Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/v2x9ZwCv9YNlIzSU9Pa6ky9hJNU.roa
File:                     v2x9ZwCv9YNlIzSU9Pa6ky9hJNU.roa (raw, json)
Hash identifier:          87DipuyUUA8uLtisRIAPmVjueiHtbnFVBmfEu5XEjY8=
Subject key identifier:   BF:6C:7D:67:00:AF:F5:83:65:23:34:94:F4:F6:BA:93:2F:61:24:D5
Certificate issuer:       /CN=fb32e9f4aa32aba7312fab054b174dce8c515ca3
Certificate serial:       1279FF98
Authority key identifier: FB:32:E9:F4:AA:32:AB:A7:31:2F:AB:05:4B:17:4D:CE:8C:51:5C:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-zLp9Koyq6cxL6sFSxdNzoxRXKM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/v2x9ZwCv9YNlIzSU9Pa6ky9hJNU.roa
Signing time:             Sat 01 Jan 2022 15:05:35 +0000
ROA not before:           Sat 01 Jan 2022 15:05:35 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     47180
IP address blocks:        77.91.117.0/24 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 309985176 (0x1279ff98)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fb32e9f4aa32aba7312fab054b174dce8c515ca3
        Validity
            Not Before: Jan  1 15:05:35 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=bf6c7d6700aff58365233494f4f6ba932f6124d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:7f:78:15:b4:fd:e0:36:aa:88:5f:42:64:21:
                    9a:91:04:ce:01:dd:6b:a0:b6:8c:ec:33:35:39:81:
                    14:a1:b3:31:6a:d4:2a:4b:cc:ec:d7:b4:fc:fa:d4:
                    6a:14:f3:e5:dc:0d:c6:45:d8:3a:c7:46:30:8e:a8:
                    ad:d0:19:f9:f8:e9:ce:6f:73:14:e4:c5:81:94:a2:
                    c5:58:c6:30:f8:e7:2c:49:5c:9f:48:95:a0:6e:a4:
                    cb:a6:3a:80:e8:c7:7e:47:de:93:22:0f:06:b6:d3:
                    8a:73:46:60:8e:7f:40:da:0e:cd:96:51:a3:a0:34:
                    e0:55:ba:d7:56:b8:f6:a6:b0:2b:ad:f3:fc:e0:d3:
                    51:2b:42:43:58:b2:3b:98:de:2b:63:8f:02:2c:40:
                    ed:29:6d:19:02:41:ae:a9:c1:46:46:7e:68:27:41:
                    a8:c6:ba:e3:b6:9c:2e:07:b3:2d:7d:b9:51:a0:0e:
                    e0:2e:af:62:c6:33:e7:70:2a:ca:ae:5b:fa:44:4d:
                    d7:3d:1e:cb:93:a9:4b:59:ca:15:67:f7:3b:36:62:
                    da:db:13:ad:6d:55:64:9a:48:7f:fd:61:ab:2e:79:
                    3c:45:c8:b7:99:59:e2:35:51:d5:84:39:13:bd:77:
                    77:a3:9c:32:f7:7a:2a:9e:f5:87:6d:42:b4:d3:0d:
                    2b:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:6C:7D:67:00:AF:F5:83:65:23:34:94:F4:F6:BA:93:2F:61:24:D5
            X509v3 Authority Key Identifier:
                keyid:FB:32:E9:F4:AA:32:AB:A7:31:2F:AB:05:4B:17:4D:CE:8C:51:5C:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-zLp9Koyq6cxL6sFSxdNzoxRXKM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/v2x9ZwCv9YNlIzSU9Pa6ky9hJNU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/1-zLp9Koyq6cxL6sFSxdNzoxRXKM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.91.117.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:99:88:56:f6:09:df:1e:67:25:bf:82:6a:ae:a6:ad:6b:9e:
         d3:b2:33:97:e0:2e:2e:44:4e:89:37:17:47:63:6f:cf:2a:06:
         97:ad:5e:ad:8f:ea:6e:79:3e:2b:ac:61:9c:72:d1:d1:33:f3:
         d1:28:47:9e:04:01:f9:d8:4b:85:55:d0:1f:6f:67:d3:72:13:
         b5:c7:de:45:56:2f:70:b7:7c:69:68:79:ad:29:1f:88:26:db:
         4f:70:bc:6c:9c:22:32:34:cd:56:da:6c:9c:45:ce:da:99:ab:
         b4:0c:25:9f:30:a9:4a:ad:8f:a6:35:16:74:16:77:61:13:f2:
         13:8d:ce:55:56:a1:90:ce:25:f3:4b:e3:cc:b9:d1:a8:94:5e:
         86:c0:1d:bb:81:5d:32:9d:40:c4:95:4c:09:29:f5:fa:62:48:
         b9:b7:38:14:96:93:7d:e5:4b:08:17:de:6b:27:b5:3c:2a:cb:
         e2:6e:14:7c:d8:16:a1:67:2e:b2:82:6c:3e:54:e2:b7:d3:1d:
         90:5b:58:bd:c2:ff:71:b4:72:ab:67:87:58:27:bd:30:b2:f6:
         05:41:a7:6d:42:e2:45:5b:53:87:62:15:63:b9:0b:96:a5:d8:
         67:45:00:f6:06:7c:ff:ea:af:93:b0:67:86:b5:93:a6:fe:23:
         0f:cd:12:78
-----BEGIN CERTIFICATE-----
MIIE8TCCA9mgAwIBAgIEEnn/mDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhm
YjMyZTlmNGFhMzJhYmE3MzEyZmFiMDU0YjE3NGRjZThjNTE1Y2EzMB4XDTIyMDEw
MTE1MDUzNVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYmY2YzdkNjcwMGFm
ZjU4MzY1MjMzNDk0ZjRmNmJhOTMyZjYxMjRkNTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAL5/eBW0/eA2qohfQmQhmpEEzgHda6C2jOwzNTmBFKGzMWrU
KkvM7Ne0/PrUahTz5dwNxkXYOsdGMI6ordAZ+fjpzm9zFOTFgZSixVjGMPjnLElc
n0iVoG6ky6Y6gOjHfkfekyIPBrbTinNGYI5/QNoOzZZRo6A04FW611a49qawK63z
/ODTUStCQ1iyO5jeK2OPAixA7SltGQJBrqnBRkZ+aCdBqMa647acLgezLX25UaAO
4C6vYsYz53Aqyq5b+kRN1z0ey5OpS1nKFWf3OzZi2tsTrW1VZJpIf/1hqy55PEXI
t5lZ4jVR1YQ5E713d6OcMvd6Kp71h21CtNMNK5ECAwEAAaOCAgswggIHMB0GA1Ud
DgQWBBS/bH1nAK/1g2UjNJT09rqTL2Ek1TAfBgNVHSMEGDAWgBT7Mun0qjKrpzEv
qwVLF03OjFFcozAOBgNVHQ8BAf8EBAMCB4AwZQYIKwYBBQUHAQEEWTBXMFUGCCsG
AQUFBzAChklyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzEtekxwOUtveXE2Y3hMNnNGU3hkTnpveFJYS00uY2VyMIGNBggrBgEFBQcBCwSB
gDB+MHwGCCsGAQUFBzALhnByc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS9ERUZBVUxUL2UyLzI3ODY2My1iMTM1LTRkYjEtYTA0NC0yMDYyNGIzYzE1N2Yv
MS92Mng5WndDdjlZTmxJelNVOVBhNmt5OWhKTlUucm9hMIGCBgNVHR8EezB5MHeg
daBzhnFyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2Uy
LzI3ODY2My1iMTM1LTRkYjEtYTA0NC0yMDYyNGIzYzE1N2YvMS8xLXpMcDlLb3lx
NmN4TDZzRlN4ZE56b3hSWEtNLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4C
MB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATVt1MA0GCSqGSIb3DQEBCwUA
A4IBAQARmYhW9gnfHmclv4Jqrqata57TsjOX4C4uRE6JNxdHY2/PKgaXrV6tj+pu
eT4rrGGcctHRM/PRKEeeBAH52EuFVdAfb2fTchO1x95FVi9wt3xpaHmtKR+IJttP
cLxsnCIyNM1W2mycRc7amau0DCWfMKlKrY+mNRZ0FndhE/ITjc5VVqGQziXzS+PM
udGolF6GwB27gV0ynUDElUwJKfX6Yki5tzgUlpN95UsIF95rJ7U8KsvibhR82Bah
Zy6ygmw+VOK30x2QW1i9wv9xtHKrZ4dYJ70wsvYFQadtQuJFW1OHYhVjuQuWpdhn
RQD2Bnz/6q+TsGeGtZOm/iMPzRJ4
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:48:57 2024 by rpki-client on console-ams.rpki-client.org