Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/uqHGeUxqEqkVDcvAOxJ2DLsw0OM.roa
File:                     uqHGeUxqEqkVDcvAOxJ2DLsw0OM.roa (raw, json)
Hash identifier:          i2GhoebLbx6mx0bw43wRj3vEhoUHjhbUJNRd7vMY+tE=
Subject key identifier:   BA:A1:C6:79:4C:6A:12:A9:15:0D:CB:C0:3B:12:76:0C:BB:30:D0:E3
Certificate issuer:       /CN=e0559ce889ae4241121fe0a1653e4b955f3edf4b
Certificate serial:       01856DE66A322FCEF6B4F8D14D33EF28A427
Authority key identifier: E0:55:9C:E8:89:AE:42:41:12:1F:E0:A1:65:3E:4B:95:5F:3E:DF:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4FWc6ImuQkESH-ChZT5LlV8-30s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/uqHGeUxqEqkVDcvAOxJ2DLsw0OM.roa
Signing time:             Sun 01 Jan 2023 15:14:55 +0000
ROA not before:           Sun 01 Jan 2023 15:14:55 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     1239
IP address blocks:        185.77.3.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6d:e6:6a:32:2f:ce:f6:b4:f8:d1:4d:33:ef:28:a4:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e0559ce889ae4241121fe0a1653e4b955f3edf4b
        Validity
            Not Before: Jan  1 15:14:55 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=baa1c6794c6a12a9150dcbc03b12760cbb30d0e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:39:30:79:c7:f0:98:ef:0c:01:a4:eb:27:bd:
                    d3:42:6f:9c:08:ab:0f:bf:6c:a1:e2:da:63:79:d4:
                    b4:87:ae:90:4a:2c:e9:72:f3:11:d1:8b:62:61:27:
                    c0:bf:5b:b4:82:d1:10:24:6b:af:44:28:4d:10:06:
                    b4:13:cc:32:ab:9e:e8:3d:b3:bd:4a:79:58:a9:ae:
                    d3:ed:fc:da:3e:a0:12:1a:8f:3e:df:96:2e:80:2e:
                    4b:ec:f2:11:49:79:16:2d:88:72:ef:f7:d6:69:23:
                    3f:dd:98:5d:a5:13:8e:3c:94:82:27:fa:45:c9:29:
                    20:76:3e:0c:66:27:ea:86:c5:7d:00:74:c9:86:0e:
                    e2:f2:c3:41:ce:65:9f:3e:c1:86:c3:63:d2:56:bf:
                    ce:4f:6f:80:41:63:70:f3:7d:82:53:4b:8f:0c:d6:
                    af:5f:f6:bc:76:85:1b:96:6a:f4:2c:b9:6a:0a:12:
                    68:8c:0b:da:f4:e3:7b:9a:b5:e0:26:51:0a:71:20:
                    27:de:7d:50:a3:94:08:bf:55:21:6b:41:cf:5e:c1:
                    a9:98:10:c4:f4:92:13:c8:e0:35:cc:81:32:87:0b:
                    be:32:ec:54:3b:47:34:93:0d:a4:5a:e7:95:14:7c:
                    db:84:78:b5:de:4e:e4:aa:6e:42:9f:08:de:78:36:
                    42:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:A1:C6:79:4C:6A:12:A9:15:0D:CB:C0:3B:12:76:0C:BB:30:D0:E3
            X509v3 Authority Key Identifier:
                keyid:E0:55:9C:E8:89:AE:42:41:12:1F:E0:A1:65:3E:4B:95:5F:3E:DF:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4FWc6ImuQkESH-ChZT5LlV8-30s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/uqHGeUxqEqkVDcvAOxJ2DLsw0OM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/4FWc6ImuQkESH-ChZT5LlV8-30s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.77.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:b2:88:ef:fa:e4:ca:80:88:a0:2f:06:9a:d5:aa:05:55:41:
