Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/1-5ZwZf2RgguPDHsQs-vIdfR_ypo.roa
File:                     1-5ZwZf2RgguPDHsQs-vIdfR_ypo.roa (raw, json)
Hash identifier:          MVo1EPtwqr3vyin7zvg6PK+AGqvvR0JFu3PreLpIyl0=
Subject key identifier:   FB:96:70:65:FD:91:82:0B:8F:0C:7B:10:B3:EB:C8:75:F4:7F:CA:9A
Certificate issuer:       /CN=fb32e9f4aa32aba7312fab054b174dce8c515ca3
Certificate serial:       018628C2F017DA9E067B5123F6A22150BCC1
Authority key identifier: FB:32:E9:F4:AA:32:AB:A7:31:2F:AB:05:4B:17:4D:CE:8C:51:5C:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-zLp9Koyq6cxL6sFSxdNzoxRXKM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/1-5ZwZf2RgguPDHsQs-vIdfR_ypo.roa
Signing time:             Mon 06 Feb 2023 22:05:09 +0000
ROA not before:           Mon 06 Feb 2023 22:05:09 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     203727
IP address blocks:        77.91.68.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:28:c2:f0:17:da:9e:06:7b:51:23:f6:a2:21:50:bc:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fb32e9f4aa32aba7312fab054b174dce8c515ca3
        Validity
            Not Before: Feb  6 22:05:09 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=fb967065fd91820b8f0c7b10b3ebc875f47fca9a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:f4:be:59:5e:16:10:04:5a:30:b5:ef:9c:bd:
                    8e:b8:86:41:82:4e:42:b2:77:47:0a:ad:95:c0:91:
                    71:3e:a7:38:5d:ba:b5:90:87:5e:6f:ea:6a:c6:64:
                    85:cf:4c:da:3d:04:bf:38:c9:ec:30:7c:2d:bb:0d:
                    19:2d:79:f5:e2:a1:ec:a2:02:7f:d0:77:54:b9:69:
                    43:89:a3:99:41:d5:42:c3:6a:4b:fe:8c:c5:23:2b:
                    d7:1f:cd:bf:d2:35:2b:b4:df:5b:9f:fb:82:6d:5d:
                    1e:fe:13:9f:8c:03:e6:79:1a:5f:1c:19:8a:32:ec:
                    dc:0f:12:91:bf:29:17:55:0f:fd:c8:6e:54:18:8a:
                    cd:d2:d7:4f:ec:29:e7:fc:7b:90:50:62:23:de:97:
                    46:50:3e:6b:43:20:0e:f3:c2:cf:6d:ff:ae:d7:0f:
                    06:71:a1:7e:06:b2:0f:fc:1f:13:a0:06:65:e8:68:
                    33:44:94:da:07:81:aa:ba:21:62:08:44:f4:31:3a:
                    49:0d:91:e3:a7:3a:0b:73:83:48:f7:48:db:02:0d:
                    a2:83:b9:61:df:4d:8d:eb:45:7c:4c:89:3f:a8:5d:
                    ce:7c:67:04:a0:30:5b:fa:2a:4a:f7:b7:d2:42:20:
                    be:f4:62:3a:4e:45:95:07:84:0c:73:85:78:36:e6:
                    09:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:96:70:65:FD:91:82:0B:8F:0C:7B:10:B3:EB:C8:75:F4:7F:CA:9A
            X509v3 Authority Key Identifier:
                keyid:FB:32:E9:F4:AA:32:AB:A7:31:2F:AB:05:4B:17:4D:CE:8C:51:5C:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-zLp9Koyq6cxL6sFSxdNzoxRXKM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/1-5ZwZf2RgguPDHsQs-vIdfR_ypo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/1-zLp9Koyq6cxL6sFSxdNzoxRXKM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.91.68.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:12:b9:07:c0:08:0a:c8:9c:8e:ea:5d:d8:84:66:86:93:43:
