Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/X3n4FCdyYXdE2-87UErJ8tAehJw.roa
File:                     X3n4FCdyYXdE2-87UErJ8tAehJw.roa (raw, json)
Hash identifier:          2UaXWxiJjcI80WfEy3LbUGjJ0yq4uE8UC9B4eJrpqfc=
Subject key identifier:   5F:79:F8:14:27:72:61:77:44:DB:EF:3B:50:4A:C9:F2:D0:1E:84:9C
Certificate issuer:       /CN=fb32e9f4aa32aba7312fab054b174dce8c515ca3
Certificate serial:       018570305E385D23D0BB498CE765D86E4CC8
Authority key identifier: FB:32:E9:F4:AA:32:AB:A7:31:2F:AB:05:4B:17:4D:CE:8C:51:5C:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-zLp9Koyq6cxL6sFSxdNzoxRXKM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/X3n4FCdyYXdE2-87UErJ8tAehJw.roa
Signing time:             Mon 02 Jan 2023 01:54:56 +0000
ROA not before:           Mon 02 Jan 2023 01:54:56 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     56340
IP address blocks:        77.91.104.0/21 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:30:5e:38:5d:23:d0:bb:49:8c:e7:65:d8:6e:4c:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fb32e9f4aa32aba7312fab054b174dce8c515ca3
        Validity
            Not Before: Jan  2 01:54:56 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=5f79f8142772617744dbef3b504ac9f2d01e849c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:cf:69:60:c3:85:66:a1:60:9c:70:b8:6b:7f:
                    6e:9c:11:df:fd:59:26:0a:e6:bd:7e:73:33:28:f6:
                    68:41:b6:9e:29:a0:c2:01:e0:ff:f3:91:67:1f:69:
                    65:e4:a8:44:7d:51:8f:bd:27:39:51:89:fe:a0:87:
                    18:ea:4b:e7:ce:a5:cc:77:df:ac:56:83:38:da:68:
                    92:51:b3:18:d0:36:15:68:9a:87:79:5e:7c:f5:f7:
                    5f:78:4d:64:e3:0d:0d:f4:f6:f9:d9:c1:ce:a5:b5:
                    72:e6:65:39:a4:03:1a:05:53:ab:48:9f:b0:3f:44:
                    73:19:7e:d6:fe:7e:22:f0:4f:bd:c5:99:46:b3:ad:
                    28:55:57:56:3a:4b:d5:15:2a:99:a8:6f:ca:a6:b3:
                    a7:03:ab:fe:69:b8:56:25:c6:e6:d7:0c:66:bd:6d:
                    c2:03:3b:4d:95:a3:cf:66:67:81:13:cd:a5:3b:6b:
                    91:b0:b7:29:1c:6f:11:96:be:6d:3f:02:10:49:5e:
                    fe:9a:07:65:a5:18:65:5e:95:80:7c:bf:1b:ae:a9:
                    21:18:8d:b3:fd:ac:bc:d9:40:27:20:1f:af:fd:25:
                    97:b2:22:13:e5:ef:ad:8c:15:d3:8a:58:6a:3d:a1:
                    54:79:f1:f4:21:4d:e1:b4:f4:da:48:f6:a0:81:bd:
                    f6:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:79:F8:14:27:72:61:77:44:DB:EF:3B:50:4A:C9:F2:D0:1E:84:9C
            X509v3 Authority Key Identifier:
                keyid:FB:32:E9:F4:AA:32:AB:A7:31:2F:AB:05:4B:17:4D:CE:8C:51:5C:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-zLp9Koyq6cxL6sFSxdNzoxRXKM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/X3n4FCdyYXdE2-87UErJ8tAehJw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/1-zLp9Koyq6cxL6sFSxdNzoxRXKM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.91.104.0/21

