Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/sU7EGuRki69f1ky4KZcahT48I9s.roa
File:                     sU7EGuRki69f1ky4KZcahT48I9s.roa (raw, json)
Hash identifier:          S1EXGlQ/2HR/PGb7DHjmoHCEKSDhAHIqkuU1X6V84Fc=
Subject key identifier:   B1:4E:C4:1A:E4:64:8B:AF:5F:D6:4C:B8:29:97:1A:85:3E:3C:23:DB
Certificate issuer:       /CN=af801984cc38f0a4fc5afe1adeab680c1b89e95b
Certificate serial:       0186A6EDB0EC2E53E0C5DA7CB9C57B4C7C8E
Authority key identifier: AF:80:19:84:CC:38:F0:A4:FC:5A:FE:1A:DE:AB:68:0C:1B:89:E9:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/sU7EGuRki69f1ky4KZcahT48I9s.roa
Signing time:             Fri 03 Mar 2023 10:04:00 +0000
ROA not before:           Fri 03 Mar 2023 10:04:00 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     5430
IP address blocks:        194.97.46.0/23 maxlen: 24
                          194.97.58.0/24 maxlen: 24
                          194.97.0.0/18 maxlen: 18
                          194.97.120.0/23 maxlen: 23
                          194.97.119.0/24 maxlen: 24
                          194.97.122.0/24 maxlen: 24
                          62.104.56.0/24 maxlen: 24
                          62.104.66.0/23 maxlen: 23
                          194.97.160.0/19 maxlen: 19
                          62.104.95.0/24 maxlen: 24
                          62.104.96.0/21 maxlen: 22
                          62.104.96.0/22 maxlen: 22
                          194.97.164.0/22 maxlen: 22
                          62.104.104.0/22 maxlen: 22
                          62.104.0.0/16 maxlen: 16
                          62.104.8.0/21 maxlen: 21
                          62.104.10.0/23 maxlen: 23
                          62.104.12.0/22 maxlen: 22
                          62.104.16.0/24 maxlen: 24
                          62.104.17.0/24 maxlen: 24
                          62.104.20.0/24 maxlen: 24
                          62.104.18.0/24 maxlen: 24
                          194.97.96.0/24 maxlen: 24
                          194.97.96.0/19 maxlen: 19
                          194.97.102.0/24 maxlen: 24
                          62.104.48.0/23 maxlen: 23
                          194.97.118.0/24 maxlen: 24
                          62.104.50.0/24 maxlen: 24
                          62.104.46.0/23 maxlen: 23
                          62.104.45.0/24 maxlen: 24
                          89.49.127.0/24 maxlen: 24
                          89.49.126.0/24 maxlen: 24
                          89.48.0.0/13 maxlen: 24
                          195.4.70.0/24 maxlen: 24
                          195.4.71.0/24 maxlen: 24
                          195.4.104.0/22 maxlen: 22
                          195.4.234.0/23 maxlen: 24
                          195.4.176.0/24 maxlen: 24
                          62.104.164.0/24 maxlen: 24
