Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/TS0xoPXZKpDd_2hLMwEqNGM7jTE.roa
File:                     TS0xoPXZKpDd_2hLMwEqNGM7jTE.roa (raw, json)
Hash identifier:          SCSpFmHw9pVhCeLsIZVcYszypz7/u2qdUqWb5l1JE5I=
Subject key identifier:   4D:2D:31:A0:F5:D9:2A:90:DD:FF:68:4B:33:01:2A:34:63:3B:8D:31
Certificate issuer:       /CN=af801984cc38f0a4fc5afe1adeab680c1b89e95b
Certificate serial:       34D9A33D
Authority key identifier: AF:80:19:84:CC:38:F0:A4:FC:5A:FE:1A:DE:AB:68:0C:1B:89:E9:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/TS0xoPXZKpDd_2hLMwEqNGM7jTE.roa
Signing time:             Mon 31 Jan 2022 15:37:22 +0000
ROA not before:           Mon 31 Jan 2022 15:37:22 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     5430
IP address blocks:        89.48.0.0/13 maxlen: 24
                          62.104.164.0/24 maxlen: 24
                          62.104.178.0/24 maxlen: 24
                          62.104.182.0/24 maxlen: 24
                          194.97.192.0/18 maxlen: 18
                          194.97.0.0/18 maxlen: 18
                          89.49.127.0/24 maxlen: 24
                          89.49.126.0/24 maxlen: 24
                          195.4.0.0/16 maxlen: 16
                          195.4.16.0/24 maxlen: 24
                          62.104.75.0/24 maxlen: 24
                          194.97.160.0/19 maxlen: 19
                          194.97.167.0/24 maxlen: 24
                          62.104.0.0/16 maxlen: 16
                          62.104.20.0/24 maxlen: 24
                          194.97.96.0/19 maxlen: 19
                          2001:748::/32 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 886678333 (0x34d9a33d)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af801984cc38f0a4fc5afe1adeab680c1b89e95b
        Validity
            Not Before: Jan 31 15:37:22 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=4d2d31a0f5d92a90ddff684b33012a34633b8d31
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:af:3f:79:3f:6e:8e:98:dd:92:a5:5c:17:51:
                    ad:86:8a:d4:99:fa:ad:ed:05:12:b2:c6:f5:81:55:
                    dc:ef:27:86:80:12:ea:4d:b2:af:23:a5:e9:f0:c4:
                    5a:d6:da:09:ff:a8:9a:4c:ec:fc:84:3c:72:a9:34:
                    9a:eb:f6:d9:7a:af:34:4c:ad:ff:99:e5:8e:73:d8:
                    70:4f:92:ae:0d:5d:c7:93:f6:da:05:34:5a:50:2b:
                    27:e4:03:ad:b8:fb:a9:de:88:1e:92:7d:05:ca:30:
                    4a:93:60:e6:d0:0e:a8:5d:6c:16:16:3f:14:45:82:
                    07:e0:24:06:49:e8:3f:e8:ab:79:dc:a6:8c:75:0f:
                    13:69:6b:16:7a:86:86:df:0e:3b:b0:3e:25:5e:cf:
                    7e:42:91:7c:06:55:39:14:75:b8:17:66:08:52:ab:
                    7f:dd:c8:24:b9:74:3f:0c:9a:f5:c4:8e:f9:d3:f8:
                    84:5b:a2:00:f2:3f:d0:60:ef:12:40:02:e4:98:8b:
                    bd:f4:83:ca:5e:06:31:92:67:35:95:63:fe:81:d5:
                    7c:53:f0:d3:3a:15:3b:b7:12:c5:e5:9d:18:ce:2b:
                    e8:a3:aa:13:a4:28:c4:52:78:4a:94:33:5f:b4:1b:
                    a1:43:43:80:f8:e4:06:a4:4c:50:9e:0e:93:c0:f7:
                    4c:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:2D:31:A0:F5:D9:2A:90:DD:FF:68:4B:33:01:2A:34:63:3B:8D:31
            X509v3 Authority Key Identifier:
                keyid:AF:80:19:84:CC:38:F0:A4:FC:5A:FE:1A:DE:AB:68:0C:1B:89:E9:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/TS0xoPXZKpDd_2hLMwEqNGM7jTE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.104.0.0/16
                  89.48.0.0/13
                  194.97.0.0/18
                  194.97.96.0/19
                  194.97.160.0-194.97.255.255
                  195.4.0.0/16
                IPv6:
                  2001:748::/32

    Signature Algorithm: sha256WithRSAEncryption
         11:d5:a7:89:be:2d:e0:3a:aa:bc:9a:56:56:29:68:ad:c4:1c:
         d7:75:93:db:ea:96:26:34:ca:9a:0d:aa:77:27:c6:02:ea:5f:
         a8:52:36:eb:83:9d:b6:71:4e:f2:50:8c:04:6d:d3:59:77:cf:
         52:a5:13:2c:8b:fb:5e:72:02:1b:f8:12:6e:1a:cf:9f:7d:fc:
         36:d4:97:ae:ec:90:30:da:a2:85:84:01:2f:f0:00:0d:ca:fe:
         3b:eb:d7:56:60:2d:16:22:fa:dd:a5:a8:a7:ee:dc:98:c2:2b:
         53:9e:00:f5:29:e5:2a:01:0c:e1:64:61:25:fc:89:d3:09:13:
         54:bb:db:df:6e:7a:53:ac:50:46:a2:af:61:ae:28:64:dd:8d:
         f1:c0:b5:1f:b3:82:34:12:a3:05:c9:3b:ee:c6:45:80:94:32:
         fd:e2:0c:20:f6:ee:84:2d:4d:3f:91:c8:c8:5c:bd:e1:8e:8d:
         93:10:03:54:82:15:87:9a:7e:56:5d:ed:58:5b:45:90:e0:f4:
         5a:3b:e5:a0:f4:ac:c0:57:43:26:9a:fe:90:87:96:6d:70:ad:
         f9:a7:17:98:7f:4e:a0:c6:d0:fe:63:1d:10:2a:01:8f:d9:79:
         ad:8c:a4:86:02:4d:27:c6:68:8d:d9:bc:c7:79:83:2b:27:4e:
         6b:08:39:f2
-----BEGIN CERTIFICATE-----
MIIFIDCCBAigAwIBAgIENNmjPTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhh
ZjgwMTk4NGNjMzhmMGE0ZmM1YWZlMWFkZWFiNjgwYzFiODllOTViMB4XDTIyMDEz
MTE1MzcyMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNGQyZDMxYTBmNWQ5
MmE5MGRkZmY2ODRiMzMwMTJhMzQ2MzNiOGQzMTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALmvP3k/bo6Y3ZKlXBdRrYaK1Jn6re0FErLG9YFV3O8nhoAS
6k2yryOl6fDEWtbaCf+omkzs/IQ8cqk0muv22XqvNEyt/5nljnPYcE+Srg1dx5P2
2gU0WlArJ+QDrbj7qd6IHpJ9BcowSpNg5tAOqF1sFhY/FEWCB+AkBknoP+iredym
jHUPE2lrFnqGht8OO7A+JV7PfkKRfAZVORR1uBdmCFKrf93IJLl0Pwya9cSO+dP4
hFuiAPI/0GDvEkAC5JiLvfSDyl4GMZJnNZVj/oHVfFPw0zoVO7cSxeWdGM4r6KOq
E6QoxFJ4SpQzX7QboUNDgPjkBqRMUJ4Ok8D3TL0CAwEAAaOCAjowggI2MB0GA1Ud
DgQWBBRNLTGg9dkqkN3/aEszASo0YzuNMTAfBgNVHSMEGDAWgBSvgBmEzDjwpPxa
/hreq2gMG4npWzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3I0QVpoTXc0OEtUOFd2NGEzcXRvREJ1SjZWcy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZTYvYmZkMzdjLWNiMTItNGE5Yy04ZjVkLTQwMjEyNjVjMzliMC8x
L1RTMHhvUFhaS3BEZF8yaExNd0VxTkdNN2pURS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTYv
YmZkMzdjLWNiMTItNGE5Yy04ZjVkLTQwMjEyNjVjMzliMC8xL3I0QVpoTXc0OEtU
OFd2NGEzcXRvREJ1SjZWcy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBQ
BggrBgEFBQcBBwEB/wRBMD8wLgQCAAEwKAMDAD5oAwMDWTADBAbCYQADBAXCYWAw
CwMEBcJhoAMDAcJgAwMAwwQwDQQCAAIwBwMFACABB0gwDQYJKoZIhvcNAQELBQAD
ggEBABHVp4m+LeA6qryaVlYpaK3EHNd1k9vqliY0ypoNqncnxgLqX6hSNuuDnbZx
TvJQjARt01l3z1KlEyyL+15yAhv4Em4az599/DbUl67skDDaooWEAS/wAA3K/jvr
11ZgLRYi+t2lqKfu3JjCK1OeAPUp5SoBDOFkYSX8idMJE1S7299uelOsUEair2Gu
KGTdjfHAtR+zgjQSowXJO+7GRYCUMv3iDCD27oQtTT+RyMhcveGOjZMQA1SCFYea
flZd7VhbRZDg9Fo75aD0rMBXQyaa/pCHlm1wrfmnF5h/TqDG0P5jHRAqAY/Zea2M
pIYCTSfGaI3ZvMd5gysnTmsIOfI=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:57:45 2024 by rpki-client on console-fra.rpki-client.org