Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/81bcq1WYga8gyxNNsqBlfpivuE0.roa
File:                     81bcq1WYga8gyxNNsqBlfpivuE0.roa (raw, json)
Hash identifier:          NEmQnZT7b7Dv1NX1D+NrTlrmKXx372TMQiO7r+ksu3Q=
Subject key identifier:   F3:56:DC:AB:55:98:81:AF:20:CB:13:4D:B2:A0:65:7E:98:AF:B8:4D
Certificate issuer:       /CN=4d88eb730ab1a501ea36ea3482d764544e141111
Certificate serial:       09C3484A
Authority key identifier: 4D:88:EB:73:0A:B1:A5:01:EA:36:EA:34:82:D7:64:54:4E:14:11:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TYjrcwqxpQHqNuo0gtdkVE4UERE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/81bcq1WYga8gyxNNsqBlfpivuE0.roa
Signing time:             Sat 01 Jan 2022 14:57:54 +0000
ROA not before:           Sat 01 Jan 2022 14:57:54 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     200533
IP address blocks:        77.104.187.0/24 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 163792970 (0x9c3484a)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4d88eb730ab1a501ea36ea3482d764544e141111
        Validity
            Not Before: Jan  1 14:57:54 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=f356dcab559881af20cb134db2a0657e98afb84d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:25:bc:ba:45:75:d3:08:30:04:3c:b5:ba:6d:
                    82:36:23:63:e3:b9:e8:6b:1b:6b:9b:8c:44:d4:4e:
                    1b:c5:cf:00:8e:55:78:4e:dc:be:b2:43:c1:5f:50:
                    39:fb:ca:e9:63:bc:ae:ec:9a:56:24:b3:67:a5:bd:
                    35:77:ee:62:cb:a8:af:15:05:8b:ff:3e:9c:15:f4:
                    76:2b:b7:23:e7:58:d4:76:cc:3e:dc:41:f1:48:ba:
                    07:be:1c:7e:4a:b5:a1:30:b7:fe:79:ae:a0:f4:0c:
                    f6:87:4a:dc:2a:f7:d7:59:7c:f0:5b:12:10:e4:42:
                    5b:c7:9f:12:af:0d:be:e6:be:b3:f3:51:b2:60:0b:
                    ef:40:38:b0:3c:5b:82:55:d0:d5:10:6b:a5:67:93:
                    31:8e:a8:bd:d9:95:d4:ce:64:c2:4a:3b:62:1c:b4:
                    fc:db:39:9b:10:aa:52:60:7f:e7:07:4c:03:68:36:
                    f9:57:d6:9b:62:0a:6a:63:ef:76:90:00:e5:4d:e5:
                    8a:d6:bf:ab:e0:b3:dd:55:89:3f:30:5d:2d:3e:a5:
                    e6:24:f0:32:7c:76:d1:db:59:30:8a:71:e9:de:16:
                    07:d4:23:35:b8:76:a9:75:bd:d6:f1:72:93:05:b3:
                    b6:d8:a8:c3:67:72:b8:7c:44:a6:ef:b6:dc:c3:55:
                    87:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:56:DC:AB:55:98:81:AF:20:CB:13:4D:B2:A0:65:7E:98:AF:B8:4D
            X509v3 Authority Key Identifier:
                keyid:4D:88:EB:73:0A:B1:A5:01:EA:36:EA:34:82:D7:64:54:4E:14:11:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TYjrcwqxpQHqNuo0gtdkVE4UERE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/81bcq1WYga8gyxNNsqBlfpivuE0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/TYjrcwqxpQHqNuo0gtdkVE4UERE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.104.187.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:ec:25:72:e5:f0:1d:66:44:a3:52:ff:3a:f0:b3:f1:ba:34:
