Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/C3B3C59E236C329AC389A06069BAAA611D89A6B9773ADB9FCB58348A73F9F8B3/0/34352e3233392e33342e302f32332d3233203d3e20323636383435.roa
File:                     34352e3233392e33342e302f32332d3233203d3e20323636383435.roa (raw, json)
Hash identifier:          rmzBIqOQ+2v7qliYoDOjjBECAUlsR6ZBW/l/DW8R39o=
Subject key identifier:   D5:C9:4B:56:66:5A:91:93:B8:E8:4D:26:9B:C5:5A:11:7A:C1:D2:EF
Certificate issuer:       /CN=9C47A2CE71365140A7ACBE7252BB0916C054BE16
Certificate serial:       0B09B45E7EFF9A61B879061952BA443A95867392
Authority key identifier: 9C:47:A2:CE:71:36:51:40:A7:AC:BE:72:52:BB:09:16:C0:54:BE:16
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/9C47A2CE71365140A7ACBE7252BB0916C054BE16.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/C3B3C59E236C329AC389A06069BAAA611D89A6B9773ADB9FCB58348A73F9F8B3/0/34352e3233392e33342e302f32332d3233203d3e20323636383435.roa
Signing time:             Tue 04 Feb 2025 18:18:26 +0000
ROA not before:           Tue 04 Feb 2025 18:13:26 +0000
ROA not after:            Tue 03 Feb 2026 18:18:26 +0000
asID:                     266845
IP address blocks:        45.239.34.0/23 maxlen: 23
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:09:b4:5e:7e:ff:9a:61:b8:79:06:19:52:ba:44:3a:95:86:73:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9C47A2CE71365140A7ACBE7252BB0916C054BE16
        Validity
            Not Before: Feb  4 18:13:26 2025 GMT
            Not After : Feb  3 18:18:26 2026 GMT
        Subject: CN=D5C94B56665A9193B8E84D269BC55A117AC1D2EF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:04:80:11:d5:11:57:57:8c:ac:eb:d7:76:74:
                    b9:5f:b8:c9:1a:74:17:92:8a:81:d9:4b:e0:f0:8b:
                    71:d3:82:1b:4c:65:f9:2b:ac:8a:03:ec:6e:c4:72:
                    23:62:e9:3d:50:c7:32:99:5c:5e:2d:9c:26:52:62:
                    c5:dd:6f:5a:3e:c8:38:d0:30:3d:b2:ea:69:28:1f:
                    14:70:e7:38:ca:e1:45:37:73:90:72:1a:45:e2:56:
                    2a:1a:7a:ba:a7:e0:ea:4a:81:dc:c1:58:c5:33:6c:
                    1e:fb:3b:bf:db:cc:d1:84:e0:7d:68:70:04:6f:13:
                    66:d1:10:84:ce:45:3d:fc:46:54:27:83:62:a1:61:
                    d0:af:67:0b:fd:19:68:ab:7d:13:10:66:1d:01:05:
                    db:a3:a9:7f:13:35:20:e1:82:bb:cc:e7:9b:33:83:
                    64:d1:be:7c:0f:f6:b8:ce:a6:b5:31:6d:82:9e:ae:
                    f9:1e:98:e5:bc:75:c4:27:ec:28:42:ea:cd:80:57:
                    f3:79:d9:57:d5:bb:e0:69:c7:6b:9c:8f:53:ca:bd:
                    1d:9c:4e:e3:b7:a1:a4:85:61:59:66:7e:55:3d:34:
                    f5:a2:77:2b:bd:ec:c2:b2:d7:3a:41:3a:1c:e4:da:
                    10:ad:c0:72:f4:37:4a:3b:38:f0:cc:71:67:74:87:
                    07:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:C9:4B:56:66:5A:91:93:B8:E8:4D:26:9B:C5:5A:11:7A:C1:D2:EF
            X509v3 Authority Key Identifier:
                keyid:9C:47:A2:CE:71:36:51:40:A7:AC:BE:72:52:BB:09:16:C0:54:BE:16

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/C3B3C59E236C329AC389A06069BAAA611D89A6B9773ADB9FCB58348A73F9F8B3/0/9C47A2CE71365140A7ACBE7252BB0916C054BE16.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/9C47A2CE71365140A7ACBE7252BB0916C054BE16.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/C3B3C59E236C329AC389A06069BAAA611D89A6B9773ADB9FCB58348A73F9F8B3/0/34352e3233392e33342e302f32332d3233203d3e20323636383435.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.239.34.0/23

