Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/c4213d-0de0-4db4-a508-822d9f855984/1/KLr9js8STllOd7CSl0eNhw1itR0.roa
File:                     KLr9js8STllOd7CSl0eNhw1itR0.roa (raw, json)
Hash identifier:          Be6UMASkL+P1CVjG/VZY/G8b6zpsHZeAXb3K9Y2KOss=
Subject key identifier:   28:BA:FD:8E:CF:12:4E:59:4E:77:B0:92:97:47:8D:87:0D:62:B5:1D
Certificate issuer:       /CN=6cedf4158ade98f1457cec858955626f161d2aef
Certificate serial:       10B35FAC
Authority key identifier: 6C:ED:F4:15:8A:DE:98:F1:45:7C:EC:85:89:55:62:6F:16:1D:2A:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bO30FYremPFFfOyFiVVibxYdKu8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/c4213d-0de0-4db4-a508-822d9f855984/1/KLr9js8STllOd7CSl0eNhw1itR0.roa
Signing time:             Sat 01 Jan 2022 13:03:41 +0000
ROA not before:           Sat 01 Jan 2022 13:03:41 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     42532
IP address blocks:        77.73.71.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 280190892 (0x10b35fac)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6cedf4158ade98f1457cec858955626f161d2aef
        Validity
            Not Before: Jan  1 13:03:41 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=28bafd8ecf124e594e77b09297478d870d62b51d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:03:f7:3c:4c:67:8f:7d:72:06:ba:9c:63:6e:
                    d9:00:48:45:61:a2:da:c4:84:6d:91:07:9b:0e:16:
                    05:4d:ab:e1:99:bf:95:13:cb:f6:d8:e2:c4:f9:44:
                    88:df:44:86:01:38:bc:07:5e:8c:8a:43:d2:47:cc:
                    78:e3:9e:0f:c2:49:17:0c:e1:29:a7:ff:53:5a:26:
                    4a:44:10:99:7d:e1:56:98:ff:df:28:8c:49:8f:23:
                    d8:be:67:7b:e4:90:bc:af:03:75:88:43:48:19:b3:
                    04:0a:52:ad:82:69:63:c0:87:66:53:56:f9:5e:5b:
                    d9:1b:3f:ff:06:07:ec:8a:6c:b2:a7:f3:5f:52:cb:
                    39:b5:1b:4d:1c:9a:2d:2d:39:88:d1:1b:3f:91:bf:
                    9e:a5:a0:a4:c7:73:38:28:ce:07:92:b3:3c:30:d6:
                    19:4e:b8:8b:cd:06:71:fa:42:c1:d3:76:15:76:f8:
                    31:92:5d:cc:bd:9b:f7:6c:05:ce:b4:23:73:80:8d:
                    2c:9e:38:45:94:06:96:c4:60:bb:84:73:e2:4f:cc:
                    9a:72:1f:f3:58:1a:92:c7:fe:bf:e3:e6:3d:06:4f:
                    73:6d:a4:3e:a5:68:b4:40:26:3e:38:56:2b:c3:6b:
                    99:6d:f7:cf:7f:39:86:d5:23:c0:74:c4:83:17:4d:
                    4a:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:BA:FD:8E:CF:12:4E:59:4E:77:B0:92:97:47:8D:87:0D:62:B5:1D
            X509v3 Authority Key Identifier:
                keyid:6C:ED:F4:15:8A:DE:98:F1:45:7C:EC:85:89:55:62:6F:16:1D:2A:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bO30FYremPFFfOyFiVVibxYdKu8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c4213d-0de0-4db4-a508-822d9f855984/1/KLr9js8STllOd7CSl0eNhw1itR0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c4213d-0de0-4db4-a508-822d9f855984/1/bO30FYremPFFfOyFiVVibxYdKu8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.73.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:9c:dd:d7:d3:ae:e3:f1:5b:01:f2:e7:ac:b5:1d:86:8b:7b:
         7b:0c:7b:8e:91:d5:19:cd:a9:90:15:c3:cf:44:ff:01:4e:29:
         67:aa:62:2a:8a:2f:60:47:1f:fe:d0:8f:46:6f:f9:f3:39:4e:
         20:34:5e:86:6f:cb:15:b0:30:84:7d:b9:44:09:f0:1f:21:ff:
         63:05:dc:ac:07:02:80:e0:53:52:32:0a:1e:cd:88:83:83:d1:
         62:e5:d4:4e:77:17:06:bb:61:fc:ba:f7:7d:e9:61:05:8c:d3:
         62:3b:68:23:0f:b8:81:ef:e5:15:44:ca:b0:52:85:7e:eb:e5:
         98:6b:5c:47:fd:67:6f:8a:fd:89:7f:53:8c:13:b7:75:ba:a9:
         bf:36:86:96:d5:b7:fe:bf:15:51:b7:1e:ff:02:5a:f1:26:ea:
         f1:1a:02:2d:d4:b8:d4:ef:1b:48:29:f3:c0:6d:a9:2f:d5:ef:
         3b:67:d4:81:d9:d6:3d:51:8c:90:b1:e5:c1:96:97:01:32:97:
         5e:4f:76:a9:c8:1a:2a:06:5d:44:26:ff:8c:65:b2:b5:c7:57:
         9d:59:6b:b6:47:ef:02:ed:4f:40:10:e2:c7:cf:0a:d9:00:90:
         46:5a:b8:c8:67:3b:11:e6:f3:e7:f6:52:5d:b9:c0:45:cc:a7:
         e8:cf:df:ac
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEELNfrDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg2
Y2VkZjQxNThhZGU5OGYxNDU3Y2VjODU4OTU1NjI2ZjE2MWQyYWVmMB4XDTIyMDEw
MTEzMDM0MVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMjhiYWZkOGVjZjEy
NGU1OTRlNzdiMDkyOTc0NzhkODcwZDYyYjUxZDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKkD9zxMZ499cga6nGNu2QBIRWGi2sSEbZEHmw4WBU2r4Zm/
lRPL9tjixPlEiN9EhgE4vAdejIpD0kfMeOOeD8JJFwzhKaf/U1omSkQQmX3hVpj/
3yiMSY8j2L5ne+SQvK8DdYhDSBmzBApSrYJpY8CHZlNW+V5b2Rs//wYH7Ipssqfz
X1LLObUbTRyaLS05iNEbP5G/nqWgpMdzOCjOB5KzPDDWGU64i80GcfpCwdN2FXb4
MZJdzL2b92wFzrQjc4CNLJ44RZQGlsRgu4Rz4k/MmnIf81gaksf+v+PmPQZPc22k
PqVotEAmPjhWK8NrmW33z385htUjwHTEgxdNSs0CAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBQouv2OzxJOWU53sJKXR42HDWK1HTAfBgNVHSMEGDAWgBRs7fQVit6Y8UV8
7IWJVWJvFh0q7zAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2JPMzBGWXJlbVBGRmZPeUZpVlZpYnhZZEt1OC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMjkvYzQyMTNkLTBkZTAtNGRiNC1hNTA4LTgyMmQ5Zjg1NTk4NC8x
L0tMcjlqczhTVGxsT2Q3Q1NsMGVOaHcxaXRSMC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjkv
YzQyMTNkLTBkZTAtNGRiNC1hNTA4LTgyMmQ5Zjg1NTk4NC8xL2JPMzBGWXJlbVBG
RmZPeUZpVlZpYnhZZEt1OC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAE1JRzANBgkqhkiG9w0BAQsFAAOC
AQEAXpzd19Ou4/FbAfLnrLUdhot7ewx7jpHVGc2pkBXDz0T/AU4pZ6piKoovYEcf
/tCPRm/58zlOIDRehm/LFbAwhH25RAnwHyH/YwXcrAcCgOBTUjIKHs2Ig4PRYuXU
TncXBrth/Lr3felhBYzTYjtoIw+4ge/lFUTKsFKFfuvlmGtcR/1nb4r9iX9TjBO3
dbqpvzaGltW3/r8VUbce/wJa8Sbq8RoCLdS41O8bSCnzwG2pL9XvO2fUgdnWPVGM
kLHlwZaXATKXXk92qcgaKgZdRCb/jGWytcdXnVlrtkfvAu1PQBDix88K2QCQRlq4
yGc7Eebz5/ZSXbnARcyn6M/frA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:23:20 2024 by rpki-client on console-fra.rpki-client.org