                          62.104.164.0/22 maxlen: 22
                          62.104.168.0/22 maxlen: 22
                          62.104.172.0/23 maxlen: 23
                          62.104.174.0/24 maxlen: 24
                          62.104.175.0/24 maxlen: 24
                          62.104.176.0/22 maxlen: 22
                          62.104.182.0/24 maxlen: 24
                          194.97.192.0/18 maxlen: 18
                          195.4.0.0/16 maxlen: 16
                          195.4.16.0/24 maxlen: 24
                          195.4.16.0/22 maxlen: 22
                          195.4.28.0/23 maxlen: 23
                          195.4.27.0/24 maxlen: 24
                          195.4.43.0/24 maxlen: 24
                          2001:748::/32 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:a6:ed:b0:ec:2e:53:e0:c5:da:7c:b9:c5:7b:4c:7c:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af801984cc38f0a4fc5afe1adeab680c1b89e95b
        Validity
            Not Before: Mar  3 10:04:00 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=b14ec41ae4648baf5fd64cb829971a853e3c23db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:76:bd:ae:1e:94:ef:73:a2:2b:7e:44:7e:d2:
                    fc:f1:7d:04:9b:77:fd:52:ac:e7:4f:5c:ec:f9:74:
                    26:4a:f5:86:26:23:af:57:a9:a2:e3:cb:72:0f:5e:
                    ab:44:fc:e4:a7:10:26:b8:7f:60:18:2b:6b:b9:f6:
                    1a:57:43:af:0b:a5:b1:bd:03:d0:4d:fa:72:e6:52:
                    c9:9a:e3:73:d2:c0:3e:31:0a:8f:37:ca:d1:3a:48:
                    07:27:6e:06:44:31:88:6e:e6:37:34:bf:9c:e7:f7:
                    a7:09:71:d9:51:9b:90:ad:c4:72:88:d1:fb:8c:9c:
                    c5:9b:3a:9b:be:bc:19:cc:d4:fa:85:3c:7c:6f:a8:
                    ed:ad:9d:e9:1d:fb:3a:80:dc:a2:18:fd:94:4a:fc:
                    a6:a9:9e:ba:1a:e8:e5:35:6a:05:0c:c8:f1:78:de:
                    a7:77:92:cd:62:55:e7:e6:fe:0d:74:9b:f9:65:c1:
                    49:c1:0f:c8:df:d9:17:8d:d4:44:2e:90:d5:34:58:
                    43:ec:d2:82:84:28:d0:8b:04:21:0d:8b:d0:fc:b9:
                    de:33:53:76:23:11:bc:1d:45:14:90:a6:35:6b:3d:
                    03:77:34:14:a0:23:ed:1a:28:34:09:df:c5:c0:67:
                    cd:3a:6a:d9:68:6e:b6:1d:b9:82:15:90:8d:d1:f1:
                    42:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:4E:C4:1A:E4:64:8B:AF:5F:D6:4C:B8:29:97:1A:85:3E:3C:23:DB
            X509v3 Authority Key Identifier:
                keyid:AF:80:19:84:CC:38:F0:A4:FC:5A:FE:1A:DE:AB:68:0C:1B:89:E9:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/sU7EGuRki69f1ky4KZcahT48I9s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.104.0.0/16
                  89.48.0.0/13
                  194.97.0.0/18
                  194.97.96.0/19
                  194.97.160.0-194.97.255.255
                  195.4.0.0/16
