Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/OV8G8qv6qK_cP_nN95LRKniqLVQ.roa
File:                     OV8G8qv6qK_cP_nN95LRKniqLVQ.roa (raw, json)
Hash identifier:          E2GLTtmO/PsiKosEeepeVQN8mo6fyarZusON8ILh/wY=
Subject key identifier:   39:5F:06:F2:AB:FA:A8:AF:DC:3F:F9:CD:F7:92:D1:2A:78:AA:2D:54
Certificate issuer:       /CN=fb32e9f4aa32aba7312fab054b174dce8c515ca3
Certificate serial:       0185CB63F4D472DBE83F63A49F010C27DE3E
Authority key identifier: FB:32:E9:F4:AA:32:AB:A7:31:2F:AB:05:4B:17:4D:CE:8C:51:5C:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-zLp9Koyq6cxL6sFSxdNzoxRXKM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/OV8G8qv6qK_cP_nN95LRKniqLVQ.roa
Signing time:             Thu 19 Jan 2023 18:56:43 +0000
ROA not before:           Thu 19 Jan 2023 18:56:43 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     44477
IP address blocks:        77.91.75.0/24 maxlen: 24
                          77.91.103.0/24 maxlen: 24
                          77.91.102.0/24 maxlen: 24
                          77.91.101.0/24 maxlen: 24
                          77.91.100.0/24 maxlen: 24
                          77.91.122.0/23 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:cb:63:f4:d4:72:db:e8:3f:63:a4:9f:01:0c:27:de:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fb32e9f4aa32aba7312fab054b174dce8c515ca3
        Validity
            Not Before: Jan 19 18:56:43 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=395f06f2abfaa8afdc3ff9cdf792d12a78aa2d54
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:67:24:d1:f1:af:3a:46:d7:03:e5:4e:9f:75:
                    48:ec:50:e8:ca:35:14:58:6f:cd:fe:94:9e:44:b9:
                    da:e0:09:4d:a5:e9:15:d9:97:6b:19:d3:47:94:9c:
                    74:fd:ea:e2:f2:a6:0d:60:bc:11:07:d3:85:1e:9d:
                    3a:f6:c1:3e:f9:57:1c:8d:ea:c3:71:ad:d5:b7:c3:
                    d6:f8:d7:63:2d:18:2d:73:fe:ce:60:ed:5a:10:5d:
                    5c:27:0d:e4:ee:d3:c5:17:d5:a7:64:1d:59:ec:5b:
                    d4:60:35:ad:fd:0a:56:d3:b6:10:ee:30:75:41:19:
                    e0:c8:72:49:74:2c:75:f4:bd:b6:b0:1a:6e:bc:da:
                    12:e9:3b:18:8b:ad:49:9a:31:88:0a:29:1e:6d:2b:
                    72:a8:5b:13:0e:2f:65:aa:80:e1:1c:c2:61:43:eb:
                    cb:9c:f8:ee:fb:ed:59:6d:b9:10:a2:38:3f:f0:02:
                    ad:0a:b9:e9:57:72:52:ff:d2:3f:b6:23:6f:0e:5c:
                    fe:ca:ec:8f:b7:ed:75:c0:31:33:a3:a0:4d:4f:42:
                    6e:16:c8:13:02:47:52:93:97:d5:dc:b6:a6:d9:08:
                    36:4a:7c:e7:7d:95:9e:12:01:a8:6f:8e:f0:ee:f9:
                    f4:29:1b:d4:4b:cc:0c:bc:8d:2a:9d:bf:4f:db:25:
                    5a:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:5F:06:F2:AB:FA:A8:AF:DC:3F:F9:CD:F7:92:D1:2A:78:AA:2D:54
            X509v3 Authority Key Identifier:
