Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F36549B1/DF788C98561311E5B1A0E360F8AEA228/FB0E15F8CAB911E9AA072951F8AEA228.roa
File:                     FB0E15F8CAB911E9AA072951F8AEA228.roa (raw, json)
Hash identifier:          kClR8bg4B7bmmVcmsxKcFfeytQUyfYh8GCVpAcpVnLo=
Subject key identifier:   2B:96:9E:2F:BF:31:22:29:DB:9C:68:A4:45:A5:7E:4B:46:0C:3A:63
Certificate issuer:       /CN=F36549B1AF/serialNumber=9F17383EB667E547BA00CFB7F914F4284C5849CC
Certificate serial:       05C9
Authority key identifier: 9F:17:38:3E:B6:67:E5:47:BA:00:CF:B7:F9:14:F4:28:4C:58:49:CC
Authority info access:    rsync://rpki.afrinic.net/repository/afrinic/nxc4PrZn5Ue6AM-3-RT0KExYScw.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F36549B1/DF788C98561311E5B1A0E360F8AEA228/FB0E15F8CAB911E9AA072951F8AEA228.roa
Signing time:             Fri 30 Aug 2019 00:06:14 +0000
ROA not before:           Fri 30 Aug 2019 00:00:10 +0000
ROA not after:            Mon 03 Dec 2029 00:00:10 +0000
asID:                     0
IP address blocks:        196.223.14.0/23 maxlen: 23
                          196.223.22.0/23 maxlen: 23
                          196.223.30.0/23 maxlen: 23
                          2001:43f8:1f0::/47 maxlen: 47
                          2001:43f8:1f2::/48 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1481 (0x5c9)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F36549B1AF/serialNumber=9F17383EB667E547BA00CFB7F914F4284C5849CC
        Validity
            Not Before: Aug 30 00:00:10 2019 GMT
            Not After : Dec  3 00:00:10 2029 GMT
        Subject: CN=5d686876-9ac5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:6a:4d:ba:33:22:05:07:26:8b:3b:40:b4:a9:
                    3b:40:4b:0b:9e:6a:67:26:f8:47:77:3b:a7:a2:67:
                    4f:3a:2b:0e:28:25:d8:c3:37:be:54:2c:b5:e1:6b:
                    84:a7:b0:7f:67:08:ce:21:23:74:16:ff:a8:e5:b1:
                    19:40:da:cc:7e:c0:9a:35:1b:e9:31:54:94:06:62:
                    09:d6:7c:c4:10:df:f5:02:33:37:32:3f:11:40:c8:
                    26:dd:ab:26:2f:e6:7a:1c:86:f4:75:a1:c1:c0:4f:
                    98:9a:f5:43:fd:fc:7f:66:59:5e:3d:39:f5:1b:e3:
                    51:7b:1d:6c:80:20:15:fe:5f:ce:9c:99:f0:ec:c0:
                    29:db:2a:9a:98:44:63:f8:0f:c8:0f:a8:4c:46:a3:
                    ef:16:52:1f:7e:db:30:9c:72:ef:24:19:33:04:d9:
                    e4:fd:63:20:4d:f0:8e:4d:24:f0:03:05:1d:bf:28:
                    c2:7a:05:21:98:b4:e2:1d:5d:78:89:e0:48:0b:b1:
                    5e:2d:12:72:31:d8:20:9f:a0:69:9a:d8:99:fb:6c:
                    ef:07:b3:29:95:e3:5a:fa:1f:64:d0:16:b9:d4:eb:
                    06:15:29:e4:34:c5:11:ee:80:c0:cb:54:03:79:d4:
                    56:ab:d1:00:0c:16:fd:61:d9:73:02:be:0c:bc:ac:
                    c3:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:96:9E:2F:BF:31:22:29:DB:9C:68:A4:45:A5:7E:4B:46:0C:3A:63
            X509v3 Authority Key Identifier:
                keyid:9F:17:38:3E:B6:67:E5:47:BA:00:CF:B7:F9:14:F4:28:4C:58:49:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F36549B1/DF788C98561311E5B1A0E360F8AEA228/nxc4PrZn5Ue6AM-3-RT0KExYScw.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/afrinic/nxc4PrZn5Ue6AM-3-RT0KExYScw.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F36549B1/DF788C98561311E5B1A0E360F8AEA228/FB0E15F8CAB911E9AA072951F8AEA228.roa

