Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/mkxdecsvgWxw_V-07SmMZ90v010.roa
File:                     mkxdecsvgWxw_V-07SmMZ90v010.roa (raw, json)
Hash identifier:          q08AjF1MI60y5LA1zB2G5qH9LFeUmesvvSQL6sDjDSM=
Subject key identifier:   9A:4C:5D:79:CB:2F:81:6C:70:FD:5F:B4:ED:29:8C:67:DD:2F:D3:5D
Certificate issuer:       /CN=4d88eb730ab1a501ea36ea3482d764544e141111
Certificate serial:       01856CCAE42189F4E08729A2D8A0EC21327C
Authority key identifier: 4D:88:EB:73:0A:B1:A5:01:EA:36:EA:34:82:D7:64:54:4E:14:11:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TYjrcwqxpQHqNuo0gtdkVE4UERE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/mkxdecsvgWxw_V-07SmMZ90v010.roa
Signing time:             Sun 01 Jan 2023 10:05:13 +0000
ROA not before:           Sun 01 Jan 2023 10:05:13 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     200450
IP address blocks:        77.104.187.0/24 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6c:ca:e4:21:89:f4:e0:87:29:a2:d8:a0:ec:21:32:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4d88eb730ab1a501ea36ea3482d764544e141111
        Validity
            Not Before: Jan  1 10:05:13 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=9a4c5d79cb2f816c70fd5fb4ed298c67dd2fd35d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:80:3c:8d:e1:a7:16:05:6a:56:d4:ea:7c:d3:
                    0e:f3:e4:61:52:95:f7:ae:cc:09:b3:27:05:c8:a7:
                    e5:e0:83:dd:54:d4:43:f4:28:d8:68:e5:48:67:23:
                    9c:82:77:63:83:0f:ca:f9:0c:a8:6f:06:11:b3:f4:
                    bb:0b:7a:57:b3:f3:2c:e5:11:23:c3:32:94:f3:5f:
                    df:36:42:2f:4b:5d:d5:82:b3:a3:bf:b7:c3:a7:69:
                    33:16:6e:ab:8b:80:fe:0a:72:fa:82:1e:fc:24:e7:
                    96:5c:6b:d2:95:33:ee:7b:5c:fc:c8:f8:27:ec:47:
                    19:81:ce:5e:80:f9:ff:2e:0b:25:0e:c1:ab:bc:48:
                    bb:fa:17:e5:af:42:f2:85:c3:e7:87:65:94:b9:e8:
                    01:3e:a3:c3:a9:33:7c:24:fe:e5:a7:b0:46:39:a0:
                    18:4e:d2:f8:a2:12:88:ff:56:bd:63:42:82:d4:14:
                    ef:90:02:0b:57:94:21:5e:89:b2:a9:9e:57:8f:11:
                    82:79:32:c8:da:57:e2:77:45:ae:c9:86:79:23:be:
                    0d:4c:80:27:25:2b:69:da:9a:85:dd:6e:f7:58:bb:
                    97:c0:42:d0:a3:43:53:7a:ed:3b:2e:84:0a:97:1b:
                    50:70:16:b4:b3:fe:52:40:24:db:22:aa:da:e4:43:
                    1d:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:4C:5D:79:CB:2F:81:6C:70:FD:5F:B4:ED:29:8C:67:DD:2F:D3:5D
            X509v3 Authority Key Identifier:
                keyid:4D:88:EB:73:0A:B1:A5:01:EA:36:EA:34:82:D7:64:54:4E:14:11:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TYjrcwqxpQHqNuo0gtdkVE4UERE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/mkxdecsvgWxw_V-07SmMZ90v010.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/TYjrcwqxpQHqNuo0gtdkVE4UERE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.104.187.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:e7:68:95:c3:98:9b:0b:50:95:4b:81:8f:e4:a5:79:fb:9f:
         6e:b6:e7:71:b7:0a:71:86:2c:52:f7:0f:eb:99:00:f8:19:fc:
         bf:5d:54:a0:7d:73:d8:4e:64:a0:39:97:16:7d:6c:bc:2e:0d:
         79:27:e1:72:52:71:96:18:b6:2a:9e:ff:28:a7:79:cd:1b:1e:
         13:61:66:67:df:9b:8a:6b:23:4e:53:0a:be:a3:72:fd:a0:f7:
         62:58:20:c7:3c:50:9c:d9:ca:eb:a0:69:8f:30:1d:18:08:b9:
         22:bf:4e:f6:3c:2f:77:44:a1:7a:c0:df:a7:bf:d7:f9:74:3b:
         ba:e2:a4:cb:1b:85:b8:c4:83:fe:ea:d4:38:6c:e4:7d:17:34:
         c6:6a:e0:5f:27:e6:5f:2e:31:e7:3e:29:bb:90:a6:f4:57:8c:
         b5:cb:bc:2e:b2:27:b9:1b:e9:2a:70:54:bb:14:dd:8d:0c:33:
         05:17:c5:42:8e:34:e9:b3:de:d2:0f:d8:f4:82:8a:9a:b3:07:
         f2:10:e5:6c:ba:51:c0:c5:47:a7:27:ea:5f:00:ca:87:bb:13:
         6e:2f:c5:5e:f1:49:ac:43:d3:39:6c:1e:06:30:96:d7:56:9e:
         50:e5:56:2b:39:bd:88:1d:63:2f:2e:03:20:0f:1e:0b:f8:79:
         3d:37:cc:84
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVsyuQhifTghymi2KDsITJ8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkODhlYjczMGFiMWE1MDFlYTM2ZWEzNDgyZDc2NDU0NGUx
NDExMTEwHhcNMjMwMTAxMTAwNTEzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YTRjNWQ3OWNiMmY4MTZjNzBmZDVmYjRlZDI5OGM2N2RkMmZkMzVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAloA8jeGnFgVqVtTqfNMO8+RhUpX3
rswJsycFyKfl4IPdVNRD9CjYaOVIZyOcgndjgw/K+QyobwYRs/S7C3pXs/Ms5REj
wzKU81/fNkIvS13VgrOjv7fDp2kzFm6ri4D+CnL6gh78JOeWXGvSlTPue1z8yPgn
7EcZgc5egPn/LgslDsGrvEi7+hflr0LyhcPnh2WUuegBPqPDqTN8JP7lp7BGOaAY
TtL4ohKI/1a9Y0KC1BTvkAILV5QhXomyqZ5XjxGCeTLI2lfid0WuyYZ5I74NTIAn
JStp2pqF3W73WLuXwELQo0NTeu07LoQKlxtQcBa0s/5SQCTbIqra5EMdFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJpMXXnLL4FscP1ftO0pjGfdL9NdMB8GA1UdIwQY
MBaAFE2I63MKsaUB6jbqNILXZFROFBERMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFlqcmN3cXhwUUhxTnVvMGd0ZGtWRTRVRVJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS9jNDkzZWUtZjY2ZS00MjA4LWEzMWQt
NzI2ZjgzZDIzODkyLzEvbWt4ZGVjc3ZnV3h3X1YtMDdTbU1aOTB2MDEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS9jNDkzZWUtZjY2ZS00MjA4LWEzMWQtNzI2ZjgzZDIzODky
LzEvVFlqcmN3cXhwUUhxTnVvMGd0ZGtWRTRVRVJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATWi7MA0G
CSqGSIb3DQEBCwUAA4IBAQCO52iVw5ibC1CVS4GP5KV5+59utudxtwpxhixS9w/r
mQD4Gfy/XVSgfXPYTmSgOZcWfWy8Lg15J+FyUnGWGLYqnv8op3nNGx4TYWZn35uK
ayNOUwq+o3L9oPdiWCDHPFCc2crroGmPMB0YCLkiv072PC93RKF6wN+nv9f5dDu6
4qTLG4W4xIP+6tQ4bOR9FzTGauBfJ+ZfLjHnPim7kKb0V4y1y7wusie5G+kqcFS7
FN2NDDMFF8VCjjTps97SD9j0goqaswfyEOVsulHAxUenJ+pfAMqHuxNuL8Ve8Ums
Q9M5bB4GMJbXVp5Q5VYrOb2IHWMvLgMgDx4L+Hk9N8yE
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:33:48 2024 by rpki-client on console-fra.rpki-client.org