Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/X3ZKtOfytXM7HYbCLBWZkpWEQ1Y.roa
File:                     X3ZKtOfytXM7HYbCLBWZkpWEQ1Y.roa (raw, json)
Hash identifier:          5vN9M30c8Rs9ePS4IVC4ZSsi+221bx9x+WQ455VALv0=
Subject key identifier:   5F:76:4A:B4:E7:F2:B5:73:3B:1D:86:C2:2C:15:99:92:95:84:43:56
Certificate issuer:       /CN=4d88eb730ab1a501ea36ea3482d764544e141111
Certificate serial:       01856CCAE54352CD6D972787BC71798EBDF1
Authority key identifier: 4D:88:EB:73:0A:B1:A5:01:EA:36:EA:34:82:D7:64:54:4E:14:11:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TYjrcwqxpQHqNuo0gtdkVE4UERE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/X3ZKtOfytXM7HYbCLBWZkpWEQ1Y.roa
Signing time:             Sun 01 Jan 2023 10:05:14 +0000
ROA not before:           Sun 01 Jan 2023 10:05:14 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     200533
IP address blocks:        77.104.187.0/24 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6c:ca:e5:43:52:cd:6d:97:27:87:bc:71:79:8e:bd:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4d88eb730ab1a501ea36ea3482d764544e141111
        Validity
            Not Before: Jan  1 10:05:14 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=5f764ab4e7f2b5733b1d86c22c15999295844356
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:08:93:7c:64:32:a6:92:70:f4:19:54:2d:e1:
                    ca:6c:29:54:19:88:aa:e2:3c:ff:3a:20:9f:db:2f:
                    86:39:cb:12:7d:b6:fb:15:1d:41:eb:ad:d0:46:a2:
                    5a:28:bb:1d:92:1a:fa:dd:3e:99:62:3f:dd:03:26:
                    e0:58:02:ef:f7:19:dd:2a:79:22:fc:9f:29:3e:55:
                    2a:7f:28:24:3a:f4:2c:78:2c:ab:ad:aa:b6:8e:9a:
                    66:12:ad:76:91:8d:75:9a:e3:98:b8:3a:3d:7b:19:
                    7e:74:ac:fd:4f:5e:0e:01:25:53:38:be:f9:49:a4:
                    78:07:ed:95:b3:01:ae:85:6d:8f:a4:4b:3a:9e:59:
                    b0:78:60:2c:bf:da:4e:d6:38:d8:22:c4:18:92:61:
                    b2:fb:1e:5e:40:73:92:9f:1b:62:f5:29:82:e3:f7:
                    f6:c0:84:ad:92:10:9e:b6:f0:10:20:82:4b:3d:1a:
                    71:52:2e:50:92:f0:11:ac:72:ef:74:ff:90:bc:09:
                    f9:97:bf:7a:ec:e3:c4:3c:6a:5b:5d:9e:87:9c:c1:
                    1f:ce:8b:da:2a:f6:7b:eb:02:f6:18:72:09:05:f1:
                    42:99:f2:a7:92:52:35:18:23:6e:b7:88:bb:b7:8a:
                    12:da:9f:9b:77:1a:a6:02:16:eb:60:71:5c:89:f2:
                    70:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:76:4A:B4:E7:F2:B5:73:3B:1D:86:C2:2C:15:99:92:95:84:43:56
            X509v3 Authority Key Identifier:
                keyid:4D:88:EB:73:0A:B1:A5:01:EA:36:EA:34:82:D7:64:54:4E:14:11:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TYjrcwqxpQHqNuo0gtdkVE4UERE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/X3ZKtOfytXM7HYbCLBWZkpWEQ1Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/TYjrcwqxpQHqNuo0gtdkVE4UERE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.104.187.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:b5:ef:10:54:fd:db:75:45:d5:b3:89:68:15:65:b1:51:c4:
