Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/q7ec4R8UPLSjJSnFAGOUdjriCGs.roa
File:                     q7ec4R8UPLSjJSnFAGOUdjriCGs.roa (raw, json)
Hash identifier:          uCLuw3ta+NDMX0pl2NIDkZw4RpsmMlB6L6r1aZhubg4=
Subject key identifier:   AB:B7:9C:E1:1F:14:3C:B4:A3:25:29:C5:00:63:94:76:3A:E2:08:6B
Certificate issuer:       /CN=af801984cc38f0a4fc5afe1adeab680c1b89e95b
Certificate serial:       018EE77CE5EB4B11528C574CD8E581D3CB11
Authority key identifier: AF:80:19:84:CC:38:F0:A4:FC:5A:FE:1A:DE:AB:68:0C:1B:89:E9:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/q7ec4R8UPLSjJSnFAGOUdjriCGs.roa
Signing time:             Tue 16 Apr 2024 15:18:25 +0000
ROA not before:           Tue 16 Apr 2024 15:18:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5430
IP address blocks:        62.104.0.0/16 maxlen: 16
                          62.104.10.0/23 maxlen: 23
                          62.104.12.0/22 maxlen: 22
                          62.104.16.0/24 maxlen: 24
                          62.104.17.0/24 maxlen: 24
                          62.104.18.0/24 maxlen: 24
                          62.104.20.0/23 maxlen: 24
                          62.104.45.0/24 maxlen: 24
                          62.104.46.0/23 maxlen: 23
                          62.104.48.0/23 maxlen: 23
                          62.104.50.0/24 maxlen: 24
                          62.104.56.0/24 maxlen: 24
                          62.104.66.0/23 maxlen: 23
                          62.104.95.0/24 maxlen: 24
                          62.104.96.0/21 maxlen: 22
                          62.104.104.0/22 maxlen: 22
                          62.104.164.0/22 maxlen: 22
                          62.104.164.0/24 maxlen: 24
                          62.104.168.0/22 maxlen: 22
                          62.104.172.0/23 maxlen: 23
                          62.104.174.0/24 maxlen: 24
                          62.104.175.0/24 maxlen: 24
                          62.104.176.0/22 maxlen: 22
                          62.104.182.0/24 maxlen: 24
                          89.48.0.0/13 maxlen: 24
                          89.49.126.0/24 maxlen: 24
                          89.49.127.0/24 maxlen: 24
                          194.97.0.0/18 maxlen: 18
                          194.97.46.0/23 maxlen: 24
                          194.97.58.0/24 maxlen: 24
                          194.97.96.0/19 maxlen: 19
                          194.97.96.0/24 maxlen: 24
                          194.97.102.0/24 maxlen: 24
                          194.97.118.0/24 maxlen: 24
                          194.97.119.0/24 maxlen: 24
                          194.97.120.0/23 maxlen: 23
                          194.97.122.0/24 maxlen: 24
                          194.97.160.0/19 maxlen: 19
                          194.97.164.0/22 maxlen: 22
                          195.4.0.0/16 maxlen: 16
                          195.4.0.0/17 maxlen: 17
                          195.4.6.0/24 maxlen: 24
                          195.4.12.0/23 maxlen: 23
                          195.4.16.0/22 maxlen: 22
                          195.4.16.0/24 maxlen: 24
                          195.4.27.0/24 maxlen: 24
                          195.4.70.0/24 maxlen: 24
                          195.4.71.0/24 maxlen: 24
                          195.4.104.0/22 maxlen: 22
                          195.4.176.0/21 maxlen: 21
                          195.4.216.0/21 maxlen: 21
                          195.4.224.0/19 maxlen: 19
                          2001:748::/32 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:e7:7c:e5:eb:4b:11:52:8c:57:4c:d8:e5:81:d3:cb:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af801984cc38f0a4fc5afe1adeab680c1b89e95b
        Validity
            Not Before: Apr 16 15:18:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=abb79ce11f143cb4a32529c5006394763ae2086b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:1d:6d:e4:0a:5b:90:8e:d8:27:4e:5c:06:19:
                    69:c5:eb:41:1a:93:92:0b:9d:1a:79:fe:e8:6f:47:
                    30:6e:76:1c:58:51:40:37:ca:7d:3c:2c:43:85:81:
                    0b:3e:2a:3b:bc:5b:e7:3e:00:37:a8:fa:c1:8a:47:
                    e3:da:f8:1b:55:29:ce:ec:9b:c0:63:96:7a:73:ec:
                    57:04:86:03:68:cd:11:87:6b:43:cd:87:0e:50:f1:
                    33:ed:0d:09:e6:fc:0a:98:a1:cd:a0:47:39:d6:b2:
                    9c:c5:6d:96:1b:d3:4d:fb:c0:85:8f:7a:6e:f3:bd:
                    a3:e2:8a:24:1f:0f:32:53:a6:43:dc:7f:76:01:23:
                    39:0a:ef:56:57:01:29:f6:49:c6:f7:a5:1b:8f:74:
                    ae:f8:a3:27:f4:ec:39:26:c7:52:b5:ac:81:c4:c8:
                    3a:3c:30:ec:26:c3:3d:45:1a:a2:62:02:c5:af:9d:
                    49:d5:2e:23:d0:07:a1:d3:57:6a:2e:c8:d7:91:da:
                    09:1e:ed:02:8a:6d:9c:45:1f:3e:9a:ca:a2:41:2d:
                    08:79:7e:d5:d4:74:c4:b1:44:9c:bc:ac:ae:93:c5:
                    65:1e:2c:6c:12:b9:6a:b6:16:e3:a5:8c:f8:da:9d:
                    15:6c:18:d8:eb:74:e9:55:df:77:0f:bf:9d:6e:f6:
                    16:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:B7:9C:E1:1F:14:3C:B4:A3:25:29:C5:00:63:94:76:3A:E2:08:6B
            X509v3 Authority Key Identifier:
                keyid:AF:80:19:84:CC:38:F0:A4:FC:5A:FE:1A:DE:AB:68:0C:1B:89:E9:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/q7ec4R8UPLSjJSnFAGOUdjriCGs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.104.0.0/16
                  89.48.0.0/13
                  194.97.0.0/18
                  194.97.96.0/19
                  194.97.160.0/19
                  195.4.0.0/16
                IPv6:
                  2001:748::/32

    Signature Algorithm: sha256WithRSAEncryption
         ab:32:09:aa:19:51:1b:b3:f2:c6:2f:9b:f4:c0:ea:c7:21:53:
         ea:98:d2:1c:a4:88:0a:5d:3e:58:0d:e7:b3:8d:e1:65:7c:7c:
         8d:75:69:a1:b9:77:81:73:42:36:3b:63:b3:0c:ad:4b:d4:a9:
         1a:ae:33:ce:d1:8a:86:e9:1e:1f:7d:45:73:9b:f4:06:0c:2b:
         87:61:99:30:57:cb:17:3d:f0:d7:86:69:c1:48:12:aa:1c:c3:
         36:ad:f3:be:49:61:e1:97:db:8d:b8:59:aa:75:b4:19:6a:be:
         6c:3a:e9:2d:70:40:6e:4e:3b:d3:eb:59:ca:5f:18:a1:43:a9:
         91:9d:dd:79:36:e3:d8:e1:70:ee:3a:cc:47:c9:ec:bc:d6:c7:
         a5:b1:fa:be:ed:95:f6:44:fc:f7:50:66:0f:d8:56:c9:9c:63:
         2c:8e:62:9b:f4:6e:c8:72:4b:07:eb:83:a1:90:16:a1:6b:ac:
         57:ba:2c:9a:c7:cb:f1:00:b9:c0:98:26:88:0b:04:f4:c3:02:
         28:1f:56:62:6e:7f:1e:f5:fd:af:27:95:4a:e9:ca:6e:84:01:
         31:a9:c2:94:c3:6d:8e:1b:51:f7:86:17:6d:ee:54:47:50:b6:
         f0:05:2c:eb:86:cc:85:43:39:24:6e:21:dc:5a:17:1b:d0:f6:
         8f:62:b5:4e
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAY7nfOXrSxFSjFdM2OWB08sRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmODAxOTg0Y2MzOGYwYTRmYzVhZmUxYWRlYWI2ODBjMWI4
OWU5NWIwHhcNMjQwNDE2MTUxODI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYmI3OWNlMTFmMTQzY2I0YTMyNTI5YzUwMDYzOTQ3NjNhZTIwODZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmB1t5ApbkI7YJ05cBhlpxetBGpOS
C50aef7ob0cwbnYcWFFAN8p9PCxDhYELPio7vFvnPgA3qPrBikfj2vgbVSnO7JvA
Y5Z6c+xXBIYDaM0Rh2tDzYcOUPEz7Q0J5vwKmKHNoEc51rKcxW2WG9NN+8CFj3pu
872j4ookHw8yU6ZD3H92ASM5Cu9WVwEp9knG96Ubj3Su+KMn9Ow5JsdStayBxMg6
PDDsJsM9RRqiYgLFr51J1S4j0Aeh01dqLsjXkdoJHu0Cim2cRR8+msqiQS0IeX7V
1HTEsUScvKyuk8VlHixsErlqthbjpYz42p0VbBjY63TpVd93D7+dbvYWTQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFKu3nOEfFDy0oyUpxQBjlHY64ghrMB8GA1UdIwQY
MBaAFK+AGYTMOPCk/Fr+Gt6raAwbielbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjRBWmhNdzQ4S1Q4V3Y0YTNxdG9EQnVKNlZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi9iZmQzN2MtY2IxMi00YTljLThmNWQt
NDAyMTI2NWMzOWIwLzEvcTdlYzRSOFVQTFNqSlNuRkFHT1VkanJpQ0dzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi9iZmQzN2MtY2IxMi00YTljLThmNWQtNDAyMTI2NWMzOWIw
LzEvcjRBWmhNdzQ4S1Q4V3Y0YTNxdG9EQnVKNlZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODAnBAIAATAhAwMAPmgDAwNZ
MAMEBsJhAAMEBcJhYAMEBcJhoAMDAMMEMA0EAgACMAcDBQAgAQdIMA0GCSqGSIb3
DQEBCwUAA4IBAQCrMgmqGVEbs/LGL5v0wOrHIVPqmNIcpIgKXT5YDeezjeFlfHyN
dWmhuXeBc0I2O2OzDK1L1KkarjPO0YqG6R4ffUVzm/QGDCuHYZkwV8sXPfDXhmnB
SBKqHMM2rfO+SWHhl9uNuFmqdbQZar5sOuktcEBuTjvT61nKXxihQ6mRnd15NuPY
4XDuOsxHyey81selsfq+7ZX2RPz3UGYP2FbJnGMsjmKb9G7IcksH64OhkBaha6xX
uiyax8vxALnAmCaICwT0wwIoH1Zibn8e9f2vJ5VK6cpuhAExqcKUw22OG1H3hhdt
7lRHULbwBSzrhsyFQzkkbiHcWhcb0PaPYrVO
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:49:53 2024 by rpki-client on console-ams.rpki-client.org