Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/YhZl6IcpyWfpFHG2_P3AiVKsfj0.roa
File:                     YhZl6IcpyWfpFHG2_P3AiVKsfj0.roa (raw, json)
Hash identifier:          8sdcaVeqbnRpoaIdJ61X9VcpCD2FrwvPoATSy7FrBtw=
Subject key identifier:   62:16:65:E8:87:29:C9:67:E9:14:71:B6:FC:FD:C0:89:52:AC:7E:3D
Certificate issuer:       /CN=fb32e9f4aa32aba7312fab054b174dce8c515ca3
Certificate serial:       13405058
Authority key identifier: FB:32:E9:F4:AA:32:AB:A7:31:2F:AB:05:4B:17:4D:CE:8C:51:5C:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-zLp9Koyq6cxL6sFSxdNzoxRXKM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/YhZl6IcpyWfpFHG2_P3AiVKsfj0.roa
Signing time:             Mon 28 Mar 2022 15:14:11 +0000
ROA not before:           Mon 28 Mar 2022 15:14:11 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     43624
IP address blocks:        77.91.100.0/24 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 322981976 (0x13405058)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fb32e9f4aa32aba7312fab054b174dce8c515ca3
        Validity
            Not Before: Mar 28 15:14:11 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=621665e88729c967e91471b6fcfdc08952ac7e3d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:ee:92:08:91:aa:70:ea:b2:8a:eb:83:6a:11:
                    6f:6c:33:90:cd:8f:cb:03:6a:1f:fa:8b:9a:1c:35:
                    86:3c:51:9f:f0:37:2d:d7:84:5b:9d:7f:d8:0f:85:
                    e6:bf:ec:12:54:34:16:90:1a:1a:dd:35:0f:83:6b:
                    b4:cf:0f:56:b6:37:6f:3b:f3:25:f4:50:c4:85:c9:
                    3c:9d:57:95:d7:3d:7f:ac:e3:99:a5:f2:df:44:ba:
                    a9:7f:cc:55:33:f4:e5:01:5b:3e:86:bc:de:b8:1f:
                    2a:3a:13:bb:70:a9:b2:5c:60:27:51:ce:87:9c:fd:
                    92:19:55:74:59:8e:f7:33:40:0e:5a:65:8f:87:fa:
                    27:2e:73:b9:6a:f5:48:82:46:48:1b:04:75:69:a7:
                    46:7c:c4:44:56:f7:a3:9f:67:25:ca:44:20:61:59:
                    c3:69:db:13:00:a4:b4:82:17:fe:22:a6:5d:34:79:
                    23:c1:88:d7:6c:20:17:b3:9a:c1:a1:e1:d2:05:9a:
                    73:72:ae:eb:13:ed:11:8f:65:92:c3:a9:b2:c1:02:
                    7f:1e:e5:a4:a6:a9:89:24:6b:bd:8c:04:83:c7:f4:
                    01:64:df:b9:c1:f6:2c:7f:d3:09:e3:68:cf:35:e3:
                    1c:75:48:5d:03:99:b5:58:5c:4d:bd:45:ce:23:a3:
                    cf:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:16:65:E8:87:29:C9:67:E9:14:71:B6:FC:FD:C0:89:52:AC:7E:3D
            X509v3 Authority Key Identifier:
                keyid:FB:32:E9:F4:AA:32:AB:A7:31:2F:AB:05:4B:17:4D:CE:8C:51:5C:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-zLp9Koyq6cxL6sFSxdNzoxRXKM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/YhZl6IcpyWfpFHG2_P3AiVKsfj0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/1-zLp9Koyq6cxL6sFSxdNzoxRXKM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.91.100.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b9:22:17:f3:f5:72:04:dd:92:4a:56:df:6a:c8:44:71:a5:01:
         12:1f:71:8c:44:f0:53:4b:4c:25:56:e2:81:67:18:65:b9:88:
         86:2f:b0:e7:60:01:83:d7:82:83:0e:70:68:05:b7:f7:a4:de:
         f8:83:04:2b:9b:89:67:56:67:32:b5:0e:f4:23:fa:68:4b:ea:
         23:8c:4b:8b:e6:7c:11:8f:ff:91:13:58:a5:6f:68:39:d2:35:
         ca:f2:93:88:b0:11:2a:0f:13:a7:b9:51:96:6d:8f:81:f6:d8:
         e2:34:44:ad:3b:8a:6f:71:56:e9:ac:d4:60:62:c8:e1:15:4c:
         d9:71:c3:e8:13:9e:ea:64:3d:79:29:87:63:eb:a2:3b:96:3a:
         90:95:c9:83:42:8e:3d:83:99:3b:97:7d:04:36:e2:7f:d7:57:
         ee:70:b5:a7:d6:f0:ff:97:cc:ab:a1:8a:c6:c6:ba:7f:05:d8:
         4e:06:f6:59:b3:29:86:0b:6b:0b:b4:c4:fb:80:1d:5d:9b:12:
         3b:82:b4:a7:b7:b0:9d:d2:db:91:95:23:e0:8a:b3:55:8e:cb:
         af:50:2a:54:3e:c0:45:d5:4f:0f:0b:d1:67:ce:40:42:90:e4:
         74:e0:70:17:9e:58:50:f0:5e:93:e9:5d:99:e5:19:c1:0a:ec:
         45:82:63:95
-----BEGIN CERTIFICATE-----
MIIE8TCCA9mgAwIBAgIEE0BQWDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhm
YjMyZTlmNGFhMzJhYmE3MzEyZmFiMDU0YjE3NGRjZThjNTE1Y2EzMB4XDTIyMDMy
ODE1MTQxMVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNjIxNjY1ZTg4NzI5
Yzk2N2U5MTQ3MWI2ZmNmZGMwODk1MmFjN2UzZDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAK/ukgiRqnDqsorrg2oRb2wzkM2PywNqH/qLmhw1hjxRn/A3
LdeEW51/2A+F5r/sElQ0FpAaGt01D4NrtM8PVrY3bzvzJfRQxIXJPJ1Xldc9f6zj
maXy30S6qX/MVTP05QFbPoa83rgfKjoTu3CpslxgJ1HOh5z9khlVdFmO9zNADlpl
j4f6Jy5zuWr1SIJGSBsEdWmnRnzERFb3o59nJcpEIGFZw2nbEwCktIIX/iKmXTR5
I8GI12wgF7OawaHh0gWac3Ku6xPtEY9lksOpssECfx7lpKapiSRrvYwEg8f0AWTf
ucH2LH/TCeNozzXjHHVIXQOZtVhcTb1FziOjz5MCAwEAAaOCAgswggIHMB0GA1Ud
DgQWBBRiFmXohynJZ+kUcbb8/cCJUqx+PTAfBgNVHSMEGDAWgBT7Mun0qjKrpzEv
qwVLF03OjFFcozAOBgNVHQ8BAf8EBAMCB4AwZQYIKwYBBQUHAQEEWTBXMFUGCCsG
AQUFBzAChklyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzEtekxwOUtveXE2Y3hMNnNGU3hkTnpveFJYS00uY2VyMIGNBggrBgEFBQcBCwSB
gDB+MHwGCCsGAQUFBzALhnByc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS9ERUZBVUxUL2UyLzI3ODY2My1iMTM1LTRkYjEtYTA0NC0yMDYyNGIzYzE1N2Yv
MS9ZaFpsNkljcHlXZnBGSEcyX1AzQWlWS3NmajAucm9hMIGCBgNVHR8EezB5MHeg
daBzhnFyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2Uy
LzI3ODY2My1iMTM1LTRkYjEtYTA0NC0yMDYyNGIzYzE1N2YvMS8xLXpMcDlLb3lx
NmN4TDZzRlN4ZE56b3hSWEtNLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4C
MB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATVtkMA0GCSqGSIb3DQEBCwUA
A4IBAQC5Ihfz9XIE3ZJKVt9qyERxpQESH3GMRPBTS0wlVuKBZxhluYiGL7DnYAGD
14KDDnBoBbf3pN74gwQrm4lnVmcytQ70I/poS+ojjEuL5nwRj/+RE1ilb2g50jXK
8pOIsBEqDxOnuVGWbY+B9tjiNEStO4pvcVbprNRgYsjhFUzZccPoE57qZD15KYdj
66I7ljqQlcmDQo49g5k7l30ENuJ/11fucLWn1vD/l8yroYrGxrp/BdhOBvZZsymG
C2sLtMT7gB1dmxI7grSnt7Cd0tuRlSPgirNVjsuvUCpUPsBF1U8PC9FnzkBCkOR0
4HAXnlhQ8F6T6V2Z5RnBCuxFgmOV
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:48:57 2024 by rpki-client on console-ams.rpki-client.org