Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F3626CB6/02B8B9488BD911EB91C9A537F8AEA228/C43FF858174911EEA49AB81F4AD9E6FC.roa
File:                     C43FF858174911EEA49AB81F4AD9E6FC.roa (raw, json)
Hash identifier:          lLXspKqZGqAO1P1CgVDUr2D6GNA+VPXLG53SNpJ16Ts=
Subject key identifier:   48:32:4E:3E:FF:5D:74:D3:C9:5A:F1:97:44:C1:23:EE:0C:CF:6E:DB
Certificate issuer:       /CN=F3626CB6AR/serialNumber=B9FDD8953349716ADAE7A8D1BB13CC27F520FFD6
Certificate serial:       03F4
Authority key identifier: B9:FD:D8:95:33:49:71:6A:DA:E7:A8:D1:BB:13:CC:27:F5:20:FF:D6
Authority info access:    rsync://rpki.afrinic.net/repository/arin/uf3YlTNJcWra56jRuxPMJ_Ug_9Y.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F3626CB6/02B8B9488BD911EB91C9A537F8AEA228/C43FF858174911EEA49AB81F4AD9E6FC.roa
Signing time:             Fri 30 Jun 2023 13:26:49 +0000
ROA not before:           Fri 30 Jun 2023 13:26:45 +0000
ROA not after:            Sun 30 Jun 2024 13:26:45 +0000
asID:                     57097
IP address blocks:        156.0.114.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1012 (0x3f4)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F3626CB6AR/serialNumber=B9FDD8953349716ADAE7A8D1BB13CC27F520FFD6
        Validity
            Not Before: Jun 30 13:26:45 2023 GMT
            Not After : Jun 30 13:26:45 2024 GMT
        Subject: CN=649ed819-ffc9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:39:f8:c7:d5:59:5d:dd:ba:55:c6:ff:66:37:
                    74:17:68:1d:2b:97:d1:d5:d7:63:53:e7:19:af:5f:
                    4a:01:9e:d6:d2:76:7d:c0:b8:e7:90:2d:b2:b2:25:
                    50:5d:01:b1:f1:e0:2b:85:ad:17:79:87:b2:9f:f7:
                    3f:84:4e:be:d9:8a:5c:5d:dd:03:4d:7a:5d:58:e4:
                    79:35:f8:d4:55:8c:61:56:7c:0a:ff:f5:41:2b:8d:
                    c2:9d:ed:27:02:3c:ae:46:27:a2:a6:35:6a:54:df:
                    bf:36:7d:9a:e8:13:a4:2e:96:48:3e:20:c5:8c:6a:
                    73:f3:4b:c0:7d:47:18:66:2a:8a:a7:1b:05:30:41:
                    d8:26:e5:bc:d1:14:c1:5b:e4:33:33:d0:06:6d:f6:
                    df:a8:21:75:71:2b:b2:7a:b1:d9:b0:26:7b:85:59:
                    91:7a:0b:b9:ec:74:b1:83:32:ea:d6:48:17:3f:f9:
                    5a:86:cd:54:b7:12:a3:6b:03:38:e0:01:be:6f:40:
                    d5:9c:1c:14:67:91:1c:d5:44:a4:1c:44:2a:59:fb:
                    ed:b1:95:1a:33:e7:af:55:83:3f:9d:78:6c:fc:7a:
                    79:95:2e:59:12:29:8d:db:de:4a:a1:d2:6e:f0:66:
                    fc:10:11:cf:d0:e4:98:6f:b6:7c:cd:0a:9f:df:02:
                    21:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:32:4E:3E:FF:5D:74:D3:C9:5A:F1:97:44:C1:23:EE:0C:CF:6E:DB
            X509v3 Authority Key Identifier:
                keyid:B9:FD:D8:95:33:49:71:6A:DA:E7:A8:D1:BB:13:CC:27:F5:20:FF:D6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F3626CB6/02B8B9488BD911EB91C9A537F8AEA228/uf3YlTNJcWra56jRuxPMJ_Ug_9Y.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/arin/uf3YlTNJcWra56jRuxPMJ_Ug_9Y.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F3626CB6/02B8B9488BD911EB91C9A537F8AEA228/C43FF858174911EEA49AB81F4AD9E6FC.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  156.0.114.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:19:2b:3b:dc:e5:ca:8b:f9:24:a3:a5:1b:46:3c:34:fb:41:
         19:55:9a:20:12:9a:2c:da:4a:46:e4:18:cb:35:05:9e:69:39:
         a8:06:83:e0:40:b2:b3:1e:ae:80:94:c2:4f:e3:55:e7:3c:0b:
         5c:7d:8f:6c:8e:dd:34:21:01:b1:5a:83:af:ee:5c:22:21:59:
         fd:73:13:df:64:44:f4:f2:52:5b:03:b6:6a:78:e0:5e:b0:3e:
         8d:d7:3d:ba:b3:53:69:3b:27:8e:43:f1:9a:b9:65:09:dd:7d:
         09:57:5b:c4:2c:18:b1:66:ba:6f:2e:d6:16:24:7a:23:1b:1a:
         72:06:d9:ee:30:7a:d9:73:06:50:af:34:57:ce:03:0e:5a:16:
         28:0c:d8:df:b9:4e:95:ec:41:d6:20:0a:34:5d:c9:90:69:50:
         9b:03:ec:aa:58:be:40:02:9b:85:d4:08:86:be:9a:6f:32:13:
         5c:d0:e0:39:d2:50:fd:96:e9:63:54:07:b1:00:ca:f3:b3:9c:
         72:f4:e3:f3:99:90:1b:17:3e:d1:30:ce:d3:81:6d:5c:14:f9:
         87:6f:d5:f2:b6:aa:42:e6:a0:12:3c:06:dd:3d:30:d2:6f:13:
         db:a8:f3:8a:81:d0:17:9f:a5:e4:4e:1d:76:fb:cd:e2:f6:b0:
         ec:24:c8:1d
-----BEGIN CERTIFICATE-----
MIIFgDCCBGigAwIBAgICA/QwDQYJKoZIhvcNAQELBQAwSDETMBEGA1UEAwwKRjM2
MjZDQjZBUjExMC8GA1UEBRMoQjlGREQ4OTUzMzQ5NzE2QURBRTdBOEQxQkIxM0ND
MjdGNTIwRkZENjAeFw0yMzA2MzAxMzI2NDVaFw0yNDA2MzAxMzI2NDVaMBgxFjAU
BgNVBAMTDTY0OWVkODE5LWZmYzkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQDQOfjH1Vld3bpVxv9mN3QXaB0rl9HV12NT5xmvX0oBntbSdn3AuOeQLbKy
JVBdAbHx4CuFrRd5h7Kf9z+ETr7Zilxd3QNNel1Y5Hk1+NRVjGFWfAr/9UErjcKd
7ScCPK5GJ6KmNWpU3782fZroE6Qulkg+IMWManPzS8B9RxhmKoqnGwUwQdgm5bzR
FMFb5DMz0AZt9t+oIXVxK7J6sdmwJnuFWZF6C7nsdLGDMurWSBc/+VqGzVS3EqNr
AzjgAb5vQNWcHBRnkRzVRKQcRCpZ++2xlRoz569Vgz+deGz8enmVLlkSKY3b3kqh
0m7wZvwQEc/Q5JhvtnzNCp/fAiGVAgMBAAGjggKiMIICnjAdBgNVHQ4EFgQUSDJO
Pv9ddNPJWvGXRMEj7gzPbtswHwYDVR0jBBgwFoAUuf3YlTNJcWra56jRuxPMJ/Ug
/9YwDgYDVR0PAQH/BAQDAgeAMIGVBgNVHR8EgY0wgYowgYeggYSggYGGf3JzeW5j
Oi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJlcl9yZXBvc2l0b3J5
L0YzNjI2Q0I2LzAyQjhCOTQ4OEJEOTExRUI5MUM5QTUzN0Y4QUVBMjI4L3VmM1ls
VE5KY1dyYTU2alJ1eFBNSl9VZ185WS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9hcmlu
L3VmM1lsVE5KY1dyYTU2alJ1eFBNSl9VZ185WS5jZXIwTwYDVR0gAQH/BEUwQzBB
BggrBgEFBQcOAjA1MDMGCCsGAQUFBwIBFidodHRwczovL3Jwa2kuYWZyaW5pYy5u
ZXQvcG9saWN5L0NQUy5wZGYwgdsGCCsGAQUFBwELBIHOMIHLMIGRBggrBgEFBQcw
C4aBhHJzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJlcl9y
ZXBvc2l0b3J5L0YzNjI2Q0I2LzAyQjhCOTQ4OEJEOTExRUI5MUM5QTUzN0Y4QUVB
MjI4L0M0M0ZGODU4MTc0OTExRUVBNDlBQjgxRjRBRDlFNkZDLnJvYTA1BggrBgEF
BQcwDYYpaHR0cHM6Ly9ycmRwLmFmcmluaWMubmV0L25vdGlmaWNhdGlvbi54bWww
HwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACcAHIwDQYJKoZIhvcNAQELBQAD
ggEBAI8ZKzvc5cqL+SSjpRtGPDT7QRlVmiASmizaSkbkGMs1BZ5pOagGg+BAsrMe
roCUwk/jVec8C1x9j2yO3TQhAbFag6/uXCIhWf1zE99kRPTyUlsDtmp44F6wPo3X
PbqzU2k7J45D8Zq5ZQndfQlXW8QsGLFmum8u1hYkeiMbGnIG2e4wetlzBlCvNFfO
Aw5aFigM2N+5TpXsQdYgCjRdyZBpUJsD7KpYvkACm4XUCIa+mm8yE1zQ4DnSUP2W
6WNUB7EAyvOznHL04/OZkBsXPtEwztOBbVwU+Ydv1fK2qkLmoBI8Bt09MNJvE9uo
84qB0BefpeROHXb7zeL2sOwkyB0=
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:47:07 2024 by rpki-client on console-fra.rpki-client.org