Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/xwSikxVs05eHrjnSL9VR1Q9YZAg.roa
File:                     xwSikxVs05eHrjnSL9VR1Q9YZAg.roa (raw, json)
Hash identifier:          SR+gyREtUcF43NGL6a7QXM6UopdR8mwXVqQaREvf4ss=
Subject key identifier:   C7:04:A2:93:15:6C:D3:97:87:AE:39:D2:2F:D5:51:D5:0F:58:64:08
Certificate issuer:       /CN=fb32e9f4aa32aba7312fab054b174dce8c515ca3
Certificate serial:       0182D43408C2362067583870847C7F72B32A
Authority key identifier: FB:32:E9:F4:AA:32:AB:A7:31:2F:AB:05:4B:17:4D:CE:8C:51:5C:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-zLp9Koyq6cxL6sFSxdNzoxRXKM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/xwSikxVs05eHrjnSL9VR1Q9YZAg.roa
Signing time:             Thu 25 Aug 2022 08:52:36 +0000
ROA not before:           Thu 25 Aug 2022 08:52:36 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     44477
IP address blocks:        77.91.101.0/24 maxlen: 24
                          77.91.122.0/23 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:d4:34:08:c2:36:20:67:58:38:70:84:7c:7f:72:b3:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fb32e9f4aa32aba7312fab054b174dce8c515ca3
        Validity
            Not Before: Aug 25 08:52:36 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=c704a293156cd39787ae39d22fd551d50f586408
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:48:51:56:83:fb:77:79:c4:7e:aa:c8:42:37:
                    83:0c:78:2c:4c:df:a2:50:6b:5e:68:56:d7:c5:6c:
                    ab:64:d8:62:cd:48:12:9f:da:50:8c:ef:26:1a:ca:
                    1c:ae:6c:70:c7:fc:8a:38:3e:c7:3b:87:f0:d1:5f:
                    9c:13:30:25:d0:99:cb:25:9d:24:f4:77:d3:32:16:
                    6e:8d:71:10:21:43:0e:c1:d3:2b:f1:fb:1c:2b:4e:
                    63:84:a8:20:61:db:e0:d4:d9:fa:49:c1:c1:77:eb:
                    19:1f:03:17:15:5d:81:5a:9b:e4:bb:24:07:ea:56:
                    97:09:63:ff:70:de:f8:fc:95:9d:86:1b:ad:35:a6:
                    ee:0a:1e:ce:71:93:53:00:40:d3:97:44:03:75:73:
                    3c:9a:23:89:19:32:f0:46:84:88:cc:b6:a0:64:94:
                    0e:33:5e:ca:70:82:30:d6:60:45:5a:c2:b5:d2:c0:
                    20:d9:0f:de:a5:19:cf:3d:5d:bb:43:1b:47:1e:b6:
                    c4:8b:07:88:da:14:c6:5c:72:78:68:b4:1d:dc:30:
                    08:07:90:bd:b5:32:80:16:cc:cb:90:d3:8d:6c:56:
                    ae:96:af:b3:09:03:94:01:3d:71:fc:b1:86:da:32:
                    d0:ec:42:e5:0c:98:46:07:2a:97:17:e9:38:ce:80:
                    75:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:04:A2:93:15:6C:D3:97:87:AE:39:D2:2F:D5:51:D5:0F:58:64:08
            X509v3 Authority Key Identifier:
                keyid:FB:32:E9:F4:AA:32:AB:A7:31:2F:AB:05:4B:17:4D:CE:8C:51:5C:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-zLp9Koyq6cxL6sFSxdNzoxRXKM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/xwSikxVs05eHrjnSL9VR1Q9YZAg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/1-zLp9Koyq6cxL6sFSxdNzoxRXKM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.91.101.0/24