                keyid:FB:32:E9:F4:AA:32:AB:A7:31:2F:AB:05:4B:17:4D:CE:8C:51:5C:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-zLp9Koyq6cxL6sFSxdNzoxRXKM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/OV8G8qv6qK_cP_nN95LRKniqLVQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/1-zLp9Koyq6cxL6sFSxdNzoxRXKM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.91.75.0/24
                  77.91.100.0/22
                  77.91.122.0/23

    Signature Algorithm: sha256WithRSAEncryption
         67:d5:fa:49:28:74:3f:71:8e:66:5e:6a:01:94:11:14:22:65:
         b4:40:0a:50:9b:f8:1e:32:ea:f2:6a:4e:3d:f9:46:11:17:ce:
         b8:8f:ee:ca:b3:4e:64:44:ed:99:30:f9:39:2f:51:b2:bb:8e:
         7f:74:e8:bc:d4:eb:48:7a:d9:61:5e:2d:65:e8:35:12:de:02:
         c0:fe:8a:ce:f1:39:ac:09:e8:33:a2:44:23:b6:b0:19:88:ac:
         cd:b2:46:29:25:67:25:48:8e:6b:8d:70:4e:37:70:ee:f8:9e:
         bd:a1:6b:09:94:24:ac:72:f1:84:9a:85:ae:40:75:38:69:95:
         78:a9:3c:b4:64:ea:3b:dd:db:c6:fa:6c:a6:39:16:c3:9d:e3:
         48:bc:8a:3d:e2:e8:75:4c:3e:8f:11:c7:c2:69:2b:4a:24:f1:
         36:3a:74:34:24:69:4c:3d:e6:6c:b3:20:26:d5:6f:86:c4:6a:
         06:86:90:8a:3b:9a:a3:25:34:bb:8f:d3:cf:f7:b2:d6:07:c7:
         fe:f0:9e:5b:50:72:2b:84:ac:3a:40:03:1b:86:4f:4b:d3:33:
         5a:5f:e7:22:93:9b:da:90:2a:08:43:8d:a0:b9:3a:66:e5:90:
         eb:75:17:82:22:be:f9:8e:eb:a3:d7:8a:8b:e6:69:bf:15:14:
         34:c8:bb:e0
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYXLY/TUctvoP2OknwEMJ94+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiMzJlOWY0YWEzMmFiYTczMTJmYWIwNTRiMTc0ZGNlOGM1
MTVjYTMwHhcNMjMwMTE5MTg1NjQzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTVmMDZmMmFiZmFhOGFmZGMzZmY5Y2RmNzkyZDEyYTc4YWEyZDU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqGck0fGvOkbXA+VOn3VI7FDoyjUU
WG/N/pSeRLna4AlNpekV2ZdrGdNHlJx0/eri8qYNYLwRB9OFHp069sE++VccjerD
ca3Vt8PW+NdjLRgtc/7OYO1aEF1cJw3k7tPFF9WnZB1Z7FvUYDWt/QpW07YQ7jB1
QRngyHJJdCx19L22sBpuvNoS6TsYi61JmjGICikebStyqFsTDi9lqoDhHMJhQ+vL
nPju++1ZbbkQojg/8AKtCrnpV3JS/9I/tiNvDlz+yuyPt+11wDEzo6BNT0JuFsgT
AkdSk5fV3Lam2Qg2SnznfZWeEgGob47w7vn0KRvUS8wMvI0qnb9P2yVakwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFDlfBvKr+qiv3D/5zfeS0Sp4qi1UMB8GA1UdIwQY
MBaAFPsy6fSqMqunMS+rBUsXTc6MUVyjMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS16THA5S295cTZjeEw2c0ZTeGROem94UlhLTS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTIvMjc4NjYzLWIxMzUtNGRiMS1hMDQ0
LTIwNjI0YjNjMTU3Zi8xL09WOEc4cXY2cUtfY1Bfbk45NUxSS25pcUxWUS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZTIvMjc4NjYzLWIxMzUtNGRiMS1hMDQ0LTIwNjI0YjNjMTU3
Zi8xLzEtekxwOUtveXE2Y3hMNnNGU3hkTnpveFJYS00uY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBIDBABNW0sD
BAJNW2QDBAFNW3owDQYJKoZIhvcNAQELBQADggEBAGfV+kkodD9xjmZeagGUERQi
ZbRAClCb+B4y6vJqTj35RhEXzriP7sqzTmRE7Zkw+TkvUbK7jn906LzU60h62WFe
LWXoNRLeAsD+is7xOawJ6DOiRCO2sBmIrM2yRiklZyVIjmuNcE43cO74nr2hawmU
JKxy8YSaha5AdThplXipPLRk6jvd28b6bKY5FsOd40i8ij3i6HVMPo8Rx8JpK0ok
8TY6dDQkaUw95myzICbVb4bEagaGkIo7mqMlNLuP08/3stYHx/7wnltQciuErDpA
AxuGT0vTM1pf5yKTm9qQKghDjaC5OmblkOt1F4IivvmO66PXiovmab8VFDTIu+A=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:48:57 2024 by rpki-client on console-ams.rpki-client.org