Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/XfQm1oZCoBBpiCVVgs-LbQlk3HM.roa
File:                     XfQm1oZCoBBpiCVVgs-LbQlk3HM.roa (raw, json)
Hash identifier:          My0p0bQA1Z/XsdPN+1Tc234ClLcbg5w0w3ofVfNBa9c=
Subject key identifier:   5D:F4:26:D6:86:42:A0:10:69:88:25:55:82:CF:8B:6D:09:64:DC:73
Certificate issuer:       /CN=af801984cc38f0a4fc5afe1adeab680c1b89e95b
Certificate serial:       0186509AE19005EFDD6449609C809F017E9B
Authority key identifier: AF:80:19:84:CC:38:F0:A4:FC:5A:FE:1A:DE:AB:68:0C:1B:89:E9:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/XfQm1oZCoBBpiCVVgs-LbQlk3HM.roa
Signing time:             Tue 14 Feb 2023 15:46:12 +0000
ROA not before:           Tue 14 Feb 2023 15:46:12 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     5430
IP address blocks:        194.97.46.0/23 maxlen: 24
                          194.97.58.0/24 maxlen: 24
                          194.97.0.0/18 maxlen: 18
                          194.97.119.0/24 maxlen: 24
                          62.104.56.0/24 maxlen: 24
                          62.104.66.0/23 maxlen: 23
                          194.97.160.0/19 maxlen: 19
                          62.104.95.0/24 maxlen: 24
                          62.104.96.0/22 maxlen: 22
                          194.97.164.0/22 maxlen: 22
                          62.104.104.0/22 maxlen: 22
                          194.97.167.0/24 maxlen: 24
                          194.97.168.0/24 maxlen: 24
                          62.104.0.0/16 maxlen: 16
                          62.104.8.0/21 maxlen: 21
                          62.104.16.0/24 maxlen: 24
                          62.104.17.0/24 maxlen: 24
                          62.104.20.0/24 maxlen: 24
                          62.104.20.0/23 maxlen: 23
                          62.104.18.0/23 maxlen: 23
                          194.97.96.0/24 maxlen: 24
                          194.97.96.0/19 maxlen: 19
                          194.97.102.0/24 maxlen: 24
                          62.104.48.0/23 maxlen: 23
                          194.97.118.0/24 maxlen: 24
                          62.104.50.0/24 maxlen: 24
                          62.104.46.0/23 maxlen: 23
                          62.104.45.0/24 maxlen: 24
                          89.49.127.0/24 maxlen: 24
                          89.49.126.0/24 maxlen: 24
                          89.48.0.0/13 maxlen: 24
                          195.4.70.0/24 maxlen: 24
                          195.4.71.0/24 maxlen: 24
                          195.4.104.0/22 maxlen: 22
                          195.4.234.0/23 maxlen: 24
                          195.4.176.0/24 maxlen: 24
                          62.104.164.0/24 maxlen: 24
                          62.104.164.0/22 maxlen: 22
                          62.104.168.0/22 maxlen: 22
                          62.104.172.0/23 maxlen: 23
                          62.104.174.0/24 maxlen: 24
                          62.104.175.0/24 maxlen: 24
                          62.104.176.0/22 maxlen: 22
                          62.104.178.0/24 maxlen: 24
                          62.104.182.0/24 maxlen: 24
                          194.97.192.0/18 maxlen: 18
                          195.4.0.0/16 maxlen: 16
                          195.4.16.0/24 maxlen: 24
                          195.4.16.0/22 maxlen: 22
                          195.4.28.0/23 maxlen: 23
                          195.4.27.0/24 maxlen: 24
                          195.4.43.0/24 maxlen: 24
                          2001:748::/32 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:50:9a:e1:90:05:ef:dd:64:49:60:9c:80:9f:01:7e:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af801984cc38f0a4fc5afe1adeab680c1b89e95b
        Validity
            Not Before: Feb 14 15:46:12 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=5df426d68642a0106988255582cf8b6d0964dc73
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:a3:83:8d:31:88:16:51:10:78:48:b8:e1:95:
                    2c:b3:31:97:e7:78:53:f7:75:0d:f8:50:d6:0a:c9:
                    69:ef:d7:57:a9:28:d8:57:f4:d4:0e:0b:c5:17:47:
                    0f:aa:5e:dd:6e:f0:f3:ac:ab:62:68:a6:9a:f1:0a:
                    5f:81:e1:74:f2:09:44:05:6a:8b:76:fe:53:32:39:
                    e1:de:5b:da:e9:56:1c:50:dc:f9:1e:dc:2e:32:0a:
                    4d:d4:f7:b6:0d:83:5e:a9:0e:64:32:15:19:5f:da:
                    c1:8b:da:ee:36:d0:58:cf:0c:83:0c:e8:ef:4e:88:
                    b1:88:3a:3a:ff:02:e3:d4:aa:d5:a3:50:5c:f4:d9:
                    1b:75:88:47:73:28:19:9c:16:c2:c2:e6:6b:5b:59:
                    ec:39:55:48:b1:34:e0:6a:d4:48:e3:58:90:c0:40:
                    c2:02:5e:46:0a:02:c8:6d:e5:8c:44:51:85:1a:96:
                    ba:bb:8f:d7:7a:04:dc:b1:7e:f9:b2:dd:6f:43:29:
                    37:a9:d0:96:6a:1a:3e:f4:0e:ba:bc:ca:ce:f1:48:
                    71:f5:83:35:b6:68:72:96:df:f6:21:53:38:07:f0:
                    87:86:8e:7e:23:f4:76:b8:46:c6:23:2a:1d:0c:51:
                    11:61:85:72:76:73:a9:34:0e:18:f4:42:48:07:7a:
                    72:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:F4:26:D6:86:42:A0:10:69:88:25:55:82:CF:8B:6D:09:64:DC:73
            X509v3 Authority Key Identifier:
                keyid:AF:80:19:84:CC:38:F0:A4:FC:5A:FE:1A:DE:AB:68:0C:1B:89:E9:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/XfQm1oZCoBBpiCVVgs-LbQlk3HM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.104.0.0/16
                  89.48.0.0/13
                  194.97.0.0/18
                  194.97.96.0/19
                  194.97.160.0-194.97.255.255
                  195.4.0.0/16
                IPv6:
                  2001:748::/32

    Signature Algorithm: sha256WithRSAEncryption
         61:2e:27:35:10:a0:f7:cb:b1:cf:8d:1c:ed:c7:69:04:75:0b:
         41:85:22:30:80:0e:c3:fc:14:80:57:e8:47:79:07:af:fa:ba:
         e6:b2:e5:ab:34:7e:00:f1:8a:91:1b:41:c5:45:e3:96:8c:0a:
         a9:2b:b3:b3:58:87:db:e9:dd:2b:eb:5f:a3:0a:5b:76:8d:bf:
         65:fa:ed:ad:6c:95:03:92:0c:39:6a:5f:d4:c8:a4:07:af:94:
         ae:23:26:9f:f5:72:78:32:33:48:f5:05:e3:60:66:8a:12:74:
         fc:dc:2c:72:51:b6:ba:cc:5a:66:88:a7:2a:61:4f:f6:b9:83:
         f1:d6:5e:e4:48:8b:e2:94:f5:c9:38:28:7f:ec:dc:ac:05:b8:
         fd:8e:3b:fe:54:97:f7:ac:b3:04:55:42:d2:9b:32:a9:f7:9b:
         93:20:e4:6f:51:64:d4:98:4e:f5:a6:97:cc:71:8e:9c:54:8c:
         cc:63:2c:a8:67:c2:01:dd:0b:a2:12:4a:4b:0d:f8:39:93:c4:
         57:63:e9:6a:60:8b:e8:9e:41:64:a5:2e:97:63:87:4d:d6:97:
         e0:35:a5:8e:94:89:33:73:b8:8f:95:3a:6c:9f:91:92:d0:66:
         9a:bf:58:90:64:0b:f2:64:da:65:e4:5f:b6:38:05:38:c2:cb:
         50:93:6d:25
-----BEGIN CERTIFICATE-----
MIIFLjCCBBagAwIBAgISAYZQmuGQBe/dZElgnICfAX6bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmODAxOTg0Y2MzOGYwYTRmYzVhZmUxYWRlYWI2ODBjMWI4
OWU5NWIwHhcNMjMwMjE0MTU0NjEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZGY0MjZkNjg2NDJhMDEwNjk4ODI1NTU4MmNmOGI2ZDA5NjRkYzczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh6ODjTGIFlEQeEi44ZUsszGX53hT
93UN+FDWCslp79dXqSjYV/TUDgvFF0cPql7dbvDzrKtiaKaa8QpfgeF08glEBWqL
dv5TMjnh3lva6VYcUNz5HtwuMgpN1Pe2DYNeqQ5kMhUZX9rBi9ruNtBYzwyDDOjv
ToixiDo6/wLj1KrVo1Bc9NkbdYhHcygZnBbCwuZrW1nsOVVIsTTgatRI41iQwEDC
Al5GCgLIbeWMRFGFGpa6u4/XegTcsX75st1vQyk3qdCWaho+9A66vMrO8Uhx9YM1
tmhylt/2IVM4B/CHho5+I/R2uEbGIyodDFERYYVydnOpNA4Y9EJIB3py+QIDAQAB
o4ICOjCCAjYwHQYDVR0OBBYEFF30JtaGQqAQaYglVYLPi20JZNxzMB8GA1UdIwQY
MBaAFK+AGYTMOPCk/Fr+Gt6raAwbielbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjRBWmhNdzQ4S1Q4V3Y0YTNxdG9EQnVKNlZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi9iZmQzN2MtY2IxMi00YTljLThmNWQt
NDAyMTI2NWMzOWIwLzEvWGZRbTFvWkNvQkJwaUNWVmdzLUxiUWxrM0hNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi9iZmQzN2MtY2IxMi00YTljLThmNWQtNDAyMTI2NWMzOWIw
LzEvcjRBWmhNdzQ4S1Q4V3Y0YTNxdG9EQnVKNlZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFAGCCsGAQUFBwEHAQH/BEEwPzAuBAIAATAoAwMAPmgDAwNZ
MAMEBsJhAAMEBcJhYDALAwQFwmGgAwMBwmADAwDDBDANBAIAAjAHAwUAIAEHSDAN
BgkqhkiG9w0BAQsFAAOCAQEAYS4nNRCg98uxz40c7cdpBHULQYUiMIAOw/wUgFfo
R3kHr/q65rLlqzR+APGKkRtBxUXjlowKqSuzs1iH2+ndK+tfowpbdo2/ZfrtrWyV
A5IMOWpf1MikB6+UriMmn/VyeDIzSPUF42BmihJ0/NwsclG2usxaZoinKmFP9rmD
8dZe5EiL4pT1yTgof+zcrAW4/Y47/lSX96yzBFVC0psyqfebkyDkb1Fk1JhO9aaX
zHGOnFSMzGMsqGfCAd0LohJKSw34OZPEV2PpamCL6J5BZKUul2OHTdaX4DWljpSJ
M3O4j5U6bJ+RktBmmr9YkGQL8mTaZeRftjgFOMLLUJNtJQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:57:45 2024 by rpki-client on console-fra.rpki-client.org