Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/HZyIxeIa74_vp4e0VMH_jfwLi48.roa
File:                     HZyIxeIa74_vp4e0VMH_jfwLi48.roa (raw, json)
Hash identifier:          R2pv/ciRlTUyKM6mhkqomj4r8HaXIoqnb6nwidnRbQQ=
Subject key identifier:   1D:9C:88:C5:E2:1A:EF:8F:EF:A7:87:B4:54:C1:FF:8D:FC:0B:8B:8F
Certificate issuer:       /CN=af801984cc38f0a4fc5afe1adeab680c1b89e95b
Certificate serial:       018E5161C3128091DAD5AF6615544129A259
Authority key identifier: AF:80:19:84:CC:38:F0:A4:FC:5A:FE:1A:DE:AB:68:0C:1B:89:E9:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/HZyIxeIa74_vp4e0VMH_jfwLi48.roa
Signing time:             Mon 18 Mar 2024 11:45:45 +0000
ROA not before:           Mon 18 Mar 2024 11:45:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5430
IP address blocks:        62.104.0.0/16 maxlen: 16
                          62.104.10.0/23 maxlen: 23
                          62.104.12.0/22 maxlen: 22
                          62.104.16.0/24 maxlen: 24
                          62.104.17.0/24 maxlen: 24
                          62.104.18.0/24 maxlen: 24
                          62.104.20.0/23 maxlen: 24
                          62.104.45.0/24 maxlen: 24
                          62.104.46.0/23 maxlen: 23
                          62.104.48.0/23 maxlen: 23
                          62.104.50.0/24 maxlen: 24
                          62.104.56.0/24 maxlen: 24
                          62.104.66.0/23 maxlen: 23
                          62.104.95.0/24 maxlen: 24
                          62.104.96.0/21 maxlen: 22
                          62.104.96.0/22 maxlen: 22
                          62.104.104.0/22 maxlen: 22
                          62.104.164.0/22 maxlen: 22
                          62.104.164.0/24 maxlen: 24
                          62.104.168.0/22 maxlen: 22
                          62.104.172.0/23 maxlen: 23
                          62.104.174.0/24 maxlen: 24
                          62.104.175.0/24 maxlen: 24
                          62.104.176.0/22 maxlen: 22
                          62.104.182.0/24 maxlen: 24
                          89.48.0.0/13 maxlen: 24
                          89.49.126.0/24 maxlen: 24
                          89.49.127.0/24 maxlen: 24
                          194.97.0.0/18 maxlen: 18
                          194.97.46.0/23 maxlen: 24
                          194.97.58.0/24 maxlen: 24
                          194.97.96.0/19 maxlen: 19
                          194.97.96.0/24 maxlen: 24
                          194.97.102.0/24 maxlen: 24
                          194.97.118.0/24 maxlen: 24
                          194.97.119.0/24 maxlen: 24
                          194.97.120.0/23 maxlen: 23
                          194.97.122.0/24 maxlen: 24
                          194.97.160.0/19 maxlen: 19
                          194.97.164.0/22 maxlen: 22
