Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/EVxmhZEmJu2qphNEmM_fxbunpno.roa
File:                     EVxmhZEmJu2qphNEmM_fxbunpno.roa (raw, json)
Hash identifier:          pG/RCnXJVhWvm40Ye5eMN0WkwK7i7w9Bj1lDyXZdems=
Subject key identifier:   11:5C:66:85:91:26:26:ED:AA:A6:13:44:98:CF:DF:C5:BB:A7:A6:7A
Certificate issuer:       /CN=af801984cc38f0a4fc5afe1adeab680c1b89e95b
Certificate serial:       0181D7ABC988BF7BE038A1891697EA76E69B
Authority key identifier: AF:80:19:84:CC:38:F0:A4:FC:5A:FE:1A:DE:AB:68:0C:1B:89:E9:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/EVxmhZEmJu2qphNEmM_fxbunpno.roa
Signing time:             Thu 07 Jul 2022 07:59:28 +0000
ROA not before:           Thu 07 Jul 2022 07:59:28 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     5430
IP address blocks:        194.97.46.0/23 maxlen: 24
                          194.97.58.0/24 maxlen: 24
                          194.97.0.0/18 maxlen: 18
                          194.97.119.0/24 maxlen: 24
                          62.104.56.0/24 maxlen: 24
                          62.104.66.0/23 maxlen: 23
                          194.97.160.0/19 maxlen: 19
                          62.104.96.0/22 maxlen: 22
                          62.104.96.0/21 maxlen: 21
                          194.97.164.0/22 maxlen: 22
                          62.104.104.0/22 maxlen: 22
                          194.97.167.0/24 maxlen: 24
                          194.97.168.0/24 maxlen: 24
                          62.104.0.0/16 maxlen: 16
                          62.104.8.0/21 maxlen: 21
                          62.104.16.0/24 maxlen: 24
                          62.104.17.0/24 maxlen: 24
                          62.104.20.0/24 maxlen: 24
                          62.104.20.0/23 maxlen: 23
                          62.104.18.0/23 maxlen: 23
                          194.97.96.0/19 maxlen: 19
                          62.104.48.0/23 maxlen: 23
                          194.97.118.0/24 maxlen: 24
                          62.104.50.0/24 maxlen: 24
                          62.104.46.0/23 maxlen: 23
                          62.104.45.0/24 maxlen: 24
                          89.49.127.0/24 maxlen: 24
                          89.49.126.0/24 maxlen: 24
                          89.48.0.0/13 maxlen: 24
                          195.4.70.0/24 maxlen: 24
                          195.4.71.0/24 maxlen: 24
                          195.4.104.0/22 maxlen: 22
                          195.4.234.0/23 maxlen: 24
                          195.4.176.0/24 maxlen: 24
                          62.104.164.0/24 maxlen: 24
                          62.104.164.0/22 maxlen: 22
                          62.104.168.0/22 maxlen: 22
                          62.104.172.0/23 maxlen: 23
                          62.104.174.0/24 maxlen: 24
                          62.104.175.0/24 maxlen: 24
                          62.104.176.0/22 maxlen: 22
                          62.104.176.0/21 maxlen: 21
                          62.104.178.0/24 maxlen: 24
                          62.104.182.0/24 maxlen: 24
                          194.97.192.0/18 maxlen: 18
                          195.4.0.0/16 maxlen: 16
                          195.4.16.0/24 maxlen: 24
                          195.4.16.0/22 maxlen: 22
                          195.4.28.0/23 maxlen: 23
                          195.4.27.0/24 maxlen: 24
                          195.4.43.0/24 maxlen: 24
                          2001:748::/32 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:81:d7:ab:c9:88:bf:7b:e0:38:a1:89:16:97:ea:76:e6:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af801984cc38f0a4fc5afe1adeab680c1b89e95b
        Validity
            Not Before: Jul  7 07:59:28 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=115c6685912626edaaa6134498cfdfc5bba7a67a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:9b:d7:7c:bc:db:f5:3e:19:e6:cf:8d:26:f0:
                    8f:fc:69:95:01:a4:b2:77:12:bf:dc:40:d7:f4:cb:
                    71:e6:46:b5:a1:20:cb:11:d7:4c:ab:1a:31:70:f9:
                    17:fc:35:35:e5:9b:57:57:42:f8:b5:68:d4:df:18:
                    f8:ad:62:25:4b:cb:3c:48:f8:f3:72:a3:76:a5:89:
