Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/2hXuvspiLCeapoEcWAAQQWAxQzc.roa
File:                     2hXuvspiLCeapoEcWAAQQWAxQzc.roa (raw, json)
Hash identifier:          9CT19K6pk9nxmmviLR6QrzqzjayhdxkbcVlpMrqoeo4=
Subject key identifier:   DA:15:EE:BE:CA:62:2C:27:9A:A6:81:1C:58:00:10:41:60:31:43:37
Certificate issuer:       /CN=fb32e9f4aa32aba7312fab054b174dce8c515ca3
Certificate serial:       0186B6ACC371EBCCC86CC12D1420F7334A47
Authority key identifier: FB:32:E9:F4:AA:32:AB:A7:31:2F:AB:05:4B:17:4D:CE:8C:51:5C:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-zLp9Koyq6cxL6sFSxdNzoxRXKM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/2hXuvspiLCeapoEcWAAQQWAxQzc.roa
Signing time:             Mon 06 Mar 2023 11:27:00 +0000
ROA not before:           Mon 06 Mar 2023 11:27:00 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     44477
IP address blocks:        77.91.75.0/24 maxlen: 24
                          77.91.74.0/24 maxlen: 24
                          77.91.72.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:b6:ac:c3:71:eb:cc:c8:6c:c1:2d:14:20:f7:33:4a:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fb32e9f4aa32aba7312fab054b174dce8c515ca3
        Validity
            Not Before: Mar  6 11:27:00 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=da15eebeca622c279aa6811c5800104160314337
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:23:32:99:49:cf:63:c2:0c:74:44:94:b0:b9:
                    d5:e6:3b:56:7a:f3:09:a8:37:89:92:78:df:8f:ff:
                    3d:60:76:dd:2a:12:3e:b0:55:0e:1c:c5:4c:62:87:
                    75:15:13:04:de:58:36:e7:35:84:1f:f7:4e:bd:5d:
                    ad:42:9d:0b:90:64:34:e4:bd:8c:0e:40:b5:ed:e5:
                    e7:27:3c:80:e9:43:da:f4:52:59:e7:07:39:e3:7d:
                    ca:29:e3:56:98:0e:ae:03:fd:2c:ae:02:e5:00:35:
                    27:ba:1a:48:c8:c5:5b:1f:e2:eb:a5:e4:b6:c2:8a:
                    d9:1a:53:2a:f2:5b:d9:a9:d9:fe:34:ea:a1:c5:6f:
                    00:01:6c:2a:1a:3a:67:13:88:c5:7b:97:4a:df:2c:
                    32:6c:3e:fe:7c:68:3f:6f:04:90:2b:88:84:50:fa:
                    06:61:c0:23:b5:3e:e2:ac:4f:a3:28:79:f5:89:1d:
                    b4:70:46:bb:a7:f2:94:1c:3c:83:12:18:04:8c:36:
                    f8:31:0f:86:74:1e:e6:19:87:30:e1:6d:a3:50:e3:
                    88:e9:1f:f6:6a:46:d1:7c:22:6c:78:03:19:da:8a:
                    78:52:4b:c9:d9:40:91:8d:df:b3:74:8e:16:be:bc:
                    d0:9a:df:24:71:a5:7a:5a:37:a3:e8:94:a8:73:d8:
                    23:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:15:EE:BE:CA:62:2C:27:9A:A6:81:1C:58:00:10:41:60:31:43:37
            X509v3 Authority Key Identifier:
                keyid:FB:32:E9:F4:AA:32:AB:A7:31:2F:AB:05:4B:17:4D:CE:8C:51:5C:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-zLp9Koyq6cxL6sFSxdNzoxRXKM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/2hXuvspiLCeapoEcWAAQQWAxQzc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/1-zLp9Koyq6cxL6sFSxdNzoxRXKM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.91.72.0/24