                          194.97.192.0/18 maxlen: 18
                          195.4.0.0/16 maxlen: 16
                          195.4.0.0/17 maxlen: 17
                          195.4.6.0/24 maxlen: 24
                          195.4.12.0/23 maxlen: 23
                          195.4.16.0/22 maxlen: 22
                          195.4.16.0/24 maxlen: 24
                          195.4.27.0/24 maxlen: 24
                          195.4.70.0/24 maxlen: 24
                          195.4.71.0/24 maxlen: 24
                          195.4.104.0/22 maxlen: 22
                          195.4.176.0/21 maxlen: 21
                          195.4.176.0/24 maxlen: 24
                          195.4.216.0/21 maxlen: 21
                          195.4.224.0/19 maxlen: 19
                          195.4.234.0/23 maxlen: 24
                          2001:748::/32 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:51:61:c3:12:80:91:da:d5:af:66:15:54:41:29:a2:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af801984cc38f0a4fc5afe1adeab680c1b89e95b
        Validity
            Not Before: Mar 18 11:45:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1d9c88c5e21aef8fefa787b454c1ff8dfc0b8b8f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:5f:53:2f:2b:ac:c7:23:64:d6:62:e7:ad:d9:
                    3b:42:bd:2d:6d:9f:5f:88:a9:c9:4e:8d:6c:e5:6c:
                    f2:75:34:c3:5b:07:2a:77:df:a4:1e:f7:51:a8:fb:
                    60:ca:0f:9e:5d:3d:fa:2c:89:6f:d6:67:9b:71:b9:
                    fa:b2:f7:6b:c9:ce:bb:5f:29:61:1e:f7:d3:e9:c0:
                    a8:8a:81:48:6e:51:cc:c1:23:0f:ba:29:a9:bb:66:
                    e1:52:69:c2:c8:30:66:36:ed:61:1e:9e:6d:6c:3c:
                    3b:cc:88:3e:bc:af:cd:4e:74:22:39:29:f6:e6:a7:
                    bf:7b:44:46:4a:05:65:2d:c7:31:a1:c0:55:4f:7e:
                    63:8a:98:45:8e:73:f9:df:a5:71:47:0a:50:29:4d:
                    cf:0c:e9:f3:47:9e:5d:36:74:2c:f5:d1:c8:12:ca:
                    f6:9b:44:e7:f9:a1:02:fa:ac:7e:32:07:b9:5c:11:
                    21:b8:a8:9f:c7:3f:e7:92:69:43:b4:25:f2:f6:8b:
                    d1:ce:6c:e7:4a:72:9a:d1:f5:e9:73:63:45:da:f4:
                    c3:30:15:15:61:76:27:b4:7e:bd:cf:6f:56:e2:a5:
                    26:c7:b5:ed:37:14:1d:37:93:d3:eb:6f:2d:ca:2d:
                    4e:01:9f:17:ad:b9:35:12:65:c8:2b:71:4d:38:1c:
                    70:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:9C:88:C5:E2:1A:EF:8F:EF:A7:87:B4:54:C1:FF:8D:FC:0B:8B:8F
            X509v3 Authority Key Identifier:
                keyid:AF:80:19:84:CC:38:F0:A4:FC:5A:FE:1A:DE:AB:68:0C:1B:89:E9:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/HZyIxeIa74_vp4e0VMH_jfwLi48.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.104.0.0/16
                  89.48.0.0/13
                  194.97.0.0/18
                  194.97.96.0/19
                  194.97.160.0-194.97.255.255
