Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/8tIXX12OFXn35GO6Z7CbpqXZmms.roa
File:                     8tIXX12OFXn35GO6Z7CbpqXZmms.roa (raw, json)
Hash identifier:          s13315VbBFJQHDhbpIZuEGep0sMMAaxPIP+cijpSGVU=
Subject key identifier:   F2:D2:17:5F:5D:8E:15:79:F7:E4:63:BA:67:B0:9B:A6:A5:D9:9A:6B
Certificate issuer:       /CN=fb32e9f4aa32aba7312fab054b174dce8c515ca3
Certificate serial:       018570305D50EA4FCB91A585A4DFF1643F84
Authority key identifier: FB:32:E9:F4:AA:32:AB:A7:31:2F:AB:05:4B:17:4D:CE:8C:51:5C:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-zLp9Koyq6cxL6sFSxdNzoxRXKM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/8tIXX12OFXn35GO6Z7CbpqXZmms.roa
Signing time:             Mon 02 Jan 2023 01:54:55 +0000
ROA not before:           Mon 02 Jan 2023 01:54:55 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     52000
IP address blocks:        77.91.73.0/24 maxlen: 24
                          77.91.127.0/24 maxlen: 24
                          77.91.126.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:30:5d:50:ea:4f:cb:91:a5:85:a4:df:f1:64:3f:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fb32e9f4aa32aba7312fab054b174dce8c515ca3
        Validity
            Not Before: Jan  2 01:54:55 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f2d2175f5d8e1579f7e463ba67b09ba6a5d99a6b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:a6:d5:17:97:06:2f:b2:b3:37:e1:18:f4:d6:
                    b5:e3:99:32:d9:98:09:f3:9a:25:cf:7b:ca:90:88:
                    9f:fd:0f:62:7f:e3:b0:2c:d4:d9:46:b9:6d:b4:be:
                    67:3a:05:20:06:7b:36:35:01:e4:8c:19:9f:d7:fb:
                    c5:b4:75:15:42:6f:2c:da:56:ff:69:4c:15:12:20:
                    ae:df:f3:d9:0d:a5:5b:08:9e:7b:5a:3a:5a:62:2d:
                    99:da:c7:9c:18:f0:30:bd:9b:fd:c8:93:6b:52:06:
                    df:99:ed:78:2b:ac:25:15:c6:24:7a:01:50:02:cd:
                    00:f9:c6:a8:1e:46:f8:c6:ae:74:58:a8:bf:3b:bd:
                    4f:79:9e:9a:70:7e:29:cb:cb:f7:e3:e2:d3:eb:cb:
                    b5:5d:37:59:10:69:9f:e8:e4:c0:5e:94:ec:8e:a4:
                    fa:80:59:3f:a1:22:ca:05:f8:2c:70:35:59:2b:c1:
                    67:94:ce:50:aa:fc:95:ae:de:02:f4:b3:3e:4c:75:
                    40:23:50:b0:79:98:d0:bd:e7:f7:ca:fa:65:2f:6e:
                    4b:78:c5:bc:46:ed:3d:02:a8:8d:1f:3d:cb:44:ac:
                    c0:5a:17:05:cf:0d:25:2d:43:f7:bc:32:77:b0:bb:
                    6c:0d:1f:89:c7:2e:c7:7b:1e:49:6b:24:2a:da:d7:
                    05:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:D2:17:5F:5D:8E:15:79:F7:E4:63:BA:67:B0:9B:A6:A5:D9:9A:6B
            X509v3 Authority Key Identifier:
                keyid:FB:32:E9:F4:AA:32:AB:A7:31:2F:AB:05:4B:17:4D:CE:8C:51:5C:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-zLp9Koyq6cxL6sFSxdNzoxRXKM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/8tIXX12OFXn35GO6Z7CbpqXZmms.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/1-zLp9Koyq6cxL6sFSxdNzoxRXKM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.91.73.0/24
