Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/mm-vMipGxyA16uNZhBedcLFXAnI.roa
File:                     mm-vMipGxyA16uNZhBedcLFXAnI.roa (raw, json)
Hash identifier:          Qv7xENsWicCNjIowz/n6yCPLxJ/ZdHeBg+0UX9eESl4=
Subject key identifier:   9A:6F:AF:32:2A:46:C7:20:35:EA:E3:59:84:17:9D:70:B1:57:02:72
Certificate issuer:       /CN=af801984cc38f0a4fc5afe1adeab680c1b89e95b
Certificate serial:       01856DD4249FAE6C980B8222629C05938BD8
Authority key identifier: AF:80:19:84:CC:38:F0:A4:FC:5A:FE:1A:DE:AB:68:0C:1B:89:E9:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/mm-vMipGxyA16uNZhBedcLFXAnI.roa
Signing time:             Sun 01 Jan 2023 14:54:57 +0000
ROA not before:           Sun 01 Jan 2023 14:54:57 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     5430
IP address blocks:        194.97.46.0/23 maxlen: 24
                          194.97.58.0/24 maxlen: 24
                          194.97.0.0/18 maxlen: 18
                          194.97.119.0/24 maxlen: 24
                          62.104.56.0/24 maxlen: 24
                          62.104.66.0/23 maxlen: 23
                          194.97.160.0/19 maxlen: 19
                          62.104.95.0/24 maxlen: 24
                          62.104.96.0/22 maxlen: 22
                          194.97.164.0/22 maxlen: 22
                          62.104.104.0/22 maxlen: 22
                          194.97.167.0/24 maxlen: 24
                          194.97.168.0/24 maxlen: 24
                          62.104.0.0/16 maxlen: 16
                          62.104.8.0/21 maxlen: 21
                          62.104.16.0/24 maxlen: 24
                          62.104.17.0/24 maxlen: 24
                          62.104.20.0/24 maxlen: 24
                          62.104.20.0/23 maxlen: 23
                          62.104.18.0/23 maxlen: 23
                          194.97.96.0/19 maxlen: 19
                          194.97.102.0/24 maxlen: 24
                          62.104.48.0/23 maxlen: 23
                          194.97.118.0/24 maxlen: 24
                          62.104.50.0/24 maxlen: 24
                          62.104.46.0/23 maxlen: 23
                          62.104.45.0/24 maxlen: 24
                          89.49.127.0/24 maxlen: 24
                          89.49.126.0/24 maxlen: 24
                          89.48.0.0/13 maxlen: 24
                          195.4.70.0/24 maxlen: 24
                          195.4.71.0/24 maxlen: 24
                          195.4.104.0/22 maxlen: 22
                          195.4.234.0/23 maxlen: 24
                          195.4.176.0/24 maxlen: 24
                          62.104.164.0/24 maxlen: 24
                          62.104.164.0/22 maxlen: 22
                          62.104.168.0/22 maxlen: 22
                          62.104.172.0/23 maxlen: 23
                          62.104.174.0/24 maxlen: 24
                          62.104.175.0/24 maxlen: 24
                          62.104.176.0/22 maxlen: 22
                          62.104.178.0/24 maxlen: 24
                          62.104.182.0/24 maxlen: 24
                          194.97.192.0/18 maxlen: 18
                          195.4.0.0/16 maxlen: 16
                          195.4.16.0/24 maxlen: 24
                          195.4.16.0/22 maxlen: 22
                          195.4.28.0/23 maxlen: 23
                          195.4.27.0/24 maxlen: 24
                          195.4.43.0/24 maxlen: 24
                          2001:748::/32 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6d:d4:24:9f:ae:6c:98:0b:82:22:62:9c:05:93:8b:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af801984cc38f0a4fc5afe1adeab680c1b89e95b
        Validity
            Not Before: Jan  1 14:54:57 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=9a6faf322a46c72035eae35984179d70b1570272
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:03:4e:12:b9:6a:61:b6:bb:c8:db:44:d8:4d:
                    56:61:f0:1a:9b:7b:c3:13:cf:2e:40:a1:81:9f:05:
                    57:d2:bf:44:8e:a7:91:3c:3e:ac:2d:52:f7:b6:10:
                    aa:55:d8:2e:4a:80:ea:12:3a:0a:e4:b2:83:4c:2e:
                    3e:54:05:a5:4b:e7:63:5c:c0:af:f8:61:c9:eb:0c:
