Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/699e85-1027-4c7e-8ae7-df4a2e760ccb/1/8AYLEtZNBeDwspm9Sq5aswQv6uI.roa
File:                     8AYLEtZNBeDwspm9Sq5aswQv6uI.roa (raw, json)
Hash identifier:          UKz6RW/gcr9mDpl+0Uu0SjiBr2qxdzjT3gIyUzbykPc=
Subject key identifier:   F0:06:0B:12:D6:4D:05:E0:F0:B2:99:BD:4A:AE:5A:B3:04:2F:EA:E2
Certificate issuer:       /CN=e4a2b8e90d157ea022f8e700024a93dc356a514d
Certificate serial:       018B4C5E149AD886451D4C772942D68D26A2
Authority key identifier: E4:A2:B8:E9:0D:15:7E:A0:22:F8:E7:00:02:4A:93:DC:35:6A:51:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5KK46Q0VfqAi-OcAAkqT3DVqUU0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/699e85-1027-4c7e-8ae7-df4a2e760ccb/1/8AYLEtZNBeDwspm9Sq5aswQv6uI.roa
Signing time:             Fri 20 Oct 2023 09:15:15 +0000
ROA not before:           Fri 20 Oct 2023 09:15:15 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     44620
IP address blocks:        77.92.146.0/24 maxlen: 24
                          188.132.206.0/24 maxlen: 24
                          188.132.207.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:4c:5e:14:9a:d8:86:45:1d:4c:77:29:42:d6:8d:26:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e4a2b8e90d157ea022f8e700024a93dc356a514d
        Validity
            Not Before: Oct 20 09:15:15 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f0060b12d64d05e0f0b299bd4aae5ab3042feae2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:23:24:d2:66:4e:96:e2:3f:86:2d:ea:23:fd:
                    da:e1:94:31:bf:65:f8:0f:ed:53:d3:f5:80:17:0f:
                    07:f2:32:30:ae:00:0e:63:32:eb:a7:5f:92:eb:3f:
                    16:80:3a:01:a6:9f:35:73:81:12:c0:e7:aa:49:07:
                    7b:28:ca:50:67:94:1c:bc:c0:b3:ac:a5:20:e2:1f:
                    1f:e8:8e:e6:49:a9:07:17:8d:f0:d1:a0:0c:84:e2:
                    b6:b4:d3:a9:b0:84:a6:7c:c6:8b:b4:e8:bc:22:1a:
                    79:51:a3:5c:c1:2d:9e:98:74:7c:ec:e9:95:2a:38:
                    99:51:b1:ec:b3:63:30:f6:40:8b:f0:26:26:41:9b:
                    98:6b:6b:fa:ed:f1:12:67:f6:60:41:29:aa:7b:04:
                    3b:91:73:e0:91:8f:08:ec:73:4d:28:7e:3e:a6:f5:
                    b0:41:54:6f:85:50:03:b8:db:72:30:d9:92:40:3b:
                    cd:0f:27:a9:b8:a7:13:12:d7:b8:df:81:98:b6:28:
                    fb:b9:3d:36:12:29:06:e8:31:72:33:20:98:b0:e2:
                    14:e5:16:88:ee:00:64:0f:3f:5b:99:cd:e5:4d:16:
                    96:71:ca:22:1e:7a:50:c2:1d:97:75:cd:14:73:4c:
                    a6:11:2f:9c:1f:23:97:b3:0a:b1:68:e5:f3:53:a6:
                    08:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:06:0B:12:D6:4D:05:E0:F0:B2:99:BD:4A:AE:5A:B3:04:2F:EA:E2
            X509v3 Authority Key Identifier:
                keyid:E4:A2:B8:E9:0D:15:7E:A0:22:F8:E7:00:02:4A:93:DC:35:6A:51:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5KK46Q0VfqAi-OcAAkqT3DVqUU0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/699e85-1027-4c7e-8ae7-df4a2e760ccb/1/8AYLEtZNBeDwspm9Sq5aswQv6uI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/699e85-1027-4c7e-8ae7-df4a2e760ccb/1/5KK46Q0VfqAi-OcAAkqT3DVqUU0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.92.146.0/24
                  188.132.206.0/23

    Signature Algorithm: sha256WithRSAEncryption
         c8:84:30:a3:82:3a:6a:fd:d6:c9:6a:22:06:8f:2b:27:4b:7b:
         54:53:2f:9e:5c:20:0b:7d:cf:13:70:dd:34:9e:8b:c7:8b:fb:
         4f:82:cb:cc:00:20:b3:16:9f:06:ab:98:35:94:9b:03:64:f7:
         8f:f4:8c:30:1d:28:a0:25:48:41:cd:32:e9:08:1a:6a:a3:90:
         98:02:af:46:e6:95:d3:cd:f6:f4:d0:8c:d4:16:95:c8:38:e0:
         59:cf:9d:70:62:c4:7a:b2:c4:93:07:f2:62:88:dd:0a:36:e1:
         de:c2:fc:1f:2d:71:3a:04:34:fe:93:0e:60:0d:8d:31:20:c3:
         36:a8:a4:67:c3:3f:cc:d2:6d:25:af:94:1e:0b:c4:e8:dc:38:
         ce:24:5b:0e:e3:39:79:dd:2b:54:bf:49:24:39:39:4a:c9:22:
         c7:82:35:6b:b4:dc:3f:bf:f7:93:60:0e:f6:42:2b:3d:31:46:
         a5:8c:dd:23:4d:69:cd:b2:89:67:9e:da:18:bc:6a:ca:5b:be:
         bc:e1:b3:6d:82:11:b0:4d:6f:5d:0b:65:af:01:f3:15:78:1f:
         fd:36:f4:fc:ab:01:a9:9c:fe:d0:87:a5:34:e7:e8:5a:1c:c7:
         f8:60:24:03:4a:a0:a7:4a:17:c9:00:1c:8a:3f:fc:c4:42:9a:
         31:2a:2a:47
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYtMXhSa2IZFHUx3KULWjSaiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0YTJiOGU5MGQxNTdlYTAyMmY4ZTcwMDAyNGE5M2RjMzU2
YTUxNGQwHhcNMjMxMDIwMDkxNTE1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDA2MGIxMmQ2NGQwNWUwZjBiMjk5YmQ0YWFlNWFiMzA0MmZlYWUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjiMk0mZOluI/hi3qI/3a4ZQxv2X4
D+1T0/WAFw8H8jIwrgAOYzLrp1+S6z8WgDoBpp81c4ESwOeqSQd7KMpQZ5QcvMCz
rKUg4h8f6I7mSakHF43w0aAMhOK2tNOpsISmfMaLtOi8Ihp5UaNcwS2emHR87OmV
KjiZUbHss2Mw9kCL8CYmQZuYa2v67fESZ/ZgQSmqewQ7kXPgkY8I7HNNKH4+pvWw
QVRvhVADuNtyMNmSQDvNDyepuKcTEte434GYtij7uT02EikG6DFyMyCYsOIU5RaI
7gBkDz9bmc3lTRaWccoiHnpQwh2Xdc0Uc0ymES+cHyOXswqxaOXzU6YInwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPAGCxLWTQXg8LKZvUquWrMEL+riMB8GA1UdIwQY
MBaAFOSiuOkNFX6gIvjnAAJKk9w1alFNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNUtLNDZRMFZmcUFpLU9jQUFrcVQzRFZxVVUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny82OTllODUtMTAyNy00YzdlLThhZTct
ZGY0YTJlNzYwY2NiLzEvOEFZTEV0Wk5CZUR3c3BtOVNxNWFzd1F2NnVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny82OTllODUtMTAyNy00YzdlLThhZTctZGY0YTJlNzYwY2Ni
LzEvNUtLNDZRMFZmcUFpLU9jQUFrcVQzRFZxVVUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQATVySAwQB
vITOMA0GCSqGSIb3DQEBCwUAA4IBAQDIhDCjgjpq/dbJaiIGjysnS3tUUy+eXCAL
fc8TcN00novHi/tPgsvMACCzFp8Gq5g1lJsDZPeP9IwwHSigJUhBzTLpCBpqo5CY
Aq9G5pXTzfb00IzUFpXIOOBZz51wYsR6ssSTB/JiiN0KNuHewvwfLXE6BDT+kw5g
DY0xIMM2qKRnwz/M0m0lr5QeC8To3DjOJFsO4zl53StUv0kkOTlKySLHgjVrtNw/
v/eTYA72Qis9MUaljN0jTWnNsolnntoYvGrKW7684bNtghGwTW9dC2WvAfMVeB/9
NvT8qwGpnP7Qh6U05+haHMf4YCQDSqCnShfJAByKP/zEQpoxKipH
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:40:01 2024 by rpki-client on console-fra.rpki-client.org