                  77.91.122.0/23

    Signature Algorithm: sha256WithRSAEncryption
         97:52:d2:d6:86:7c:f1:c3:fa:3b:78:2a:13:bc:0d:2f:5c:99:
         99:1c:21:5f:5a:00:8f:89:59:1f:7b:8b:86:16:1f:3c:ba:6c:
         72:b7:e0:6d:64:ca:7c:f9:dd:b1:07:18:e6:58:c6:94:85:bb:
         b1:40:50:0b:c1:0f:2c:13:23:c9:e3:ac:40:78:d4:46:8d:75:
         ae:6f:bb:6c:c5:e6:5c:32:55:7f:75:37:9d:86:50:11:6c:b8:
         d4:a8:bd:fe:42:3d:2c:8a:74:10:66:68:d7:88:39:b7:d2:6f:
         76:98:cc:00:73:34:ff:34:a4:14:52:94:e8:12:29:cf:33:71:
         36:18:4e:19:2f:86:62:2e:93:52:cc:a6:36:ce:b3:04:62:9d:
         9f:3d:02:4c:33:6d:14:79:f1:2a:69:94:6f:c1:46:65:9e:d4:
         a2:30:4a:b8:ab:c8:e4:14:21:17:30:d7:93:8b:6d:72:1e:1f:
         6f:bc:ad:53:e2:57:bc:ac:ef:5b:ef:83:01:2d:66:e5:d4:64:
         61:73:08:e2:0a:cc:51:66:65:7a:a7:a4:d9:ce:0b:8f:c3:41:
         47:ca:cf:64:51:15:81:1e:bc:b0:6d:16:1b:70:2a:69:28:10:
         ad:91:14:6c:47:69:15:7a:d3:ac:37:07:05:81:a7:f7:59:96:
         0e:40:1d:fe
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYLUNAjCNiBnWDhwhHx/crMqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiMzJlOWY0YWEzMmFiYTczMTJmYWIwNTRiMTc0ZGNlOGM1
MTVjYTMwHhcNMjIwODI1MDg1MjM2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzA0YTI5MzE1NmNkMzk3ODdhZTM5ZDIyZmQ1NTFkNTBmNTg2NDA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj0hRVoP7d3nEfqrIQjeDDHgsTN+i
UGteaFbXxWyrZNhizUgSn9pQjO8mGsocrmxwx/yKOD7HO4fw0V+cEzAl0JnLJZ0k
9HfTMhZujXEQIUMOwdMr8fscK05jhKggYdvg1Nn6ScHBd+sZHwMXFV2BWpvkuyQH
6laXCWP/cN74/JWdhhutNabuCh7OcZNTAEDTl0QDdXM8miOJGTLwRoSIzLagZJQO
M17KcIIw1mBFWsK10sAg2Q/epRnPPV27QxtHHrbEiweI2hTGXHJ4aLQd3DAIB5C9
tTKAFszLkNONbFaulq+zCQOUAT1x/LGG2jLQ7ELlDJhGByqXF+k4zoB1jQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFMcEopMVbNOXh6450i/VUdUPWGQIMB8GA1UdIwQY
MBaAFPsy6fSqMqunMS+rBUsXTc6MUVyjMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS16THA5S295cTZjeEw2c0ZTeGROem94UlhLTS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTIvMjc4NjYzLWIxMzUtNGRiMS1hMDQ0
LTIwNjI0YjNjMTU3Zi8xL3h3U2lreFZzMDVlSHJqblNMOVZSMVE5WVpBZy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZTIvMjc4NjYzLWIxMzUtNGRiMS1hMDQ0LTIwNjI0YjNjMTU3
Zi8xLzEtekxwOUtveXE2Y3hMNnNGU3hkTnpveFJYS00uY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBABNW2UD
BAFNW3owDQYJKoZIhvcNAQELBQADggEBAJdS0taGfPHD+jt4KhO8DS9cmZkcIV9a
AI+JWR97i4YWHzy6bHK34G1kynz53bEHGOZYxpSFu7FAUAvBDywTI8njrEB41EaN
da5vu2zF5lwyVX91N52GUBFsuNSovf5CPSyKdBBmaNeIObfSb3aYzABzNP80pBRS
lOgSKc8zcTYYThkvhmIuk1LMpjbOswRinZ89AkwzbRR58SpplG/BRmWe1KIwSrir
yOQUIRcw15OLbXIeH2+8rVPiV7ys71vvgwEtZuXUZGFzCOIKzFFmZXqnpNnOC4/D
QUfKz2RRFYEevLBtFhtwKmkoEK2RFGxHaRV606w3BwWBp/dZlg5AHf4=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:57:05 2024 by rpki-client on console-fra.rpki-client.org