Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/NYGmyaND1CP14-UQRfS9b6Ihsmw.roa
File:                     NYGmyaND1CP14-UQRfS9b6Ihsmw.roa (raw, json)
Hash identifier:          cdZmrW71u4pWnybOlFhMmHr44z3snyx5AhAAtysIlBU=
Subject key identifier:   35:81:A6:C9:A3:43:D4:23:F5:E3:E5:10:45:F4:BD:6F:A2:21:B2:6C
Certificate issuer:       /CN=e0559ce889ae4241121fe0a1653e4b955f3edf4b
Certificate serial:       082FE9B0
Authority key identifier: E0:55:9C:E8:89:AE:42:41:12:1F:E0:A1:65:3E:4B:95:5F:3E:DF:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4FWc6ImuQkESH-ChZT5LlV8-30s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/NYGmyaND1CP14-UQRfS9b6Ihsmw.roa
Signing time:             Sat 01 Jan 2022 13:07:31 +0000
ROA not before:           Sat 01 Jan 2022 13:07:31 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     209371
IP address blocks:        185.77.3.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 137357744 (0x82fe9b0)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e0559ce889ae4241121fe0a1653e4b955f3edf4b
        Validity
            Not Before: Jan  1 13:07:31 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=3581a6c9a343d423f5e3e51045f4bd6fa221b26c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:e8:0a:09:2d:67:16:1c:44:fd:1e:fe:06:db:
                    1e:94:80:4e:bc:40:b4:f6:a5:99:e4:9a:a4:f5:82:
                    e7:28:86:f8:59:27:d0:9a:1d:e4:13:cf:04:66:37:
                    92:4e:6b:0c:b2:b0:2b:74:bc:79:0f:23:2b:bc:44:
                    c9:43:99:a4:c0:2e:0c:38:07:c5:cc:11:0d:b8:92:
                    80:91:7b:97:84:d1:3d:82:8b:e7:be:fb:4c:f0:d3:
                    74:a3:cf:c0:3e:57:a6:04:5f:85:63:d6:2e:35:76:
                    3e:66:b9:3a:dd:1a:a1:62:38:75:8f:3a:4c:17:71:
                    52:d2:f5:f1:8c:eb:4a:3f:69:13:d1:58:1b:b2:47:
                    57:44:7e:c0:1d:d2:d2:6b:4b:2e:17:58:3f:74:77:
                    8a:76:47:ae:fa:17:81:6b:f3:6b:47:01:f5:bf:dd:
                    75:0c:6f:bc:89:89:08:0d:dc:74:9a:e5:4b:da:57:
                    92:02:75:2a:7a:74:6b:1c:cc:8a:5f:9c:4c:89:13:
                    c6:5f:5e:80:4f:70:07:02:99:be:8d:4d:b0:e7:b8:
                    4e:41:d4:51:75:b9:b0:c5:a4:ca:04:6e:89:75:ff:
                    54:1d:5e:91:89:d5:53:5d:12:fe:de:77:e1:5e:97:
                    13:d3:5d:50:3b:12:08:7d:28:9e:7b:05:37:28:10:
                    58:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:81:A6:C9:A3:43:D4:23:F5:E3:E5:10:45:F4:BD:6F:A2:21:B2:6C
            X509v3 Authority Key Identifier:
                keyid:E0:55:9C:E8:89:AE:42:41:12:1F:E0:A1:65:3E:4B:95:5F:3E:DF:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4FWc6ImuQkESH-ChZT5LlV8-30s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/NYGmyaND1CP14-UQRfS9b6Ihsmw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/4FWc6ImuQkESH-ChZT5LlV8-30s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.77.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:b0:c5:7c:ec:1d:28:6b:ba:6f:86:d9:23:98:f3:de:cd:5e:
         74:1d:11:58:a7:fd:ff:bf:05:ce:89:99:a7:bd:f9:65:be:aa:
         62:59:44:40:59:36:0a:3a:e9:13:09:0d:08:68:58:25:31:04:
         d5:24:09:93:09:02:ac:ab:c2:4d:a1:46:68:6d:04:17:31:d8:
         87:4a:7e:79:a2:db:52:e1:21:5f:2e:55:35:65:13:8a:3f:3b:
         81:52:2f:75:81:2d:3b:fa:14:02:5b:d2:7f:25:12:9b:be:68:
         63:96:27:7f:ab:3c:84:81:ad:60:56:ee:26:22:11:9d:e2:da:
         c2:ed:2b:f6:18:9f:c1:02:6d:26:14:ff:50:ab:94:02:ec:63:
         b3:41:9e:90:e2:6a:d6:25:15:ef:17:6b:e6:dc:f6:49:f3:66:
         70:3e:69:17:51:24:54:53:c9:5b:67:d0:d4:66:40:90:3a:da:
         c4:14:b7:a7:7a:78:af:7b:97:98:5e:2c:2e:3c:84:17:d8:ad:
         9f:1f:8e:d4:2f:98:05:0c:67:d5:ee:14:b1:92:58:91:ee:d9:
         e6:b6:d9:30:05:3e:12:a4:69:ca:07:27:58:06:4c:eb:8e:c1:
         6e:8a:fe:ac:d7:60:ad:ba:59:b5:0f:e0:37:41:b9:c0:cd:0f:
         af:da:c5:46
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIECC/psDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhl
MDU1OWNlODg5YWU0MjQxMTIxZmUwYTE2NTNlNGI5NTVmM2VkZjRiMB4XDTIyMDEw
MTEzMDczMVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMzU4MWE2YzlhMzQz
ZDQyM2Y1ZTNlNTEwNDVmNGJkNmZhMjIxYjI2YzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAK/oCgktZxYcRP0e/gbbHpSATrxAtPalmeSapPWC5yiG+Fkn
0Jod5BPPBGY3kk5rDLKwK3S8eQ8jK7xEyUOZpMAuDDgHxcwRDbiSgJF7l4TRPYKL
5777TPDTdKPPwD5XpgRfhWPWLjV2Pma5Ot0aoWI4dY86TBdxUtL18YzrSj9pE9FY
G7JHV0R+wB3S0mtLLhdYP3R3inZHrvoXgWvza0cB9b/ddQxvvImJCA3cdJrlS9pX
kgJ1Knp0axzMil+cTIkTxl9egE9wBwKZvo1NsOe4TkHUUXW5sMWkygRuiXX/VB1e
kYnVU10S/t534V6XE9NdUDsSCH0onnsFNygQWKcCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBQ1gabJo0PUI/Xj5RBF9L1voiGybDAfBgNVHSMEGDAWgBTgVZzoia5CQRIf
4KFlPkuVXz7fSzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzRGV2M2SW11UWtFU0gtQ2haVDVMbFY4LTMwcy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNjIvMWZhNGExLTlhMWMtNDdkZS1hY2E2LTk0NDk5NTdmZDVhNS8x
L05ZR215YU5EMUNQMTQtVVFSZlM5YjZJaHNtdy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjIv
MWZhNGExLTlhMWMtNDdkZS1hY2E2LTk0NDk5NTdmZDVhNS8xLzRGV2M2SW11UWtF
U0gtQ2haVDVMbFY4LTMwcy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALlNAzANBgkqhkiG9w0BAQsFAAOC
AQEAC7DFfOwdKGu6b4bZI5jz3s1edB0RWKf9/78FzomZp735Zb6qYllEQFk2Cjrp
EwkNCGhYJTEE1SQJkwkCrKvCTaFGaG0EFzHYh0p+eaLbUuEhXy5VNWUTij87gVIv
dYEtO/oUAlvSfyUSm75oY5Ynf6s8hIGtYFbuJiIRneLawu0r9hifwQJtJhT/UKuU
Auxjs0GekOJq1iUV7xdr5tz2SfNmcD5pF1EkVFPJW2fQ1GZAkDraxBS3p3p4r3uX
mF4sLjyEF9itnx+O1C+YBQxn1e4UsZJYke7Z5rbZMAU+EqRpygcnWAZM647Bbor+
rNdgrbpZtQ/gN0G5wM0Pr9rFRg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:14:24 2024 by rpki-client on console-ams.rpki-client.org