         34:3b:49:d7:1a:e4:67:96:f4:ca:db:25:a5:10:d6:65:54:d5:
         37:26:6d:7f:d1:ad:75:6f:56:86:54:c5:85:69:6c:2d:73:19:
         4c:a3:bd:82:75:bc:a9:06:bb:5c:d9:2b:a8:74:ca:72:97:62:
         d1:c1:b0:03:8b:5a:77:7d:7e:7e:c9:11:0e:3a:ce:3f:17:fe:
         21:f3:84:38:31:e3:39:00:0d:68:56:94:96:95:98:8c:ee:44:
         7d:fe:e0:43:ac:b2:e7:8c:9f:79:d1:5d:a6:83:79:21:3a:fa:
         19:82:13:be:4c:13:b4:2b:f8:77:d3:2f:e0:77:a2:51:7b:e8:
         c8:00:d9:b7:bd:19:88:95:b5:0a:72:fe:e2:ad:8b:b8:51:8a:
         01:33:9d:77:ad:a9:a8:0a:85:d8:e4:89:d9:a1:1a:fe:9f:21:
         14:1a:7c:a8:71:63:ba:d4:04:3c:b1:e7:b3:c8:d1:39:a9:9b:
         8d:d8:d4:e1:5d:a6:06:15:5f:e2:1f:e0:cd:95:05:ae:c6:52:
         62:3c:99:7d:02:56:30:5b:8f:3b:fc:cc:dc:de:10:04:9c:76:
         5b:aa:f8:e7:d6:58:c7:9b:fd:6a:0c:a7:4a:f0:ba:b4:c7:c6:
         6e:e1:43:5b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVsyuVDUs1tlyeHvHF5jr3xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkODhlYjczMGFiMWE1MDFlYTM2ZWEzNDgyZDc2NDU0NGUx
NDExMTEwHhcNMjMwMTAxMTAwNTE0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Zjc2NGFiNGU3ZjJiNTczM2IxZDg2YzIyYzE1OTk5Mjk1ODQ0MzU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnwiTfGQyppJw9BlULeHKbClUGYiq
4jz/OiCf2y+GOcsSfbb7FR1B663QRqJaKLsdkhr63T6ZYj/dAybgWALv9xndKnki
/J8pPlUqfygkOvQseCyrraq2jppmEq12kY11muOYuDo9exl+dKz9T14OASVTOL75
SaR4B+2VswGuhW2PpEs6nlmweGAsv9pO1jjYIsQYkmGy+x5eQHOSnxti9SmC4/f2
wIStkhCetvAQIIJLPRpxUi5QkvARrHLvdP+QvAn5l7967OPEPGpbXZ6HnMEfzova
KvZ76wL2GHIJBfFCmfKnklI1GCNut4i7t4oS2p+bdxqmAhbrYHFcifJw7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF92SrTn8rVzOx2GwiwVmZKVhENWMB8GA1UdIwQY
MBaAFE2I63MKsaUB6jbqNILXZFROFBERMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFlqcmN3cXhwUUhxTnVvMGd0ZGtWRTRVRVJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS9jNDkzZWUtZjY2ZS00MjA4LWEzMWQt
NzI2ZjgzZDIzODkyLzEvWDNaS3RPZnl0WE03SFliQ0xCV1prcFdFUTFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS9jNDkzZWUtZjY2ZS00MjA4LWEzMWQtNzI2ZjgzZDIzODky
LzEvVFlqcmN3cXhwUUhxTnVvMGd0ZGtWRTRVRVJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATWi7MA0G
CSqGSIb3DQEBCwUAA4IBAQBrte8QVP3bdUXVs4loFWWxUcQ0O0nXGuRnlvTK2yWl
ENZlVNU3Jm1/0a11b1aGVMWFaWwtcxlMo72CdbypBrtc2SuodMpyl2LRwbADi1p3
fX5+yREOOs4/F/4h84Q4MeM5AA1oVpSWlZiM7kR9/uBDrLLnjJ950V2mg3khOvoZ
ghO+TBO0K/h30y/gd6JRe+jIANm3vRmIlbUKcv7irYu4UYoBM513ramoCoXY5InZ
oRr+nyEUGnyocWO61AQ8seezyNE5qZuN2NThXaYGFV/iH+DNlQWuxlJiPJl9AlYw
W487/Mzc3hAEnHZbqvjn1ljHm/1qDKdK8Lq0x8Zu4UNb
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:16:14 2024 by rpki-client on console-ams.rpki-client.org