                IPv6:
                  2001:748::/32

    Signature Algorithm: sha256WithRSAEncryption
         48:72:d0:63:2d:7f:a4:b7:c5:7d:1a:11:36:77:af:67:c9:34:
         2d:02:16:67:5e:40:2d:65:7b:9b:e8:4c:d7:82:c3:b8:72:1e:
         d4:fc:ee:a0:a9:96:a8:87:60:5f:cb:2b:7e:1e:32:13:08:eb:
         b9:85:97:4e:9f:fd:1c:fb:99:2f:be:76:72:af:99:20:3e:73:
         1d:51:8c:a3:5b:b4:67:46:e4:17:f7:cd:b5:da:ba:ec:92:99:
         1d:a6:fb:64:85:85:99:fe:7a:f2:dc:06:75:54:b0:27:07:ba:
         72:f6:42:d2:72:28:4f:1d:59:a5:3b:99:00:e8:0c:26:2e:ad:
         ec:9b:81:8e:90:d5:cf:52:7e:6d:c8:4d:3a:1a:da:3f:6f:c7:
         6b:45:dd:a8:10:c6:e4:8f:9c:c2:bf:27:52:e5:0e:6e:cc:0a:
         52:50:a2:82:ca:d1:f0:06:d8:de:c2:95:a1:b9:4c:69:1d:d8:
         3e:df:ad:05:90:7f:c9:cc:ad:41:3a:df:88:52:61:77:72:66:
         65:0e:5b:f0:92:93:aa:66:4b:8b:2d:89:0c:ad:53:18:73:0d:
         ba:6b:20:f4:43:b9:20:19:06:1c:01:06:e3:11:e3:fe:73:31:
         f9:6e:98:fd:69:be:55:7d:13:f8:a0:8f:4f:be:b2:5d:b9:d7:
         ab:ea:1c:26
-----BEGIN CERTIFICATE-----
MIIFLjCCBBagAwIBAgISAYam7bDsLlPgxdp8ucV7THyOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmODAxOTg0Y2MzOGYwYTRmYzVhZmUxYWRlYWI2ODBjMWI4
OWU5NWIwHhcNMjMwMzAzMTAwNDAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTRlYzQxYWU0NjQ4YmFmNWZkNjRjYjgyOTk3MWE4NTNlM2MyM2RiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmna9rh6U73OiK35EftL88X0Em3f9
UqznT1zs+XQmSvWGJiOvV6mi48tyD16rRPzkpxAmuH9gGCtrufYaV0OvC6WxvQPQ
Tfpy5lLJmuNz0sA+MQqPN8rROkgHJ24GRDGIbuY3NL+c5/enCXHZUZuQrcRyiNH7
jJzFmzqbvrwZzNT6hTx8b6jtrZ3pHfs6gNyiGP2USvymqZ66GujlNWoFDMjxeN6n
d5LNYlXn5v4NdJv5ZcFJwQ/I39kXjdRELpDVNFhD7NKChCjQiwQhDYvQ/LneM1N2
IxG8HUUUkKY1az0DdzQUoCPtGig0Cd/FwGfNOmrZaG62HbmCFZCN0fFCWwIDAQAB
o4ICOjCCAjYwHQYDVR0OBBYEFLFOxBrkZIuvX9ZMuCmXGoU+PCPbMB8GA1UdIwQY
MBaAFK+AGYTMOPCk/Fr+Gt6raAwbielbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjRBWmhNdzQ4S1Q4V3Y0YTNxdG9EQnVKNlZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi9iZmQzN2MtY2IxMi00YTljLThmNWQt
NDAyMTI2NWMzOWIwLzEvc1U3RUd1UmtpNjlmMWt5NEtaY2FoVDQ4STlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi9iZmQzN2MtY2IxMi00YTljLThmNWQtNDAyMTI2NWMzOWIw
LzEvcjRBWmhNdzQ4S1Q4V3Y0YTNxdG9EQnVKNlZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFAGCCsGAQUFBwEHAQH/BEEwPzAuBAIAATAoAwMAPmgDAwNZ
MAMEBsJhAAMEBcJhYDALAwQFwmGgAwMBwmADAwDDBDANBAIAAjAHAwUAIAEHSDAN
BgkqhkiG9w0BAQsFAAOCAQEASHLQYy1/pLfFfRoRNnevZ8k0LQIWZ15ALWV7m+hM
14LDuHIe1PzuoKmWqIdgX8srfh4yEwjruYWXTp/9HPuZL752cq+ZID5zHVGMo1u0
Z0bkF/fNtdq67JKZHab7ZIWFmf568twGdVSwJwe6cvZC0nIoTx1ZpTuZAOgMJi6t
7JuBjpDVz1J+bchNOhraP2/Ha0XdqBDG5I+cwr8nUuUObswKUlCigsrR8AbY3sKV
oblMaR3YPt+tBZB/ycytQTrfiFJhd3JmZQ5b8JKTqmZLiy2JDK1TGHMNumsg9EO5
IBkGHAEG4xHj/nMx+W6Y/Wm+VX0T+KCPT76yXbnXq+ocJg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:57:45 2024 by rpki-client on console-fra.rpki-client.org