Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/8yueJ3U04Lg4f5HdZTStVFbB0k4.roa
File:                     8yueJ3U04Lg4f5HdZTStVFbB0k4.roa (raw, json)
Hash identifier:          i2otTWv9I7+XD4cJOfEnuX8EhWrK096JW5Kj0IhIcUk=
Subject key identifier:   F3:2B:9E:27:75:34:E0:B8:38:7F:91:DD:65:34:AD:54:56:C1:D2:4E
Certificate issuer:       /CN=fb32e9f4aa32aba7312fab054b174dce8c515ca3
Certificate serial:       134084F3
Authority key identifier: FB:32:E9:F4:AA:32:AB:A7:31:2F:AB:05:4B:17:4D:CE:8C:51:5C:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-zLp9Koyq6cxL6sFSxdNzoxRXKM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/8yueJ3U04Lg4f5HdZTStVFbB0k4.roa
Signing time:             Mon 28 Mar 2022 15:14:38 +0000
ROA not before:           Mon 28 Mar 2022 15:14:38 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     42861
IP address blocks:        77.91.64.0/18 maxlen: 32
                          77.91.101.0/24 maxlen: 32
                          77.91.112.0/24 maxlen: 32
                          185.149.144.0/22 maxlen: 32
                          2a00:1e68:112::/48 maxlen: 128
                          2a00:1e68:100::/48 maxlen: 128
                          2a00:1e68:100::/47 maxlen: 128
                          2a00:1e68:101::/48 maxlen: 128
                          2a00:1e68::/29 maxlen: 128

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 322995443 (0x134084f3)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fb32e9f4aa32aba7312fab054b174dce8c515ca3
        Validity
            Not Before: Mar 28 15:14:38 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=f32b9e277534e0b8387f91dd6534ad5456c1d24e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:f7:f5:cf:7a:8c:e6:47:2c:a0:46:dd:31:23:
                    53:ba:69:b8:bd:67:13:0d:e3:bd:94:07:2d:b1:e4:
                    85:03:a6:80:75:50:e5:2e:6d:15:8f:ab:a3:80:37:
                    7d:c8:dc:0f:fc:ec:85:f0:76:e8:19:f7:41:fe:49:
                    cc:5a:21:a0:03:d5:91:52:9f:09:6d:a3:6a:79:ba:
                    bd:86:4f:c4:e0:22:4c:32:6f:d1:09:e1:34:38:76:
                    37:5d:2a:35:e3:b4:48:7d:87:44:1b:26:60:40:77:
                    91:58:42:68:21:01:82:39:64:51:ce:37:c6:07:01:
                    ab:c2:54:37:7a:36:0b:4b:7b:ff:92:c3:cb:c5:57:
                    8c:4e:2b:81:22:b8:19:9c:a1:1b:84:1d:38:8e:c5:
                    88:8e:56:04:6d:99:38:85:68:1f:dc:4e:38:17:1c:
                    81:84:68:10:be:12:c8:a4:84:43:5e:a0:db:97:31:
                    a7:4e:6e:46:42:9f:c5:92:64:04:70:26:16:b8:49:
                    8d:3c:48:af:d6:d1:b6:21:33:e0:39:3b:6f:85:d5:
                    0d:14:a7:34:be:d4:43:3d:85:40:48:02:22:3f:4b:
                    6c:be:2f:93:c1:e4:a0:cd:cd:65:85:c0:ff:22:b2:
                    c8:0f:9f:1b:96:ac:48:07:73:bc:9c:7d:85:55:23:
                    db:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:2B:9E:27:75:34:E0:B8:38:7F:91:DD:65:34:AD:54:56:C1:D2:4E
            X509v3 Authority Key Identifier:
                keyid:FB:32:E9:F4:AA:32:AB:A7:31:2F:AB:05:4B:17:4D:CE:8C:51:5C:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-zLp9Koyq6cxL6sFSxdNzoxRXKM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/8yueJ3U04Lg4f5HdZTStVFbB0k4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/1-zLp9Koyq6cxL6sFSxdNzoxRXKM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.91.64.0/18
