Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/ec31dcfb-d9c1-423f-b658-fa96ff1562aa/b7dbe1159db4e9b0b3c112ade3925a125c25c297.roa
File:                     b7dbe1159db4e9b0b3c112ade3925a125c25c297.roa (raw, json)
Hash identifier:          1pPKyoWRElNZpq/tUMi40VEWTS4b4soQv6fRXZL2aLA=
Subject key identifier:   6C:1A:88:CC:9D:D9:6A:58:BA:06:0A:AE:EE:26:0A:00:B9:B3:50:10
Certificate issuer:       /CN=891940c92e5962f377d7880042fabe9dcc03d089
Certificate serial:       0584
Authority key identifier: CD:A0:A7:03:75:E8:B0:4F:33:54:57:5D:FB:2C:52:89:02:F4:B9:6A
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/891940c92e5962f377d7880042fabe9dcc03d089.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/ec31dcfb-d9c1-423f-b658-fa96ff1562aa/b7dbe1159db4e9b0b3c112ade3925a125c25c297.roa
Signing time:             Thu 06 Oct 2022 13:49:35 +0000
ROA not before:           Thu 06 Oct 2022 13:49:17 +0000
ROA not after:            Sun 06 Oct 2024 13:49:17 +0000
asID:                     264680
IP address blocks:        168.196.0.0/22 maxlen: 22
                          2803:80c0::/32 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1412 (0x584)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=891940c92e5962f377d7880042fabe9dcc03d089
        Validity
            Not Before: Oct  6 13:49:17 2022 GMT
            Not After : Oct  6 13:49:17 2024 GMT
        Subject: CN=b7dbe1159db4e9b0b3c112ade3925a125c25c297
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:2c:df:d6:81:b8:ab:8a:6d:e2:e2:30:9b:b4:
                    ce:18:d8:a7:24:80:f2:f5:36:e2:c3:24:52:4e:bf:
                    f4:d6:53:08:43:25:96:1b:01:b8:4b:38:c3:ae:b4:
                    e9:a8:9c:61:3d:0f:13:0d:6a:e2:25:6d:2f:00:73:
                    2d:a8:35:70:30:77:99:fd:3a:43:e4:ad:0c:40:d6:
                    99:d4:92:c5:34:bf:3c:bd:b1:d9:ff:00:40:a8:be:
                    d4:e4:8e:40:28:fd:4d:c7:55:50:de:39:1a:4e:1d:
                    0f:c5:55:89:4f:75:29:57:b2:ea:12:41:d1:b7:dc:
                    e2:6d:96:07:04:b5:4d:98:4a:77:1d:e9:17:df:07:
                    f6:13:f7:cd:66:bf:8d:b5:cb:44:6e:b6:c0:60:a2:
                    51:22:fc:09:41:76:c9:a9:0a:10:f8:b4:06:17:41:
                    7e:58:48:90:15:a7:cf:55:38:a3:ca:4c:99:e2:7e:
                    c4:14:f7:3a:37:2f:4d:4c:9e:a5:0b:b2:68:e5:1c:
                    2d:fa:de:c6:f4:54:56:fb:f0:91:18:f5:4d:24:22:
                    b2:b1:75:46:db:ba:83:84:0f:da:36:7b:fc:2a:4c:
                    25:88:64:6d:df:31:45:d5:27:c6:d3:6a:48:ed:e1:
                    5a:ef:7c:d9:aa:d9:51:1d:83:07:63:ce:6c:b7:46:
                    db:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:1A:88:CC:9D:D9:6A:58:BA:06:0A:AE:EE:26:0A:00:B9:B3:50:10
            X509v3 Authority Key Identifier:
                keyid:CD:A0:A7:03:75:E8:B0:4F:33:54:57:5D:FB:2C:52:89:02:F4:B9:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/891940c92e5962f377d7880042fabe9dcc03d089.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/ec31dcfb-d9c1-423f-b658-fa96ff1562aa/b7dbe1159db4e9b0b3c112ade3925a125c25c297.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/ec31dcfb-d9c1-423f-b658-fa96ff1562aa/891940c92e5962f377d7880042fabe9dcc03d089.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  168.196.0.0/22
