Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/ec31dcfb-d9c1-423f-b658-fa96ff1562aa/303c75cc0759e154da6065a0244dc83a59fa8106.roa
File:                     303c75cc0759e154da6065a0244dc83a59fa8106.roa (raw, json)
Hash identifier:          FebwMR3oBkZMg5H9txh3ZEN5vrs1+jYoJJ8tKu8bILo=
Subject key identifier:   5C:C9:C1:22:50:CB:0A:EC:53:35:33:66:97:29:6D:3C:8D:6C:54:C3
Certificate issuer:       /CN=891940c92e5962f377d7880042fabe9dcc03d089
Certificate serial:       1EC9
Authority key identifier: CD:A0:A7:03:75:E8:B0:4F:33:54:57:5D:FB:2C:52:89:02:F4:B9:6A
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/891940c92e5962f377d7880042fabe9dcc03d089.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/ec31dcfb-d9c1-423f-b658-fa96ff1562aa/303c75cc0759e154da6065a0244dc83a59fa8106.roa
Signing time:             Sat 08 Oct 2022 13:33:27 +0000
ROA not before:           Sat 08 Oct 2022 13:32:46 +0000
ROA not after:            Tue 08 Oct 2024 13:32:46 +0000
asID:                     264757
IP address blocks:        168.196.0.0/22 maxlen: 24
                          2803:80c0::/32 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 7881 (0x1ec9)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=891940c92e5962f377d7880042fabe9dcc03d089
        Validity
            Not Before: Oct  8 13:32:46 2022 GMT
            Not After : Oct  8 13:32:46 2024 GMT
        Subject: CN=303c75cc0759e154da6065a0244dc83a59fa8106
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:ed:59:7d:98:7a:03:1b:e9:6b:af:bd:20:b2:
                    4a:e2:63:96:cc:9b:9a:5b:5b:93:87:da:26:3f:3e:
                    d4:25:de:dd:4f:ef:7c:f5:bd:33:ad:64:35:1b:2d:
                    47:fd:ff:4c:3c:8c:da:3e:b4:9c:0f:86:21:d4:dd:
                    67:a1:89:cb:50:40:65:e0:81:0e:e6:ef:ee:59:8d:
                    bc:50:80:4a:42:7a:e2:14:81:27:9f:aa:55:1d:15:
                    05:21:bc:4e:bb:4f:90:36:3e:c2:89:20:a6:08:ae:
                    fe:da:c8:50:94:81:43:49:eb:63:8f:1d:19:4b:1c:
                    21:9f:9b:3a:11:40:4e:cc:d5:66:8d:97:50:10:30:
                    81:26:df:eb:fa:f1:29:ac:ac:78:8b:11:f0:a7:a9:
                    a3:5e:52:19:ff:bc:5c:8b:d6:5c:fd:cf:d8:9c:35:
                    09:ba:91:73:28:dc:7e:cf:08:d5:8d:d4:fc:84:ae:
                    e4:28:1f:63:e7:89:4d:87:92:ea:3c:a8:e3:4d:45:
                    29:32:ae:bb:28:57:58:a6:72:c5:08:10:db:00:d2:
                    4b:88:b8:e7:08:01:88:a1:44:7e:d9:2f:22:14:ff:
                    f3:50:fb:3a:5d:d5:5b:7a:b9:fa:d9:87:22:5c:90:
                    7c:ea:28:14:63:66:88:13:79:c0:18:d9:14:31:ff:
                    73:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:C9:C1:22:50:CB:0A:EC:53:35:33:66:97:29:6D:3C:8D:6C:54:C3
            X509v3 Authority Key Identifier:
                keyid:CD:A0:A7:03:75:E8:B0:4F:33:54:57:5D:FB:2C:52:89:02:F4:B9:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/891940c92e5962f377d7880042fabe9dcc03d089.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/ec31dcfb-d9c1-423f-b658-fa96ff1562aa/303c75cc0759e154da6065a0244dc83a59fa8106.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/ec31dcfb-d9c1-423f-b658-fa96ff1562aa/891940c92e5962f377d7880042fabe9dcc03d089.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  168.196.0.0/22
