Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/xZ8Yl2ab3OrE_OLv5Vs1_ilLUEU.roa
File:                     xZ8Yl2ab3OrE_OLv5Vs1_ilLUEU.roa (raw, json)
Hash identifier:          TmnUp00lGb1NRwvYfwg3t/n1d3IHvDD9XC0rlvV1cko=
Subject key identifier:   C5:9F:18:97:66:9B:DC:EA:C4:FC:E2:EF:E5:5B:35:FE:29:4B:50:45
Certificate issuer:       /CN=fb32e9f4aa32aba7312fab054b174dce8c515ca3
Certificate serial:       0186D79CF5616697916493C08CD1DEE65E76
Authority key identifier: FB:32:E9:F4:AA:32:AB:A7:31:2F:AB:05:4B:17:4D:CE:8C:51:5C:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-zLp9Koyq6cxL6sFSxdNzoxRXKM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/xZ8Yl2ab3OrE_OLv5Vs1_ilLUEU.roa
Signing time:             Sun 12 Mar 2023 20:57:13 +0000
ROA not before:           Sun 12 Mar 2023 20:57:13 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     199785
IP address blocks:        77.91.70.0/24 maxlen: 24
                          77.91.77.0/24 maxlen: 24
                          185.149.146.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:d7:9c:f5:61:66:97:91:64:93:c0:8c:d1:de:e6:5e:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fb32e9f4aa32aba7312fab054b174dce8c515ca3
        Validity
            Not Before: Mar 12 20:57:13 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c59f1897669bdceac4fce2efe55b35fe294b5045
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:2f:ec:ca:bf:81:1a:bb:2f:c2:a1:22:a2:f7:
                    42:d8:7a:e8:8a:d8:01:1e:6a:79:02:9e:d6:65:e3:
                    89:1e:a1:55:c6:a2:8c:c3:eb:3e:f5:02:15:b7:b7:
                    bb:68:53:23:92:62:13:9a:93:41:c6:17:fe:58:83:
                    d7:d4:66:d7:9b:2d:30:e2:78:50:e4:41:9a:dc:5e:
                    af:d3:ff:69:70:05:ed:d7:ce:5f:ee:9d:a5:76:53:
                    a5:aa:7b:ff:f9:d1:da:8e:1d:20:a9:49:ac:78:37:
                    bc:d1:52:03:51:d1:44:12:26:ed:0c:a2:f6:6d:1d:
                    dc:c7:6e:ad:03:2c:fd:9c:f8:98:76:35:41:1a:e2:
                    e2:01:57:75:fe:91:fa:e2:34:e5:55:5e:35:fd:86:
                    39:8e:6d:a1:de:d0:f7:bc:44:b7:89:74:52:a7:2a:
                    d0:25:25:9a:75:6f:4d:fd:fb:7e:b3:b4:1e:0a:02:
                    71:3e:82:53:fc:87:81:8b:65:b1:ea:f0:97:e4:03:
                    19:78:f7:d6:86:68:a4:27:de:24:50:c4:17:f5:99:
                    2a:17:12:28:76:26:8a:a9:41:de:6a:e4:09:d8:2c:
                    3a:ef:8f:4c:39:d9:9d:e2:a3:43:c2:48:23:cf:f4:
                    86:f6:f9:76:58:c7:d6:6d:44:2f:f6:bd:8f:46:bc:
                    54:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:9F:18:97:66:9B:DC:EA:C4:FC:E2:EF:E5:5B:35:FE:29:4B:50:45
            X509v3 Authority Key Identifier:
                keyid:FB:32:E9:F4:AA:32:AB:A7:31:2F:AB:05:4B:17:4D:CE:8C:51:5C:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-zLp9Koyq6cxL6sFSxdNzoxRXKM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/xZ8Yl2ab3OrE_OLv5Vs1_ilLUEU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/1-zLp9Koyq6cxL6sFSxdNzoxRXKM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.91.70.0/24
