Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/xL8VvePwp0w5V_uojs3xXp_4_ZU.roa
File:                     xL8VvePwp0w5V_uojs3xXp_4_ZU.roa (raw, json)
Hash identifier:          o8/4gBcUvOar0m1e/YngcRY0uC5MJznNqrq12PvGSr0=
Subject key identifier:   C4:BF:15:BD:E3:F0:A7:4C:39:57:FB:A8:8E:CD:F1:5E:9F:F8:FD:95
Certificate issuer:       /CN=fb32e9f4aa32aba7312fab054b174dce8c515ca3
Certificate serial:       01870ED7F50E8D8ABBAEB4C0DFBF5FAF8BFD
Authority key identifier: FB:32:E9:F4:AA:32:AB:A7:31:2F:AB:05:4B:17:4D:CE:8C:51:5C:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-zLp9Koyq6cxL6sFSxdNzoxRXKM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/xL8VvePwp0w5V_uojs3xXp_4_ZU.roa
Signing time:             Thu 23 Mar 2023 14:20:46 +0000
ROA not before:           Thu 23 Mar 2023 14:20:46 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     44477
IP address blocks:        77.91.75.0/24 maxlen: 24
                          77.91.74.0/24 maxlen: 24
                          77.91.73.0/24 maxlen: 24
                          77.91.72.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:0e:d7:f5:0e:8d:8a:bb:ae:b4:c0:df:bf:5f:af:8b:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fb32e9f4aa32aba7312fab054b174dce8c515ca3
        Validity
            Not Before: Mar 23 14:20:46 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c4bf15bde3f0a74c3957fba88ecdf15e9ff8fd95
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:7f:00:20:83:3b:73:75:c7:8e:09:17:74:e4:
                    03:0c:89:b1:a5:89:04:5c:28:68:61:76:8d:a7:06:
                    ed:cd:53:98:fd:c6:11:c5:16:08:4a:6e:02:01:06:
                    69:f5:8f:1f:5e:5c:36:b1:21:f4:9c:ea:d6:b1:61:
                    e1:fb:0b:a2:a4:30:97:57:b5:d2:fe:b7:28:ce:bc:
                    30:3e:75:fd:e3:c0:ef:81:a0:8a:7c:07:c0:a7:63:
                    d5:88:e1:38:76:02:cd:6e:32:26:c7:80:72:86:7a:
                    88:4e:4a:82:79:c5:c7:f4:0a:4b:b3:a5:c5:8a:6e:
                    41:99:e8:1b:ee:f9:4f:f0:fd:27:7d:82:0a:22:a1:
                    23:bd:82:f4:28:b7:db:7e:12:76:3e:a0:fa:2b:dc:
                    a5:e7:9c:63:0e:a9:d0:f7:ed:6d:c5:52:3c:0b:b8:
                    53:df:10:49:a2:11:f2:30:37:b1:a5:c9:7b:11:cb:
                    e5:59:df:ae:1f:ba:8a:8a:7f:8a:e8:5b:7f:05:6e:
                    2a:c7:2e:e9:7a:30:e1:52:18:24:50:0b:f5:0f:2a:
                    88:79:f9:9d:bd:22:58:3c:9e:f1:21:46:09:8d:d4:
                    42:cd:b4:ca:14:88:1e:3e:a3:c5:ca:5c:33:c5:0a:
                    93:ef:16:3d:1b:d5:53:18:7a:87:4b:1b:86:89:7d:
                    11:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:BF:15:BD:E3:F0:A7:4C:39:57:FB:A8:8E:CD:F1:5E:9F:F8:FD:95
            X509v3 Authority Key Identifier:
                keyid:FB:32:E9:F4:AA:32:AB:A7:31:2F:AB:05:4B:17:4D:CE:8C:51:5C:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-zLp9Koyq6cxL6sFSxdNzoxRXKM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/xL8VvePwp0w5V_uojs3xXp_4_ZU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/1-zLp9Koyq6cxL6sFSxdNzoxRXKM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.91.72.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b2:cb:70:61:df:c0:e7:8a:e7:42:f3:7f:65:6f:71:c7:78:a4:
         ce:75:2f:0c:1b:4f:91:d9:00:f2:35:83:88:82:25:28:d2:7f:
         55:a7:35:4f:33:00:a9:c9:5c:7a:15:2c:62:e5:59:75:cb:cd:
         06:8b:95:95:2b:a4:02:0a:25:c3:90:47:0e:cb:24:e1:89:60:
         05:ec:85:6b:72:f0:68:40:85:23:f0:0d:3e:04:d8:47:fd:f0:
         4e:c0:d1:16:31:0a:e5:aa:93:01:9d:1e:54:64:e2:2e:ad:3f:
         1d:68:4d:59:12:d4:d4:17:c4:60:d4:ab:79:f4:5c:f7:96:c9:
         97:49:39:21:4e:bd:2a:9e:a5:af:9a:be:ce:be:a6:a6:e5:ef:
         5b:60:f9:cb:62:8c:e6:e8:31:54:d0:38:fc:09:c9:2c:b7:e2:
         e4:2c:39:6c:d0:59:e1:8f:ae:9d:46:79:a4:7c:e1:50:bd:0d:
         ad:d6:a2:a1:3a:e6:3c:3d:10:dc:8f:0e:85:0e:7d:a1:1c:8a:
         de:e7:05:d4:8c:5f:78:01:1e:3c:38:a6:d3:87:65:0e:6f:24:
         24:01:2e:4b:bc:09:7b:87:bd:e3:f4:73:f8:a1:42:81:cb:92:
         aa:a7:3d:24:e1:0e:cf:42:43:ca:b2:84:87:83:cb:49:07:19:
         e7:81:f3:a3
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYcO1/UOjYq7rrTA379fr4v9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiMzJlOWY0YWEzMmFiYTczMTJmYWIwNTRiMTc0ZGNlOGM1
MTVjYTMwHhcNMjMwMzIzMTQyMDQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNGJmMTViZGUzZjBhNzRjMzk1N2ZiYTg4ZWNkZjE1ZTlmZjhmZDk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAin8AIIM7c3XHjgkXdOQDDImxpYkE
XChoYXaNpwbtzVOY/cYRxRYISm4CAQZp9Y8fXlw2sSH0nOrWsWHh+wuipDCXV7XS
/rcozrwwPnX948DvgaCKfAfAp2PViOE4dgLNbjImx4ByhnqITkqCecXH9ApLs6XF
im5Bmegb7vlP8P0nfYIKIqEjvYL0KLfbfhJ2PqD6K9yl55xjDqnQ9+1txVI8C7hT
3xBJohHyMDexpcl7EcvlWd+uH7qKin+K6Ft/BW4qxy7pejDhUhgkUAv1DyqIefmd
vSJYPJ7xIUYJjdRCzbTKFIgePqPFylwzxQqT7xY9G9VTGHqHSxuGiX0RcQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFMS/Fb3j8KdMOVf7qI7N8V6f+P2VMB8GA1UdIwQY
MBaAFPsy6fSqMqunMS+rBUsXTc6MUVyjMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS16THA5S295cTZjeEw2c0ZTeGROem94UlhLTS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTIvMjc4NjYzLWIxMzUtNGRiMS1hMDQ0
LTIwNjI0YjNjMTU3Zi8xL3hMOFZ2ZVB3cDB3NVZfdW9qczN4WHBfNF9aVS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZTIvMjc4NjYzLWIxMzUtNGRiMS1hMDQ0LTIwNjI0YjNjMTU3
Zi8xLzEtekxwOUtveXE2Y3hMNnNGU3hkTnpveFJYS00uY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAJNW0gw
DQYJKoZIhvcNAQELBQADggEBALLLcGHfwOeK50Lzf2Vvccd4pM51LwwbT5HZAPI1
g4iCJSjSf1WnNU8zAKnJXHoVLGLlWXXLzQaLlZUrpAIKJcOQRw7LJOGJYAXshWty
8GhAhSPwDT4E2Ef98E7A0RYxCuWqkwGdHlRk4i6tPx1oTVkS1NQXxGDUq3n0XPeW
yZdJOSFOvSqepa+avs6+pqbl71tg+ctijOboMVTQOPwJySy34uQsOWzQWeGPrp1G
eaR84VC9Da3WoqE65jw9ENyPDoUOfaEcit7nBdSMX3gBHjw4ptOHZQ5vJCQBLku8
CXuHveP0c/ihQoHLkqqnPSThDs9CQ8qyhIeDy0kHGeeB86M=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:57:05 2024 by rpki-client on console-fra.rpki-client.org