Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/YtSo2Olp6FCSfoN0NvU0Sb45_Jw.roa
File:                     YtSo2Olp6FCSfoN0NvU0Sb45_Jw.roa (raw, json)
Hash identifier:          QXniO7cQVW5XwYHzqRmdTUfRwSp+pLMHb8OakcRi68I=
Subject key identifier:   62:D4:A8:D8:E9:69:E8:50:92:7E:83:74:36:F5:34:49:BE:39:FC:9C
Certificate issuer:       /CN=fb32e9f4aa32aba7312fab054b174dce8c515ca3
Certificate serial:       01857030614011401E1E2506516529621EF8
Authority key identifier: FB:32:E9:F4:AA:32:AB:A7:31:2F:AB:05:4B:17:4D:CE:8C:51:5C:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-zLp9Koyq6cxL6sFSxdNzoxRXKM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/YtSo2Olp6FCSfoN0NvU0Sb45_Jw.roa
Signing time:             Mon 02 Jan 2023 01:54:56 +0000
ROA not before:           Mon 02 Jan 2023 01:54:56 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     205983
IP address blocks:        77.91.97.0/24 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:30:61:40:11:40:1e:1e:25:06:51:65:29:62:1e:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fb32e9f4aa32aba7312fab054b174dce8c515ca3
        Validity
            Not Before: Jan  2 01:54:56 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=62d4a8d8e969e850927e837436f53449be39fc9c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:38:43:1b:3a:93:14:3a:7a:ab:2d:82:1d:2b:
                    f1:9e:14:d9:34:82:4d:28:02:ee:fc:47:a5:d0:7d:
                    3e:af:01:ed:87:61:87:68:59:bc:0b:3b:6d:e9:62:
                    3d:8d:cb:9a:9a:a4:01:17:01:f3:79:5a:79:80:b2:
                    9b:f9:0b:13:2c:de:ab:1f:8c:39:3f:4d:fe:81:62:
                    6b:da:58:20:f5:23:a8:90:63:a5:90:6f:13:62:67:
                    31:ee:50:e7:e4:e6:13:be:f3:ea:06:cb:33:0e:44:
                    bd:40:af:12:0b:f0:89:1d:c9:95:35:42:f7:92:bd:
                    b3:a7:1d:df:ae:b1:2e:7f:c8:95:39:1a:d3:a6:37:
                    e9:7f:fb:ce:f7:5b:0e:f5:28:9e:2b:5a:5c:b4:18:
                    98:ac:b9:0d:71:39:2b:42:dd:69:4f:47:56:aa:58:
                    47:ef:fc:f8:93:b2:50:9c:69:3e:91:13:1c:87:30:
                    e5:55:44:6a:f4:43:ee:5e:eb:34:f6:fd:44:a6:78:
                    14:16:a2:f4:e1:2d:9c:43:eb:6d:95:38:74:69:46:
                    72:27:20:55:67:28:e0:84:c8:54:15:96:35:fc:73:
                    8c:19:78:ac:77:e9:d2:e0:ea:10:d0:64:b7:49:57:
                    05:11:bb:38:07:ef:61:df:b4:63:38:f7:f0:c4:56:
                    20:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:D4:A8:D8:E9:69:E8:50:92:7E:83:74:36:F5:34:49:BE:39:FC:9C
            X509v3 Authority Key Identifier:
                keyid:FB:32:E9:F4:AA:32:AB:A7:31:2F:AB:05:4B:17:4D:CE:8C:51:5C:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-zLp9Koyq6cxL6sFSxdNzoxRXKM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/YtSo2Olp6FCSfoN0NvU0Sb45_Jw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/1-zLp9Koyq6cxL6sFSxdNzoxRXKM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.91.97.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:96:1f:70:19:e4:a8:b4:99:1d:60:63:69:0e:55:05:63:d6:
         d8:3c:ed:0d:22:04:cc:91:3d:30:03:60:c3:0f:26:5f:4a:55:
         13:19:f8:55:ed:c0:a4:17:93:10:5a:ca:46:e5:0e:f6:8e:9f:
         c5:0c:71:cb:c7:08:1f:d2:88:81:a8:20:59:fd:42:87:25:6e:
         d5:1a:89:fc:53:e2:10:cb:74:7b:2f:1e:fa:33:2a:7f:6e:51:
         47:5e:d5:31:1c:f8:18:61:b5:50:be:68:1c:d5:a5:96:c6:d3:
         7a:40:3c:5f:76:81:25:e2:fa:25:87:e2:6e:05:9b:4b:f3:0f:
         6e:61:ec:c6:96:e4:ae:57:e2:d9:0a:9c:2f:52:6f:2d:e1:a1:
         1e:04:9b:58:b0:79:57:15:44:60:90:2d:44:23:96:ba:7a:08:
         5b:7d:fb:50:ad:3d:b4:5b:61:81:68:38:77:a9:38:30:26:90:
         0b:b4:d0:6c:5d:48:18:fb:48:52:db:a2:4d:fa:fd:44:3f:a4:
         7e:c4:a4:c6:d6:df:1e:1d:40:dd:39:7c:57:7d:b1:c5:62:6c:
         3e:7d:f4:2d:0b:68:37:54:61:a5:4b:1e:44:b3:03:95:89:a6:
         47:94:e0:d4:f3:bc:81:2d:c7:41:62:0d:f4:0b:e3:8a:df:d6:
         ca:c2:b8:29
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYVwMGFAEUAeHiUGUWUpYh74MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiMzJlOWY0YWEzMmFiYTczMTJmYWIwNTRiMTc0ZGNlOGM1
MTVjYTMwHhcNMjMwMTAyMDE1NDU2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MmQ0YThkOGU5NjllODUwOTI3ZTgzNzQzNmY1MzQ0OWJlMzlmYzljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjDhDGzqTFDp6qy2CHSvxnhTZNIJN
KALu/Eel0H0+rwHth2GHaFm8Cztt6WI9jcuamqQBFwHzeVp5gLKb+QsTLN6rH4w5
P03+gWJr2lgg9SOokGOlkG8TYmcx7lDn5OYTvvPqBsszDkS9QK8SC/CJHcmVNUL3
kr2zpx3frrEuf8iVORrTpjfpf/vO91sO9SieK1pctBiYrLkNcTkrQt1pT0dWqlhH
7/z4k7JQnGk+kRMchzDlVURq9EPuXus09v1EpngUFqL04S2cQ+ttlTh0aUZyJyBV
ZyjghMhUFZY1/HOMGXisd+nS4OoQ0GS3SVcFEbs4B+9h37RjOPfwxFYgswIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFGLUqNjpaehQkn6DdDb1NEm+OfycMB8GA1UdIwQY
MBaAFPsy6fSqMqunMS+rBUsXTc6MUVyjMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS16THA5S295cTZjeEw2c0ZTeGROem94UlhLTS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTIvMjc4NjYzLWIxMzUtNGRiMS1hMDQ0
LTIwNjI0YjNjMTU3Zi8xL1l0U28yT2xwNkZDU2ZvTjBOdlUwU2I0NV9Kdy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZTIvMjc4NjYzLWIxMzUtNGRiMS1hMDQ0LTIwNjI0YjNjMTU3
Zi8xLzEtekxwOUtveXE2Y3hMNnNGU3hkTnpveFJYS00uY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABNW2Ew
DQYJKoZIhvcNAQELBQADggEBACGWH3AZ5Ki0mR1gY2kOVQVj1tg87Q0iBMyRPTAD
YMMPJl9KVRMZ+FXtwKQXkxBaykblDvaOn8UMccvHCB/SiIGoIFn9QoclbtUaifxT
4hDLdHsvHvozKn9uUUde1TEc+BhhtVC+aBzVpZbG03pAPF92gSXi+iWH4m4Fm0vz
D25h7MaW5K5X4tkKnC9Sby3hoR4Em1iweVcVRGCQLUQjlrp6CFt9+1CtPbRbYYFo
OHepODAmkAu00GxdSBj7SFLbok36/UQ/pH7EpMbW3x4dQN05fFd9scVibD599C0L
aDdUYaVLHkSzA5WJpkeU4NTzvIEtx0FiDfQL44rf1srCuCk=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:57:04 2024 by rpki-client on console-fra.rpki-client.org