    Signature Algorithm: sha256WithRSAEncryption
         ab:c4:fc:18:9c:d5:95:16:fb:bd:a1:f0:ef:6d:59:0e:0b:62:
         fe:0d:34:af:a9:ac:18:d7:87:ce:e9:2c:ba:cf:13:59:14:5d:
         92:42:e2:6a:c7:03:5b:f5:ba:34:76:6f:d5:d5:73:8c:ab:3c:
         4f:ca:26:45:bd:45:91:e5:cf:71:54:0d:43:43:e1:49:ae:51:
         48:0f:f4:42:15:37:63:b9:cd:e9:9e:be:ea:0f:4b:5c:9f:44:
         b9:cb:34:74:40:d3:1f:5a:de:12:a7:05:82:89:d6:7c:31:f5:
         ff:6a:df:a8:a9:27:0b:5e:d0:0a:4d:0b:ce:6a:96:41:eb:66:
         e3:39:71:f0:fa:d2:a7:fc:ca:c4:a7:05:c0:7a:e7:24:be:61:
         2a:f7:60:e6:a0:b9:d3:5a:e0:a3:93:07:bf:d6:61:12:d6:de:
         b9:5c:91:1b:75:75:7d:00:a5:28:03:c0:ce:95:5a:02:ee:16:
         cf:62:1d:2a:4a:d2:4e:73:b1:0e:1d:bd:e6:87:b3:b3:84:92:
         71:89:5a:99:67:15:0a:4b:42:3c:19:59:14:03:0a:fd:2c:a6:
         38:b4:d0:68:bc:ba:38:12:64:35:4e:75:78:98:25:a3:77:e3:
         b5:bb:b7:f5:93:6c:16:cd:b6:8a:6c:a5:3e:2e:fb:3c:cf:17:
         e8:f7:9b:db
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYVwMF44XSPQu0mM52XYbkzIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiMzJlOWY0YWEzMmFiYTczMTJmYWIwNTRiMTc0ZGNlOGM1
MTVjYTMwHhcNMjMwMTAyMDE1NDU2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Zjc5ZjgxNDI3NzI2MTc3NDRkYmVmM2I1MDRhYzlmMmQwMWU4NDljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn89pYMOFZqFgnHC4a39unBHf/Vkm
Cua9fnMzKPZoQbaeKaDCAeD/85FnH2ll5KhEfVGPvSc5UYn+oIcY6kvnzqXMd9+s
VoM42miSUbMY0DYVaJqHeV589fdfeE1k4w0N9Pb52cHOpbVy5mU5pAMaBVOrSJ+w
P0RzGX7W/n4i8E+9xZlGs60oVVdWOkvVFSqZqG/KprOnA6v+abhWJcbm1wxmvW3C
AztNlaPPZmeBE82lO2uRsLcpHG8Rlr5tPwIQSV7+mgdlpRhlXpWAfL8brqkhGI2z
/ay82UAnIB+v/SWXsiIT5e+tjBXTilhqPaFUefH0IU3htPTaSPaggb32rwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFF95+BQncmF3RNvvO1BKyfLQHoScMB8GA1UdIwQY
MBaAFPsy6fSqMqunMS+rBUsXTc6MUVyjMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS16THA5S295cTZjeEw2c0ZTeGROem94UlhLTS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTIvMjc4NjYzLWIxMzUtNGRiMS1hMDQ0
LTIwNjI0YjNjMTU3Zi8xL1gzbjRGQ2R5WVhkRTItODdVRXJKOHRBZWhKdy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZTIvMjc4NjYzLWIxMzUtNGRiMS1hMDQ0LTIwNjI0YjNjMTU3
Zi8xLzEtekxwOUtveXE2Y3hMNnNGU3hkTnpveFJYS00uY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBANNW2gw
DQYJKoZIhvcNAQELBQADggEBAKvE/Bic1ZUW+72h8O9tWQ4LYv4NNK+prBjXh87p
LLrPE1kUXZJC4mrHA1v1ujR2b9XVc4yrPE/KJkW9RZHlz3FUDUND4UmuUUgP9EIV
N2O5zemevuoPS1yfRLnLNHRA0x9a3hKnBYKJ1nwx9f9q36ipJwte0ApNC85qlkHr
ZuM5cfD60qf8ysSnBcB65yS+YSr3YOagudNa4KOTB7/WYRLW3rlckRt1dX0ApSgD
wM6VWgLuFs9iHSpK0k5zsQ4dveaHs7OEknGJWplnFQpLQjwZWRQDCv0spji00Gi8
ujgSZDVOdXiYJaN347W7t/WTbBbNtopspT4u+zzPF+j3m9s=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:48:57 2024 by rpki-client on console-ams.rpki-client.org