                IPv6:
                  2803:80c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         3c:93:14:c3:6d:3d:8b:40:f1:88:bf:18:3a:d0:f1:b3:b3:e9:
         9e:a7:57:1b:93:31:a2:83:9a:20:14:94:32:82:b2:ed:9f:ed:
         5b:53:28:ce:61:d2:c4:10:26:ba:cc:bd:98:73:ad:11:71:28:
         d5:e2:86:93:6d:73:1a:0c:56:49:57:2b:ae:f1:d6:80:a8:c9:
         d0:6c:42:1e:5e:68:c4:ae:dd:2a:2e:c6:4b:fe:e9:7a:b0:35:
         b8:20:62:fb:b2:59:79:71:c4:f9:f4:48:c0:09:84:25:ea:94:
         f3:bf:0b:10:13:3e:2e:77:f3:81:8c:43:16:80:78:75:84:b8:
         a8:3a:78:fd:8e:96:25:62:01:75:73:ef:be:48:52:97:d2:0f:
         e3:1e:12:04:c8:56:64:37:a2:f2:5a:af:62:0b:af:31:96:00:
         ea:67:f2:f3:66:d7:f9:29:36:3c:14:97:34:8a:68:f0:a9:df:
         82:59:1b:eb:57:ff:70:b8:aa:cc:fe:67:af:cd:5f:14:8c:0a:
         a6:11:cd:de:80:75:f6:45:f4:00:3c:6a:58:c1:2a:73:dd:b4:
         71:79:f2:38:d3:f2:32:00:e1:01:be:13:b8:89:0f:77:90:d3:
         d8:c1:5a:0d:ec:0c:6f:1f:ec:e1:17:53:75:f6:a3:ca:36:81:
         3b:9f:ac:cc
-----BEGIN CERTIFICATE-----
MIIFTjCCBDagAwIBAgICBYQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoODkx
OTQwYzkyZTU5NjJmMzc3ZDc4ODAwNDJmYWJlOWRjYzAzZDA4OTAeFw0yMjEwMDYx
MzQ5MTdaFw0yNDEwMDYxMzQ5MTdaMDMxMTAvBgNVBAMTKGI3ZGJlMTE1OWRiNGU5
YjBiM2MxMTJhZGUzOTI1YTEyNWMyNWMyOTcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQChLN/Wgbirim3i4jCbtM4Y2KckgPL1NuLDJFJOv/TWUwhDJZYb
AbhLOMOutOmonGE9DxMNauIlbS8Acy2oNXAwd5n9OkPkrQxA1pnUksU0vzy9sdn/
AECovtTkjkAo/U3HVVDeORpOHQ/FVYlPdSlXsuoSQdG33OJtlgcEtU2YSncd6Rff
B/YT981mv421y0RutsBgolEi/AlBdsmpChD4tAYXQX5YSJAVp89VOKPKTJnifsQU
9zo3L01MnqULsmjlHC363sb0VFb78JEY9U0kIrKxdUbbuoOED9o2e/wqTCWIZG3f
MUXVJ8bTakjt4VrvfNmq2VEdgwdjzmy3RtspAgMBAAGjggJqMIICZjAdBgNVHQ4E
FgQUbBqIzJ3Zali6Bgqu7iYKALmzUBAwHwYDVR0jBBgwFoAUzaCnA3XosE8zVFdd
+yxSiQL0uWowDgYDVR0PAQH/BAQDAgeAMIGaBggrBgEFBQcBAQSBjTCBijCBhwYI
KwYBBQUHMAKGe3JzeW5jOi8vcmVwb3NpdG9yeS5sYWNuaWMubmV0L3Jwa2kvbGFj
bmljLzQ4ZjA4M2JiLWY2MDMtNDg5My05OTkwLTAyODRjMDRjZWI4NS84OTE5NDBj
OTJlNTk2MmYzNzdkNzg4MDA0MmZhYmU5ZGNjMDNkMDg5LmNlcjCBmgYIKwYBBQUH
AQsEgY0wgYowgYcGCCsGAQUFBzALhntyc3luYzovL3JlcG9zaXRvcnkubGFjbmlj
Lm5ldC9ycGtpL2xhY25pYy9lYzMxZGNmYi1kOWMxLTQyM2YtYjY1OC1mYTk2ZmYx
NTYyYWEvYjdkYmUxMTU5ZGI0ZTliMGIzYzExMmFkZTM5MjVhMTI1YzI1YzI5Ny5y
b2EwgY8GA1UdHwSBhzCBhDCBgaB/oH2Ge3JzeW5jOi8vcmVwb3NpdG9yeS5sYWNu
aWMubmV0L3Jwa2kvbGFjbmljL2VjMzFkY2ZiLWQ5YzEtNDIzZi1iNjU4LWZhOTZm
ZjE1NjJhYS84OTE5NDBjOTJlNTk2MmYzNzdkNzg4MDA0MmZhYmU5ZGNjMDNkMDg5
LmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8w
HTAMBAIAATAGAwQCqMQAMA0EAgACMAcDBQAoA4DAMA0GCSqGSIb3DQEBCwUAA4IB
AQA8kxTDbT2LQPGIvxg60PGzs+mep1cbkzGig5ogFJQygrLtn+1bUyjOYdLEECa6
zL2Yc60RcSjV4oaTbXMaDFZJVyuu8daAqMnQbEIeXmjErt0qLsZL/ul6sDW4IGL7
sll5ccT59EjACYQl6pTzvwsQEz4ud/OBjEMWgHh1hLioOnj9jpYlYgF1c+++SFKX
0g/jHhIEyFZkN6LyWq9iC68xlgDqZ/LzZtf5KTY8FJc0imjwqd+CWRvrV/9wuKrM
/mevzV8UjAqmEc3egHX2RfQAPGpYwSpz3bRxefI40/IyAOEBvhO4iQ93kNPYwVoN
7AxvH+zhF1N19qPKNoE7n6zM
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:14:43 2023 by rpki-client on console-fra.rpki-client.org