                  77.91.77.0/24
                  185.149.146.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:86:41:47:05:0c:7a:77:76:a4:4a:eb:5c:65:9d:ec:1a:7b:
         6f:2f:0f:31:63:61:01:27:7c:d8:79:3f:2c:08:51:56:82:9b:
         ce:67:f2:87:c8:17:e1:4a:72:bb:b7:bd:e6:18:a1:1e:2d:ed:
         87:fc:7e:d1:f5:98:3e:c7:da:68:43:89:51:63:7e:70:a2:fd:
         a0:b8:42:fc:66:c7:d8:ce:a7:63:42:5b:8d:3b:94:38:2b:33:
         31:bd:86:6a:9a:1a:b8:47:5f:aa:67:b6:62:f4:70:f9:46:b6:
         09:e7:06:d0:f6:76:f9:c1:f8:f3:12:96:6e:b7:83:22:67:8c:
         2a:cc:a6:5a:c0:90:a9:ac:ca:f4:04:09:70:ce:15:2c:bd:9b:
         ff:70:61:1e:dd:f9:18:59:1d:a0:25:00:6d:d2:58:c9:c3:60:
         bb:69:a7:0d:e3:8a:31:10:86:33:0f:9f:4c:26:65:11:fc:f7:
         01:23:fc:ff:85:ce:9d:af:f8:ac:0a:dc:e3:02:28:34:98:9d:
         71:9b:5d:cb:cb:41:28:11:33:0d:c6:16:a6:d1:c7:6e:09:9e:
         a6:83:e1:cd:e9:01:6f:c1:ab:52:be:3e:cf:45:31:43:18:95:
         dc:a5:2a:60:70:dd:80:3e:6f:68:e4:cc:cb:90:3d:b6:46:38:
         0a:3d:de:15
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYbXnPVhZpeRZJPAjNHe5l52MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiMzJlOWY0YWEzMmFiYTczMTJmYWIwNTRiMTc0ZGNlOGM1
MTVjYTMwHhcNMjMwMzEyMjA1NzEzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTlmMTg5NzY2OWJkY2VhYzRmY2UyZWZlNTViMzVmZTI5NGI1MDQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlS/syr+BGrsvwqEiovdC2HroitgB
Hmp5Ap7WZeOJHqFVxqKMw+s+9QIVt7e7aFMjkmITmpNBxhf+WIPX1GbXmy0w4nhQ
5EGa3F6v0/9pcAXt185f7p2ldlOlqnv/+dHajh0gqUmseDe80VIDUdFEEibtDKL2
bR3cx26tAyz9nPiYdjVBGuLiAVd1/pH64jTlVV41/YY5jm2h3tD3vES3iXRSpyrQ
JSWadW9N/ft+s7QeCgJxPoJT/IeBi2Wx6vCX5AMZePfWhmikJ94kUMQX9ZkqFxIo
diaKqUHeauQJ2Cw6749MOdmd4qNDwkgjz/SG9vl2WMfWbUQv9r2PRrxUtwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFMWfGJdmm9zqxPzi7+VbNf4pS1BFMB8GA1UdIwQY
MBaAFPsy6fSqMqunMS+rBUsXTc6MUVyjMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS16THA5S295cTZjeEw2c0ZTeGROem94UlhLTS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTIvMjc4NjYzLWIxMzUtNGRiMS1hMDQ0
LTIwNjI0YjNjMTU3Zi8xL3haOFlsMmFiM09yRV9PTHY1VnMxX2lsTFVFVS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZTIvMjc4NjYzLWIxMzUtNGRiMS1hMDQ0LTIwNjI0YjNjMTU3
Zi8xLzEtekxwOUtveXE2Y3hMNnNGU3hkTnpveFJYS00uY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBIDBABNW0YD
BABNW00DBAC5lZIwDQYJKoZIhvcNAQELBQADggEBADeGQUcFDHp3dqRK61xlnewa
e28vDzFjYQEnfNh5PywIUVaCm85n8ofIF+FKcru3veYYoR4t7Yf8ftH1mD7H2mhD
iVFjfnCi/aC4Qvxmx9jOp2NCW407lDgrMzG9hmqaGrhHX6pntmL0cPlGtgnnBtD2
dvnB+PMSlm63gyJnjCrMplrAkKmsyvQECXDOFSy9m/9wYR7d+RhZHaAlAG3SWMnD
YLtppw3jijEQhjMPn0wmZRH89wEj/P+Fzp2v+KwK3OMCKDSYnXGbXcvLQSgRMw3G
FqbRx24JnqaD4c3pAW/Bq1K+Ps9FMUMYldylKmBw3YA+b2jkzMuQPbZGOAo93hU=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:57:05 2024 by rpki-client on console-fra.rpki-client.org