                IPv6:
                  2803:80c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         56:cf:f7:4d:1a:ec:7e:21:4f:41:b2:24:86:50:f0:1f:c8:a8:
         24:20:d0:89:b1:a3:71:9d:fd:ac:a2:4b:81:7a:d0:e7:23:25:
         0f:98:68:89:4e:98:51:ac:b4:c1:68:56:dc:3a:4b:bd:f8:62:
         c2:5e:b2:77:df:5b:42:7d:6c:b0:a4:6f:36:24:64:ca:e9:73:
         16:65:2f:af:f5:ba:5e:e7:70:78:8f:ac:6b:33:e8:65:03:22:
         02:c3:aa:aa:fa:75:cc:92:e8:fe:a3:49:a3:7a:12:5e:fb:d7:
         bd:13:4f:a8:ef:16:1d:5b:69:04:53:a8:7e:95:f0:85:bd:e9:
         2a:73:1a:10:55:6c:92:62:cb:df:b9:1f:f9:c9:3a:57:d6:00:
         47:93:21:7a:b9:24:4a:4b:7f:06:63:71:ed:d7:20:7d:a6:b2:
         58:4c:2f:ef:78:a2:4f:a1:09:93:77:1a:43:c9:f5:b8:a7:9c:
         07:ab:b1:ef:3f:06:cf:77:35:24:65:65:16:4d:df:d6:d2:a1:
         a7:49:a4:4a:0c:97:82:fd:84:b4:b5:53:70:d1:57:6d:3c:6d:
         c0:b6:65:80:15:ed:c6:70:e9:d9:d5:56:28:dc:77:98:5c:46:
         1d:03:14:4b:2b:06:1a:5e:cf:84:bb:29:a2:23:4c:80:00:f0:
         b8:da:a2:72
-----BEGIN CERTIFICATE-----
MIIFTjCCBDagAwIBAgICHskwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoODkx
OTQwYzkyZTU5NjJmMzc3ZDc4ODAwNDJmYWJlOWRjYzAzZDA4OTAeFw0yMjEwMDgx
MzMyNDZaFw0yNDEwMDgxMzMyNDZaMDMxMTAvBgNVBAMTKDMwM2M3NWNjMDc1OWUx
NTRkYTYwNjVhMDI0NGRjODNhNTlmYTgxMDYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCh7Vl9mHoDG+lrr70gskriY5bMm5pbW5OH2iY/PtQl3t1P73z1
vTOtZDUbLUf9/0w8jNo+tJwPhiHU3WehictQQGXggQ7m7+5ZjbxQgEpCeuIUgSef
qlUdFQUhvE67T5A2PsKJIKYIrv7ayFCUgUNJ62OPHRlLHCGfmzoRQE7M1WaNl1AQ
MIEm3+v68SmsrHiLEfCnqaNeUhn/vFyL1lz9z9icNQm6kXMo3H7PCNWN1PyEruQo
H2PniU2Hkuo8qONNRSkyrrsoV1imcsUIENsA0kuIuOcIAYihRH7ZLyIU//NQ+zpd
1Vt6ufrZhyJckHzqKBRjZogTecAY2RQx/3NfAgMBAAGjggJqMIICZjAdBgNVHQ4E
FgQUXMnBIlDLCuxTNTNmlyltPI1sVMMwHwYDVR0jBBgwFoAUzaCnA3XosE8zVFdd
+yxSiQL0uWowDgYDVR0PAQH/BAQDAgeAMIGaBggrBgEFBQcBAQSBjTCBijCBhwYI
KwYBBQUHMAKGe3JzeW5jOi8vcmVwb3NpdG9yeS5sYWNuaWMubmV0L3Jwa2kvbGFj
bmljLzQ4ZjA4M2JiLWY2MDMtNDg5My05OTkwLTAyODRjMDRjZWI4NS84OTE5NDBj
OTJlNTk2MmYzNzdkNzg4MDA0MmZhYmU5ZGNjMDNkMDg5LmNlcjCBmgYIKwYBBQUH
AQsEgY0wgYowgYcGCCsGAQUFBzALhntyc3luYzovL3JlcG9zaXRvcnkubGFjbmlj
Lm5ldC9ycGtpL2xhY25pYy9lYzMxZGNmYi1kOWMxLTQyM2YtYjY1OC1mYTk2ZmYx
NTYyYWEvMzAzYzc1Y2MwNzU5ZTE1NGRhNjA2NWEwMjQ0ZGM4M2E1OWZhODEwNi5y
b2EwgY8GA1UdHwSBhzCBhDCBgaB/oH2Ge3JzeW5jOi8vcmVwb3NpdG9yeS5sYWNu
aWMubmV0L3Jwa2kvbGFjbmljL2VjMzFkY2ZiLWQ5YzEtNDIzZi1iNjU4LWZhOTZm
ZjE1NjJhYS84OTE5NDBjOTJlNTk2MmYzNzdkNzg4MDA0MmZhYmU5ZGNjMDNkMDg5
LmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8w
HTAMBAIAATAGAwQCqMQAMA0EAgACMAcDBQAoA4DAMA0GCSqGSIb3DQEBCwUAA4IB
AQBWz/dNGux+IU9BsiSGUPAfyKgkINCJsaNxnf2sokuBetDnIyUPmGiJTphRrLTB
aFbcOku9+GLCXrJ331tCfWywpG82JGTK6XMWZS+v9bpe53B4j6xrM+hlAyICw6qq
+nXMkuj+o0mjehJe+9e9E0+o7xYdW2kEU6h+lfCFvekqcxoQVWySYsvfuR/5yTpX
1gBHkyF6uSRKS38GY3Ht1yB9prJYTC/veKJPoQmTdxpDyfW4p5wHq7HvPwbPdzUk
ZWUWTd/W0qGnSaRKDJeC/YS0tVNw0VdtPG3AtmWAFe3GcOnZ1VYo3HeYXEYdAxRL
KwYaXs+EuymiI0yAAPC42qJy
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:14:43 2023 by rpki-client on console-fra.rpki-client.org