Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/mkqj515168u4e6QtVGP_0iZaJTM.roa
File:                     mkqj515168u4e6QtVGP_0iZaJTM.roa (raw, json)
Hash identifier:          +R+dyJuMtf2SXw6Uya1K4uwuCwIGOt3ct78/gN1Mtu4=
Subject key identifier:   9A:4A:A3:E7:5E:75:EB:CB:B8:7B:A4:2D:54:63:FF:D2:26:5A:25:33
Certificate issuer:       /CN=fb32e9f4aa32aba7312fab054b174dce8c515ca3
Certificate serial:       13E6D0EA
Authority key identifier: FB:32:E9:F4:AA:32:AB:A7:31:2F:AB:05:4B:17:4D:CE:8C:51:5C:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-zLp9Koyq6cxL6sFSxdNzoxRXKM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/mkqj515168u4e6QtVGP_0iZaJTM.roa
Signing time:             Tue 31 May 2022 19:50:13 +0000
ROA not before:           Tue 31 May 2022 19:50:13 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     52000
IP address blocks:        77.91.73.0/24 maxlen: 24
                          77.91.127.0/24 maxlen: 24
                          77.91.126.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 333893866 (0x13e6d0ea)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fb32e9f4aa32aba7312fab054b174dce8c515ca3
        Validity
            Not Before: May 31 19:50:13 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=9a4aa3e75e75ebcbb87ba42d5463ffd2265a2533
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:7e:45:ff:70:b4:19:eb:9b:c0:18:98:85:f8:
                    b5:0a:0e:4e:6b:ec:82:d2:c8:88:30:e9:27:7f:f1:
                    53:2d:46:2b:a7:8a:75:53:43:fd:32:62:4c:5a:4d:
                    1e:75:07:76:95:bc:02:94:57:64:11:04:6b:41:68:
                    1d:48:ed:e7:d4:27:05:7f:fe:48:1b:f6:f9:a4:e1:
                    25:13:94:30:e6:1f:98:68:ea:ad:23:cf:50:1e:f0:
                    65:38:6c:0c:3e:23:53:80:2e:93:fb:ef:1d:9d:6d:
                    1a:42:08:75:83:8e:c8:ba:70:e1:11:91:05:c1:10:
                    9b:89:a0:b4:ad:d8:76:cf:43:ae:bc:f8:92:8a:1e:
                    82:78:78:5a:01:9e:1d:1c:10:02:8f:3d:31:3c:6c:
                    69:2b:9b:ea:e0:93:d3:4b:7c:e0:88:3b:d2:94:64:
                    e8:00:74:03:b7:5f:a8:7f:68:ee:36:93:f5:96:1d:
                    f0:cf:e3:ae:5b:43:1c:d2:9c:b9:5d:bf:48:d7:55:
                    29:bf:16:f1:dc:10:0c:60:26:89:53:b1:df:c7:cc:
                    d0:56:5d:ba:9b:fc:c8:16:c3:ca:cb:ab:96:24:6e:
                    4d:d6:75:c0:5e:e6:d1:36:bb:1f:2a:80:02:a9:3d:
                    59:cd:b5:10:69:7f:b8:ca:37:18:45:07:48:85:e5:
                    89:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:4A:A3:E7:5E:75:EB:CB:B8:7B:A4:2D:54:63:FF:D2:26:5A:25:33
            X509v3 Authority Key Identifier:
                keyid:FB:32:E9:F4:AA:32:AB:A7:31:2F:AB:05:4B:17:4D:CE:8C:51:5C:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-zLp9Koyq6cxL6sFSxdNzoxRXKM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/mkqj515168u4e6QtVGP_0iZaJTM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/1-zLp9Koyq6cxL6sFSxdNzoxRXKM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.91.73.0/24
