Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F3626CB6/02B8B9488BD911EB91C9A537F8AEA228/B68E298C7A2C11EEB5A4D64F4AD9E6FC.roa
File:                     B68E298C7A2C11EEB5A4D64F4AD9E6FC.roa (raw, json)
Hash identifier:          7hafiXgqWMvE28WnO5iZVz9o3eHl2TeSmcXGO8U/Dbo=
Subject key identifier:   E0:DB:85:C6:21:F7:D5:AB:AB:11:A3:6D:09:87:09:26:B4:35:FB:E4
Certificate issuer:       /CN=F3626CB6AR/serialNumber=B9FDD8953349716ADAE7A8D1BB13CC27F520FFD6
Certificate serial:       051B
Authority key identifier: B9:FD:D8:95:33:49:71:6A:DA:E7:A8:D1:BB:13:CC:27:F5:20:FF:D6
Authority info access:    rsync://rpki.afrinic.net/repository/arin/uf3YlTNJcWra56jRuxPMJ_Ug_9Y.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F3626CB6/02B8B9488BD911EB91C9A537F8AEA228/B68E298C7A2C11EEB5A4D64F4AD9E6FC.roa
Signing time:             Fri 03 Nov 2023 09:38:15 +0000
ROA not before:           Fri 03 Nov 2023 09:38:12 +0000
ROA not after:            Sun 03 Nov 2024 09:38:12 +0000
asID:                     398465
IP address blocks:        156.0.123.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1307 (0x51b)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F3626CB6AR/serialNumber=B9FDD8953349716ADAE7A8D1BB13CC27F520FFD6
        Validity
            Not Before: Nov  3 09:38:12 2023 GMT
            Not After : Nov  3 09:38:12 2024 GMT
        Subject: CN=6544bf87-6312
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:67:ff:e3:5c:7f:fd:64:92:b2:49:84:c3:03:
                    57:07:80:f9:b9:15:dc:e0:3e:4c:fb:89:c4:50:ed:
                    db:f8:55:98:c6:8f:d3:7c:15:ea:a5:bf:6d:c3:b6:
                    e2:b3:eb:88:ea:22:ec:5d:7f:98:36:96:5f:44:3d:
                    a3:65:a5:70:8e:e9:1d:70:56:99:4d:b5:d9:61:04:
                    ed:12:4f:3a:db:2e:f6:ed:2c:a9:fc:3d:44:bf:62:
                    c0:da:20:05:72:e5:6b:7a:06:90:7c:e9:9d:f9:3f:
                    2d:7d:99:2b:fe:8e:47:ac:b2:61:d4:cb:74:77:2f:
                    1d:93:f7:bf:c4:09:f5:23:fd:06:16:7d:78:d9:83:
                    76:ad:64:35:00:d3:8e:f2:6d:62:67:13:ba:e2:04:
                    99:e8:61:38:5a:8e:2c:f7:a3:ea:9a:49:fd:89:ff:
                    3d:07:c6:46:7f:ad:08:3d:96:87:8e:7b:67:0c:f6:
                    64:ec:14:b0:9c:7e:17:58:da:66:87:85:8e:a5:bc:
                    32:ac:17:8d:e6:45:28:d1:04:9e:29:ca:ca:71:67:
                    c1:5d:e4:a2:c0:c7:8c:f7:7c:a7:e6:e6:c6:e9:b6:
                    0b:9b:95:3a:82:70:03:49:fc:96:2e:34:77:28:f8:
                    62:af:6d:60:40:b9:34:32:8e:dd:40:9b:57:8a:93:
                    19:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:DB:85:C6:21:F7:D5:AB:AB:11:A3:6D:09:87:09:26:B4:35:FB:E4
            X509v3 Authority Key Identifier:
                keyid:B9:FD:D8:95:33:49:71:6A:DA:E7:A8:D1:BB:13:CC:27:F5:20:FF:D6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F3626CB6/02B8B9488BD911EB91C9A537F8AEA228/uf3YlTNJcWra56jRuxPMJ_Ug_9Y.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/arin/uf3YlTNJcWra56jRuxPMJ_Ug_9Y.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F3626CB6/02B8B9488BD911EB91C9A537F8AEA228/B68E298C7A2C11EEB5A4D64F4AD9E6FC.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  156.0.123.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b0:62:78:48:e3:89:a3:b2:71:7e:f3:8e:14:39:8a:b8:81:b7:
         90:27:33:0f:90:a3:86:75:66:4f:90:61:17:08:18:63:eb:c5:
         53:b5:57:f5:2b:b2:df:0a:bd:4f:21:ef:5b:3d:b5:a8:7e:36:
         53:a7:46:f9:74:c9:51:a0:5f:e0:23:d1:da:15:e7:18:8e:a5:
         2a:c5:b3:9f:c1:02:1e:53:e5:5f:9e:02:93:17:fc:4f:35:ef:
         1d:b4:c0:2e:8c:42:e8:29:c5:3b:c0:93:d6:b6:ee:6f:f8:c1:
         49:8e:31:c5:51:f7:b6:06:8d:d2:19:f9:a1:5e:25:a9:8c:d6:
         2e:21:81:dc:eb:93:be:6b:ea:e4:1c:31:29:53:3b:5b:29:44:
         a5:13:b9:41:24:6b:5f:13:1e:13:7c:a1:f5:f7:57:56:c5:8b:
         be:e1:42:ef:80:6b:bf:32:5b:7d:12:5a:25:a4:33:fd:89:c6:
         41:1e:49:b3:62:3f:39:1a:ac:20:1a:c5:ee:e4:a5:02:96:bd:
         56:17:44:12:40:56:11:8e:7b:d3:c6:b9:dd:5d:cb:1e:62:d1:
         4e:6f:22:f1:da:8f:a2:83:ab:93:b1:30:5d:ad:2b:26:4c:ee:
         ed:3f:58:d7:c1:54:64:8d:5a:bd:6e:3d:9c:c8:6f:42:fe:40:
         41:0c:50:77
-----BEGIN CERTIFICATE-----
MIIFgDCCBGigAwIBAgICBRswDQYJKoZIhvcNAQELBQAwSDETMBEGA1UEAwwKRjM2
MjZDQjZBUjExMC8GA1UEBRMoQjlGREQ4OTUzMzQ5NzE2QURBRTdBOEQxQkIxM0ND
MjdGNTIwRkZENjAeFw0yMzExMDMwOTM4MTJaFw0yNDExMDMwOTM4MTJaMBgxFjAU
BgNVBAMTDTY1NDRiZjg3LTYzMTIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC4Z//jXH/9ZJKySYTDA1cHgPm5FdzgPkz7icRQ7dv4VZjGj9N8Feqlv23D
tuKz64jqIuxdf5g2ll9EPaNlpXCO6R1wVplNtdlhBO0STzrbLvbtLKn8PUS/YsDa
IAVy5Wt6BpB86Z35Py19mSv+jkessmHUy3R3Lx2T97/ECfUj/QYWfXjZg3atZDUA
047ybWJnE7riBJnoYThajiz3o+qaSf2J/z0HxkZ/rQg9loeOe2cM9mTsFLCcfhdY
2maHhY6lvDKsF43mRSjRBJ4pyspxZ8Fd5KLAx4z3fKfm5sbptgublTqCcANJ/JYu
NHco+GKvbWBAuTQyjt1Am1eKkxn3AgMBAAGjggKiMIICnjAdBgNVHQ4EFgQU4NuF
xiH31aurEaNtCYcJJrQ1++QwHwYDVR0jBBgwFoAUuf3YlTNJcWra56jRuxPMJ/Ug
/9YwDgYDVR0PAQH/BAQDAgeAMIGVBgNVHR8EgY0wgYowgYeggYSggYGGf3JzeW5j
Oi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJlcl9yZXBvc2l0b3J5
L0YzNjI2Q0I2LzAyQjhCOTQ4OEJEOTExRUI5MUM5QTUzN0Y4QUVBMjI4L3VmM1ls
VE5KY1dyYTU2alJ1eFBNSl9VZ185WS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9hcmlu
L3VmM1lsVE5KY1dyYTU2alJ1eFBNSl9VZ185WS5jZXIwTwYDVR0gAQH/BEUwQzBB
BggrBgEFBQcOAjA1MDMGCCsGAQUFBwIBFidodHRwczovL3Jwa2kuYWZyaW5pYy5u
ZXQvcG9saWN5L0NQUy5wZGYwgdsGCCsGAQUFBwELBIHOMIHLMIGRBggrBgEFBQcw
C4aBhHJzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJlcl9y
ZXBvc2l0b3J5L0YzNjI2Q0I2LzAyQjhCOTQ4OEJEOTExRUI5MUM5QTUzN0Y4QUVB
MjI4L0I2OEUyOThDN0EyQzExRUVCNUE0RDY0RjRBRDlFNkZDLnJvYTA1BggrBgEF
BQcwDYYpaHR0cHM6Ly9ycmRwLmFmcmluaWMubmV0L25vdGlmaWNhdGlvbi54bWww
HwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACcAHswDQYJKoZIhvcNAQELBQAD
ggEBALBieEjjiaOycX7zjhQ5iriBt5AnMw+Qo4Z1Zk+QYRcIGGPrxVO1V/Urst8K
vU8h71s9tah+NlOnRvl0yVGgX+Aj0doV5xiOpSrFs5/BAh5T5V+eApMX/E817x20
wC6MQugpxTvAk9a27m/4wUmOMcVR97YGjdIZ+aFeJamM1i4hgdzrk75r6uQcMSlT
O1spRKUTuUEka18THhN8ofX3V1bFi77hQu+Aa78yW30SWiWkM/2JxkEeSbNiPzka
rCAaxe7kpQKWvVYXRBJAVhGOe9PGud1dyx5i0U5vIvHaj6KDq5OxMF2tKyZM7u0/
WNfBVGSNWr1uPZzIb0L+QEEMUHc=
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:47:07 2024 by rpki-client on console-fra.rpki-client.org