Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/9EE9B1E0831677ED93803AF0B8ED6B95FE367BA0CC83CED4B0AEF617E1F03150/0/AS273854.roa
File:                     AS273854.roa (raw, json)
Hash identifier:          /mtd6Bi71Hb6+vePhYBpjhj0ot3AUjNmiAxeZjVP6s0=
Subject key identifier:   22:A5:F1:DE:85:39:DA:A1:7A:44:DC:A6:42:CD:CE:97:FC:27:84:D9
Certificate issuer:       /CN=274D68F06BB1F2ED094F03B52FED7565F7825D99
Certificate serial:       2EAE8192900C067CCF6082E6939898884775B307
Authority key identifier: 27:4D:68:F0:6B:B1:F2:ED:09:4F:03:B5:2F:ED:75:65:F7:82:5D:99
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/274D68F06BB1F2ED094F03B52FED7565F7825D99.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/9EE9B1E0831677ED93803AF0B8ED6B95FE367BA0CC83CED4B0AEF617E1F03150/0/AS273854.roa
Signing time:             Mon 23 Sep 2024 19:15:00 +0000
ROA not before:           Mon 23 Sep 2024 19:10:00 +0000
ROA not after:            Mon 22 Sep 2025 19:15:00 +0000
asID:                     273854
IP address blocks:        181.103.64.0/20 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2e:ae:81:92:90:0c:06:7c:cf:60:82:e6:93:98:98:88:47:75:b3:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=274D68F06BB1F2ED094F03B52FED7565F7825D99
        Validity
            Not Before: Sep 23 19:10:00 2024 GMT
            Not After : Sep 22 19:15:00 2025 GMT
        Subject: CN=22A5F1DE8539DAA17A44DCA642CDCE97FC2784D9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:ec:0b:38:76:17:6c:28:05:3b:31:d3:c8:60:
                    6b:cd:ee:91:d5:ca:e6:c3:f6:15:65:de:dc:b9:c9:
                    39:a5:2f:d4:49:7a:4b:6a:8e:8d:08:7f:d0:83:97:
                    fb:4e:65:2a:ad:d5:80:bd:50:61:f8:16:cb:4d:f8:
                    9b:1d:3f:00:1f:17:1c:ce:60:dc:cf:43:c4:be:73:
                    9e:d4:bd:71:e3:b0:5c:9d:ff:dc:19:c1:30:d9:9f:
                    e4:39:28:cf:16:27:d2:ed:3b:65:29:b4:6f:fd:ae:
                    f8:bf:84:62:97:89:a1:52:14:73:8c:0d:6b:f1:d8:
                    b9:b9:de:c4:37:ff:88:7d:24:ad:b0:b3:59:dc:04:
                    8a:e4:82:1d:87:0e:53:aa:19:16:55:64:f4:c1:ee:
                    5d:7b:9e:b1:31:11:31:03:43:18:a8:54:38:10:27:
                    3e:76:94:f9:6a:b7:bf:77:ae:68:fc:71:48:36:a4:
                    ed:11:b5:1c:97:af:dd:5c:bb:a6:88:c4:6e:5a:92:
                    76:32:e8:1e:61:30:e8:b2:73:6d:dc:6b:98:6d:74:
                    a0:de:29:f1:df:6f:34:62:b5:74:4c:03:85:08:1c:
                    3a:d6:f2:7f:ee:31:fe:14:3d:1a:5b:1e:b7:06:77:
                    ed:45:37:47:11:57:32:76:ed:e5:dc:7d:12:86:0d:
                    75:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:A5:F1:DE:85:39:DA:A1:7A:44:DC:A6:42:CD:CE:97:FC:27:84:D9
            X509v3 Authority Key Identifier:
                keyid:27:4D:68:F0:6B:B1:F2:ED:09:4F:03:B5:2F:ED:75:65:F7:82:5D:99

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/9EE9B1E0831677ED93803AF0B8ED6B95FE367BA0CC83CED4B0AEF617E1F03150/0/274D68F06BB1F2ED094F03B52FED7565F7825D99.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/274D68F06BB1F2ED094F03B52FED7565F7825D99.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/9EE9B1E0831677ED93803AF0B8ED6B95FE367BA0CC83CED4B0AEF617E1F03150/0/AS273854.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.103.64.0/20

