Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/Fi9rVsSdZXqZQhArd74vpSbsQc0.roa
File:                     Fi9rVsSdZXqZQhArd74vpSbsQc0.roa (raw, json)
Hash identifier:          2erikujo48bK0vBDf4KS3s7lS/aFvXkrW+Ie8ODNjUg=
Subject key identifier:   16:2F:6B:56:C4:9D:65:7A:99:42:10:2B:77:BE:2F:A5:26:EC:41:CD
Certificate issuer:       /CN=fb32e9f4aa32aba7312fab054b174dce8c515ca3
Certificate serial:       134ADECD
Authority key identifier: FB:32:E9:F4:AA:32:AB:A7:31:2F:AB:05:4B:17:4D:CE:8C:51:5C:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-zLp9Koyq6cxL6sFSxdNzoxRXKM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/Fi9rVsSdZXqZQhArd74vpSbsQc0.roa
Signing time:             Wed 30 Mar 2022 21:45:51 +0000
ROA not before:           Wed 30 Mar 2022 21:45:51 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     43624
IP address blocks:        77.91.75.0/24 maxlen: 24
                          77.91.72.0/24 maxlen: 24
                          77.91.74.0/24 maxlen: 24
                          77.91.73.0/24 maxlen: 24
                          77.91.103.0/24 maxlen: 24
                          77.91.102.0/24 maxlen: 24
                          77.91.100.0/24 maxlen: 32
                          77.91.101.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 323673805 (0x134adecd)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fb32e9f4aa32aba7312fab054b174dce8c515ca3
        Validity
            Not Before: Mar 30 21:45:51 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=162f6b56c49d657a9942102b77be2fa526ec41cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:cf:eb:ec:e9:bf:15:c3:cf:c2:52:45:ba:26:
                    72:ac:dc:39:3d:ca:a2:5d:b7:41:88:96:6d:0c:34:
                    0d:4f:90:f0:1c:93:17:75:5b:2d:18:b5:69:96:e9:
                    19:37:9f:8e:7c:39:70:08:a4:76:2d:32:86:f5:cc:
                    f7:76:09:10:44:3b:7c:ce:a9:25:2b:05:2f:41:02:
                    f9:e7:13:2e:13:88:4f:7a:db:6f:1d:f6:3a:4d:c1:
                    7c:3b:87:6d:c8:ad:01:6c:87:ee:41:7e:55:c1:91:
                    7f:37:45:a0:29:4a:e4:e7:e7:f3:03:ce:81:2c:9e:
                    4a:d7:02:d6:11:99:bd:00:4e:08:b3:63:d0:53:4d:
                    74:4d:cf:8f:b5:cc:80:54:da:8d:55:95:4e:9b:3f:
                    10:f5:17:7d:18:b1:17:0f:90:4a:15:28:2d:ee:e9:
                    d7:96:a5:4f:8d:6b:42:36:e7:bd:7f:78:be:c9:78:
                    cf:f6:b9:ce:d3:30:5d:4b:5c:cd:eb:11:cc:8e:27:
                    79:be:3f:60:15:66:2f:4c:84:77:41:9d:93:c7:e7:
                    2a:1e:87:89:b1:18:5c:5e:ad:c8:d8:9e:26:a9:c0:
                    d7:a5:19:37:15:24:e3:c6:2f:ba:35:7b:00:15:c8:
                    b1:f5:3a:c0:9e:2d:9e:c8:79:be:24:c6:ca:4f:39:
                    f4:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:2F:6B:56:C4:9D:65:7A:99:42:10:2B:77:BE:2F:A5:26:EC:41:CD
            X509v3 Authority Key Identifier:
                keyid:FB:32:E9:F4:AA:32:AB:A7:31:2F:AB:05:4B:17:4D:CE:8C:51:5C:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-zLp9Koyq6cxL6sFSxdNzoxRXKM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/Fi9rVsSdZXqZQhArd74vpSbsQc0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/1-zLp9Koyq6cxL6sFSxdNzoxRXKM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.91.72.0/22