                    a6:49:4e:76:c2:a7:69:e0:c8:c7:2b:ac:9f:b3:29:
                    09:a0:9b:37:ad:8b:e6:a4:43:e3:87:d2:9d:fc:48:
                    3d:75:47:a0:9f:27:3f:d5:38:95:f1:43:fa:57:d8:
                    84:27:0e:81:4c:19:2a:42:81:a5:f7:52:4d:4d:f0:
                    22:1a:34:00:98:ac:82:4a:5b:41:bd:5e:d5:ed:11:
                    d5:f6:50:c4:47:14:e3:24:c8:05:3a:89:53:f8:49:
                    52:29:a9:1c:05:96:c8:84:00:75:d8:d1:ba:e3:d5:
                    c7:75:bb:aa:3c:4a:eb:d5:8e:8c:1b:5c:9b:f8:5d:
                    d0:76:01:5e:cd:1b:fe:1f:81:ed:d5:5e:ec:fc:1a:
                    d3:88:c3:b8:e3:25:54:bd:da:a5:52:a4:1f:d6:53:
                    94:22:d0:6d:f9:9f:fb:00:e1:2f:7e:5f:d1:32:1c:
                    e8:74:73:76:05:24:b4:66:bf:33:2d:6d:f4:ed:f9:
                    82:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:6F:AF:32:2A:46:C7:20:35:EA:E3:59:84:17:9D:70:B1:57:02:72
            X509v3 Authority Key Identifier:
                keyid:AF:80:19:84:CC:38:F0:A4:FC:5A:FE:1A:DE:AB:68:0C:1B:89:E9:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/mm-vMipGxyA16uNZhBedcLFXAnI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.104.0.0/16
                  89.48.0.0/13
                  194.97.0.0/18
                  194.97.96.0/19
                  194.97.160.0-194.97.255.255
                  195.4.0.0/16
                IPv6:
                  2001:748::/32

    Signature Algorithm: sha256WithRSAEncryption
         68:b4:08:8c:62:cc:53:8e:b6:d0:e2:47:36:ce:2c:69:4f:fe:
         c0:a8:6e:fc:e5:79:8e:6e:f9:23:bd:ed:31:54:86:3b:05:09:
         a6:a9:b3:15:85:e0:ab:a8:25:03:3b:b8:79:cd:72:e0:56:dd:
         e6:4a:5b:08:d5:27:6f:3a:96:db:ac:5d:23:54:df:83:7f:83:
         89:cc:42:05:71:60:3f:b4:cf:88:7a:6f:67:08:24:d7:17:0e:
         e4:94:15:1a:94:15:86:a4:82:ee:69:9b:ad:7e:76:86:f5:7c:
         74:a9:93:ec:cf:14:75:9d:cf:4f:94:36:ed:15:3d:2e:c1:9a:
         1a:67:1a:fc:1f:49:d2:74:e3:c5:6c:e8:7c:9f:f5:e5:08:af:
         53:38:2f:c1:bc:38:37:c3:6f:fd:1f:12:d1:23:d4:f5:6e:7b:
         c2:09:e0:af:49:99:d5:50:9c:4f:5a:fb:e5:88:27:c3:45:c6:
         6b:c9:5a:c6:dc:1e:c7:10:5c:88:34:d4:9e:43:5e:ef:bf:bc:
         8b:90:3f:e8:1c:de:98:54:12:61:8a:d2:be:36:4a:83:79:59:
         d6:f7:64:d4:81:56:f3:88:04:52:ae:64:65:bf:f9:d2:83:04:
         0a:5c:87:4a:3f:f0:52:c9:b2:50:0f:0a:42:25:9e:ee:e3:ae:
         09:3c:a0:c9
-----BEGIN CERTIFICATE-----
MIIFLjCCBBagAwIBAgISAYVt1CSfrmyYC4IiYpwFk4vYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmODAxOTg0Y2MzOGYwYTRmYzVhZmUxYWRlYWI2ODBjMWI4
OWU5NWIwHhcNMjMwMTAxMTQ1NDU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YTZmYWYzMjJhNDZjNzIwMzVlYWUzNTk4NDE3OWQ3MGIxNTcwMjcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2wNOErlqYba7yNtE2E1WYfAam3vD
E88uQKGBnwVX0r9EjqeRPD6sLVL3thCqVdguSoDqEjoK5LKDTC4+VAWlS+djXMCv
+GHJ6wymSU52wqdp4MjHK6yfsykJoJs3rYvmpEPjh9Kd/Eg9dUegnyc/1TiV8UP6
V9iEJw6BTBkqQoGl91JNTfAiGjQAmKyCSltBvV7V7RHV9lDERxTjJMgFOolT+ElS
KakcBZbIhAB12NG649XHdbuqPErr1Y6MG1yb+F3QdgFezRv+H4Ht1V7s/BrTiMO4
4yVUvdqlUqQf1lOUItBt+Z/7AOEvfl/RMhzodHN2BSS0Zr8zLW307fmCKwIDAQAB
o4ICOjCCAjYwHQYDVR0OBBYEFJpvrzIqRscgNerjWYQXnXCxVwJyMB8GA1UdIwQY
MBaAFK+AGYTMOPCk/Fr+Gt6raAwbielbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjRBWmhNdzQ4S1Q4V3Y0YTNxdG9EQnVKNlZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi9iZmQzN2MtY2IxMi00YTljLThmNWQt
NDAyMTI2NWMzOWIwLzEvbW0tdk1pcEd4eUExNnVOWmhCZWRjTEZYQW5JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi9iZmQzN2MtY2IxMi00YTljLThmNWQtNDAyMTI2NWMzOWIw
LzEvcjRBWmhNdzQ4S1Q4V3Y0YTNxdG9EQnVKNlZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFAGCCsGAQUFBwEHAQH/BEEwPzAuBAIAATAoAwMAPmgDAwNZ
MAMEBsJhAAMEBcJhYDALAwQFwmGgAwMBwmADAwDDBDANBAIAAjAHAwUAIAEHSDAN
BgkqhkiG9w0BAQsFAAOCAQEAaLQIjGLMU4620OJHNs4saU/+wKhu/OV5jm75I73t
MVSGOwUJpqmzFYXgq6glAzu4ec1y4Fbd5kpbCNUnbzqW26xdI1Tfg3+DicxCBXFg
P7TPiHpvZwgk1xcO5JQVGpQVhqSC7mmbrX52hvV8dKmT7M8UdZ3PT5Q27RU9LsGa
Gmca/B9J0nTjxWzofJ/15QivUzgvwbw4N8Nv/R8S0SPU9W57wgngr0mZ1VCcT1r7
5Ygnw0XGa8laxtwexxBciDTUnkNe77+8i5A/6BzemFQSYYrSvjZKg3lZ1vdk1IFW
84gEUq5kZb/50oMEClyHSj/wUsmyUA8KQiWe7uOuCTygyQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:57:45 2024 by rpki-client on console-fra.rpki-client.org