            sbgp-ipAddrBlock: critical
                IPv4:
                  196.223.14.0/23
                  196.223.22.0/23
                  196.223.30.0/23
                IPv6:
                  2001:43f8:1f0::-2001:43f8:1f2:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         ae:ca:40:eb:ac:a5:7b:d2:ca:51:0f:83:22:2e:02:66:0e:6c:
         1e:99:97:fd:65:2d:4f:ad:45:af:40:ba:75:15:02:5b:52:53:
         d2:36:0b:4b:55:0c:39:5c:b5:46:e7:fc:52:fb:be:50:59:9c:
         9a:1c:8f:e5:04:05:42:2d:1a:6e:fc:44:1d:cf:a8:4f:5b:62:
         d1:cc:19:e4:7e:c5:99:c1:8e:35:d0:b6:50:f1:91:63:91:4a:
         1e:27:31:b3:c9:07:7e:3e:9d:7d:d8:b0:b1:44:9c:d2:30:18:
         cf:5a:2c:3e:67:e5:bd:b3:3a:48:92:32:65:1b:ab:bd:ec:d0:
         51:2e:72:7a:3f:6f:07:9e:45:be:a7:6c:98:21:7f:ad:fd:4e:
         da:2c:54:41:ae:99:74:7a:ff:97:6f:92:4f:e3:e1:63:85:53:
         75:21:38:65:21:51:f4:a6:32:82:f4:94:93:d0:2e:55:e5:07:
         c0:d3:58:b8:a6:d5:11:be:e7:a6:ad:a9:72:9f:d0:4b:ae:89:
         ca:8a:8b:04:9f:7e:68:90:07:53:74:be:c7:d3:7b:83:db:10:
         9b:33:a0:71:83:79:a2:91:9f:c5:ef:34:20:52:b2:ea:bf:0b:
         ed:29:7a:91:d9:8e:77:90:70:54:76:72:db:8d:19:08:78:91:
         04:97:cb:2c
-----BEGIN CERTIFICATE-----
MIIFdDCCBFygAwIBAgICBckwDQYJKoZIhvcNAQELBQAwSDETMBEGA1UEAxMKRjM2
NTQ5QjFBRjExMC8GA1UEBRMoOUYxNzM4M0VCNjY3RTU0N0JBMDBDRkI3RjkxNEY0
Mjg0QzU4NDlDQzAeFw0xOTA4MzAwMDAwMTBaFw0yOTEyMDMwMDAwMTBaMBgxFjAU
BgNVBAMTDTVkNjg2ODc2LTlhYzUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC6ak26MyIFByaLO0C0qTtASwueamcm+Ed3O6eiZ086Kw4oJdjDN75ULLXh
a4SnsH9nCM4hI3QW/6jlsRlA2sx+wJo1G+kxVJQGYgnWfMQQ3/UCMzcyPxFAyCbd
qyYv5nochvR1ocHAT5ia9UP9/H9mWV49OfUb41F7HWyAIBX+X86cmfDswCnbKpqY
RGP4D8gPqExGo+8WUh9+2zCccu8kGTME2eT9YyBN8I5NJPADBR2/KMJ6BSGYtOId
XXiJ4EgLsV4tEnIx2CCfoGma2Jn7bO8HsymV41r6H2TQFrnU6wYVKeQ0xRHugMDL
VAN51Far0QAMFv1h2XMCvgy8rMM3AgMBAAGjggKWMIICkjAdBgNVHQ4EFgQUK5ae
L78xIinbnGikRaV+S0YMOmMwHwYDVR0jBBgwFoAUnxc4PrZn5Ue6AM+3+RT0KExY
ScwwDgYDVR0PAQH/BAQDAgeAMIGVBgNVHR8EgY0wgYowgYeggYSggYGGf3JzeW5j
Oi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJlcl9yZXBvc2l0b3J5
L0YzNjU0OUIxL0RGNzg4Qzk4NTYxMzExRTVCMUEwRTM2MEY4QUVBMjI4L254YzRQ
clpuNVVlNkFNLTMtUlQwS0V4WVNjdy5jcmwwZwYIKwYBBQUHAQEEWzBZMFcGCCsG
AQUFBzAChktyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9hZnJp
bmljL254YzRQclpuNVVlNkFNLTMtUlQwS0V4WVNjdy5jZXIwTwYDVR0gAQH/BEUw
QzBBBggrBgEFBQcOAjA1MDMGCCsGAQUFBwIBFidodHRwczovL3Jwa2kuYWZyaW5p
Yy5uZXQvcG9saWN5L0NQUy5wZGYwgaQGCCsGAQUFBwELBIGXMIGUMIGRBggrBgEF
BQcwC4aBhHJzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJl
cl9yZXBvc2l0b3J5L0YzNjU0OUIxL0RGNzg4Qzk4NTYxMzExRTVCMUEwRTM2MEY4
QUVBMjI4L0ZCMEUxNUY4Q0FCOTExRTlBQTA3Mjk1MUY4QUVBMjI4LnJvYTBHBggr
BgEFBQcBBwEB/wQ4MDYwGAQCAAEwEgMEAcTfDgMEAcTfFgMEAcTfHjAaBAIAAjAU
MBIDBwQgAUP4AfADBwAgAUP4AfIwDQYJKoZIhvcNAQELBQADggEBAK7KQOuspXvS
ylEPgyIuAmYObB6Zl/1lLU+tRa9AunUVAltSU9I2C0tVDDlctUbn/FL7vlBZnJoc
j+UEBUItGm78RB3PqE9bYtHMGeR+xZnBjjXQtlDxkWORSh4nMbPJB34+nX3YsLFE
nNIwGM9aLD5n5b2zOkiSMmUbq73s0FEucno/bweeRb6nbJghf639TtosVEGumXR6
/5dvkk/j4WOFU3UhOGUhUfSmMoL0lJPQLlXlB8DTWLim1RG+56atqXKf0EuuicqK
iwSffmiQB1N0vsfTe4PbEJszoHGDeaKRn8XvNCBSsuq/C+0pepHZjneQcFR2ctuN
GQh4kQSXyyw=
-----END CERTIFICATE-----
Generated at Thu Sep 28 09:25:01 2023 by rpki-client on console-fra.rpki-client.org