 26 15:20:52 2024 by rpki-client on console-ams.rpki-client.org