Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/x0c5K9jLaCXVebRu9BM2NERXkEk.roa
File:                     x0c5K9jLaCXVebRu9BM2NERXkEk.roa (raw, json)
Hash identifier:          XLwwSJaRMqsJFayqm+VV60dZv8g2Fp2qug66s4Oy8Uo=
Subject key identifier:   C7:47:39:2B:D8:CB:68:25:D5:79:B4:6E:F4:13:36:34:44:57:90:49
Certificate issuer:       /CN=fb32e9f4aa32aba7312fab054b174dce8c515ca3
Certificate serial:       018570305FFD09961270ADF450DCAC1ABED5
Authority key identifier: FB:32:E9:F4:AA:32:AB:A7:31:2F:AB:05:4B:17:4D:CE:8C:51:5C:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-zLp9Koyq6cxL6sFSxdNzoxRXKM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/x0c5K9jLaCXVebRu9BM2NERXkEk.roa
Signing time:             Mon 02 Jan 2023 01:54:56 +0000
ROA not before:           Mon 02 Jan 2023 01:54:56 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     64419
IP address blocks:        77.91.120.0/24 maxlen: 32
                          77.91.120.0/23 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:30:5f:fd:09:96:12:70:ad:f4:50:dc:ac:1a:be:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fb32e9f4aa32aba7312fab054b174dce8c515ca3
        Validity
            Not Before: Jan  2 01:54:56 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c747392bd8cb6825d579b46ef413363444579049
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:71:ea:0a:93:66:fc:10:08:0d:1e:d3:7e:5b:
                    a9:cb:ba:9e:ba:e8:05:57:30:a4:e7:27:0d:b9:11:
                    04:43:b4:f4:b8:75:aa:f9:43:07:1d:53:24:37:06:
                    53:4b:f9:79:e6:49:cc:d8:8e:ff:ba:92:30:b3:8f:
                    31:6c:55:d3:fc:fa:39:7d:6f:8f:dc:41:16:96:23:
                    73:97:fc:8d:3b:3c:da:96:c5:32:c3:ef:7b:1d:24:
                    2b:87:75:ea:f7:74:21:65:cf:e1:05:05:b6:32:bc:
                    ec:fc:6c:76:db:55:b6:c1:a0:4d:82:49:a5:3c:02:
                    b3:d5:08:c0:f4:9d:13:54:b9:c0:cd:2d:42:79:5d:
                    d1:1b:d4:bb:e8:c2:ad:62:6b:fc:55:52:26:b7:ea:
                    43:0c:d2:e1:9f:0e:e7:d1:7c:64:d1:b1:9a:17:86:
                    39:64:6e:ab:ec:ab:4f:42:3b:06:70:c3:23:e1:ec:
                    53:36:ab:b2:1c:34:80:6c:15:8e:3e:59:a7:53:e0:
                    52:d8:70:e1:16:08:4c:b4:d3:9f:c9:50:7f:02:26:
                    5b:81:75:3c:55:ac:f7:37:5f:ac:6c:4d:4a:d1:c6:
                    a6:50:af:89:28:57:00:f5:f8:90:2a:56:93:1b:3f:
                    c5:34:5f:2f:70:5d:33:86:22:35:e6:f6:4f:d3:51:
                    69:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:47:39:2B:D8:CB:68:25:D5:79:B4:6E:F4:13:36:34:44:57:90:49
            X509v3 Authority Key Identifier:
                keyid:FB:32:E9:F4:AA:32:AB:A7:31:2F:AB:05:4B:17:4D:CE:8C:51:5C:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-zLp9Koyq6cxL6sFSxdNzoxRXKM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/x0c5K9jLaCXVebRu9BM2NERXkEk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/1-zLp9Koyq6cxL6sFSxdNzoxRXKM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.91.120.0/23

