Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F3626CB6/02B8B9488BD911EB91C9A537F8AEA228/0A0CBE28174711EEB6FFCE174AD9E6FC.roa
File:                     0A0CBE28174711EEB6FFCE174AD9E6FC.roa (raw, json)
Hash identifier:          Pr17xhX7cmuEr8WHFxSD3qRvjYtWAuwn6hRJDMxRKUY=
Subject key identifier:   79:69:CB:66:7A:91:99:8A:55:B6:88:CB:CD:07:37:1E:42:7F:D2:2D
Certificate issuer:       /CN=F3626CB6AR/serialNumber=B9FDD8953349716ADAE7A8D1BB13CC27F520FFD6
Certificate serial:       03EA
Authority key identifier: B9:FD:D8:95:33:49:71:6A:DA:E7:A8:D1:BB:13:CC:27:F5:20:FF:D6
Authority info access:    rsync://rpki.afrinic.net/repository/arin/uf3YlTNJcWra56jRuxPMJ_Ug_9Y.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F3626CB6/02B8B9488BD911EB91C9A537F8AEA228/0A0CBE28174711EEB6FFCE174AD9E6FC.roa
Signing time:             Fri 30 Jun 2023 13:07:17 +0000
ROA not before:           Fri 30 Jun 2023 13:07:14 +0000
ROA not after:            Sun 30 Jun 2024 13:07:14 +0000
asID:                     210636
IP address blocks:        156.0.108.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1002 (0x3ea)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F3626CB6AR/serialNumber=B9FDD8953349716ADAE7A8D1BB13CC27F520FFD6
        Validity
            Not Before: Jun 30 13:07:14 2023 GMT
            Not After : Jun 30 13:07:14 2024 GMT
        Subject: CN=649ed385-1a7f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:6c:8f:21:1c:4c:67:41:61:f9:a2:3c:f0:01:
                    05:f4:19:7e:80:77:36:8d:97:6e:f7:08:33:41:fb:
                    29:3c:bb:b4:ff:5a:7e:d1:9c:96:8b:2c:9b:6d:00:
                    17:0c:a7:27:89:c3:9c:0f:23:bf:b6:43:0f:99:77:
                    7d:81:88:36:ab:b1:3a:97:80:fd:d0:7b:71:47:93:
                    91:b7:69:fe:1b:c6:a8:c0:46:3c:94:b9:0b:49:14:
                    9a:0f:8a:b4:2f:89:86:bb:7e:bc:5f:ad:2c:65:2a:
                    25:05:53:09:33:13:78:ae:28:08:c0:84:0b:7f:9d:
                    97:60:2e:80:a3:38:1e:fd:bb:30:0d:f4:3f:b3:d1:
                    17:01:a4:69:53:21:6c:46:f1:f1:f7:5e:1d:33:e9:
                    14:9b:c8:77:68:be:9a:60:1d:43:6d:d6:17:40:43:
                    ad:04:fa:d9:f4:96:df:e6:0b:1e:56:2b:d0:3f:e8:
                    34:08:71:7d:65:ff:3f:95:2d:7e:90:be:03:8f:05:
                    58:8b:e5:de:af:fe:f2:67:97:b4:ff:fa:fe:da:55:
                    9e:57:46:66:bd:87:f4:09:85:56:ad:af:f6:58:9a:
                    e1:dc:d7:b2:7a:b4:b5:5a:31:a3:12:17:87:33:a2:
                    7d:55:cd:c9:28:42:84:9e:55:5a:4a:be:af:c7:6f:
                    e9:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:69:CB:66:7A:91:99:8A:55:B6:88:CB:CD:07:37:1E:42:7F:D2:2D
            X509v3 Authority Key Identifier:
                keyid:B9:FD:D8:95:33:49:71:6A:DA:E7:A8:D1:BB:13:CC:27:F5:20:FF:D6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F3626CB6/02B8B9488BD911EB91C9A537F8AEA228/uf3YlTNJcWra56jRuxPMJ_Ug_9Y.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/arin/uf3YlTNJcWra56jRuxPMJ_Ug_9Y.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F3626CB6/02B8B9488BD911EB91C9A537F8AEA228/0A0CBE28174711EEB6FFCE174AD9E6FC.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  156.0.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:97:4a:c3:08:1c:20:0c:69:43:40:b3:03:25:90:b0:82:e9:
         06:c0:58:c4:8d:15:75:14:d8:f3:e2:61:7e:89:78:04:a7:e1:
         81:a3:75:ef:0a:be:c3:cf:13:54:74:ca:65:7a:7d:80:dd:2f:
         5e:3b:c7:a7:02:be:f7:dd:27:67:6b:c6:6c:c6:18:7b:bb:32:
         d8:4f:6e:c8:4c:a6:98:10:cf:03:00:d3:88:c9:1a:0c:28:fd:
         ba:96:79:6a:de:a3:33:02:82:cc:d4:33:a4:6b:fb:ca:f2:98:
         5e:f4:69:6f:a5:ea:b0:1a:cd:1a:c9:3f:ce:b4:18:4c:5d:7a:
         bb:67:ec:8c:1e:ae:a8:7f:99:8b:20:ac:58:74:b4:49:ca:20:
         d6:ec:d9:4f:47:c0:af:7e:7e:e9:36:38:e5:e3:63:a3:f5:cc:
         02:35:70:01:ff:59:94:0a:09:37:dd:4d:0a:af:af:84:85:31:
         8f:1d:84:8b:68:57:e2:31:68:08:6b:ad:24:46:37:c4:b2:c9:
         d6:2f:d7:b8:2a:a4:fe:cb:8d:52:19:19:59:f0:78:d3:6c:fb:
         6b:66:ae:48:f8:21:94:6f:2c:7e:8d:8f:58:ac:30:76:b9:9f:
         b2:72:0b:8e:01:81:81:b2:99:cb:57:a9:d1:e6:72:bd:1e:f7:
         c7:8f:94:89
-----BEGIN CERTIFICATE-----
MIIFgDCCBGigAwIBAgICA+owDQYJKoZIhvcNAQELBQAwSDETMBEGA1UEAwwKRjM2
MjZDQjZBUjExMC8GA1UEBRMoQjlGREQ4OTUzMzQ5NzE2QURBRTdBOEQxQkIxM0ND
MjdGNTIwRkZENjAeFw0yMzA2MzAxMzA3MTRaFw0yNDA2MzAxMzA3MTRaMBgxFjAU
BgNVBAMTDTY0OWVkMzg1LTFhN2YwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQCubI8hHExnQWH5ojzwAQX0GX6AdzaNl273CDNB+yk8u7T/Wn7RnJaLLJtt
ABcMpyeJw5wPI7+2Qw+Zd32BiDarsTqXgP3Qe3FHk5G3af4bxqjARjyUuQtJFJoP
irQviYa7frxfrSxlKiUFUwkzE3iuKAjAhAt/nZdgLoCjOB79uzAN9D+z0RcBpGlT
IWxG8fH3Xh0z6RSbyHdovppgHUNt1hdAQ60E+tn0lt/mCx5WK9A/6DQIcX1l/z+V
LX6QvgOPBViL5d6v/vJnl7T/+v7aVZ5XRma9h/QJhVatr/ZYmuHc17J6tLVaMaMS
F4czon1VzckoQoSeVVpKvq/Hb+kbAgMBAAGjggKiMIICnjAdBgNVHQ4EFgQUeWnL
ZnqRmYpVtojLzQc3HkJ/0i0wHwYDVR0jBBgwFoAUuf3YlTNJcWra56jRuxPMJ/Ug
/9YwDgYDVR0PAQH/BAQDAgeAMIGVBgNVHR8EgY0wgYowgYeggYSggYGGf3JzeW5j
Oi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJlcl9yZXBvc2l0b3J5
L0YzNjI2Q0I2LzAyQjhCOTQ4OEJEOTExRUI5MUM5QTUzN0Y4QUVBMjI4L3VmM1ls
VE5KY1dyYTU2alJ1eFBNSl9VZ185WS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9hcmlu
L3VmM1lsVE5KY1dyYTU2alJ1eFBNSl9VZ185WS5jZXIwTwYDVR0gAQH/BEUwQzBB
BggrBgEFBQcOAjA1MDMGCCsGAQUFBwIBFidodHRwczovL3Jwa2kuYWZyaW5pYy5u
ZXQvcG9saWN5L0NQUy5wZGYwgdsGCCsGAQUFBwELBIHOMIHLMIGRBggrBgEFBQcw
C4aBhHJzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJlcl9y
ZXBvc2l0b3J5L0YzNjI2Q0I2LzAyQjhCOTQ4OEJEOTExRUI5MUM5QTUzN0Y4QUVB
MjI4LzBBMENCRTI4MTc0NzExRUVCNkZGQ0UxNzRBRDlFNkZDLnJvYTA1BggrBgEF
BQcwDYYpaHR0cHM6Ly9ycmRwLmFmcmluaWMubmV0L25vdGlmaWNhdGlvbi54bWww
HwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACcAGwwDQYJKoZIhvcNAQELBQAD
ggEBAASXSsMIHCAMaUNAswMlkLCC6QbAWMSNFXUU2PPiYX6JeASn4YGjde8KvsPP
E1R0ymV6fYDdL147x6cCvvfdJ2drxmzGGHu7MthPbshMppgQzwMA04jJGgwo/bqW
eWreozMCgszUM6Rr+8rymF70aW+l6rAazRrJP860GExdertn7Iwerqh/mYsgrFh0
tEnKINbs2U9HwK9+fuk2OOXjY6P1zAI1cAH/WZQKCTfdTQqvr4SFMY8dhItoV+Ix
aAhrrSRGN8SyydYv17gqpP7LjVIZGVnweNNs+2tmrkj4IZRvLH6Nj1isMHa5n7Jy
C44BgYGymctXqdHmcr0e98ePlIk=
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:47:06 2024 by rpki-client on console-fra.rpki-client.org