Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/e53de5-1b5f-4467-a68c-15fc0b68f844/1/hyq-tnYJ-iO0tGjv18PoowlZWG8.roa
File:                     hyq-tnYJ-iO0tGjv18PoowlZWG8.roa (raw, json)
Hash identifier:          Qc+BQ+46aH629Uo0SwKEcB8dR4czuZf0Bf6yVxJa5yA=
Subject key identifier:   87:2A:BE:B6:76:09:FA:23:B4:B4:68:EF:D7:C3:E8:A3:09:59:58:6F
Certificate issuer:       /CN=da70c441fb892b8c9816534885069fcd3300c9a4
Certificate serial:       01867E396A15777A6C2809F47B88FD660FA1
Authority key identifier: DA:70:C4:41:FB:89:2B:8C:98:16:53:48:85:06:9F:CD:33:00:C9:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2nDEQfuJK4yYFlNIhQafzTMAyaQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/e53de5-1b5f-4467-a68c-15fc0b68f844/1/hyq-tnYJ-iO0tGjv18PoowlZWG8.roa
Signing time:             Thu 23 Feb 2023 12:22:17 +0000
ROA not before:           Thu 23 Feb 2023 12:22:17 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     58024
IP address blocks:        84.54.44.0/22 maxlen: 22
                          84.54.44.0/24 maxlen: 24
                          84.54.47.0/24 maxlen: 24
                          84.54.46.0/24 maxlen: 24
                          84.54.45.0/24 maxlen: 24
                          194.31.132.0/22 maxlen: 22
                          77.105.166.0/23 maxlen: 23
                          176.113.112.0/24 maxlen: 24
                          176.113.112.0/23 maxlen: 23
                          176.113.113.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:7e:39:6a:15:77:7a:6c:28:09:f4:7b:88:fd:66:0f:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=da70c441fb892b8c9816534885069fcd3300c9a4
        Validity
            Not Before: Feb 23 12:22:17 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=872abeb67609fa23b4b468efd7c3e8a30959586f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:99:e9:e7:88:fa:27:e6:23:f8:27:ec:43:ea:
                    ef:1c:61:92:60:b0:52:07:9f:02:41:cd:62:da:a1:
                    ed:6a:fc:3c:9e:fc:a1:ca:0a:f6:ff:11:c4:52:bc:
                    2f:18:7a:6a:d5:d1:b9:48:c0:27:54:c9:1f:da:1e:
                    9d:39:19:e6:51:43:63:1c:a5:15:ef:6c:be:88:a5:
                    9d:e8:8c:c5:87:4b:05:08:a9:40:15:d0:24:13:02:
                    c8:a2:d3:0c:96:40:9b:c5:4d:4a:d6:9d:c0:c1:cc:
                    19:7f:3c:bf:51:91:66:40:2e:61:ed:9e:50:0f:d0:
                    cc:e7:05:ac:77:7d:9d:d5:73:9a:eb:3e:10:c7:df:
                    42:f7:e9:ba:18:b1:52:fb:b1:1a:22:32:03:ed:da:
                    36:ab:f5:b8:eb:e9:81:b2:2b:09:e4:e6:bd:52:78:
                    78:e0:4d:34:cd:87:4d:ae:22:28:c5:a3:cb:40:bc:
                    ea:46:a6:7a:5c:e9:ee:4b:f6:ea:f2:05:73:1f:6d:
                    3c:5d:dc:c5:88:c8:de:f2:a0:3b:48:50:f5:ed:60:
                    ae:c3:7e:cb:df:7d:4f:d6:b5:4b:8a:10:99:0c:01:
                    df:02:2c:19:10:96:26:d5:ac:d8:c1:6b:e9:b2:05:
                    c6:13:29:24:d3:9f:12:7f:09:ac:73:55:17:4e:7d:
                    43:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:2A:BE:B6:76:09:FA:23:B4:B4:68:EF:D7:C3:E8:A3:09:59:58:6F
            X509v3 Authority Key Identifier:
                keyid:DA:70:C4:41:FB:89:2B:8C:98:16:53:48:85:06:9F:CD:33:00:C9:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2nDEQfuJK4yYFlNIhQafzTMAyaQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/e53de5-1b5f-4467-a68c-15fc0b68f844/1/hyq-tnYJ-iO0tGjv18PoowlZWG8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/e53de5-1b5f-4467-a68c-15fc0b68f844/1/2nDEQfuJK4yYFlNIhQafzTMAyaQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.105.166.0/23
                  84.54.44.0/22
                  176.113.112.0/23
                  194.31.132.0/22

    Signature Algorithm: sha256WithRSAEncryption
         97:42:27:0a:e5:56:aa:24:fd:50:b8:3f:68:5d:75:6d:13:0a:
         fe:6f:ed:18:65:18:7f:d3:23:74:c7:52:14:44:d9:52:b8:fb:
         84:0f:69:25:2f:01:9a:9f:31:65:6a:ab:fa:dc:08:fd:8d:7a:
         ec:4c:04:c5:3a:7b:90:3f:4a:93:39:1a:f6:b9:9e:38:98:16:
         97:35:a8:44:65:da:96:5d:86:f7:3f:2c:f4:b0:07:63:35:5e:
         56:7f:74:88:61:5f:d8:1e:bc:9c:6c:9f:7b:08:b1:26:c0:16:
         97:a8:ca:94:51:f7:f9:32:38:ed:14:59:27:f9:f8:45:7e:4e:
         48:2c:97:95:d9:bb:b4:88:8b:57:43:dd:f1:28:36:93:af:87:
         9c:dd:99:8b:4e:6d:a4:e4:2e:71:1c:77:0b:a0:0c:2e:7d:d0:
         ac:fb:63:a2:6c:80:9c:37:12:1b:ac:70:04:9b:92:5c:1b:65:
         05:62:58:c6:7d:21:bc:24:df:5e:ae:eb:46:94:68:5b:39:91:
         8a:40:3a:a7:eb:64:fa:24:a8:d9:d9:14:b0:12:cb:fe:7f:4b:
         38:15:9d:67:36:1c:63:9a:f0:b8:aa:b1:f9:03:aa:14:af:8b:
         76:ea:6a:a9:a6:72:d6:86:66:fa:b2:ca:ed:f4:2a:a0:5c:57:
         9f:7e:1e:be
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYZ+OWoVd3psKAn0e4j9Zg+hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhNzBjNDQxZmI4OTJiOGM5ODE2NTM0ODg1MDY5ZmNkMzMw
MGM5YTQwHhcNMjMwMjIzMTIyMjE3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzJhYmViNjc2MDlmYTIzYjRiNDY4ZWZkN2MzZThhMzA5NTk1ODZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtZnp54j6J+Yj+CfsQ+rvHGGSYLBS
B58CQc1i2qHtavw8nvyhygr2/xHEUrwvGHpq1dG5SMAnVMkf2h6dORnmUUNjHKUV
72y+iKWd6IzFh0sFCKlAFdAkEwLIotMMlkCbxU1K1p3AwcwZfzy/UZFmQC5h7Z5Q
D9DM5wWsd32d1XOa6z4Qx99C9+m6GLFS+7EaIjID7do2q/W46+mBsisJ5Oa9Unh4
4E00zYdNriIoxaPLQLzqRqZ6XOnuS/bq8gVzH208XdzFiMje8qA7SFD17WCuw37L
331P1rVLihCZDAHfAiwZEJYm1azYwWvpsgXGEykk058Sfwmsc1UXTn1DtQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFIcqvrZ2CfojtLRo79fD6KMJWVhvMB8GA1UdIwQY
MBaAFNpwxEH7iSuMmBZTSIUGn80zAMmkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMm5ERVFmdUpLNHlZRmxOSWhRYWZ6VE1BeWFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS9lNTNkZTUtMWI1Zi00NDY3LWE2OGMt
MTVmYzBiNjhmODQ0LzEvaHlxLXRuWUotaU8wdEdqdjE4UG9vd2xaV0c4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS9lNTNkZTUtMWI1Zi00NDY3LWE2OGMtMTVmYzBiNjhmODQ0
LzEvMm5ERVFmdUpLNHlZRmxOSWhRYWZ6VE1BeWFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQBTWmmAwQC
VDYsAwQBsHFwAwQCwh+EMA0GCSqGSIb3DQEBCwUAA4IBAQCXQicK5VaqJP1QuD9o
XXVtEwr+b+0YZRh/0yN0x1IURNlSuPuED2klLwGanzFlaqv63Aj9jXrsTATFOnuQ
P0qTORr2uZ44mBaXNahEZdqWXYb3Pyz0sAdjNV5Wf3SIYV/YHrycbJ97CLEmwBaX
qMqUUff5MjjtFFkn+fhFfk5ILJeV2bu0iItXQ93xKDaTr4ec3ZmLTm2k5C5xHHcL
oAwufdCs+2OibICcNxIbrHAEm5JcG2UFYljGfSG8JN9erutGlGhbOZGKQDqn62T6
JKjZ2RSwEsv+f0s4FZ1nNhxjmvC4qrH5A6oUr4t26mqppnLWhmb6ssrt9CqgXFef
fh6+
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:14:21 2024 by rpki-client on console-ams.rpki-client.org