                  77.91.74.0/23

    Signature Algorithm: sha256WithRSAEncryption
         05:df:b4:c5:00:b6:ad:0d:9b:34:5b:d4:a9:dd:a3:55:83:e7:
         fa:73:74:08:56:6a:cc:0d:0a:cc:da:d9:ca:09:ab:51:44:bf:
         c1:dc:e3:da:a4:c9:b1:09:61:10:f1:e1:0e:59:96:32:b6:ce:
         65:48:bf:41:ca:41:6e:e4:aa:4a:58:44:6b:6f:d1:01:94:70:
         1d:0a:a9:1c:48:3a:4d:0b:f9:7c:9d:e8:70:f3:b1:7d:52:aa:
         44:76:ae:5e:c3:d5:33:40:9b:90:5f:9b:dd:d0:e9:33:f5:5c:
         3c:d1:67:68:4c:8c:7b:24:ab:31:b5:50:f6:86:db:61:bc:5d:
         fd:f3:b0:f2:49:1f:5a:2e:b8:b1:46:a2:64:4e:99:35:22:29:
         99:c3:31:57:21:7c:08:e3:91:a5:ff:fa:f6:f1:90:f9:e6:33:
         f5:e6:c4:d3:29:7d:20:51:8e:8d:b6:b5:fd:3e:16:c3:6c:df:
         2b:85:cd:15:4f:3d:d7:8f:ed:ec:85:9f:a5:de:d9:aa:fc:ca:
         6a:51:34:49:0c:ce:3f:33:83:76:f2:90:c8:a8:fb:6b:87:f4:
         ea:3b:a1:7a:15:cc:2c:9e:e4:f1:be:87:93:fb:35:59:d4:95:
         5a:9d:43:81:b0:6a:cd:08:96:13:4d:97:3a:61:3f:28:1f:3e:
         3d:94:c5:3a
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYa2rMNx68zIbMEtFCD3M0pHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiMzJlOWY0YWEzMmFiYTczMTJmYWIwNTRiMTc0ZGNlOGM1
MTVjYTMwHhcNMjMwMzA2MTEyNzAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTE1ZWViZWNhNjIyYzI3OWFhNjgxMWM1ODAwMTA0MTYwMzE0MzM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6iMymUnPY8IMdESUsLnV5jtWevMJ
qDeJknjfj/89YHbdKhI+sFUOHMVMYod1FRME3lg25zWEH/dOvV2tQp0LkGQ05L2M
DkC17eXnJzyA6UPa9FJZ5wc5433KKeNWmA6uA/0srgLlADUnuhpIyMVbH+LrpeS2
worZGlMq8lvZqdn+NOqhxW8AAWwqGjpnE4jFe5dK3ywybD7+fGg/bwSQK4iEUPoG
YcAjtT7irE+jKHn1iR20cEa7p/KUHDyDEhgEjDb4MQ+GdB7mGYcw4W2jUOOI6R/2
akbRfCJseAMZ2op4UkvJ2UCRjd+zdI4WvrzQmt8kcaV6Wjej6JSoc9gj8wIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFNoV7r7KYiwnmqaBHFgAEEFgMUM3MB8GA1UdIwQY
MBaAFPsy6fSqMqunMS+rBUsXTc6MUVyjMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS16THA5S295cTZjeEw2c0ZTeGROem94UlhLTS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTIvMjc4NjYzLWIxMzUtNGRiMS1hMDQ0
LTIwNjI0YjNjMTU3Zi8xLzJoWHV2c3BpTENlYXBvRWNXQUFRUVdBeFF6Yy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZTIvMjc4NjYzLWIxMzUtNGRiMS1hMDQ0LTIwNjI0YjNjMTU3
Zi8xLzEtekxwOUtveXE2Y3hMNnNGU3hkTnpveFJYS00uY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBABNW0gD
BAFNW0owDQYJKoZIhvcNAQELBQADggEBAAXftMUAtq0NmzRb1Kndo1WD5/pzdAhW
aswNCsza2coJq1FEv8Hc49qkybEJYRDx4Q5ZljK2zmVIv0HKQW7kqkpYRGtv0QGU
cB0KqRxIOk0L+Xyd6HDzsX1SqkR2rl7D1TNAm5Bfm93Q6TP1XDzRZ2hMjHskqzG1
UPaG22G8Xf3zsPJJH1ouuLFGomROmTUiKZnDMVchfAjjkaX/+vbxkPnmM/XmxNMp
fSBRjo22tf0+FsNs3yuFzRVPPdeP7eyFn6Xe2ar8ympRNEkMzj8zg3bykMio+2uH
9Oo7oXoVzCye5PG+h5P7NVnUlVqdQ4Gwas0IlhNNlzphPygfPj2UxTo=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:48:57 2024 by rpki-client on console-ams.rpki-client.org