    Signature Algorithm: sha256WithRSAEncryption
         7e:25:49:f2:74:11:5a:80:a2:c2:d9:4c:62:37:90:ee:60:c7:
         1f:9d:e4:58:3e:60:6e:f1:65:f2:a1:62:5c:3f:fc:aa:4d:bc:
         a1:14:a8:57:29:ad:0e:ce:e1:67:14:2d:23:36:5c:77:a4:58:
         c5:6b:55:85:4b:28:4c:89:21:eb:47:27:46:bb:d9:00:2f:05:
         cf:20:a6:fc:4c:10:b2:48:9d:61:79:d0:31:b7:b9:c5:14:a2:
         ea:7e:90:98:75:78:b9:dd:b9:a0:e3:ed:cb:4d:d1:1a:db:2e:
         70:6b:9c:9e:41:df:98:8b:fd:0e:4a:fa:96:bf:f6:47:cf:a2:
         81:73:b6:5b:4b:81:24:d8:b0:97:a7:bd:0f:8b:b5:0d:87:17:
         09:0c:4b:f1:7a:df:35:ca:7f:fb:f2:2c:46:6e:e7:1b:3d:2e:
         91:0c:1f:a2:f1:db:9a:56:12:72:e9:d0:c6:1d:8d:eb:47:ea:
         5e:fe:66:b1:2c:25:07:86:4a:ad:43:5d:48:4a:4b:58:d3:10:
         e3:47:d1:d0:5d:85:96:78:68:26:39:c2:a6:a9:4c:f2:ad:64:
         67:a5:40:34:73:29:02:87:0c:65:81:41:67:f4:5c:fc:4f:de:
         67:5a:16:a6:0c:c2:36:81:d3:b6:66:95:69:7d:53:8a:7d:7e:
         48:28:76:f0
-----BEGIN CERTIFICATE-----
MIIFjzCCBHegAwIBAgIULq6BkpAMBnzPYILmk5iYiEd1swcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjc0RDY4RjA2QkIxRjJFRDA5NEYwM0I1MkZFRDc1NjVG
NzgyNUQ5OTAeFw0yNDA5MjMxOTEwMDBaFw0yNTA5MjIxOTE1MDBaMDMxMTAvBgNV
BAMTKDIyQTVGMURFODUzOURBQTE3QTQ0RENBNjQyQ0RDRTk3RkMyNzg0RDkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDK7As4dhdsKAU7MdPIYGvN7pHV
yubD9hVl3ty5yTmlL9RJektqjo0If9CDl/tOZSqt1YC9UGH4FstN+JsdPwAfFxzO
YNzPQ8S+c57UvXHjsFyd/9wZwTDZn+Q5KM8WJ9LtO2UptG/9rvi/hGKXiaFSFHOM
DWvx2Lm53sQ3/4h9JK2ws1ncBIrkgh2HDlOqGRZVZPTB7l17nrExETEDQxioVDgQ
Jz52lPlqt793rmj8cUg2pO0RtRyXr91cu6aIxG5aknYy6B5hMOiyc23ca5htdKDe
KfHfbzRitXRMA4UIHDrW8n/uMf4UPRpbHrcGd+1FN0cRVzJ27eXcfRKGDXU7AgMB
AAGjggKZMIIClTAdBgNVHQ4EFgQUIqXx3oU52qF6RNymQs3Ol/wnhNkwHwYDVR0j
BBgwFoAUJ01o8Gux8u0JTwO1L+11ZfeCXZkwDgYDVR0PAQH/BAQDAgeAMIGwBgNV
HR8EgagwgaUwgaKggZ+ggZyGgZlyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5l
dC9ycGtpL2xhY25pYy85RUU5QjFFMDgzMTY3N0VEOTM4MDNBRjBCOEVENkI5NUZF
MzY3QkEwQ0M4M0NFRDRCMEFFRjYxN0UxRjAzMTUwLzAvMjc0RDY4RjA2QkIxRjJF
RDA5NEYwM0I1MkZFRDc1NjVGNzgyNUQ5OS5jcmwwgbkGCCsGAQUFBwEBBIGsMIGp
MIGmBggrBgEFBQcwAoaBmXJzeW5jOi8vcmVwb3NpdG9yeS5sYWNuaWMubmV0L3Jw
a2kvbGFjbmljL0ZEQzM1OTRERDRFNTRCQURFNzA5QUMwRDI1NUNGMjc5QzQ3NzE2
RDJFOEIzRjRENDVEQzQ2MzU1ODk5QjM2RDQvMC8yNzRENjhGMDZCQjFGMkVEMDk0
RjAzQjUyRkVENzU2NUY3ODI1RDk5LmNlcjCBmAYIKwYBBQUHAQsEgYswgYgwgYUG
CCsGAQUFBzALhnlyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5ldC9ycGtpL2xh
Y25pYy85RUU5QjFFMDgzMTY3N0VEOTM4MDNBRjBCOEVENkI5NUZFMzY3QkEwQ0M4
M0NFRDRCMEFFRjYxN0UxRjAzMTUwLzAvQVMyNzM4NTQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAS1Z0Aw
DQYJKoZIhvcNAQELBQADggEBAH4lSfJ0EVqAosLZTGI3kO5gxx+d5Fg+YG7xZfKh
Ylw//KpNvKEUqFcprQ7O4WcULSM2XHekWMVrVYVLKEyJIetHJ0a72QAvBc8gpvxM
ELJInWF50DG3ucUUoup+kJh1eLnduaDj7ctN0RrbLnBrnJ5B35iL/Q5K+pa/9kfP
ooFztltLgSTYsJenvQ+LtQ2HFwkMS/F63zXKf/vyLEZu5xs9LpEMH6Lx25pWEnLp
0MYdjetH6l7+ZrEsJQeGSq1DXUhKS1jTEONH0dBdhZZ4aCY5wqapTPKtZGelQDRz
KQKHDGWBQWf0XPxP3mdaFqYMwjaB07ZmlWl9U4p9fkgodvA=
-----END CERTIFICATE-----
Generated at Tue Oct 1 13:52:14 2024 by rpki-client on console-fra.rpki-client.org