                  77.91.100.0/22

    Signature Algorithm: sha256WithRSAEncryption
         46:ec:06:08:6b:9d:01:9d:a0:67:00:b0:1f:5d:bb:d0:08:f1:
         6d:b9:9e:b8:6f:54:6f:35:a4:e2:0a:79:75:f4:70:c7:f1:dc:
         de:8d:61:43:7a:c2:b9:3e:10:c5:73:da:39:70:8c:2e:a2:a0:
         b7:e6:16:6a:a2:3e:1b:d3:25:56:d2:a7:e3:ee:b7:66:6c:8c:
         7e:91:87:51:fb:5e:80:87:36:d9:33:f1:b4:65:bc:a2:c6:a2:
         a6:c5:f4:c3:e7:77:21:b3:2a:69:a9:f6:36:d9:60:3c:54:76:
         d8:40:73:31:40:fd:55:08:bf:79:aa:1f:12:64:8c:ff:b9:96:
         96:c7:ad:6d:d3:09:1c:fe:74:52:af:21:ab:41:54:7b:1d:e7:
         e1:e7:67:65:73:99:a6:bd:9c:4d:d3:42:06:7e:7f:de:85:99:
         7d:9c:7c:9b:4a:ec:aa:3c:6d:2b:ee:2a:67:b4:24:54:eb:6d:
         25:f6:3b:fe:0e:4c:00:7d:09:24:8b:1f:63:24:e3:4d:09:05:
         7c:ed:3c:41:9e:cf:1d:4f:7c:6e:ca:8f:63:37:d4:43:42:42:
         bb:f1:28:62:db:80:fe:59:48:c9:bb:5f:e6:e6:7b:ee:e1:4a:
         fe:58:a8:35:92:52:a4:8e:04:8c:73:32:ad:d5:41:57:98:70:
         2c:bb:c4:f3
-----BEGIN CERTIFICATE-----
MIIE9zCCA9+gAwIBAgIEE0rezTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhm
YjMyZTlmNGFhMzJhYmE3MzEyZmFiMDU0YjE3NGRjZThjNTE1Y2EzMB4XDTIyMDMz
MDIxNDU1MVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMTYyZjZiNTZjNDlk
NjU3YTk5NDIxMDJiNzdiZTJmYTUyNmVjNDFjZDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALvP6+zpvxXDz8JSRbomcqzcOT3Kol23QYiWbQw0DU+Q8ByT
F3VbLRi1aZbpGTefjnw5cAikdi0yhvXM93YJEEQ7fM6pJSsFL0EC+ecTLhOIT3rb
bx32Ok3BfDuHbcitAWyH7kF+VcGRfzdFoClK5Ofn8wPOgSyeStcC1hGZvQBOCLNj
0FNNdE3Pj7XMgFTajVWVTps/EPUXfRixFw+QShUoLe7p15alT41rQjbnvX94vsl4
z/a5ztMwXUtczesRzI4neb4/YBVmL0yEd0Gdk8fnKh6HibEYXF6tyNieJqnA16UZ
NxUk48YvujV7ABXIsfU6wJ4tnsh5viTGyk859IUCAwEAAaOCAhEwggINMB0GA1Ud
DgQWBBQWL2tWxJ1leplCECt3vi+lJuxBzTAfBgNVHSMEGDAWgBT7Mun0qjKrpzEv
qwVLF03OjFFcozAOBgNVHQ8BAf8EBAMCB4AwZQYIKwYBBQUHAQEEWTBXMFUGCCsG
AQUFBzAChklyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzEtekxwOUtveXE2Y3hMNnNGU3hkTnpveFJYS00uY2VyMIGNBggrBgEFBQcBCwSB
gDB+MHwGCCsGAQUFBzALhnByc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS9ERUZBVUxUL2UyLzI3ODY2My1iMTM1LTRkYjEtYTA0NC0yMDYyNGIzYzE1N2Yv
MS9GaTlyVnNTZFpYcVpRaEFyZDc0dnBTYnNRYzAucm9hMIGCBgNVHR8EezB5MHeg
daBzhnFyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2Uy
LzI3ODY2My1iMTM1LTRkYjEtYTA0NC0yMDYyNGIzYzE1N2YvMS8xLXpMcDlLb3lx
NmN4TDZzRlN4ZE56b3hSWEtNLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4C
MCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCTVtIAwQCTVtkMA0GCSqGSIb3
DQEBCwUAA4IBAQBG7AYIa50BnaBnALAfXbvQCPFtuZ64b1RvNaTiCnl19HDH8dze
jWFDesK5PhDFc9o5cIwuoqC35hZqoj4b0yVW0qfj7rdmbIx+kYdR+16AhzbZM/G0
ZbyixqKmxfTD53chsyppqfY22WA8VHbYQHMxQP1VCL95qh8SZIz/uZaWx61t0wkc
/nRSryGrQVR7Hefh52dlc5mmvZxN00IGfn/ehZl9nHybSuyqPG0r7ipntCRU620l
9jv+DkwAfQkkix9jJONNCQV87TxBns8dT3xuyo9jN9RDQkK78Shi24D+WUjJu1/m
5nvu4Ur+WKg1klKkjgSMczKt1UFXmHAsu8Tz
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:48:57 2024 by rpki-client on console-ams.rpki-client.org