Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/GeSrL_02pGnSpDcN7NXhWI43RkA.roa
File:                     GeSrL_02pGnSpDcN7NXhWI43RkA.roa (raw, json)
Hash identifier:          kPepj62+IeHx0vRmsINREpJuKpuS+NVJnw62Hla0Ufc=
Subject key identifier:   19:E4:AB:2F:FD:36:A4:69:D2:A4:37:0D:EC:D5:E1:58:8E:37:46:40
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       0186938756A0084479703903D887ACD0C2BF
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/GeSrL_02pGnSpDcN7NXhWI43RkA.roa
Signing time:             Mon 27 Feb 2023 15:39:25 +0000
ROA not before:           Mon 27 Feb 2023 15:39:25 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     212815
IP address blocks:        77.75.63.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:93:87:56:a0:08:44:79:70:39:03:d8:87:ac:d0:c2:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Feb 27 15:39:25 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=19e4ab2ffd36a469d2a4370decd5e1588e374640
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:96:6d:ec:0d:47:82:0a:69:1e:b0:86:e9:35:
                    4b:2c:a9:aa:52:e7:33:81:46:92:0e:33:b3:36:27:
                    22:fe:77:28:75:69:ba:b6:6f:bd:1a:1f:fc:db:f3:
                    28:67:32:86:95:20:a7:63:4c:67:61:ac:75:5a:38:
                    27:ab:f9:b6:17:0c:1f:24:f1:ab:e0:e9:21:4d:49:
                    3d:5e:2b:9d:a0:51:03:70:42:0a:f8:e1:3c:72:b2:
                    ea:ef:f8:fa:dc:8c:74:30:7e:bf:64:3e:79:c2:4c:
                    29:33:1d:06:70:3a:7c:ad:5d:eb:ef:c3:f8:f6:34:
                    c1:5f:68:5c:05:f2:8e:f7:f7:00:28:00:17:9b:f6:
                    88:7f:7a:a4:38:8e:aa:a2:26:ae:21:4c:06:d0:7c:
                    e2:f9:63:f4:4f:00:da:08:95:5a:f3:47:ed:28:13:
                    5c:69:2d:e9:d2:3a:20:1d:1c:5c:b3:25:17:06:2b:
                    b6:b8:6c:da:d6:ef:2b:d4:1b:26:4d:7c:a3:bd:ce:
                    6f:10:f0:bc:c6:9f:2f:10:b1:48:c1:c9:54:09:5f:
                    be:a2:b3:43:42:d3:81:a3:33:52:2f:00:52:8c:fb:
                    7b:27:d7:5a:de:e0:3e:78:26:c7:29:1a:78:07:97:
                    2f:16:eb:f5:fc:c7:4d:49:c7:80:23:4a:59:55:3b:
                    71:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:E4:AB:2F:FD:36:A4:69:D2:A4:37:0D:EC:D5:E1:58:8E:37:46:40
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/GeSrL_02pGnSpDcN7NXhWI43RkA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.75.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:24:c3:c6:9e:70:70:e7:0a:92:1b:cf:6f:31:39:74:77:88:
         f3:5f:e2:cd:13:3f:a8:71:c4:b0:d4:de:f2:3a:ac:29:2e:4e:
         3c:1f:b4:fb:4f:45:0f:70:c6:df:15:76:e7:11:c4:62:16:d7:
         ed:03:c5:d4:7c:88:0b:42:b9:00:dd:2b:1a:02:8f:86:e8:6c:
         4f:9a:9a:40:06:7c:b8:57:49:f0:00:1d:71:de:70:67:89:76:
         30:48:85:76:d9:06:2f:dd:4d:f9:74:4e:73:ba:3d:05:4a:6f:
         61:d3:2a:75:fd:e6:ee:ff:dc:2b:1a:cc:e4:b5:bc:3b:a2:ec:
         07:cc:14:81:d6:df:8d:58:82:5d:29:ba:2a:4e:72:b0:28:3f:
         4e:d7:7c:1c:87:ff:e1:73:7e:26:1d:06:ab:cb:05:bc:1c:b9:
         8e:8d:bb:93:2e:30:af:92:b8:ef:49:f3:78:75:f0:03:c5:d3:
         48:81:69:a8:cf:a4:37:3e:26:3e:c3:b1:f8:fd:4f:71:ee:b7:
         8d:aa:48:0f:75:bc:35:e3:d1:33:58:e1:70:50:35:dd:3c:af:
         b1:e7:95:48:cb:84:4c:dd:f7:c0:03:6e:f3:ad:0a:4c:0d:ee:
         f0:f0:ad:f3:48:b5:22:5a:43:27:67:86:2c:cf:09:df:a6:54:
         6d:52:56:65
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYaTh1agCER5cDkD2Ies0MK/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwMjI3MTUzOTI1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOWU0YWIyZmZkMzZhNDY5ZDJhNDM3MGRlY2Q1ZTE1ODhlMzc0NjQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArZZt7A1HggppHrCG6TVLLKmqUucz
gUaSDjOzNici/ncodWm6tm+9Gh/82/MoZzKGlSCnY0xnYax1Wjgnq/m2FwwfJPGr
4OkhTUk9XiudoFEDcEIK+OE8crLq7/j63Ix0MH6/ZD55wkwpMx0GcDp8rV3r78P4
9jTBX2hcBfKO9/cAKAAXm/aIf3qkOI6qoiauIUwG0Hzi+WP0TwDaCJVa80ftKBNc
aS3p0jogHRxcsyUXBiu2uGza1u8r1BsmTXyjvc5vEPC8xp8vELFIwclUCV++orND
QtOBozNSLwBSjPt7J9da3uA+eCbHKRp4B5cvFuv1/MdNSceAI0pZVTtxNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBnkqy/9NqRp0qQ3DezV4ViON0ZAMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvR2VTckxfMDJwR25TcERjTjdOWGhXSTQzUmtBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATUs/MA0G
CSqGSIb3DQEBCwUAA4IBAQAoJMPGnnBw5wqSG89vMTl0d4jzX+LNEz+occSw1N7y
OqwpLk48H7T7T0UPcMbfFXbnEcRiFtftA8XUfIgLQrkA3SsaAo+G6GxPmppABny4
V0nwAB1x3nBniXYwSIV22QYv3U35dE5zuj0FSm9h0yp1/ebu/9wrGszktbw7ouwH
zBSB1t+NWIJdKboqTnKwKD9O13wch//hc34mHQarywW8HLmOjbuTLjCvkrjvSfN4
dfADxdNIgWmoz6Q3PiY+w7H4/U9x7reNqkgPdbw149EzWOFwUDXdPK+x55VIy4RM
3ffAA27zrQpMDe7w8K3zSLUiWkMnZ4YszwnfplRtUlZl
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:45 2024 by rpki-client on console-fra.rpki-client.org