Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/yFJWk8F8wu7dXf-UPfk6oTMFn3s.roa
File:                     yFJWk8F8wu7dXf-UPfk6oTMFn3s.roa (raw, json)
Hash identifier:          eBro7EnYUY6iz6F0eQaJPpFDB2Aa2hhym3enirRxsls=
Subject key identifier:   C8:52:56:93:C1:7C:C2:EE:DD:5D:FF:94:3D:F9:3A:A1:33:05:9F:7B
Certificate issuer:       /CN=af801984cc38f0a4fc5afe1adeab680c1b89e95b
Certificate serial:       3505058C
Authority key identifier: AF:80:19:84:CC:38:F0:A4:FC:5A:FE:1A:DE:AB:68:0C:1B:89:E9:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/yFJWk8F8wu7dXf-UPfk6oTMFn3s.roa
Signing time:             Tue 15 Feb 2022 15:55:24 +0000
ROA not before:           Tue 15 Feb 2022 15:55:24 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     5430
IP address blocks:        89.48.0.0/13 maxlen: 24
                          62.104.164.0/24 maxlen: 24
                          62.104.178.0/24 maxlen: 24
                          62.104.182.0/24 maxlen: 24
                          194.97.192.0/18 maxlen: 18
                          194.97.0.0/18 maxlen: 18
                          89.49.127.0/24 maxlen: 24
                          89.49.126.0/24 maxlen: 24
                          195.4.0.0/16 maxlen: 16
                          195.4.16.0/24 maxlen: 24
                          62.104.75.0/24 maxlen: 24
                          194.97.160.0/19 maxlen: 19
                          194.97.167.0/24 maxlen: 24
                          62.104.8.0/21 maxlen: 21
                          62.104.0.0/16 maxlen: 16
                          62.104.20.0/24 maxlen: 24
                          194.97.96.0/19 maxlen: 19
                          2001:748::/32 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 889521548 (0x3505058c)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af801984cc38f0a4fc5afe1adeab680c1b89e95b
        Validity
            Not Before: Feb 15 15:55:24 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=c8525693c17cc2eedd5dff943df93aa133059f7b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:51:a9:2d:0c:ae:e9:53:5d:dd:6e:76:f4:3b:
                    01:d1:e5:53:8c:40:d0:c5:fd:71:7f:3b:23:7b:10:
                    fe:5e:d3:f7:59:e6:57:d9:7d:d0:d3:47:01:42:e3:
                    64:f2:12:38:93:e3:e6:f6:33:e6:c3:18:6e:e8:57:
                    42:67:23:e1:99:db:20:ea:59:3f:bf:a2:29:1c:a0:
                    8b:5c:08:93:8c:0f:3f:80:6c:e9:b9:40:c2:ea:4c:
                    4d:89:4d:b5:29:a9:5f:90:7a:a5:c7:a3:ec:90:8e:
                    f9:38:9f:9e:2b:dc:cf:36:3f:18:49:d2:e2:7f:ea:
                    76:7f:d6:d9:d3:e4:eb:cd:44:92:83:22:ff:ae:16:
                    e2:20:28:80:b5:33:5d:2e:c9:5e:01:90:94:a2:28:
                    19:be:94:3d:ff:8c:15:47:58:5f:f7:f9:8d:6a:ce:
                    c9:2a:ba:68:f2:b2:9d:d9:34:75:47:6e:0d:38:72:
                    15:a1:c5:96:73:73:75:38:63:46:a3:a4:8d:95:41:
                    82:1d:9b:98:85:93:82:4a:ae:5a:02:85:f5:f4:b7:
                    80:37:3c:81:8f:86:96:20:bc:99:f8:11:50:7c:ac:
                    74:3b:75:f2:16:9c:7b:32:00:dc:a6:bf:62:b0:6c:
                    22:26:17:6f:82:36:e3:b9:31:ef:23:66:ea:bc:9f:
                    7a:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:52:56:93:C1:7C:C2:EE:DD:5D:FF:94:3D:F9:3A:A1:33:05:9F:7B