    Signature Algorithm: sha256WithRSAEncryption
         63:ed:3b:ca:96:c6:85:a7:0f:e1:c0:2d:93:36:84:6d:1f:c1:
         94:73:a8:36:27:e5:be:2c:d0:36:00:8b:88:de:a8:16:05:9b:
         d2:69:26:a1:f4:92:a6:48:4c:74:3f:21:79:5c:21:41:b1:01:
         0e:ae:86:63:72:66:3c:e5:d7:35:dc:02:f3:fe:07:3b:65:8a:
         20:33:16:57:35:5e:cf:ed:e6:3d:d0:ce:bd:dd:3c:b6:a5:a7:
         57:f9:80:d4:3c:85:7e:bd:bc:f8:8c:29:05:15:da:11:c8:ec:
         ae:6a:c6:05:01:47:db:5c:e9:8b:b7:86:e3:d6:c9:79:01:bd:
         20:24:cc:ed:5a:5c:f5:09:3d:d0:0f:eb:83:f6:7b:91:ca:26:
         25:87:bf:95:08:20:f9:05:92:0b:44:6d:d4:38:9a:e9:24:c0:
         a5:f1:8c:33:69:c2:4c:84:f0:11:cd:08:20:b4:67:c0:a2:da:
         7c:4a:97:3f:e5:db:7b:62:df:77:1c:05:bb:8d:47:cb:9d:89:
         a6:8e:84:8a:c8:01:63:0f:d0:c2:14:de:4d:aa:09:35:93:f2:
         d2:6c:c6:37:d1:eb:ee:8d:95:39:84:31:89:92:69:39:c4:3e:
         8b:85:5e:4d:c5:0f:9f:03:80:da:e7:03:d5:7f:e8:96:62:45:
         95:ac:81:b2
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYVwMF/9CZYScK30UNysGr7VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiMzJlOWY0YWEzMmFiYTczMTJmYWIwNTRiMTc0ZGNlOGM1
MTVjYTMwHhcNMjMwMTAyMDE1NDU2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzQ3MzkyYmQ4Y2I2ODI1ZDU3OWI0NmVmNDEzMzYzNDQ0NTc5MDQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3XHqCpNm/BAIDR7Tflupy7qeuugF
VzCk5ycNuREEQ7T0uHWq+UMHHVMkNwZTS/l55knM2I7/upIws48xbFXT/Po5fW+P
3EEWliNzl/yNOzzalsUyw+97HSQrh3Xq93QhZc/hBQW2Mrzs/Gx221W2waBNgkml
PAKz1QjA9J0TVLnAzS1CeV3RG9S76MKtYmv8VVImt+pDDNLhnw7n0Xxk0bGaF4Y5
ZG6r7KtPQjsGcMMj4exTNquyHDSAbBWOPlmnU+BS2HDhFghMtNOfyVB/AiZbgXU8
Vaz3N1+sbE1K0camUK+JKFcA9fiQKlaTGz/FNF8vcF0zhiI15vZP01FpcQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFMdHOSvYy2gl1Xm0bvQTNjREV5BJMB8GA1UdIwQY
MBaAFPsy6fSqMqunMS+rBUsXTc6MUVyjMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS16THA5S295cTZjeEw2c0ZTeGROem94UlhLTS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTIvMjc4NjYzLWIxMzUtNGRiMS1hMDQ0
LTIwNjI0YjNjMTU3Zi8xL3gwYzVLOWpMYUNYVmViUnU5Qk0yTkVSWGtFay5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZTIvMjc4NjYzLWIxMzUtNGRiMS1hMDQ0LTIwNjI0YjNjMTU3
Zi8xLzEtekxwOUtveXE2Y3hMNnNGU3hkTnpveFJYS00uY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAFNW3gw
DQYJKoZIhvcNAQELBQADggEBAGPtO8qWxoWnD+HALZM2hG0fwZRzqDYn5b4s0DYA
i4jeqBYFm9JpJqH0kqZITHQ/IXlcIUGxAQ6uhmNyZjzl1zXcAvP+BztliiAzFlc1
Xs/t5j3Qzr3dPLalp1f5gNQ8hX69vPiMKQUV2hHI7K5qxgUBR9tc6Yu3huPWyXkB
vSAkzO1aXPUJPdAP64P2e5HKJiWHv5UIIPkFkgtEbdQ4mukkwKXxjDNpwkyE8BHN
CCC0Z8Ci2nxKlz/l23ti33ccBbuNR8udiaaOhIrIAWMP0MIU3k2qCTWT8tJsxjfR
6+6NlTmEMYmSaTnEPouFXk3FD58DgNrnA9V/6JZiRZWsgbI=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:48:57 2024 by rpki-client on console-ams.rpki-client.org