Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/e53de5-1b5f-4467-a68c-15fc0b68f844/1/MkKG_PTvGCfGTXyl_T8lTotaL0U.roa
File:                     MkKG_PTvGCfGTXyl_T8lTotaL0U.roa (raw, json)
Hash identifier:          eJVGSDAVoeVV3DiXcRpAg1sGBps2bXz0aoL58zoOehQ=
Subject key identifier:   32:42:86:FC:F4:EF:18:27:C6:4D:7C:A5:FD:3F:25:4E:8B:5A:2F:45
Certificate issuer:       /CN=da70c441fb892b8c9816534885069fcd3300c9a4
Certificate serial:       0186CC8C507CDB2301F8E149469122564F62
Authority key identifier: DA:70:C4:41:FB:89:2B:8C:98:16:53:48:85:06:9F:CD:33:00:C9:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2nDEQfuJK4yYFlNIhQafzTMAyaQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/e53de5-1b5f-4467-a68c-15fc0b68f844/1/MkKG_PTvGCfGTXyl_T8lTotaL0U.roa
Signing time:             Fri 10 Mar 2023 17:23:13 +0000
ROA not before:           Fri 10 Mar 2023 17:23:13 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     58024
IP address blocks:        84.54.44.0/22 maxlen: 22
                          84.54.44.0/24 maxlen: 24
                          77.105.145.0/24 maxlen: 24
                          84.54.47.0/24 maxlen: 24
                          84.54.46.0/24 maxlen: 24
                          84.54.45.0/24 maxlen: 24
                          194.31.132.0/22 maxlen: 22
                          77.105.165.0/24 maxlen: 24
                          77.105.166.0/23 maxlen: 23
                          176.113.112.0/24 maxlen: 24
                          176.113.112.0/23 maxlen: 23
                          176.113.113.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:cc:8c:50:7c:db:23:01:f8:e1:49:46:91:22:56:4f:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=da70c441fb892b8c9816534885069fcd3300c9a4
        Validity
            Not Before: Mar 10 17:23:13 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=324286fcf4ef1827c64d7ca5fd3f254e8b5a2f45
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:41:18:b3:42:db:40:44:d9:ea:6e:e0:dc:94:
                    dd:8b:f6:af:16:c3:7b:76:a8:96:b3:81:5c:c3:3d:
                    93:9b:59:4d:28:66:b7:73:1b:67:4f:a9:45:41:50:
                    b2:88:3d:cb:0a:9d:93:70:d0:4b:0e:b7:48:8d:0d:
                    e3:07:1d:c0:c6:8c:e6:eb:88:33:c0:6f:62:db:66:
                    bc:88:86:57:77:30:e4:e4:be:72:00:a1:23:96:36:
                    cb:09:0d:ab:87:f3:9e:58:39:08:2f:93:e6:76:85:
                    12:91:92:2d:8a:e3:cd:2c:6f:a6:49:7c:a7:f8:9e:
                    d9:fd:79:7c:ac:16:6b:73:de:65:6a:6a:98:88:39:
                    7e:ff:b1:c2:02:10:a0:1c:92:6b:3b:d8:ae:78:a7:
                    23:e7:09:3b:b7:f2:d2:b6:89:f6:d3:bf:b6:50:bb:
                    b9:3a:c4:fb:39:65:14:04:38:ac:e1:2a:65:41:44:
                    03:97:03:43:4e:26:43:bb:f6:98:90:0d:94:8b:1d:
                    fe:a9:7f:14:6c:16:22:92:04:b0:f8:68:22:de:19:
                    f4:bb:b7:63:f0:7f:c7:bd:1b:0f:7d:e4:36:f9:2f:
                    a1:33:c9:81:82:ea:12:3c:33:35:11:9d:a2:98:a5:
                    7f:01:ed:d5:cb:ac:d8:72:b0:97:0b:dd:87:72:65:
                    e8:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:42:86:FC:F4:EF:18:27:C6:4D:7C:A5:FD:3F:25:4E:8B:5A:2F:45
            X509v3 Authority Key Identifier:
                keyid:DA:70:C4:41:FB:89:2B:8C:98:16:53:48:85:06:9F:CD:33:00:C9:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2nDEQfuJK4yYFlNIhQafzTMAyaQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/e53de5-1b5f-4467-a68c-15fc0b68f844/1/MkKG_PTvGCfGTXyl_T8lTotaL0U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/e53de5-1b5f-4467-a68c-15fc0b68f844/1/2nDEQfuJK4yYFlNIhQafzTMAyaQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.105.145.0/24
                  77.105.165.0-77.105.167.255
                  84.54.44.0/22
                  176.113.112.0/23
                  194.31.132.0/22

    Signature Algorithm: sha256WithRSAEncryption
         55:ab:13:2c:14:55:1e:23:60:45:2f:ef:1b:a1:b5:11:e6:da:
         9e:23:25:1f:1e:7d:8f:24:98:e0:75:59:07:03:45:56:db:8f:
         c3:79:f0:9f:2b:a7:2e:3c:19:10:a8:22:ea:ae:f8:e6:b5:6a:
         a1:3e:b5:c8:a7:4b:29:13:32:48:12:50:9f:cf:1a:19:01:62:
         79:69:d7:f5:2a:22:61:e1:9b:37:af:6b:0a:c1:86:79:f4:6f:
         13:5f:cc:7d:16:8e:44:a8:b3:58:1a:10:b5:7a:e6:31:4b:46:
         85:bb:cf:ba:df:5e:d3:9c:a6:99:e8:0f:49:fd:a9:74:27:35:
         70:50:b6:00:f2:13:e7:9b:26:bb:26:b8:f3:59:fc:05:fa:6d:
         1e:ff:57:95:a3:ce:2d:81:1a:3a:4a:44:6f:58:95:ae:ea:40:
         d6:59:d6:20:9b:f3:16:51:ba:8c:9e:ad:66:e6:46:f7:ba:1f:
         ab:cc:8c:30:a8:be:e7:ff:8e:97:96:fe:4a:c5:2e:d7:d1:78:
         23:0e:41:a7:5f:11:09:fc:36:b0:47:59:b8:6b:8c:fa:cf:88:
         39:73:58:02:c4:62:6c:f9:32:fa:f8:f4:0d:5d:08:52:64:c7:
         2e:82:5b:ef:27:42:59:2f:1c:b8:c0:65:70:f7:ad:fe:84:02:
         c9:51:7c:f6
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAYbMjFB82yMB+OFJRpEiVk9iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhNzBjNDQxZmI4OTJiOGM5ODE2NTM0ODg1MDY5ZmNkMzMw
MGM5YTQwHhcNMjMwMzEwMTcyMzEzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjQyODZmY2Y0ZWYxODI3YzY0ZDdjYTVmZDNmMjU0ZThiNWEyZjQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiEEYs0LbQETZ6m7g3JTdi/avFsN7
dqiWs4Fcwz2Tm1lNKGa3cxtnT6lFQVCyiD3LCp2TcNBLDrdIjQ3jBx3Axozm64gz
wG9i22a8iIZXdzDk5L5yAKEjljbLCQ2rh/OeWDkIL5PmdoUSkZItiuPNLG+mSXyn
+J7Z/Xl8rBZrc95lamqYiDl+/7HCAhCgHJJrO9iueKcj5wk7t/LSton207+2ULu5
OsT7OWUUBDis4SplQUQDlwNDTiZDu/aYkA2Uix3+qX8UbBYikgSw+Ggi3hn0u7dj
8H/HvRsPfeQ2+S+hM8mBguoSPDM1EZ2imKV/Ae3Vy6zYcrCXC92HcmXoQQIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFDJChvz07xgnxk18pf0/JU6LWi9FMB8GA1UdIwQY
MBaAFNpwxEH7iSuMmBZTSIUGn80zAMmkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMm5ERVFmdUpLNHlZRmxOSWhRYWZ6VE1BeWFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS9lNTNkZTUtMWI1Zi00NDY3LWE2OGMt
MTVmYzBiNjhmODQ0LzEvTWtLR19QVHZHQ2ZHVFh5bF9UOGxUb3RhTDBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS9lNTNkZTUtMWI1Zi00NDY3LWE2OGMtMTVmYzBiNjhmODQ0
LzEvMm5ERVFmdUpLNHlZRmxOSWhRYWZ6VE1BeWFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjAsBAIAATAmAwQATWmRMAwD
BABNaaUDBANNaaADBAJUNiwDBAGwcXADBALCH4QwDQYJKoZIhvcNAQELBQADggEB
AFWrEywUVR4jYEUv7xuhtRHm2p4jJR8efY8kmOB1WQcDRVbbj8N58J8rpy48GRCo
Iuqu+Oa1aqE+tcinSykTMkgSUJ/PGhkBYnlp1/UqImHhmzevawrBhnn0bxNfzH0W
jkSos1gaELV65jFLRoW7z7rfXtOcppnoD0n9qXQnNXBQtgDyE+ebJrsmuPNZ/AX6
bR7/V5Wjzi2BGjpKRG9Yla7qQNZZ1iCb8xZRuoyerWbmRve6H6vMjDCovuf/jpeW
/krFLtfReCMOQadfEQn8NrBHWbhrjPrPiDlzWALEYmz5Mvr49A1dCFJkxy6CW+8n
QlkvHLjAZXD3rf6EAslRfPY=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:32:28 2024 by rpki-client on console-fra.rpki-client.org