Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/uGdIe4e6X3CemehnrBdgjY_fMEg.roa
File:                     uGdIe4e6X3CemehnrBdgjY_fMEg.roa (raw, json)
Hash identifier:          2/yD6bVg0FssrCZdlQGfv9vA04UypASm6QXX3T/JIMQ=
Subject key identifier:   B8:67:48:7B:87:BA:5F:70:9E:99:E8:67:AC:17:60:8D:8F:DF:30:48
Certificate issuer:       /CN=af801984cc38f0a4fc5afe1adeab680c1b89e95b
Certificate serial:       352C1D26
Authority key identifier: AF:80:19:84:CC:38:F0:A4:FC:5A:FE:1A:DE:AB:68:0C:1B:89:E9:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/uGdIe4e6X3CemehnrBdgjY_fMEg.roa
Signing time:             Thu 17 Feb 2022 08:45:07 +0000
ROA not before:           Thu 17 Feb 2022 08:45:07 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     5430
IP address blocks:        194.97.46.0/23 maxlen: 24
                          194.97.0.0/18 maxlen: 18
                          62.104.56.0/24 maxlen: 24
                          62.104.66.0/23 maxlen: 23
                          62.104.68.0/22 maxlen: 22
                          62.104.75.0/24 maxlen: 24
                          62.104.80.0/21 maxlen: 21
                          62.104.88.0/21 maxlen: 21
                          194.97.160.0/19 maxlen: 19
                          62.104.96.0/21 maxlen: 21
                          194.97.164.0/22 maxlen: 22
                          62.104.104.0/22 maxlen: 22
                          194.97.167.0/24 maxlen: 24
                          194.97.168.0/24 maxlen: 24
                          62.104.0.0/16 maxlen: 16
                          62.104.8.0/21 maxlen: 21
                          62.104.20.0/24 maxlen: 24
                          62.104.20.0/23 maxlen: 23
                          62.104.28.0/22 maxlen: 22
                          194.97.96.0/19 maxlen: 19
                          62.104.32.0/21 maxlen: 21
                          62.104.40.0/22 maxlen: 22
                          62.104.48.0/23 maxlen: 23
                          62.104.50.0/24 maxlen: 24
                          62.104.46.0/23 maxlen: 23
                          62.104.45.0/24 maxlen: 24
                          89.49.127.0/24 maxlen: 24
                          89.49.126.0/24 maxlen: 24
                          89.48.0.0/13 maxlen: 24
                          195.4.104.0/22 maxlen: 22
                          62.104.164.0/24 maxlen: 24
                          62.104.164.0/22 maxlen: 22
                          62.104.168.0/22 maxlen: 22
                          62.104.172.0/23 maxlen: 23
                          62.104.174.0/24 maxlen: 24
                          62.104.175.0/24 maxlen: 24
                          62.104.176.0/21 maxlen: 21
                          62.104.178.0/24 maxlen: 24
                          62.104.182.0/24 maxlen: 24
                          62.104.184.0/22 maxlen: 22
                          62.104.188.0/23 maxlen: 23
                          62.104.130.0/23 maxlen: 23
                          62.104.132.0/22 maxlen: 22
                          194.97.192.0/18 maxlen: 18
                          62.104.136.0/21 maxlen: 21
                          62.104.144.0/22 maxlen: 22
                          62.104.156.0/22 maxlen: 22
                          195.4.0.0/16 maxlen: 16
                          195.4.16.0/24 maxlen: 24
                          195.4.16.0/22 maxlen: 22
                          2001:748::/32 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 892083494 (0x352c1d26)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af801984cc38f0a4fc5afe1adeab680c1b89e95b
        Validity
            Not Before: Feb 17 08:45:07 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=b867487b87ba5f709e99e867ac17608d8fdf3048
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:f8:fb:6a:46:eb:d8:73:6f:32:25:5a:55:aa:
                    27:22:0f:3f:06:c0:12:4d:b1:85:44:89:2b:5c:68:
                    35:56:bb:b7:3c:ec:7f:35:7c:15:03:ae:97:e8:5e:
                    20:10:a0:7a:b2:d2:bf:e8:d6:88:8c:be:fd:6c:0e:
                    2c:d8:f3:22:2a:9e:67:85:4b:fc:70:ef:67:e8:fc:
                    db:bf:18:58:4c:f5:d1:d2:15:c7:57:99:01:0f:55:
                    ef:70:2e:70:bb:92:c7:68:51:97:79:72:25:9b:e2:
                    d8:b5:ae:b2:d7:10:8a:c4:df:02:bc:18:84:48:82:
                    c7:a2:2c:06:d2:8e:bd:a1:44:0f:ae:5f:08:08:ac:
                    6e:1f:32:bc:71:06:f8:ac:ab:66:22:30:38:a6:39:
                    73:49:09:c0:2c:a3:51:09:17:84:2f:57:80:f0:de:
                    93:53:4b:2d:8c:35:34:3e:6a:45:39:61:45:82:28:
                    4e:17:a2:30:9f:6a:31:96:c4:03:a6:3d:f8:08:98:
                    e5:6a:10:d3:7e:45:f5:de:7e:cb:46:01:f9:15:e0:
                    0a:5d:16:7a:cf:bb:2e:fb:2b:15:19:0d:73:ca:cf:
                    fa:67:4c:fb:b0:fd:33:2a:77:99:3c:c2:63:88:2e:
                    e0:ae:69:01:fe:cd:fd:9e:a4:79:33:7a:33:b0:2e:
                    9d:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:67:48:7B:87:BA:5F:70:9E:99:E8:67:AC:17:60:8D:8F:DF:30:48
            X509v3 Authority Key Identifier:
                keyid:AF:80:19:84:CC:38:F0:A4:FC:5A:FE:1A:DE:AB:68:0C:1B:89:E9:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/uGdIe4e6X3CemehnrBdgjY_fMEg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.104.0.0/16
                  89.48.0.0/13
                  194.97.0.0/18
                  194.97.96.0/19
                  194.97.160.0-194.97.255.255
                  195.4.0.0/16
                IPv6:
                  2001:748::/32

    Signature Algorithm: sha256WithRSAEncryption
         1b:c5:ce:38:cc:97:f3:fe:66:98:85:c5:a2:78:4c:c7:65:72:
         89:b9:44:40:bc:fd:79:92:c4:7a:41:46:30:2c:1a:a1:08:a0:
         08:71:27:0a:7a:7f:d5:15:7f:98:0c:82:12:d9:b8:b4:a5:23:
         b8:33:b6:60:5a:2d:84:95:d7:ea:52:30:c1:e3:c8:40:b4:36:
         72:33:4b:52:e5:55:4c:ee:f5:74:f4:61:5e:68:59:fa:69:0e:
         3e:c7:0b:62:ca:6f:1b:8e:6a:ff:7e:d5:3f:1f:9d:a5:db:05:
         b9:a2:d4:4e:c3:25:c0:59:56:74:51:a8:f2:f9:0f:14:0f:ec:
         ee:4b:b0:9b:70:00:8a:f9:42:3e:75:bd:60:38:36:79:dd:47:
         1f:21:5f:1c:10:d2:00:95:3e:de:dd:8a:0d:a0:f8:96:22:7c:
         ea:06:1b:b9:09:19:6c:5b:c2:7d:b8:0c:64:8d:8b:b9:e5:a6:
         ce:18:8d:cd:eb:a6:d0:0f:5f:26:b6:49:df:a2:04:78:fd:b5:
         a3:1b:e8:23:03:14:41:42:d8:24:6b:07:e4:50:4b:f3:28:c7:
         f9:bb:fb:c4:a1:5a:08:88:21:eb:b3:12:8c:ca:b4:ae:f6:0e:
         8f:47:e0:75:af:66:c1:cd:96:b6:c8:ba:74:79:e5:ec:9a:ad:
         b9:77:76:33
-----BEGIN CERTIFICATE-----
MIIFIDCCBAigAwIBAgIENSwdJjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhh
ZjgwMTk4NGNjMzhmMGE0ZmM1YWZlMWFkZWFiNjgwYzFiODllOTViMB4XDTIyMDIx
NzA4NDUwN1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYjg2NzQ4N2I4N2Jh
NWY3MDllOTllODY3YWMxNzYwOGQ4ZmRmMzA0ODCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKf4+2pG69hzbzIlWlWqJyIPPwbAEk2xhUSJK1xoNVa7tzzs
fzV8FQOul+heIBCgerLSv+jWiIy+/WwOLNjzIiqeZ4VL/HDvZ+j8278YWEz10dIV
x1eZAQ9V73AucLuSx2hRl3lyJZvi2LWustcQisTfArwYhEiCx6IsBtKOvaFED65f
CAisbh8yvHEG+KyrZiIwOKY5c0kJwCyjUQkXhC9XgPDek1NLLYw1ND5qRTlhRYIo
TheiMJ9qMZbEA6Y9+AiY5WoQ035F9d5+y0YB+RXgCl0Wes+7LvsrFRkNc8rP+mdM
+7D9Myp3mTzCY4gu4K5pAf7N/Z6keTN6M7AunakCAwEAAaOCAjowggI2MB0GA1Ud
DgQWBBS4Z0h7h7pfcJ6Z6GesF2CNj98wSDAfBgNVHSMEGDAWgBSvgBmEzDjwpPxa
/hreq2gMG4npWzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3I0QVpoTXc0OEtUOFd2NGEzcXRvREJ1SjZWcy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZTYvYmZkMzdjLWNiMTItNGE5Yy04ZjVkLTQwMjEyNjVjMzliMC8x
L3VHZEllNGU2WDNDZW1laG5yQmRnallfZk1FZy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTYv
YmZkMzdjLWNiMTItNGE5Yy04ZjVkLTQwMjEyNjVjMzliMC8xL3I0QVpoTXc0OEtU
OFd2NGEzcXRvREJ1SjZWcy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBQ
BggrBgEFBQcBBwEB/wRBMD8wLgQCAAEwKAMDAD5oAwMDWTADBAbCYQADBAXCYWAw
CwMEBcJhoAMDAcJgAwMAwwQwDQQCAAIwBwMFACABB0gwDQYJKoZIhvcNAQELBQAD
ggEBABvFzjjMl/P+ZpiFxaJ4TMdlcom5REC8/XmSxHpBRjAsGqEIoAhxJwp6f9UV
f5gMghLZuLSlI7gztmBaLYSV1+pSMMHjyEC0NnIzS1LlVUzu9XT0YV5oWfppDj7H
C2LKbxuOav9+1T8fnaXbBbmi1E7DJcBZVnRRqPL5DxQP7O5LsJtwAIr5Qj51vWA4
NnndRx8hXxwQ0gCVPt7dig2g+JYifOoGG7kJGWxbwn24DGSNi7nlps4Yjc3rptAP
Xya2Sd+iBHj9taMb6CMDFEFC2CRrB+RQS/Mox/m7+8ShWgiIIeuzEozKtK72Do9H
4HWvZsHNlrbIunR55eyarbl3djM=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:49:53 2024 by rpki-client on console-ams.rpki-client.org