                    c2:c4:bd:ea:15:eb:d8:74:83:03:c0:27:be:97:f6:
                    e1:be:99:e3:8c:00:33:d1:e1:76:e3:59:dd:4d:d2:
                    37:b6:0b:7e:f7:82:28:93:c0:0e:2b:2f:04:0f:e0:
                    32:5e:ad:a9:2e:a6:8e:ff:6a:bf:f5:0b:31:9c:f6:
                    45:e7:27:61:62:7f:15:64:94:cf:be:d7:bb:fa:9e:
                    b0:19:33:3e:80:13:c2:9a:7d:3d:08:34:da:53:16:
                    be:88:96:2e:0c:09:da:d7:fb:14:63:e3:aa:77:9d:
                    a5:a6:17:e4:eb:97:80:f5:f5:6c:21:3c:25:a5:17:
                    e9:1e:df:2a:a4:26:60:c6:37:2c:51:b5:c3:fb:9b:
                    7b:01:ea:0f:1d:39:a2:a3:23:4b:9c:6a:98:8c:20:
                    0f:af:92:35:da:42:5e:2c:8b:70:75:61:8a:42:49:
                    a5:ba:fc:e3:82:4b:89:41:84:2f:f4:72:5c:d4:bb:
                    8c:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:5C:66:85:91:26:26:ED:AA:A6:13:44:98:CF:DF:C5:BB:A7:A6:7A
            X509v3 Authority Key Identifier:
                keyid:AF:80:19:84:CC:38:F0:A4:FC:5A:FE:1A:DE:AB:68:0C:1B:89:E9:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/EVxmhZEmJu2qphNEmM_fxbunpno.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.104.0.0/16
                  89.48.0.0/13
                  194.97.0.0/18
                  194.97.96.0/19
                  194.97.160.0-194.97.255.255
                  195.4.0.0/16
                IPv6:
                  2001:748::/32

    Signature Algorithm: sha256WithRSAEncryption
         72:02:d7:bd:9e:59:0b:9b:b8:2d:71:0c:08:9a:31:6b:68:e0:
         be:57:03:bc:cf:53:9a:10:d5:8c:3f:50:78:e6:c0:14:d0:11:
         03:49:af:70:1b:a6:17:7f:e7:11:dc:0d:c3:e4:4f:51:37:3a:
         5b:dd:b5:45:be:af:69:fc:22:dd:c9:0e:ad:bc:3a:0f:47:6f:
         39:a0:3d:dd:db:fc:15:b4:08:50:00:0d:d7:16:fb:69:e6:0f:
         7e:89:b9:24:91:7e:40:8a:79:47:5f:35:e7:df:fb:d5:ee:dd:
         ac:20:51:fe:d8:f6:a7:6c:36:d3:73:4c:16:1b:6c:27:a1:8b:
         e4:42:50:2e:af:ab:9e:93:1f:a5:70:54:19:1c:37:fe:ce:c2:
         38:4b:d7:c2:2d:cb:62:c8:27:88:9f:fb:5f:b8:75:18:8e:c1:
         b7:b2:8c:e2:32:f7:c4:97:29:0e:fb:4b:a3:9a:83:15:55:b8:
         52:56:ac:23:29:60:f3:fb:49:77:27:0c:27:db:4f:fb:32:db:
         51:8c:a1:b5:7b:cf:ac:5b:38:17:f0:55:9d:94:3c:44:f0:d9:
         d5:ce:19:19:99:bb:8f:d9:23:99:50:ed:5f:64:7a:60:7b:aa:
         c9:76:4e:24:33:cb:f9:39:51:30:6b:5f:28:50:71:45:0e:a9:
         28:2a:ba:76
-----BEGIN CERTIFICATE-----
MIIFLjCCBBagAwIBAgISAYHXq8mIv3vgOKGJFpfqduabMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmODAxOTg0Y2MzOGYwYTRmYzVhZmUxYWRlYWI2ODBjMWI4
OWU5NWIwHhcNMjIwNzA3MDc1OTI4WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMTVjNjY4NTkxMjYyNmVkYWFhNjEzNDQ5OGNmZGZjNWJiYTdhNjdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzpvXfLzb9T4Z5s+NJvCP/GmVAaSy
dxK/3EDX9Mtx5ka1oSDLEddMqxoxcPkX/DU15ZtXV0L4tWjU3xj4rWIlS8s8SPjz
cqN2pYnCxL3qFevYdIMDwCe+l/bhvpnjjAAz0eF241ndTdI3tgt+94Iok8AOKy8E
D+AyXq2pLqaO/2q/9QsxnPZF5ydhYn8VZJTPvte7+p6wGTM+gBPCmn09CDTaUxa+
iJYuDAna1/sUY+Oqd52lphfk65eA9fVsITwlpRfpHt8qpCZgxjcsUbXD+5t7AeoP
HTmioyNLnGqYjCAPr5I12kJeLItwdWGKQkmluvzjgkuJQYQv9HJc1LuM+QIDAQAB
o4ICOjCCAjYwHQYDVR0OBBYEFBFcZoWRJibtqqYTRJjP38W7p6Z6MB8GA1UdIwQY
MBaAFK+AGYTMOPCk/Fr+Gt6raAwbielbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjRBWmhNdzQ4S1Q4V3Y0YTNxdG9EQnVKNlZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi9iZmQzN2MtY2IxMi00YTljLThmNWQt
NDAyMTI2NWMzOWIwLzEvRVZ4bWhaRW1KdTJxcGhORW1NX2Z4YnVucG5vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi9iZmQzN2MtY2IxMi00YTljLThmNWQtNDAyMTI2NWMzOWIw
LzEvcjRBWmhNdzQ4S1Q4V3Y0YTNxdG9EQnVKNlZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFAGCCsGAQUFBwEHAQH/BEEwPzAuBAIAATAoAwMAPmgDAwNZ
MAMEBsJhAAMEBcJhYDALAwQFwmGgAwMBwmADAwDDBDANBAIAAjAHAwUAIAEHSDAN
BgkqhkiG9w0BAQsFAAOCAQEAcgLXvZ5ZC5u4LXEMCJoxa2jgvlcDvM9TmhDVjD9Q
eObAFNARA0mvcBumF3/nEdwNw+RPUTc6W921Rb6vafwi3ckOrbw6D0dvOaA93dv8
FbQIUAAN1xb7aeYPfom5JJF+QIp5R18159/71e7drCBR/tj2p2w203NMFhtsJ6GL
5EJQLq+rnpMfpXBUGRw3/s7COEvXwi3LYsgniJ/7X7h1GI7Bt7KM4jL3xJcpDvtL
o5qDFVW4UlasIylg8/tJdycMJ9tP+zLbUYyhtXvPrFs4F/BVnZQ8RPDZ1c4ZGZm7
j9kjmVDtX2R6YHuqyXZOJDPL+TlRMGtfKFBxRQ6pKCq6dg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:49:53 2024 by rpki-client on console-ams.rpki-client.org