Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/5AiPQ5BceczYqPE244oJtYkAtUg.roa
File:                     5AiPQ5BceczYqPE244oJtYkAtUg.roa (raw, json)
Hash identifier:          H6gJH887uf8yv/AOXq8livfFxsf9YaOKpuHkxwuAysI=
Subject key identifier:   E4:08:8F:43:90:5C:79:CC:D8:A8:F1:36:E3:8A:09:B5:89:00:B5:48
Certificate issuer:       /CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Certificate serial:       018A5F409C99BA9CA9DBBFE06EF64B6DEFFF
Authority key identifier: 05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/5AiPQ5BceczYqPE244oJtYkAtUg.roa
Signing time:             Mon 04 Sep 2023 08:13:04 +0000
ROA not before:           Mon 04 Sep 2023 08:13:04 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     39238
IP address blocks:        77.83.118.0/24 maxlen: 24
                          77.83.119.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:5f:40:9c:99:ba:9c:a9:db:bf:e0:6e:f6:4b:6d:ef:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
        Validity
            Not Before: Sep  4 08:13:04 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=e4088f43905c79ccd8a8f136e38a09b58900b548
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:56:4f:4e:3f:41:37:c5:cb:75:d0:6a:2e:81:
                    3f:5a:c3:38:f5:4e:75:c6:54:0d:af:68:0c:ca:10:
                    b9:26:55:b9:f1:53:5c:8f:01:09:97:6d:82:5c:c1:
                    b8:ff:4f:58:bc:17:be:b8:d8:dd:39:9e:f7:4c:7d:
                    09:fd:64:bb:76:ee:67:12:9a:2d:a7:e5:71:fa:f9:
                    af:37:94:82:d6:cb:ee:d8:bc:a9:f0:c6:f1:da:d6:
                    b4:84:b3:7a:51:28:0c:66:e1:bb:67:cb:dc:1b:2d:
                    0c:cc:a1:00:2f:08:24:d6:e0:0e:69:dd:e4:a4:ff:
                    33:03:94:d1:f9:9e:4d:0e:5b:5f:d1:80:de:82:a1:
                    45:96:02:90:62:01:cf:bf:af:db:df:08:db:95:d3:
                    df:7f:c2:dd:95:47:41:d2:91:ff:02:ad:99:b9:bb:
                    f4:4c:90:4b:de:93:74:5c:de:cc:24:01:9a:0b:66:
                    97:58:bc:7e:5d:28:85:65:63:3d:bf:b1:45:b9:c2:
                    82:ec:d9:cf:7e:91:40:c4:45:2e:ec:2b:ed:d0:f1:
                    8c:13:39:0d:f5:cc:79:e4:41:1a:43:18:64:b1:bb:
                    8f:70:da:3e:d1:ff:43:0c:50:c5:86:1b:84:d8:58:
                    28:0e:70:df:5b:b4:70:c9:ed:46:3f:ef:31:44:7d:
                    cd:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:08:8F:43:90:5C:79:CC:D8:A8:F1:36:E3:8A:09:B5:89:00:B5:48
            X509v3 Authority Key Identifier:
                keyid:05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/5AiPQ5BceczYqPE244oJtYkAtUg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/BbHRPC4m4SeGJGpexMW-pphksg8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.83.118.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4d:d9:18:44:13:fb:9c:3e:93:f4:b7:02:3b:8d:80:77:ed:f7:
         e7:ac:74:1c:ec:62:1d:72:96:b2:fd:8f:a0:e7:f1:d4:65:83:
         4c:17:2b:77:3c:07:4b:0d:e9:75:e1:62:1b:2d:74:51:fa:a9:
         2a:9d:9d:41:a5:df:21:2b:3f:f6:c5:12:d0:86:f6:9d:13:d2:
         97:7c:8c:49:bf:ad:04:75:65:42:52:7b:dc:16:5c:36:27:f4:
         da:ef:42:7f:4e:4c:7b:fb:f8:3d:25:e6:ff:9e:5f:6e:50:1a:
         b2:67:e4:64:1d:e8:79:6f:97:3a:1f:30:e0:59:88:aa:39:ca:
         c6:c0:ff:df:5f:97:08:00:9d:96:71:36:fc:84:4c:f1:ce:ae:
         77:26:78:9f:d6:e3:62:08:b3:49:fb:87:a5:c5:4b:65:08:fa:
         b5:3a:f0:b0:fa:35:7c:ea:17:25:e0:5a:f8:8c:41:cf:8d:ba:
         6f:6a:67:f0:a3:d0:5a:9a:d5:7e:b9:ce:b7:64:87:0d:7b:a6:
         e0:62:69:95:36:24:c0:59:85:4c:c5:f6:cc:b5:9a:92:9b:6e:
         67:8b:6c:46:45:e4:b9:68:9c:03:dd:0f:66:e1:c5:62:41:99:
         d3:27:38:73:dd:04:f2:04:3d:b9:e4:21:68:a9:43:b0:ac:9b:
         f4:5f:78:f4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYpfQJyZupyp27/gbvZLbe//MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1YjFkMTNjMmUyNmUxMjc4NjI0NmE1ZWM0YzViZWE2OTg2
NGIyMGYwHhcNMjMwOTA0MDgxMzA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNDA4OGY0MzkwNWM3OWNjZDhhOGYxMzZlMzhhMDliNTg5MDBiNTQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg1ZPTj9BN8XLddBqLoE/WsM49U51
xlQNr2gMyhC5JlW58VNcjwEJl22CXMG4/09YvBe+uNjdOZ73TH0J/WS7du5nEpot
p+Vx+vmvN5SC1svu2Lyp8Mbx2ta0hLN6USgMZuG7Z8vcGy0MzKEALwgk1uAOad3k
pP8zA5TR+Z5NDltf0YDegqFFlgKQYgHPv6/b3wjbldPff8LdlUdB0pH/Aq2Zubv0
TJBL3pN0XN7MJAGaC2aXWLx+XSiFZWM9v7FFucKC7NnPfpFAxEUu7Cvt0PGMEzkN
9cx55EEaQxhksbuPcNo+0f9DDFDFhhuE2FgoDnDfW7Rwye1GP+8xRH3NUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOQIj0OQXHnM2KjxNuOKCbWJALVIMB8GA1UdIwQY
MBaAFAWx0TwuJuEnhiRqXsTFvqaYZLIPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjct
NDkwNTI0M2JjODI4LzEvNUFpUFE1QmNlY3pZcVBFMjQ0b0p0WWtBdFVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjctNDkwNTI0M2JjODI4
LzEvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBTVN2MA0G
CSqGSIb3DQEBCwUAA4IBAQBN2RhEE/ucPpP0twI7jYB37ffnrHQc7GIdcpay/Y+g
5/HUZYNMFyt3PAdLDel14WIbLXRR+qkqnZ1Bpd8hKz/2xRLQhvadE9KXfIxJv60E
dWVCUnvcFlw2J/Ta70J/Tkx7+/g9Jeb/nl9uUBqyZ+RkHeh5b5c6HzDgWYiqOcrG
wP/fX5cIAJ2WcTb8hEzxzq53Jnif1uNiCLNJ+4elxUtlCPq1OvCw+jV86hcl4Fr4
jEHPjbpvamfwo9BamtV+uc63ZIcNe6bgYmmVNiTAWYVMxfbMtZqSm25ni2xGReS5
aJwD3Q9m4cViQZnTJzhz3QTyBD255CFoqUOwrJv0X3j0
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:48:54 2024 by rpki-client on console-fra.rpki-client.org