Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/DHZa09xMTtNoLyjqwo7TYr78EzQ.roa
File:                     DHZa09xMTtNoLyjqwo7TYr78EzQ.roa (raw, json)
Hash identifier:          1vYD0WBYQ60kJ067v+CU9Sg0lxy207YlTSz0jSe5eBU=
Subject key identifier:   0C:76:5A:D3:DC:4C:4E:D3:68:2F:28:EA:C2:8E:D3:62:BE:FC:13:34
Certificate issuer:       /CN=af801984cc38f0a4fc5afe1adeab680c1b89e95b
Certificate serial:       0186978D4ED16A48548A9F5F0E94B70CCDDA
Authority key identifier: AF:80:19:84:CC:38:F0:A4:FC:5A:FE:1A:DE:AB:68:0C:1B:89:E9:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/DHZa09xMTtNoLyjqwo7TYr78EzQ.roa
Signing time:             Tue 28 Feb 2023 10:24:25 +0000
ROA not before:           Tue 28 Feb 2023 10:24:25 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     5430
IP address blocks:        194.97.46.0/23 maxlen: 24
                          194.97.58.0/24 maxlen: 24
                          194.97.0.0/18 maxlen: 18
                          194.97.119.0/24 maxlen: 24
                          62.104.56.0/24 maxlen: 24
                          62.104.66.0/23 maxlen: 23
                          194.97.160.0/19 maxlen: 19
                          62.104.95.0/24 maxlen: 24
                          62.104.96.0/21 maxlen: 22
                          62.104.96.0/22 maxlen: 22
                          194.97.164.0/22 maxlen: 22
                          62.104.104.0/22 maxlen: 22
                          62.104.0.0/16 maxlen: 16
                          62.104.8.0/21 maxlen: 21
                          62.104.10.0/23 maxlen: 23
                          62.104.12.0/22 maxlen: 22
                          62.104.16.0/24 maxlen: 24
                          62.104.17.0/24 maxlen: 24
                          62.104.20.0/24 maxlen: 24
                          62.104.20.0/23 maxlen: 23
                          62.104.18.0/23 maxlen: 23
                          62.104.18.0/24 maxlen: 24
                          194.97.96.0/24 maxlen: 24
                          194.97.96.0/19 maxlen: 19
                          194.97.102.0/24 maxlen: 24
                          62.104.48.0/23 maxlen: 23
                          194.97.118.0/24 maxlen: 24
                          62.104.50.0/24 maxlen: 24
                          62.104.46.0/23 maxlen: 23
                          62.104.45.0/24 maxlen: 24
                          89.49.127.0/24 maxlen: 24
                          89.49.126.0/24 maxlen: 24
                          89.48.0.0/13 maxlen: 24
                          195.4.70.0/24 maxlen: 24
                          195.4.71.0/24 maxlen: 24
                          195.4.104.0/22 maxlen: 22
                          195.4.234.0/23 maxlen: 24
                          195.4.176.0/24 maxlen: 24
                          62.104.164.0/24 maxlen: 24
                          62.104.164.0/22 maxlen: 22
                          62.104.168.0/22 maxlen: 22
                          62.104.172.0/23 maxlen: 23
                          62.104.174.0/24 maxlen: 24
                          62.104.175.0/24 maxlen: 24
                          62.104.176.0/22 maxlen: 22
                          62.104.182.0/24 maxlen: 24
                          194.97.192.0/18 maxlen: 18
                          195.4.0.0/16 maxlen: 16
                          195.4.16.0/24 maxlen: 24
                          195.4.16.0/22 maxlen: 22
                          195.4.28.0/23 maxlen: 23
                          195.4.27.0/24 maxlen: 24
                          195.4.43.0/24 maxlen: 24
                          2001:748::/32 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:97:8d:4e:d1:6a:48:54:8a:9f:5f:0e:94:b7:0c:cd:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af801984cc38f0a4fc5afe1adeab680c1b89e95b
        Validity
            Not Before: Feb 28 10:24:25 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=0c765ad3dc4c4ed3682f28eac28ed362befc1334
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:71:cd:a0:a0:ef:bf:91:5a:90:fe:42:61:e0:
                    b7:92:64:7f:b2:e6:5a:39:97:5c:71:f0:55:70:8f:
                    81:63:96:54:53:38:da:23:79:8a:5e:0e:a4:08:a4:
                    52:78:bd:49:39:cd:5b:4a:39:26:7f:ab:df:00:00:
                    91:19:93:46:ca:14:ab:a8:96:37:a6:c0:a5:3b:cd:
                    40:92:e5:13:26:bc:ad:e3:36:70:d5:07:bc:06:c0:
                    bf:20:06:e2:0a:6f:35:90:db:ad:35:ef:97:04:84:
                    fb:c7:15:26:3a:74:70:5c:a2:2d:14:0f:e9:ce:ff:
                    31:55:9e:c8:7b:92:bc:ae:91:94:40:1c:b5:36:fc:
                    39:ab:76:a2:3b:c0:95:e1:c6:01:3a:73:44:2a:a2:
                    ee:f7:1a:f5:1a:30:a5:ab:62:87:d7:ad:d6:9a:97:
                    40:2c:fd:24:a0:c9:49:70:8f:98:ff:40:7e:69:a1:
                    4f:ef:c9:d8:fe:2b:7c:16:b6:b7:e6:80:c1:dd:23:
                    43:a9:fa:ca:98:6e:2b:51:4a:ef:a5:bf:ce:3c:c1:
                    3c:91:1b:9c:89:6a:ea:38:95:55:12:28:90:d5:f6:
                    c4:f4:89:f4:36:08:c1:64:d0:9f:47:a2:59:4d:9a:
                    79:4d:77:1e:35:83:4d:66:06:3e:67:35:ff:a1:e5:
                    22:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:76:5A:D3:DC:4C:4E:D3:68:2F:28:EA:C2:8E:D3:62:BE:FC:13:34
            X509v3 Authority Key Identifier:
                keyid:AF:80:19:84:CC:38:F0:A4:FC:5A:FE:1A:DE:AB:68:0C:1B:89:E9:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/DHZa09xMTtNoLyjqwo7TYr78EzQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.104.0.0/16
                  89.48.0.0/13
                  194.97.0.0/18
                  194.97.96.0/19
                  194.97.160.0-194.97.255.255
                  195.4.0.0/16
                IPv6:
                  2001:748::/32

    Signature Algorithm: sha256WithRSAEncryption
         08:b1:c7:23:61:3d:2f:60:db:58:97:04:0a:c9:99:57:ff:d9:
         d5:bc:a8:fd:c4:8d:33:7e:4f:fb:90:7f:f3:1b:77:c0:37:18:
         fb:bb:70:79:46:4a:e0:91:a5:a4:00:99:90:34:26:62:68:43:
         0f:ae:33:52:0d:18:22:ff:f0:39:30:50:a3:a6:69:bd:ce:83:
         2d:26:9e:17:e0:a3:37:0b:eb:4f:1b:2a:67:a5:c7:55:5e:34:
         a5:c3:1d:54:10:bd:ee:2e:99:a5:ac:37:c1:85:db:2f:af:46:
         48:6a:fa:0d:d1:88:80:de:53:10:21:77:16:f8:03:cd:f6:0a:
         67:28:ba:fb:64:c8:5c:89:de:f4:ee:e0:7e:e6:00:e6:5f:2c:
         1f:dc:87:01:bf:ac:f6:72:47:93:4f:4b:70:a6:78:97:7e:51:
         38:ef:95:d3:03:de:c8:2e:02:03:85:a4:bb:8a:d2:cd:9f:e7:
         7a:1a:df:f4:e4:94:42:69:30:27:8d:3a:3b:ac:bf:f5:b5:ef:
         8f:31:9b:64:ac:37:f5:f1:59:20:48:70:d1:c5:29:96:e2:7d:
         0a:59:15:54:18:81:be:83:a2:29:61:00:cf:33:62:c9:f1:6b:
         2a:90:3b:a0:a7:d1:9c:29:92:3d:f8:fa:40:fc:34:8d:2e:87:
         c6:2d:5b:6b
-----BEGIN CERTIFICATE-----
MIIFLjCCBBagAwIBAgISAYaXjU7RakhUip9fDpS3DM3aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmODAxOTg0Y2MzOGYwYTRmYzVhZmUxYWRlYWI2ODBjMWI4
OWU5NWIwHhcNMjMwMjI4MTAyNDI1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzc2NWFkM2RjNGM0ZWQzNjgyZjI4ZWFjMjhlZDM2MmJlZmMxMzM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkXHNoKDvv5FakP5CYeC3kmR/suZa
OZdccfBVcI+BY5ZUUzjaI3mKXg6kCKRSeL1JOc1bSjkmf6vfAACRGZNGyhSrqJY3
psClO81AkuUTJryt4zZw1Qe8BsC/IAbiCm81kNutNe+XBIT7xxUmOnRwXKItFA/p
zv8xVZ7Ie5K8rpGUQBy1Nvw5q3aiO8CV4cYBOnNEKqLu9xr1GjClq2KH163WmpdA
LP0koMlJcI+Y/0B+aaFP78nY/it8Fra35oDB3SNDqfrKmG4rUUrvpb/OPME8kRuc
iWrqOJVVEiiQ1fbE9In0NgjBZNCfR6JZTZp5TXceNYNNZgY+ZzX/oeUiawIDAQAB
o4ICOjCCAjYwHQYDVR0OBBYEFAx2WtPcTE7TaC8o6sKO02K+/BM0MB8GA1UdIwQY
MBaAFK+AGYTMOPCk/Fr+Gt6raAwbielbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjRBWmhNdzQ4S1Q4V3Y0YTNxdG9EQnVKNlZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi9iZmQzN2MtY2IxMi00YTljLThmNWQt
NDAyMTI2NWMzOWIwLzEvREhaYTA5eE1UdE5vTHlqcXdvN1RZcjc4RXpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi9iZmQzN2MtY2IxMi00YTljLThmNWQtNDAyMTI2NWMzOWIw
LzEvcjRBWmhNdzQ4S1Q4V3Y0YTNxdG9EQnVKNlZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFAGCCsGAQUFBwEHAQH/BEEwPzAuBAIAATAoAwMAPmgDAwNZ
MAMEBsJhAAMEBcJhYDALAwQFwmGgAwMBwmADAwDDBDANBAIAAjAHAwUAIAEHSDAN
BgkqhkiG9w0BAQsFAAOCAQEACLHHI2E9L2DbWJcECsmZV//Z1byo/cSNM35P+5B/
8xt3wDcY+7tweUZK4JGlpACZkDQmYmhDD64zUg0YIv/wOTBQo6Zpvc6DLSaeF+Cj
NwvrTxsqZ6XHVV40pcMdVBC97i6Zpaw3wYXbL69GSGr6DdGIgN5TECF3FvgDzfYK
Zyi6+2TIXIne9O7gfuYA5l8sH9yHAb+s9nJHk09LcKZ4l35ROO+V0wPeyC4CA4Wk
u4rSzZ/nehrf9OSUQmkwJ406O6y/9bXvjzGbZKw39fFZIEhw0cUpluJ9ClkVVBiB
voOiKWEAzzNiyfFrKpA7oKfRnCmSPfj6QPw0jS6Hxi1baw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:57:45 2024 by rpki-client on console-fra.rpki-client.org