                  185.149.144.0/22
                IPv6:
                  2a00:1e68::/29

    Signature Algorithm: sha256WithRSAEncryption
         b4:49:03:30:e9:fa:44:9b:24:e1:ea:e8:3b:df:2e:69:a6:d9:
         a3:40:7a:c0:1b:75:21:73:e8:01:92:b2:34:b7:37:3c:05:aa:
         0a:cb:e0:8f:3b:43:f5:c4:86:99:6f:6c:c4:0f:b4:d7:3d:95:
         c5:cf:63:47:98:bc:14:74:94:50:2c:67:ce:6e:f2:ad:85:92:
         e3:1f:3b:b3:98:58:0c:53:72:11:45:0e:e1:c8:d7:4d:9c:3a:
         a8:60:20:1f:dd:5a:03:5d:db:49:77:18:b4:91:16:08:f5:cf:
         eb:5e:30:cb:15:30:4c:42:a3:06:4c:dc:03:cb:4e:29:47:ed:
         c0:5f:2c:c5:00:6f:c4:5e:ac:01:9b:78:4c:e4:38:ce:c1:12:
         16:c4:45:1c:ea:c5:f7:46:b9:3f:a2:33:e1:29:a2:34:8b:a7:
         dc:3d:ec:89:ef:0f:25:71:f9:30:11:4c:53:1a:25:f1:6e:65:
         2c:8d:74:61:1c:cb:ed:08:40:66:f1:c6:f2:6c:ca:ca:1d:fd:
         7b:1b:3d:8d:35:79:b5:e5:5d:41:d2:9c:23:ce:94:4a:e1:fb:
         3e:10:57:d8:a8:84:03:a0:d3:fa:21:9c:b3:be:22:81:b3:c2:
         ae:38:c0:15:28:15:02:22:81:33:9b:b2:03:08:4a:c4:17:ca:
         71:90:8a:ac
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIEE0CE8zANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhm
YjMyZTlmNGFhMzJhYmE3MzEyZmFiMDU0YjE3NGRjZThjNTE1Y2EzMB4XDTIyMDMy
ODE1MTQzOFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZjMyYjllMjc3NTM0
ZTBiODM4N2Y5MWRkNjUzNGFkNTQ1NmMxZDI0ZTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANH39c96jOZHLKBG3TEjU7ppuL1nEw3jvZQHLbHkhQOmgHVQ
5S5tFY+ro4A3fcjcD/zshfB26Bn3Qf5JzFohoAPVkVKfCW2janm6vYZPxOAiTDJv
0QnhNDh2N10qNeO0SH2HRBsmYEB3kVhCaCEBgjlkUc43xgcBq8JUN3o2C0t7/5LD
y8VXjE4rgSK4GZyhG4QdOI7FiI5WBG2ZOIVoH9xOOBccgYRoEL4SyKSEQ16g25cx
p05uRkKfxZJkBHAmFrhJjTxIr9bRtiEz4Dk7b4XVDRSnNL7UQz2FQEgCIj9LbL4v
k8HkoM3NZYXA/yKyyA+fG5asSAdzvJx9hVUj2z8CAwEAAaOCAiAwggIcMB0GA1Ud
DgQWBBTzK54ndTTguDh/kd1lNK1UVsHSTjAfBgNVHSMEGDAWgBT7Mun0qjKrpzEv
qwVLF03OjFFcozAOBgNVHQ8BAf8EBAMCB4AwZQYIKwYBBQUHAQEEWTBXMFUGCCsG
AQUFBzAChklyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzEtekxwOUtveXE2Y3hMNnNGU3hkTnpveFJYS00uY2VyMIGNBggrBgEFBQcBCwSB
gDB+MHwGCCsGAQUFBzALhnByc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS9ERUZBVUxUL2UyLzI3ODY2My1iMTM1LTRkYjEtYTA0NC0yMDYyNGIzYzE1N2Yv
MS84eXVlSjNVMDRMZzRmNUhkWlRTdFZGYkIwazQucm9hMIGCBgNVHR8EezB5MHeg
daBzhnFyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2Uy
LzI3ODY2My1iMTM1LTRkYjEtYTA0NC0yMDYyNGIzYzE1N2YvMS8xLXpMcDlLb3lx
NmN4TDZzRlN4ZE56b3hSWEtNLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4C
MDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQGTVtAAwQCuZWQMA0EAgACMAcD
BQMqAB5oMA0GCSqGSIb3DQEBCwUAA4IBAQC0SQMw6fpEmyTh6ug73y5pptmjQHrA
G3Uhc+gBkrI0tzc8BaoKy+CPO0P1xIaZb2zED7TXPZXFz2NHmLwUdJRQLGfObvKt
hZLjHzuzmFgMU3IRRQ7hyNdNnDqoYCAf3VoDXdtJdxi0kRYI9c/rXjDLFTBMQqMG
TNwDy04pR+3AXyzFAG/EXqwBm3hM5DjOwRIWxEUc6sX3Rrk/ojPhKaI0i6fcPeyJ
7w8lcfkwEUxTGiXxbmUsjXRhHMvtCEBm8cbybMrKHf17Gz2NNXm15V1B0pwjzpRK
4fs+EFfYqIQDoNP6IZyzviKBs8KuOMAVKBUCIoEzm7IDCErEF8pxkIqs
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:48:57 2024 by rpki-client on console-ams.rpki-client.org