    Signature Algorithm: sha256WithRSAEncryption
         be:5d:89:98:7e:ac:7d:fd:11:aa:6f:8c:4b:f9:b8:2d:a2:b4:
         a4:95:c2:98:84:eb:11:fc:d8:ab:ce:90:27:17:38:f6:57:1e:
         f7:21:a4:fb:1a:e7:32:4f:02:fb:92:c5:49:2d:90:9e:c7:69:
         40:47:6f:8d:2a:af:e4:88:1f:68:95:66:42:64:ee:6c:7b:7b:
         18:de:c1:19:0f:3d:db:5b:4d:7f:aa:aa:6b:18:e7:e4:0a:d3:
         2c:5e:30:ff:16:db:f7:b7:11:bd:aa:7c:89:a8:52:45:8a:51:
         8c:66:20:58:fb:34:59:70:92:5e:bf:2f:1a:02:c7:9b:25:35:
         44:bb:94:12:a2:1e:bf:7d:e0:fa:82:58:30:06:94:6e:37:15:
         68:a3:06:e6:34:10:c4:9f:20:17:1b:c0:89:21:43:dd:d5:bf:
         1e:6c:cd:f4:6b:32:14:4b:23:55:02:a2:94:91:79:f3:84:41:
         b9:76:0f:48:b4:ff:5c:79:f4:c5:c2:c9:1b:1c:c3:7d:84:d7:
         fe:5f:db:ac:33:7a:58:2a:df:1d:81:7d:45:ea:51:a0:4c:ca:
         11:d2:c8:b0:a4:40:c4:14:df:8d:06:73:32:20:f6:c4:83:84:
         49:4b:fa:dd:1b:54:e7:68:dd:12:88:ae:01:ce:80:56:e5:cb:
         08:a7:6c:5e
-----BEGIN CERTIFICATE-----
MIIFvjCCBKagAwIBAgIUCwm0Xn7/mmG4eQYZUrpEOpWGc5IwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOUM0N0EyQ0U3MTM2NTE0MEE3QUNCRTcyNTJCQjA5MTZD
MDU0QkUxNjAeFw0yNTAyMDQxODEzMjZaFw0yNjAyMDMxODE4MjZaMDMxMTAvBgNV
BAMTKEQ1Qzk0QjU2NjY1QTkxOTNCOEU4NEQyNjlCQzU1QTExN0FDMUQyRUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7BIAR1RFXV4ys69d2dLlfuMka
dBeSioHZS+Dwi3HTghtMZfkrrIoD7G7EciNi6T1QxzKZXF4tnCZSYsXdb1o+yDjQ
MD2y6mkoHxRw5zjK4UU3c5ByGkXiVioaerqn4OpKgdzBWMUzbB77O7/bzNGE4H1o
cARvE2bREITORT38RlQng2KhYdCvZwv9GWirfRMQZh0BBdujqX8TNSDhgrvM55sz
g2TRvnwP9rjOprUxbYKervkemOW8dcQn7ChC6s2AV/N52VfVu+Bpx2ucj1PKvR2c
TuO3oaSFYVlmflU9NPWidyu97MKy1zpBOhzk2hCtwHL0N0o7OPDMcWd0hwdPAgMB
AAGjggLIMIICxDAdBgNVHQ4EFgQU1clLVmZakZO46E0mm8VaEXrB0u8wHwYDVR0j
BBgwFoAUnEeiznE2UUCnrL5yUrsJFsBUvhYwDgYDVR0PAQH/BAQDAgeAMIGwBgNV
HR8EgagwgaUwgaKggZ+ggZyGgZlyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5l
dC9ycGtpL2xhY25pYy9DM0IzQzU5RTIzNkMzMjlBQzM4OUEwNjA2OUJBQUE2MTFE
ODlBNkI5NzczQURCOUZDQjU4MzQ4QTczRjlGOEIzLzAvOUM0N0EyQ0U3MTM2NTE0
MEE3QUNCRTcyNTJCQjA5MTZDMDU0QkUxNi5jcmwwgbkGCCsGAQUFBwEBBIGsMIGp
MIGmBggrBgEFBQcwAoaBmXJzeW5jOi8vcmVwb3NpdG9yeS5sYWNuaWMubmV0L3Jw
a2kvbGFjbmljL0ZEQzM1OTRERDRFNTRCQURFNzA5QUMwRDI1NUNGMjc5QzQ3NzE2
RDJFOEIzRjRENDVEQzQ2MzU1ODk5QjM2RDQvMC85QzQ3QTJDRTcxMzY1MTQwQTdB
Q0JFNzI1MkJCMDkxNkMwNTRCRTE2LmNlcjCBxwYIKwYBBQUHAQsEgbowgbcwgbQG
CCsGAQUFBzALhoGncnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25pYy5uZXQvcnBraS9s
YWNuaWMvQzNCM0M1OUUyMzZDMzI5QUMzODlBMDYwNjlCQUFBNjExRDg5QTZCOTc3
M0FEQjlGQ0I1ODM0OEE3M0Y5RjhCMy8wLzM0MzUyZTMyMzMzOTJlMzMzNDJlMzAy
ZjMyMzMyZDMyMzMyMDNkM2UyMDMyMzYzNjM4MzQzNS5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAS3vIjAN
BgkqhkiG9w0BAQsFAAOCAQEAvl2JmH6sff0Rqm+MS/m4LaK0pJXCmITrEfzYq86Q
Jxc49lce9yGk+xrnMk8C+5LFSS2QnsdpQEdvjSqv5IgfaJVmQmTubHt7GN7BGQ89
21tNf6qqaxjn5ArTLF4w/xbb97cRvap8iahSRYpRjGYgWPs0WXCSXr8vGgLHmyU1
RLuUEqIev33g+oJYMAaUbjcVaKMG5jQQxJ8gFxvAiSFD3dW/HmzN9GsyFEsjVQKi
lJF584RBuXYPSLT/XHn0xcLJGxzDfYTX/l/brDN6WCrfHYF9RepRoEzKEdLIsKRA
xBTfjQZzMiD2xIOESUv63RtU52jdEoiuAc6AVuXLCKdsXg==
-----END CERTIFICATE-----