         c4:16:ea:60:ee:f1:b1:0f:f3:79:87:45:f5:02:3e:e3:be:9f:
         b8:1a:b7:18:0d:f8:e5:a8:c0:db:d3:dc:ac:83:8c:7f:22:73:
         66:59:87:36:47:c4:2a:36:c5:47:4a:79:ee:6c:83:95:83:e5:
         01:bb:82:8d:6b:b7:8d:3e:72:bb:a9:95:59:fc:6f:ca:b8:3e:
         5e:7d:9b:06:a2:e1:02:af:c6:cc:7e:94:2e:80:76:7d:a8:a8:
         54:8e:05:b7:09:78:ee:d8:cd:2b:48:93:9b:fc:76:e1:41:14:
         f5:98:15:e4:6c:b3:8a:dd:36:0c:b0:44:38:38:a5:78:4a:c8:
         c0:f6:20:bb:c5:ad:b0:58:b4:4a:14:7c:9f:85:4b:7f:f5:49:
         04:5a:f0:71:3c:be:f2:6b:fc:4e:71:fb:4f:36:fc:c2:c4:af:
         64:a5:80:f1:e5:61:99:f5:a7:c4:c6:61:23:9a:c4:b6:c3:9d:
         34:53:be:10:e9:fc:b1:57:53:e9:43:0a:bf:ae:d4:a3:ee:53:
         06:e4:5c:bc:d5:17:df:14:64:e1:c2:41:18:71:75:61:64:aa:
         92:0d:5d:ca:8a:80:13:8d:5e:c1:33:7a:ce:d4:49:11:59:cf:
         a8:f4:bd:6f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYYowvAX2p4Ge1Ej9qIhULzBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiMzJlOWY0YWEzMmFiYTczMTJmYWIwNTRiMTc0ZGNlOGM1
MTVjYTMwHhcNMjMwMjA2MjIwNTA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYjk2NzA2NWZkOTE4MjBiOGYwYzdiMTBiM2ViYzg3NWY0N2ZjYTlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkPS+WV4WEARaMLXvnL2OuIZBgk5C
sndHCq2VwJFxPqc4Xbq1kIdeb+pqxmSFz0zaPQS/OMnsMHwtuw0ZLXn14qHsogJ/
0HdUuWlDiaOZQdVCw2pL/ozFIyvXH82/0jUrtN9bn/uCbV0e/hOfjAPmeRpfHBmK
MuzcDxKRvykXVQ/9yG5UGIrN0tdP7Cnn/HuQUGIj3pdGUD5rQyAO88LPbf+u1w8G
caF+BrIP/B8ToAZl6GgzRJTaB4GquiFiCET0MTpJDZHjpzoLc4NI90jbAg2ig7lh
302N60V8TIk/qF3OfGcEoDBb+ipK97fSQiC+9GI6TkWVB4QMc4V4NuYJMwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPuWcGX9kYILjwx7ELPryHX0f8qaMB8GA1UdIwQY
MBaAFPsy6fSqMqunMS+rBUsXTc6MUVyjMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS16THA5S295cTZjeEw2c0ZTeGROem94UlhLTS5jZXIw
gY4GCCsGAQUFBwELBIGBMH8wfQYIKwYBBQUHMAuGcXJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTIvMjc4NjYzLWIxMzUtNGRiMS1hMDQ0
LTIwNjI0YjNjMTU3Zi8xLzEtNVp3WmYyUmdndVBESHNRcy12SWRmUl95cG8ucm9h
MIGCBgNVHR8EezB5MHegdaBzhnFyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3Np
dG9yeS9ERUZBVUxUL2UyLzI3ODY2My1iMTM1LTRkYjEtYTA0NC0yMDYyNGIzYzE1
N2YvMS8xLXpMcDlLb3lxNmN4TDZzRlN4ZE56b3hSWEtNLmNybDAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATVtE
MA0GCSqGSIb3DQEBCwUAA4IBAQBTErkHwAgKyJyO6l3YhGaGk0PEFupg7vGxD/N5
h0X1Aj7jvp+4GrcYDfjlqMDb09ysg4x/InNmWYc2R8QqNsVHSnnubIOVg+UBu4KN
a7eNPnK7qZVZ/G/KuD5efZsGouECr8bMfpQugHZ9qKhUjgW3CXju2M0rSJOb/Hbh
QRT1mBXkbLOK3TYMsEQ4OKV4SsjA9iC7xa2wWLRKFHyfhUt/9UkEWvBxPL7ya/xO
cftPNvzCxK9kpYDx5WGZ9afExmEjmsS2w500U74Q6fyxV1PpQwq/rtSj7lMG5Fy8
1RffFGThwkEYcXVhZKqSDV3KioATjV7BM3rO1EkRWc+o9L1v
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:57:04 2024 by rpki-client on console-fra.rpki-client.org