Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/sbB55gzGYuKQ6VkrSRpSW7onBnQ.roa
File:                     sbB55gzGYuKQ6VkrSRpSW7onBnQ.roa (raw, json)
Hash identifier:          gdTPZdCPfhT0kKBcuoLibw1F0YgXxvOHLmUEtlpH9YI=
Subject key identifier:   B1:B0:79:E6:0C:C6:62:E2:90:E9:59:2B:49:1A:52:5B:BA:27:06:74
Certificate issuer:       /CN=fb32e9f4aa32aba7312fab054b174dce8c515ca3
Certificate serial:       01823ED8AB909FD8E69B8B75BD88F57C0A64
Authority key identifier: FB:32:E9:F4:AA:32:AB:A7:31:2F:AB:05:4B:17:4D:CE:8C:51:5C:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-zLp9Koyq6cxL6sFSxdNzoxRXKM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/sbB55gzGYuKQ6VkrSRpSW7onBnQ.roa
Signing time:             Wed 27 Jul 2022 08:49:23 +0000
ROA not before:           Wed 27 Jul 2022 08:49:23 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     44477
IP address blocks:        77.91.101.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:3e:d8:ab:90:9f:d8:e6:9b:8b:75:bd:88:f5:7c:0a:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fb32e9f4aa32aba7312fab054b174dce8c515ca3
        Validity
            Not Before: Jul 27 08:49:23 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=b1b079e60cc662e290e9592b491a525bba270674
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:1f:92:21:53:f0:89:29:04:4b:0f:b2:ae:b6:
                    40:c2:64:c2:71:e7:99:be:4f:04:40:b6:98:74:25:
                    c2:29:9d:37:13:8e:88:c7:44:5a:01:86:c5:63:d9:
                    6d:60:b5:28:2b:f6:c8:90:37:09:4d:5f:17:eb:89:
                    9e:3d:eb:15:77:d3:59:b0:af:45:32:6f:17:89:4a:
                    65:1f:e5:67:8d:9a:f4:6d:55:20:ee:c1:c8:9e:5e:
                    0e:78:ec:86:0e:02:a5:ff:39:5e:0e:2a:72:57:c8:
                    5d:a0:12:b6:69:e4:5d:d2:9e:e7:3d:fa:ac:ee:de:
                    d8:d5:3b:47:4b:48:56:fb:95:d4:55:a6:2b:e1:ea:
                    e3:af:f3:d2:ed:80:dd:97:4f:3e:cc:79:0a:16:5b:
                    fd:a4:5d:ec:0c:d7:93:67:08:cc:c8:02:65:8a:f7:
                    de:97:36:91:58:9c:c5:87:b0:fb:44:c2:2d:fe:26:
                    a7:43:84:3a:a5:9b:91:56:08:63:a1:0f:db:61:8d:
                    68:7f:5a:89:01:af:19:df:31:39:d0:9d:63:ba:9a:
                    19:57:96:86:5d:76:5f:87:7c:e0:95:39:fa:31:aa:
                    a9:3d:65:50:fb:4b:57:be:47:f8:f7:ea:b2:e5:66:
                    a8:36:33:76:5c:40:bd:2f:ad:96:71:ec:be:fb:c3:
                    ea:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:B0:79:E6:0C:C6:62:E2:90:E9:59:2B:49:1A:52:5B:BA:27:06:74
            X509v3 Authority Key Identifier:
                keyid:FB:32:E9:F4:AA:32:AB:A7:31:2F:AB:05:4B:17:4D:CE:8C:51:5C:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-zLp9Koyq6cxL6sFSxdNzoxRXKM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/sbB55gzGYuKQ6VkrSRpSW7onBnQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/1-zLp9Koyq6cxL6sFSxdNzoxRXKM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.91.101.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:e8:3e:30:e8:21:ee:17:20:13:c2:c3:c4:f7:e9:ff:14:60:
         f9:df:93:22:42:90:40:ab:91:e0:be:26:39:98:9b:23:fe:a2:
         63:63:98:f4:5a:cf:71:ad:1f:55:81:b0:56:87:b8:fd:b8:1d:
         0b:e7:92:8e:8f:b2:66:4d:f6:4b:6b:23:62:4f:0e:10:88:ec:
         d3:27:e9:e3:de:08:ad:5b:9e:f7:3f:20:34:60:85:c8:d7:ad:
         86:b1:b6:fd:06:a6:f4:70:73:4d:18:84:8b:af:56:f1:61:cc:
         39:cc:7c:37:a9:4f:1f:cb:1d:01:df:be:94:13:75:26:90:2c:
         bb:35:77:26:8a:03:5a:4b:be:0e:cb:d0:99:6f:f9:bd:88:27:
         ab:1d:5f:af:af:15:f7:04:20:75:60:ee:84:80:0d:ca:35:3b:
         7b:62:cf:d6:05:2b:ad:7e:27:ce:3a:bd:e6:e9:1c:dd:33:e3:
         85:85:21:27:68:5e:55:06:de:29:8a:20:70:1b:96:19:cd:87:
         c5:1b:62:1c:5a:11:27:49:43:1a:cf:e6:b9:45:c1:95:2f:d6:
         3d:d7:8e:6f:4e:27:98:b0:61:48:f8:37:3c:78:78:6f:d2:14:
         3e:6a:79:62:cf:eb:cf:d4:63:de:94:51:6e:b1:4f:3e:f1:31:
         1e:bd:80:aa
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYI+2KuQn9jmm4t1vYj1fApkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiMzJlOWY0YWEzMmFiYTczMTJmYWIwNTRiMTc0ZGNlOGM1
MTVjYTMwHhcNMjIwNzI3MDg0OTIzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMWIwNzllNjBjYzY2MmUyOTBlOTU5MmI0OTFhNTI1YmJhMjcwNjc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxx+SIVPwiSkESw+yrrZAwmTCceeZ
vk8EQLaYdCXCKZ03E46Ix0RaAYbFY9ltYLUoK/bIkDcJTV8X64mePesVd9NZsK9F
Mm8XiUplH+VnjZr0bVUg7sHInl4OeOyGDgKl/zleDipyV8hdoBK2aeRd0p7nPfqs
7t7Y1TtHS0hW+5XUVaYr4erjr/PS7YDdl08+zHkKFlv9pF3sDNeTZwjMyAJlivfe
lzaRWJzFh7D7RMIt/ianQ4Q6pZuRVghjoQ/bYY1of1qJAa8Z3zE50J1jupoZV5aG
XXZfh3zglTn6MaqpPWVQ+0tXvkf49+qy5WaoNjN2XEC9L62Wcey++8PqOwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFLGweeYMxmLikOlZK0kaUlu6JwZ0MB8GA1UdIwQY
MBaAFPsy6fSqMqunMS+rBUsXTc6MUVyjMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS16THA5S295cTZjeEw2c0ZTeGROem94UlhLTS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTIvMjc4NjYzLWIxMzUtNGRiMS1hMDQ0
LTIwNjI0YjNjMTU3Zi8xL3NiQjU1Z3pHWXVLUTZWa3JTUnBTVzdvbkJuUS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZTIvMjc4NjYzLWIxMzUtNGRiMS1hMDQ0LTIwNjI0YjNjMTU3
Zi8xLzEtekxwOUtveXE2Y3hMNnNGU3hkTnpveFJYS00uY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABNW2Uw
DQYJKoZIhvcNAQELBQADggEBABvoPjDoIe4XIBPCw8T36f8UYPnfkyJCkECrkeC+
JjmYmyP+omNjmPRaz3GtH1WBsFaHuP24HQvnko6PsmZN9ktrI2JPDhCI7NMn6ePe
CK1bnvc/IDRghcjXrYaxtv0GpvRwc00YhIuvVvFhzDnMfDepTx/LHQHfvpQTdSaQ
LLs1dyaKA1pLvg7L0Jlv+b2IJ6sdX6+vFfcEIHVg7oSADco1O3tiz9YFK61+J846
vebpHN0z44WFISdoXlUG3imKIHAblhnNh8UbYhxaESdJQxrP5rlFwZUv1j3Xjm9O
J5iwYUj4Nzx4eG/SFD5qeWLP68/UY96UUW6xTz7xMR69gKo=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:48:57 2024 by rpki-client on console-ams.rpki-client.org