                  77.91.126.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a9:6a:38:04:19:04:3e:51:fe:d4:a9:46:0a:93:76:0c:c1:ba:
         9b:d5:75:8f:fa:e8:ed:b2:da:fb:e8:d4:04:d7:a7:f9:7f:25:
         30:38:85:e6:9a:b5:8e:ee:f6:9e:27:60:b4:61:7e:10:57:cd:
         a8:5f:60:96:88:7f:7b:47:e5:c3:7b:c9:20:c1:21:9c:c4:45:
         dc:2a:05:75:55:8d:89:76:02:49:cf:c5:a3:a2:d8:8c:5d:dc:
         65:1a:56:60:05:d4:1c:44:3e:c5:fc:44:37:ad:bc:84:47:c1:
         68:3a:a3:cd:d4:ec:16:fa:73:83:c7:91:29:a7:84:66:89:73:
         8e:24:d9:ff:51:0f:b7:7e:5c:7e:ae:9a:3b:96:4b:b5:ac:77:
         a6:5c:7f:65:2e:28:76:64:d9:a2:5d:1e:db:ad:a1:11:7d:ac:
         d8:2e:98:8d:a7:50:61:f7:db:de:7b:a6:43:8d:b0:e3:dd:2e:
         7a:86:65:97:1c:03:07:94:fd:dc:66:36:70:08:ce:af:a0:e5:
         ef:1e:5b:fd:c7:3d:a1:fa:81:ed:56:8b:a2:9d:b7:00:68:b2:
         be:68:92:d2:50:c6:d2:93:c4:03:c9:d4:07:09:78:22:0f:68:
         1b:44:cb:c3:67:77:87:5d:d1:dd:57:5d:02:e4:b5:7c:bf:5c:
         59:db:a0:af
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYVwMF1Q6k/LkaWFpN/xZD+EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiMzJlOWY0YWEzMmFiYTczMTJmYWIwNTRiMTc0ZGNlOGM1
MTVjYTMwHhcNMjMwMTAyMDE1NDU1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMmQyMTc1ZjVkOGUxNTc5ZjdlNDYzYmE2N2IwOWJhNmE1ZDk5YTZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmqbVF5cGL7KzN+EY9Na145ky2ZgJ
85olz3vKkIif/Q9if+OwLNTZRrlttL5nOgUgBns2NQHkjBmf1/vFtHUVQm8s2lb/
aUwVEiCu3/PZDaVbCJ57WjpaYi2Z2secGPAwvZv9yJNrUgbfme14K6wlFcYkegFQ
As0A+caoHkb4xq50WKi/O71PeZ6acH4py8v34+LT68u1XTdZEGmf6OTAXpTsjqT6
gFk/oSLKBfgscDVZK8FnlM5QqvyVrt4C9LM+THVAI1CweZjQvef3yvplL25LeMW8
Ru09AqiNHz3LRKzAWhcFzw0lLUP3vDJ3sLtsDR+Jxy7Hex5JayQq2tcFHQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFPLSF19djhV59+Rjumewm6al2ZprMB8GA1UdIwQY
MBaAFPsy6fSqMqunMS+rBUsXTc6MUVyjMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS16THA5S295cTZjeEw2c0ZTeGROem94UlhLTS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTIvMjc4NjYzLWIxMzUtNGRiMS1hMDQ0
LTIwNjI0YjNjMTU3Zi8xLzh0SVhYMTJPRlhuMzVHTzZaN0NicHFYWm1tcy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZTIvMjc4NjYzLWIxMzUtNGRiMS1hMDQ0LTIwNjI0YjNjMTU3
Zi8xLzEtekxwOUtveXE2Y3hMNnNGU3hkTnpveFJYS00uY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBABNW0kD
BAFNW34wDQYJKoZIhvcNAQELBQADggEBAKlqOAQZBD5R/tSpRgqTdgzBupvVdY/6
6O2y2vvo1ATXp/l/JTA4heaatY7u9p4nYLRhfhBXzahfYJaIf3tH5cN7ySDBIZzE
RdwqBXVVjYl2AknPxaOi2Ixd3GUaVmAF1BxEPsX8RDetvIRHwWg6o83U7Bb6c4PH
kSmnhGaJc44k2f9RD7d+XH6umjuWS7Wsd6Zcf2UuKHZk2aJdHtutoRF9rNgumI2n
UGH32957pkONsOPdLnqGZZccAweU/dxmNnAIzq+g5e8eW/3HPaH6ge1Wi6KdtwBo
sr5oktJQxtKTxAPJ1AcJeCIPaBtEy8Nnd4dd0d1XXQLktXy/XFnboK8=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:57:04 2024 by rpki-client on console-fra.rpki-client.org