Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F3626CB6/02B8B9488BD911EB91C9A537F8AEA228/3131999E174A11EEA3051A214AD9E6FC.roa
File:                     3131999E174A11EEA3051A214AD9E6FC.roa (raw, json)
Hash identifier:          mVep1Ou7ubaIWVxF7p0mm3GvQDXkdr1J8UyLTWIbVVk=
Subject key identifier:   4D:A8:1C:EB:04:1E:DA:BE:DF:57:84:6B:14:B9:B2:CD:A5:BC:BF:C9
Certificate issuer:       /CN=F3626CB6AR/serialNumber=B9FDD8953349716ADAE7A8D1BB13CC27F520FFD6
Certificate serial:       03F8
Authority key identifier: B9:FD:D8:95:33:49:71:6A:DA:E7:A8:D1:BB:13:CC:27:F5:20:FF:D6
Authority info access:    rsync://rpki.afrinic.net/repository/arin/uf3YlTNJcWra56jRuxPMJ_Ug_9Y.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F3626CB6/02B8B9488BD911EB91C9A537F8AEA228/3131999E174A11EEA3051A214AD9E6FC.roa
Signing time:             Fri 30 Jun 2023 13:29:51 +0000
ROA not before:           Fri 30 Jun 2023 13:29:48 +0000
ROA not after:            Sun 30 Jun 2024 13:29:48 +0000
asID:                     328227
IP address blocks:        156.0.117.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1016 (0x3f8)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F3626CB6AR/serialNumber=B9FDD8953349716ADAE7A8D1BB13CC27F520FFD6
        Validity
            Not Before: Jun 30 13:29:48 2023 GMT
            Not After : Jun 30 13:29:48 2024 GMT
        Subject: CN=649ed8cf-32cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:08:ec:fd:08:9d:78:b6:7a:13:38:ca:74:29:
                    ea:ae:65:f1:b2:b5:a2:b5:45:c3:ff:4e:59:4d:19:
                    72:bb:6d:86:23:a8:e7:7a:79:38:ed:e7:c6:21:a9:
                    86:96:d2:c4:aa:72:fe:69:9d:8d:1d:c4:f2:44:21:
                    48:fe:f1:7a:85:7f:bc:8a:1c:60:b2:36:08:07:fa:
                    a6:35:77:43:e0:2f:fd:f3:5e:29:2b:e3:84:cd:9b:
                    f9:36:9d:7d:e1:8d:50:63:3b:3e:0f:d9:96:4c:c6:
                    aa:aa:f0:75:75:e6:d0:18:90:2e:b3:a2:b9:98:c9:
                    f1:bb:ec:c3:e6:33:0e:96:6b:bf:e4:17:5e:ba:c3:
                    b4:d3:a5:88:0f:b5:9b:de:59:5c:82:9e:39:5c:81:
                    b2:b8:85:17:ab:2b:d1:22:04:2d:8a:7c:63:08:c1:
                    51:78:81:57:a5:eb:21:64:89:e3:76:af:78:b6:9d:
                    b3:0b:78:c4:1e:1d:03:20:25:d9:5c:90:79:53:d9:
                    84:63:1a:75:35:fe:f6:15:9a:7b:51:c8:3c:bb:86:
                    93:ac:7a:ed:1c:f8:d9:0f:77:17:ad:47:49:61:53:
                    ea:ba:37:3b:88:3a:bb:c4:f9:82:eb:f3:1f:db:28:
                    d7:07:6d:c1:47:c9:f5:e6:dd:72:5f:b5:c7:d2:f8:
                    f5:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:A8:1C:EB:04:1E:DA:BE:DF:57:84:6B:14:B9:B2:CD:A5:BC:BF:C9
            X509v3 Authority Key Identifier:
                keyid:B9:FD:D8:95:33:49:71:6A:DA:E7:A8:D1:BB:13:CC:27:F5:20:FF:D6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F3626CB6/02B8B9488BD911EB91C9A537F8AEA228/uf3YlTNJcWra56jRuxPMJ_Ug_9Y.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/arin/uf3YlTNJcWra56jRuxPMJ_Ug_9Y.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F3626CB6/02B8B9488BD911EB91C9A537F8AEA228/3131999E174A11EEA3051A214AD9E6FC.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  156.0.117.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:fb:ba:fb:30:e0:41:5e:42:4a:43:47:80:93:78:c7:00:cd:
         9e:9f:53:15:59:f4:e8:9e:38:8f:63:e9:f6:ad:c5:6d:e4:4e:
         0f:d8:3a:24:a7:e9:9d:1a:93:a2:8f:09:f7:bf:cf:61:a0:3b:
         65:f5:06:8b:80:14:c9:1f:eb:b6:94:44:88:ac:19:b7:38:24:
         f3:36:e0:bf:06:8a:9e:43:8b:bf:7c:b9:4b:c6:e3:9d:31:70:
         2a:ec:ac:23:00:73:e2:eb:c0:f2:83:a9:53:c6:c5:d5:b4:b1:
         36:27:dd:4f:dd:f3:7d:a9:40:91:cd:1e:b4:67:73:ca:12:cb:
         20:4f:ad:8f:ae:ab:f6:8d:38:67:3d:74:2f:3e:e9:d0:fc:fa:
         58:b6:46:3e:1f:7e:c5:80:04:60:1d:7c:ee:84:04:11:90:ff:
         9c:ef:6f:89:f1:01:9d:1c:84:70:59:83:38:22:43:14:aa:e0:
         51:47:4b:fd:28:8b:79:42:e5:75:98:be:7c:f3:dc:9e:4b:93:
         17:9c:48:52:7f:74:25:0f:d9:da:3f:d5:ec:fd:96:7a:e7:a9:
         68:66:82:b0:33:8d:65:18:e2:50:c4:e0:2f:76:8d:9a:0a:12:
         33:ef:95:b9:86:ed:a3:d5:f2:f6:bf:e3:e0:df:9f:7d:61:4a:
         37:e8:8b:72
-----BEGIN CERTIFICATE-----
MIIFgDCCBGigAwIBAgICA/gwDQYJKoZIhvcNAQELBQAwSDETMBEGA1UEAwwKRjM2
MjZDQjZBUjExMC8GA1UEBRMoQjlGREQ4OTUzMzQ5NzE2QURBRTdBOEQxQkIxM0ND
MjdGNTIwRkZENjAeFw0yMzA2MzAxMzI5NDhaFw0yNDA2MzAxMzI5NDhaMBgxFjAU
BgNVBAMTDTY0OWVkOGNmLTMyY2YwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQDDCOz9CJ14tnoTOMp0KequZfGytaK1RcP/TllNGXK7bYYjqOd6eTjt58Yh
qYaW0sSqcv5pnY0dxPJEIUj+8XqFf7yKHGCyNggH+qY1d0PgL/3zXikr44TNm/k2
nX3hjVBjOz4P2ZZMxqqq8HV15tAYkC6zormYyfG77MPmMw6Wa7/kF166w7TTpYgP
tZveWVyCnjlcgbK4hRerK9EiBC2KfGMIwVF4gVel6yFkieN2r3i2nbMLeMQeHQMg
JdlckHlT2YRjGnU1/vYVmntRyDy7hpOseu0c+NkPdxetR0lhU+q6NzuIOrvE+YLr
8x/bKNcHbcFHyfXm3XJftcfS+PV5AgMBAAGjggKiMIICnjAdBgNVHQ4EFgQUTagc
6wQe2r7fV4RrFLmyzaW8v8kwHwYDVR0jBBgwFoAUuf3YlTNJcWra56jRuxPMJ/Ug
/9YwDgYDVR0PAQH/BAQDAgeAMIGVBgNVHR8EgY0wgYowgYeggYSggYGGf3JzeW5j
Oi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJlcl9yZXBvc2l0b3J5
L0YzNjI2Q0I2LzAyQjhCOTQ4OEJEOTExRUI5MUM5QTUzN0Y4QUVBMjI4L3VmM1ls
VE5KY1dyYTU2alJ1eFBNSl9VZ185WS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9hcmlu
L3VmM1lsVE5KY1dyYTU2alJ1eFBNSl9VZ185WS5jZXIwTwYDVR0gAQH/BEUwQzBB
BggrBgEFBQcOAjA1MDMGCCsGAQUFBwIBFidodHRwczovL3Jwa2kuYWZyaW5pYy5u
ZXQvcG9saWN5L0NQUy5wZGYwgdsGCCsGAQUFBwELBIHOMIHLMIGRBggrBgEFBQcw
C4aBhHJzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJlcl9y
ZXBvc2l0b3J5L0YzNjI2Q0I2LzAyQjhCOTQ4OEJEOTExRUI5MUM5QTUzN0Y4QUVB
MjI4LzMxMzE5OTlFMTc0QTExRUVBMzA1MUEyMTRBRDlFNkZDLnJvYTA1BggrBgEF
BQcwDYYpaHR0cHM6Ly9ycmRwLmFmcmluaWMubmV0L25vdGlmaWNhdGlvbi54bWww
HwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACcAHUwDQYJKoZIhvcNAQELBQAD
ggEBABf7uvsw4EFeQkpDR4CTeMcAzZ6fUxVZ9OieOI9j6fatxW3kTg/YOiSn6Z0a
k6KPCfe/z2GgO2X1BouAFMkf67aURIisGbc4JPM24L8Gip5Di798uUvG450xcCrs
rCMAc+LrwPKDqVPGxdW0sTYn3U/d832pQJHNHrRnc8oSyyBPrY+uq/aNOGc9dC8+
6dD8+li2Rj4ffsWABGAdfO6EBBGQ/5zvb4nxAZ0chHBZgzgiQxSq4FFHS/0oi3lC
5XWYvnzz3J5LkxecSFJ/dCUP2do/1ez9lnrnqWhmgrAzjWUY4lDE4C92jZoKEjPv
lbmG7aPV8va/4+Dfn31hSjfoi3I=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:58:31 2024 by rpki-client on console-ams.rpki-client.org