         81:59:1f:56:b5:3f:0e:49:5d:c6:7b:dc:e8:5d:0a:b2:f0:63:
         12:ae:9f:24:0c:c3:9d:0e:68:3d:a5:58:10:ab:e2:7e:f6:d4:
         63:82:4a:85:d0:b1:d3:36:2f:1d:16:1f:30:ac:f2:4a:b6:85:
         52:76:ed:60:4c:78:5f:ff:f5:10:35:b1:f9:b5:5e:34:6f:fb:
         92:1b:4f:58:ab:c9:7e:89:a1:de:9b:06:6e:93:c3:51:3c:fa:
         27:c4:bd:7d:94:76:b6:e4:52:d3:2f:ba:b4:47:74:77:72:12:
         f3:cd:36:51:eb:53:85:35:95:7d:50:3c:00:2f:d1:44:2e:4c:
         10:e0:b9:fb:13:f7:84:ef:29:20:62:ea:d3:cb:e2:d5:bb:ef:
         fe:43:2f:1b:f0:38:76:aa:07:14:4f:30:38:07:67:84:18:15:
         57:44:ab:2e:af:20:d8:7d:04:87:ca:35:00:60:eb:a4:d9:75:
         72:38:62:a8:9e:9a:fb:f3:b2:f6:da:97:9a:0e:3e:d4:0f:b0:
         c8:35:cf:86:f7:d9:48:a9:3c:d8:16:3d:50:72:24:6d:3d:33:
         62:7f:66:ab:f5:2a:70:9c:e1:06:9f:43:7d:bd:5d:37:68:0d:
         b2:db:80:70
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVt5moyL872tPjRTTPvKKQnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwNTU5Y2U4ODlhZTQyNDExMjFmZTBhMTY1M2U0Yjk1NWYz
ZWRmNGIwHhcNMjMwMTAxMTUxNDU1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYWExYzY3OTRjNmExMmE5MTUwZGNiYzAzYjEyNzYwY2JiMzBkMGUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5zkwecfwmO8MAaTrJ73TQm+cCKsP
v2yh4tpjedS0h66QSizpcvMR0YtiYSfAv1u0gtEQJGuvRChNEAa0E8wyq57oPbO9
SnlYqa7T7fzaPqASGo8+35YugC5L7PIRSXkWLYhy7/fWaSM/3ZhdpROOPJSCJ/pF
ySkgdj4MZifqhsV9AHTJhg7i8sNBzmWfPsGGw2PSVr/OT2+AQWNw832CU0uPDNav
X/a8doUblmr0LLlqChJojAva9ON7mrXgJlEKcSAn3n1Qo5QIv1Uha0HPXsGpmBDE
9JITyOA1zIEyhwu+MuxUO0c0kw2kWueVFHzbhHi13k7kqm5CnwjeeDZClQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLqhxnlMahKpFQ3LwDsSdgy7MNDjMB8GA1UdIwQY
MBaAFOBVnOiJrkJBEh/goWU+S5VfPt9LMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNEZXYzZJbXVRa0VTSC1DaFpUNUxsVjgtMzBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi8xZmE0YTEtOWExYy00N2RlLWFjYTYt
OTQ0OTk1N2ZkNWE1LzEvdXFIR2VVeHFFcWtWRGN2QU94SjJETHN3ME9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi8xZmE0YTEtOWExYy00N2RlLWFjYTYtOTQ0OTk1N2ZkNWE1
LzEvNEZXYzZJbXVRa0VTSC1DaFpUNUxsVjgtMzBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuU0DMA0G
CSqGSIb3DQEBCwUAA4IBAQArsojv+uTKgIigLwaa1aoFVUGBWR9WtT8OSV3Ge9zo
XQqy8GMSrp8kDMOdDmg9pVgQq+J+9tRjgkqF0LHTNi8dFh8wrPJKtoVSdu1gTHhf
//UQNbH5tV40b/uSG09Yq8l+iaHemwZuk8NRPPonxL19lHa25FLTL7q0R3R3chLz
zTZR61OFNZV9UDwAL9FELkwQ4Ln7E/eE7ykgYurTy+LVu+/+Qy8b8Dh2qgcUTzA4
B2eEGBVXRKsuryDYfQSHyjUAYOuk2XVyOGKonpr787L22peaDj7UD7DINc+G99lI
qTzYFj1QciRtPTNif2ar9SpwnOEGn0N9vV03aA2y24Bw
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:14:24 2024 by rpki-client on console-ams.rpki-client.org