                  77.91.126.0/23

    Signature Algorithm: sha256WithRSAEncryption
         55:05:1e:59:93:d1:41:36:36:b2:01:a4:a5:90:8b:22:06:31:
         2b:e2:d6:cc:89:8c:98:c9:97:ed:61:79:38:01:40:48:15:e6:
         ff:61:2d:71:b3:8f:fd:16:af:a6:b2:fd:61:cd:3d:35:80:1a:
         fe:5e:da:2a:2b:1e:f7:40:1a:f9:b3:cc:12:32:63:fe:73:f8:
         82:25:33:e4:01:0c:aa:b5:ee:81:a4:c2:be:6e:38:dc:4c:81:
         db:d1:18:c5:9f:ac:3b:cf:2e:89:16:5d:dc:24:af:96:aa:8b:
         a0:c6:72:29:03:49:ff:52:f8:c5:36:a3:80:9e:d3:58:77:75:
         45:09:a4:23:c5:43:44:ab:b8:a6:04:cd:61:2a:54:7a:bf:1f:
         f2:bc:5c:c5:8a:7a:7e:15:17:3f:47:96:fa:de:16:52:ab:fd:
         d7:2c:1f:5c:d1:48:ba:5f:2a:eb:a2:98:ae:e4:b9:6a:a5:56:
         f6:27:7c:94:f6:92:0f:e7:e8:74:2a:61:70:41:98:f8:e2:ea:
         63:54:8c:85:a9:87:3a:39:26:82:c8:41:b7:b5:7c:9b:fb:09:
         49:5c:56:bf:bd:28:a6:fa:68:2f:69:65:08:ef:69:c0:2b:97:
         64:e5:74:57:af:33:36:9a:66:50:18:aa:0a:12:d2:10:e1:40:
         06:0b:7b:b0
-----BEGIN CERTIFICATE-----
MIIE9zCCA9+gAwIBAgIEE+bQ6jANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhm
YjMyZTlmNGFhMzJhYmE3MzEyZmFiMDU0YjE3NGRjZThjNTE1Y2EzMB4XDTIyMDUz
MTE5NTAxM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOWE0YWEzZTc1ZTc1
ZWJjYmI4N2JhNDJkNTQ2M2ZmZDIyNjVhMjUzMzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANZ+Rf9wtBnrm8AYmIX4tQoOTmvsgtLIiDDpJ3/xUy1GK6eK
dVND/TJiTFpNHnUHdpW8ApRXZBEEa0FoHUjt59QnBX/+SBv2+aThJROUMOYfmGjq
rSPPUB7wZThsDD4jU4Auk/vvHZ1tGkIIdYOOyLpw4RGRBcEQm4mgtK3Yds9Drrz4
kooegnh4WgGeHRwQAo89MTxsaSub6uCT00t84Ig70pRk6AB0A7dfqH9o7jaT9ZYd
8M/jrltDHNKcuV2/SNdVKb8W8dwQDGAmiVOx38fM0FZdupv8yBbDysurliRuTdZ1
wF7m0Ta7HyqAAqk9Wc21EGl/uMo3GEUHSIXliW0CAwEAAaOCAhEwggINMB0GA1Ud
DgQWBBSaSqPnXnXry7h7pC1UY//SJlolMzAfBgNVHSMEGDAWgBT7Mun0qjKrpzEv
qwVLF03OjFFcozAOBgNVHQ8BAf8EBAMCB4AwZQYIKwYBBQUHAQEEWTBXMFUGCCsG
AQUFBzAChklyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzEtekxwOUtveXE2Y3hMNnNGU3hkTnpveFJYS00uY2VyMIGNBggrBgEFBQcBCwSB
gDB+MHwGCCsGAQUFBzALhnByc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS9ERUZBVUxUL2UyLzI3ODY2My1iMTM1LTRkYjEtYTA0NC0yMDYyNGIzYzE1N2Yv
MS9ta3FqNTE1MTY4dTRlNlF0VkdQXzBpWmFKVE0ucm9hMIGCBgNVHR8EezB5MHeg
daBzhnFyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2Uy
LzI3ODY2My1iMTM1LTRkYjEtYTA0NC0yMDYyNGIzYzE1N2YvMS8xLXpMcDlLb3lx
NmN4TDZzRlN4ZE56b3hSWEtNLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4C
MCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQATVtJAwQBTVt+MA0GCSqGSIb3
DQEBCwUAA4IBAQBVBR5Zk9FBNjayAaSlkIsiBjEr4tbMiYyYyZftYXk4AUBIFeb/
YS1xs4/9Fq+msv1hzT01gBr+XtoqKx73QBr5s8wSMmP+c/iCJTPkAQyqte6BpMK+
bjjcTIHb0RjFn6w7zy6JFl3cJK+WqougxnIpA0n/UvjFNqOAntNYd3VFCaQjxUNE
q7imBM1hKlR6vx/yvFzFinp+FRc/R5b63hZSq/3XLB9c0Ui6Xyrropiu5LlqpVb2
J3yU9pIP5+h0KmFwQZj44upjVIyFqYc6OSaCyEG3tXyb+wlJXFa/vSim+mgvaWUI
72nAK5dk5XRXrzM2mmZQGKoKEtIQ4UAGC3uw
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:57:04 2024 by rpki-client on console-fra.rpki-client.org