            X509v3 Authority Key Identifier:
                keyid:AF:80:19:84:CC:38:F0:A4:FC:5A:FE:1A:DE:AB:68:0C:1B:89:E9:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/yFJWk8F8wu7dXf-UPfk6oTMFn3s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.104.0.0/16
                  89.48.0.0/13
                  194.97.0.0/18
                  194.97.96.0/19
                  194.97.160.0-194.97.255.255
                  195.4.0.0/16
                IPv6:
                  2001:748::/32

    Signature Algorithm: sha256WithRSAEncryption
         42:84:7b:30:b0:4e:61:cd:e3:df:a2:7d:40:f0:29:29:26:01:
         e4:57:7f:e7:0c:21:43:97:b8:f5:db:c4:ea:df:2c:b8:0c:75:
         b6:12:00:84:6a:43:89:ca:f6:85:83:f7:5d:30:a5:28:fc:07:
         c7:96:3f:b9:f8:2a:e5:67:6a:21:48:ce:ea:23:30:29:01:93:
         75:c1:89:8f:83:92:49:5a:60:5d:b0:b4:58:95:8d:2a:c2:30:
         83:ec:e2:19:cf:5f:41:a9:e6:05:6d:b6:41:6f:86:2e:b0:93:
         68:9c:6d:fd:c3:5b:29:1b:5f:cb:26:40:03:53:3a:f8:79:bc:
         48:3e:c7:69:44:44:cf:5d:32:fb:da:aa:d2:6b:6c:51:64:20:
         aa:eb:3c:b4:88:19:00:5b:e8:81:67:b6:e8:c2:7d:46:e4:a7:
         84:c1:3a:4d:fa:2f:ae:6b:18:15:70:af:d5:59:7b:39:e0:c2:
         e0:36:db:45:e0:02:d0:b3:df:43:8c:85:32:0d:0b:db:c0:a3:
         fe:9d:9b:fc:91:0c:70:b1:bd:6a:c8:0f:59:d8:49:38:c0:4e:
         0a:ab:eb:9d:7e:9e:f0:99:50:d8:19:1c:a4:19:ba:0d:4d:97:
         ef:8b:8c:16:d0:8c:b6:fc:ad:3a:17:2c:06:6f:0a:6c:4f:bb:
         6e:90:da:80
-----BEGIN CERTIFICATE-----
MIIFIDCCBAigAwIBAgIENQUFjDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhh
ZjgwMTk4NGNjMzhmMGE0ZmM1YWZlMWFkZWFiNjgwYzFiODllOTViMB4XDTIyMDIx
NTE1NTUyNFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYzg1MjU2OTNjMTdj
YzJlZWRkNWRmZjk0M2RmOTNhYTEzMzA1OWY3YjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALVRqS0MrulTXd1udvQ7AdHlU4xA0MX9cX87I3sQ/l7T91nm
V9l90NNHAULjZPISOJPj5vYz5sMYbuhXQmcj4ZnbIOpZP7+iKRygi1wIk4wPP4Bs
6blAwupMTYlNtSmpX5B6pcej7JCO+TifnivczzY/GEnS4n/qdn/W2dPk681EkoMi
/64W4iAogLUzXS7JXgGQlKIoGb6UPf+MFUdYX/f5jWrOySq6aPKyndk0dUduDThy
FaHFlnNzdThjRqOkjZVBgh2bmIWTgkquWgKF9fS3gDc8gY+GliC8mfgRUHysdDt1
8hacezIA3Ka/YrBsIiYXb4I247kx7yNm6ryfei0CAwEAAaOCAjowggI2MB0GA1Ud
DgQWBBTIUlaTwXzC7t1d/5Q9+TqhMwWfezAfBgNVHSMEGDAWgBSvgBmEzDjwpPxa
/hreq2gMG4npWzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3I0QVpoTXc0OEtUOFd2NGEzcXRvREJ1SjZWcy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZTYvYmZkMzdjLWNiMTItNGE5Yy04ZjVkLTQwMjEyNjVjMzliMC8x
L3lGSldrOEY4d3U3ZFhmLVVQZms2b1RNRm4zcy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTYv
YmZkMzdjLWNiMTItNGE5Yy04ZjVkLTQwMjEyNjVjMzliMC8xL3I0QVpoTXc0OEtU
OFd2NGEzcXRvREJ1SjZWcy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBQ
BggrBgEFBQcBBwEB/wRBMD8wLgQCAAEwKAMDAD5oAwMDWTADBAbCYQADBAXCYWAw
CwMEBcJhoAMDAcJgAwMAwwQwDQQCAAIwBwMFACABB0gwDQYJKoZIhvcNAQELBQAD
ggEBAEKEezCwTmHN49+ifUDwKSkmAeRXf+cMIUOXuPXbxOrfLLgMdbYSAIRqQ4nK
9oWD910wpSj8B8eWP7n4KuVnaiFIzuojMCkBk3XBiY+DkklaYF2wtFiVjSrCMIPs
4hnPX0Gp5gVttkFvhi6wk2icbf3DWykbX8smQANTOvh5vEg+x2lERM9dMvvaqtJr
bFFkIKrrPLSIGQBb6IFntujCfUbkp4TBOk36L65rGBVwr9VZezngwuA220XgAtCz
30OMhTINC9vAo/6dm/yRDHCxvWrID1nYSTjATgqr651+nvCZUNgZHKQZug1Nl++L
jBbQjLb8rToXLAZvCmxPu26Q2oA=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:49:53 2024 by rpki-client on console-ams.rpki-client.org