         62:08:be:43:68:ce:6f:65:2f:26:a5:90:09:22:46:c6:a0:8d:
         a6:58:1d:e9:fa:48:68:ec:d8:b3:ab:95:3c:e5:12:6d:46:bb:
         80:69:ca:4a:e6:94:35:75:48:1c:39:52:ec:28:97:1d:04:51:
         6b:60:84:e4:c6:8b:59:ee:5f:61:7d:73:ce:ba:d0:04:b4:e5:
         55:de:95:e0:78:72:9b:2e:38:4a:b2:ac:83:9c:b7:42:f3:8b:
         45:bb:4f:a3:c2:d8:89:c4:24:5d:0d:8a:d4:2d:79:b0:73:66:
         59:bc:ee:7d:c8:b1:59:8f:96:a5:1a:bd:c4:f2:10:a5:26:8e:
         f3:b1:13:36:f3:7a:85:22:9f:d0:40:3a:63:6c:d0:3b:a0:f8:
         63:3a:5c:0b:c4:f4:b0:9e:58:7f:63:b4:34:e1:fb:b3:e3:5b:
         df:12:11:b4:fe:47:a9:76:c2:16:20:75:80:81:b8:a0:48:5e:
         42:e0:52:f1:12:e3:55:ec:97:03:8e:50:bd:e2:e4:df:af:64:
         38:0b:22:a0:6f:1f:88:7c:3b:0a:c8:d0:2a:71:e2:ff:53:ab:
         9d:50:1f:4f:b7:34:90:1e:06:c7:35:ce:b5:67:de:39:dc:0a:
         a2:63:f6:a7
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIECcNISjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg0
ZDg4ZWI3MzBhYjFhNTAxZWEzNmVhMzQ4MmQ3NjQ1NDRlMTQxMTExMB4XDTIyMDEw
MTE0NTc1NFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZjM1NmRjYWI1NTk4
ODFhZjIwY2IxMzRkYjJhMDY1N2U5OGFmYjg0ZDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMklvLpFddMIMAQ8tbptgjYjY+O56Gsba5uMRNROG8XPAI5V
eE7cvrJDwV9QOfvK6WO8ruyaViSzZ6W9NXfuYsuorxUFi/8+nBX0diu3I+dY1HbM
PtxB8Ui6B74cfkq1oTC3/nmuoPQM9odK3Cr311l88FsSEORCW8efEq8Nvua+s/NR
smAL70A4sDxbglXQ1RBrpWeTMY6ovdmV1M5kwko7Yhy0/Ns5mxCqUmB/5wdMA2g2
+VfWm2IKamPvdpAA5U3lita/q+Cz3VWJPzBdLT6l5iTwMnx20dtZMIpx6d4WB9Qj
Nbh2qXW91vFykwWzttiow2dyuHxEpu+23MNVh/8CAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBTzVtyrVZiBryDLE02yoGV+mK+4TTAfBgNVHSMEGDAWgBRNiOtzCrGlAeo2
6jSC12RUThQRETAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1RZanJjd3F4cFFIcU51bzBndGRrVkU0VUVSRS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNmEvYzQ5M2VlLWY2NmUtNDIwOC1hMzFkLTcyNmY4M2QyMzg5Mi8x
LzgxYmNxMVdZZ2E4Z3l4Tk5zcUJsZnBpdnVFMC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNmEv
YzQ5M2VlLWY2NmUtNDIwOC1hMzFkLTcyNmY4M2QyMzg5Mi8xL1RZanJjd3F4cFFI
cU51bzBndGRrVkU0VUVSRS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAE1ouzANBgkqhkiG9w0BAQsFAAOC
AQEANewlcuXwHWZEo1L/OvCz8bo0Ygi+Q2jOb2UvJqWQCSJGxqCNplgd6fpIaOzY
s6uVPOUSbUa7gGnKSuaUNXVIHDlS7CiXHQRRa2CE5MaLWe5fYX1zzrrQBLTlVd6V
4Hhymy44SrKsg5y3QvOLRbtPo8LYicQkXQ2K1C15sHNmWbzufcixWY+WpRq9xPIQ
pSaO87ETNvN6hSKf0EA6Y2zQO6D4YzpcC8T0sJ5Yf2O0NOH7s+Nb3xIRtP5HqXbC
FiB1gIG4oEheQuBS8RLjVeyXA45QveLk369kOAsioG8fiHw7CsjQKnHi/1OrnVAf
T7c0kB4GxzXOtWfeOdwKomP2pw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:33:48 2024 by rpki-client on console-fra.rpki-client.org