Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/jvUDm5RJP6lqSzQt59DAsOyLiWI.roa
File:                     jvUDm5RJP6lqSzQt59DAsOyLiWI.roa (raw, json)
Hash identifier:          BDrHOcpfHhcC3LaQnVcMzL/NNIABkcp1tkamlK507Ug=
Subject key identifier:   8E:F5:03:9B:94:49:3F:A9:6A:4B:34:2D:E7:D0:C0:B0:EC:8B:89:62
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       01860374BFC9F7A417F0AB3207E9998D37A2
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/jvUDm5RJP6lqSzQt59DAsOyLiWI.roa
Signing time:             Mon 30 Jan 2023 16:13:48 +0000
ROA not before:           Mon 30 Jan 2023 16:13:48 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     207279
IP address blocks:        77.75.60.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:03:74:bf:c9:f7:a4:17:f0:ab:32:07:e9:99:8d:37:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan 30 16:13:48 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=8ef5039b94493fa96a4b342de7d0c0b0ec8b8962
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:fa:7f:15:1a:88:71:dc:ac:e3:fb:cb:4b:cf:
                    13:fa:3f:52:01:27:e0:98:02:02:5a:0a:f7:27:6b:
                    3d:0f:48:eb:d5:83:6c:78:1c:82:2e:9b:51:a4:fd:
                    b4:f6:6a:78:56:cb:a4:ad:01:4b:fe:64:47:96:d5:
                    de:e4:82:08:ae:a5:fe:13:42:ef:cf:2b:b9:03:27:
                    6f:2b:c3:2f:4b:95:9c:76:89:fb:b2:98:48:0a:78:
                    27:2a:25:af:ff:3f:a8:16:4c:f6:0b:69:54:ce:1d:
                    9d:7a:3e:38:e1:11:a1:14:c2:af:88:23:9e:e3:5b:
                    de:f6:d4:b6:a4:77:fb:56:23:78:18:ae:d3:d9:63:
                    39:68:5f:a5:ec:9a:31:f5:b5:2f:15:c9:06:3f:bf:
                    7b:96:4b:d6:4d:5c:7b:97:3f:8f:2a:78:13:f5:6d:
                    4a:aa:cf:fc:b3:2a:ce:d3:57:96:b7:ea:5a:cb:7c:
                    09:fd:39:7f:8c:a1:ef:e3:0c:a0:b1:0b:40:1a:d0:
                    74:0f:07:06:c3:9b:3c:99:35:c7:6a:ac:bd:a3:d1:
                    db:49:5b:d9:3f:03:14:36:4e:4b:6c:ff:ac:17:7a:
                    4c:ef:c3:d3:e2:1a:f1:3b:d8:de:0a:6f:a6:52:3b:
                    8d:5b:f7:1e:b2:3a:87:b2:fa:bc:2d:5c:22:2f:ce:
                    c1:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:F5:03:9B:94:49:3F:A9:6A:4B:34:2D:E7:D0:C0:B0:EC:8B:89:62
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/jvUDm5RJP6lqSzQt59DAsOyLiWI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.75.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:7f:90:66:cc:cb:3f:bf:2e:6a:db:f5:7e:9b:f9:4c:ab:5e:
         1f:7f:78:4b:d2:7d:e8:06:bb:ec:3b:56:df:b0:86:76:ad:84:
         02:7e:31:39:2a:74:74:7e:41:38:5c:df:75:c4:f7:df:34:6f:
         db:d9:cb:7b:d4:ee:d4:55:42:b1:c9:4d:50:04:b0:ee:40:f7:
         cf:e8:6f:4c:9d:85:ec:9e:3c:ec:32:5f:d6:c7:be:17:5e:03:
         c3:96:38:c0:cd:2e:b5:c9:21:55:13:d6:e9:14:63:bc:d4:68:
         ce:64:d3:e5:fc:0b:c7:d4:a7:a5:e2:7a:72:2a:33:cc:02:99:
         d5:b2:d4:6b:2c:d7:31:21:ce:a8:00:ef:2f:09:41:0b:95:b2:
         24:a3:6b:1d:04:e4:36:b1:0e:ed:2a:36:64:0b:a7:c0:06:21:
         2f:94:9d:03:6d:77:35:ca:2a:56:ef:37:23:05:80:32:a6:a8:
         d1:52:8f:74:00:66:77:b6:69:83:0d:32:20:64:fa:fe:25:6f:
         f2:b1:86:46:e4:74:1a:d9:54:3c:70:4d:e2:60:6e:35:7a:f8:
         95:d4:d4:79:50:8a:08:45:58:16:9c:4e:f8:5c:c5:22:26:c3:
         be:2d:4f:d9:8a:af:a2:9a:e5:8f:76:f5:a7:c8:16:c4:83:82:
         4c:48:71:64
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYYDdL/J96QX8KsyB+mZjTeiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwMTMwMTYxMzQ4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZWY1MDM5Yjk0NDkzZmE5NmE0YjM0MmRlN2QwYzBiMGVjOGI4OTYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjvp/FRqIcdys4/vLS88T+j9SASfg
mAICWgr3J2s9D0jr1YNseByCLptRpP209mp4VsukrQFL/mRHltXe5IIIrqX+E0Lv
zyu5AydvK8MvS5Wcdon7sphICngnKiWv/z+oFkz2C2lUzh2dej444RGhFMKviCOe
41ve9tS2pHf7ViN4GK7T2WM5aF+l7Jox9bUvFckGP797lkvWTVx7lz+PKngT9W1K
qs/8syrO01eWt+pay3wJ/Tl/jKHv4wygsQtAGtB0DwcGw5s8mTXHaqy9o9HbSVvZ
PwMUNk5LbP+sF3pM78PT4hrxO9jeCm+mUjuNW/cesjqHsvq8LVwiL87BdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI71A5uUST+paks0LefQwLDsi4liMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvanZVRG01UkpQNmxxU3pRdDU5REFzT3lMaVdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATUs8MA0G
CSqGSIb3DQEBCwUAA4IBAQAxf5BmzMs/vy5q2/V+m/lMq14ff3hL0n3oBrvsO1bf
sIZ2rYQCfjE5KnR0fkE4XN91xPffNG/b2ct71O7UVUKxyU1QBLDuQPfP6G9MnYXs
njzsMl/Wx74XXgPDljjAzS61ySFVE9bpFGO81GjOZNPl/AvH1Kel4npyKjPMApnV
stRrLNcxIc6oAO8vCUELlbIko2sdBOQ2sQ7tKjZkC6fABiEvlJ0DbXc1yipW7zcj
BYAypqjRUo90AGZ3tmmDDTIgZPr+JW/ysYZG5HQa2VQ8cE3iYG41eviV1NR5UIoI
RVgWnE74XMUiJsO+LU/Ziq+imuWPdvWnyBbEg4JMSHFk
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:48 2024 by rpki-client on console-fra.rpki-client.org