                  195.4.0.0/16
                IPv6:
                  2001:748::/32

    Signature Algorithm: sha256WithRSAEncryption
         9a:0e:5a:77:db:64:9e:af:ba:a2:b5:d7:29:5b:61:06:45:01:
         89:6b:e2:b0:fa:69:9b:cb:89:a4:8c:77:51:44:c4:4d:f2:3f:
         ce:c7:83:b5:12:e2:52:6e:a4:9f:21:25:3a:20:8e:c2:6a:31:
         e9:4d:b6:77:94:0d:1d:5f:2c:f8:bb:27:4b:97:49:42:d3:0b:
         7e:38:9f:1a:75:5e:f4:ed:37:65:a6:df:26:a0:d8:33:a7:95:
         b5:a5:e0:a3:c2:88:f7:8a:76:24:57:41:53:96:c4:44:53:c4:
         d5:50:7b:df:b3:22:91:8e:c3:fa:67:4b:44:bf:5d:db:da:de:
         a6:f8:8f:d8:8e:69:17:57:e9:fa:5c:ce:5a:0b:21:f8:e4:1d:
         58:2a:7f:0c:9a:9e:97:3e:2d:e8:b6:e3:69:59:00:6f:14:c6:
         31:6d:9c:bf:dc:c0:b3:3d:30:6b:b5:2e:71:fd:48:13:31:8c:
         e4:a0:54:1b:ba:aa:dd:4f:f1:09:f8:37:64:03:c4:60:df:95:
         7b:90:d8:f8:38:1d:84:77:69:1e:e7:2b:7f:31:02:d6:a1:a7:
         be:00:45:6c:bc:3b:ee:6f:ff:d4:4e:93:3a:17:77:b1:fd:30:
         72:aa:7c:2f:ac:fe:4e:d8:cc:72:ad:a9:da:cf:e1:7a:5c:9e:
         1b:97:c2:85
-----BEGIN CERTIFICATE-----
MIIFLjCCBBagAwIBAgISAY5RYcMSgJHa1a9mFVRBKaJZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmODAxOTg0Y2MzOGYwYTRmYzVhZmUxYWRlYWI2ODBjMWI4
OWU5NWIwHhcNMjQwMzE4MTE0NTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDljODhjNWUyMWFlZjhmZWZhNzg3YjQ1NGMxZmY4ZGZjMGI4YjhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiF9TLyusxyNk1mLnrdk7Qr0tbZ9f
iKnJTo1s5WzydTTDWwcqd9+kHvdRqPtgyg+eXT36LIlv1mebcbn6svdryc67Xylh
HvfT6cCoioFIblHMwSMPuimpu2bhUmnCyDBmNu1hHp5tbDw7zIg+vK/NTnQiOSn2
5qe/e0RGSgVlLccxocBVT35jiphFjnP536VxRwpQKU3PDOnzR55dNnQs9dHIEsr2
m0Tn+aEC+qx+Mge5XBEhuKifxz/nkmlDtCXy9ovRzmznSnKa0fXpc2NF2vTDMBUV
YXYntH69z29W4qUmx7XtNxQdN5PT628tyi1OAZ8Xrbk1EmXIK3FNOBxwsQIDAQAB
o4ICOjCCAjYwHQYDVR0OBBYEFB2ciMXiGu+P76eHtFTB/438C4uPMB8GA1UdIwQY
MBaAFK+AGYTMOPCk/Fr+Gt6raAwbielbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjRBWmhNdzQ4S1Q4V3Y0YTNxdG9EQnVKNlZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi9iZmQzN2MtY2IxMi00YTljLThmNWQt
NDAyMTI2NWMzOWIwLzEvSFp5SXhlSWE3NF92cDRlMFZNSF9qZndMaTQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi9iZmQzN2MtY2IxMi00YTljLThmNWQtNDAyMTI2NWMzOWIw
LzEvcjRBWmhNdzQ4S1Q4V3Y0YTNxdG9EQnVKNlZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFAGCCsGAQUFBwEHAQH/BEEwPzAuBAIAATAoAwMAPmgDAwNZ
MAMEBsJhAAMEBcJhYDALAwQFwmGgAwMBwmADAwDDBDANBAIAAjAHAwUAIAEHSDAN
BgkqhkiG9w0BAQsFAAOCAQEAmg5ad9tknq+6orXXKVthBkUBiWvisPppm8uJpIx3
UUTETfI/zseDtRLiUm6knyElOiCOwmox6U22d5QNHV8s+LsnS5dJQtMLfjifGnVe
9O03ZabfJqDYM6eVtaXgo8KI94p2JFdBU5bERFPE1VB737MikY7D+mdLRL9d29re
pviP2I5pF1fp+lzOWgsh+OQdWCp/DJqelz4t6LbjaVkAbxTGMW2cv9zAsz0wa7Uu
cf1IEzGM5KBUG7qq3U/xCfg3ZAPEYN+Ve5DY+DgdhHdpHucrfzEC1qGnvgBFbLw7
7m//1E6TOhd3sf0wcqp8L6z+TtjMcq2p2s/helyeG5fChQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:57:45 2024 by rpki-client on console-fra.rpki-client.org