Route Origin Authorization

$ rpki-client -vvf rpki.afrinic.net/repository/member_repository/F3626CB6/02B8B9488BD911EB91C9A537F8AEA228/CF9DFC68590911EC88B26DD25A40D577.roa
File:                     CF9DFC68590911EC88B26DD25A40D577.roa (raw, json)
Hash identifier:          za9+Ev9iHkgyRxbSMow8He0jp1hm/b6IyqRcfxHTV/Y=
Subject key identifier:   BF:66:41:20:AE:2D:D0:C4:66:08:9E:EF:E8:D3:AB:1F:59:56:0B:81
Certificate issuer:       /CN=F3626CB6AR/serialNumber=B9FDD8953349716ADAE7A8D1BB13CC27F520FFD6
Certificate serial:       0176
Authority key identifier: B9:FD:D8:95:33:49:71:6A:DA:E7:A8:D1:BB:13:CC:27:F5:20:FF:D6
Authority info access:    rsync://rpki.afrinic.net/repository/arin/uf3YlTNJcWra56jRuxPMJ_Ug_9Y.cer
Subject info access:      rsync://rpki.afrinic.net/repository/member_repository/F3626CB6/02B8B9488BD911EB91C9A537F8AEA228/CF9DFC68590911EC88B26DD25A40D577.roa
Signing time:             Thu 09 Dec 2021 16:05:21 +0000
ROA not before:           Thu 09 Dec 2021 16:05:18 +0000
ROA not after:            Fri 08 Dec 2023 16:05:18 +0000
asID:                     328227
IP address blocks:        156.0.104.0/24 maxlen: 24
                          156.0.105.0/24 maxlen: 24
                          156.0.106.0/24 maxlen: 24
                          156.0.107.0/24 maxlen: 24
                          156.0.108.0/24 maxlen: 24
                          156.0.109.0/24 maxlen: 24
                          156.0.110.0/24 maxlen: 24
                          156.0.111.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 374 (0x176)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F3626CB6AR/serialNumber=B9FDD8953349716ADAE7A8D1BB13CC27F520FFD6
        Validity
            Not Before: Dec  9 16:05:18 2021 GMT
            Not After : Dec  8 16:05:18 2023 GMT
        Subject: CN=61b22941-e07d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:75:26:4b:7d:06:fa:f6:45:21:7a:27:d4:76:
                    92:c0:f5:28:a3:20:20:9a:65:17:7f:22:97:7f:b2:
                    73:3b:52:00:9f:45:7d:6d:0e:fa:44:f6:36:9e:3d:
                    6c:45:b9:68:94:62:a8:69:7e:25:34:1a:a8:cd:ae:
                    c1:9a:90:0e:c7:f6:21:71:04:d5:12:d0:bb:b0:7a:
                    7b:67:34:7e:62:a1:45:9f:c5:83:14:8b:f1:8b:80:
                    6c:57:e4:dc:4c:9a:1e:af:c4:82:a4:3e:53:f0:37:
                    6d:06:46:29:27:6d:31:82:06:b7:b1:e3:b1:f0:26:
                    b5:16:a1:2d:5e:d3:82:5a:d8:53:5c:c4:bb:8f:f9:
                    5a:01:eb:61:1a:47:ee:41:b3:7b:53:52:94:6a:2d:
                    23:31:37:dd:e2:3c:9b:d3:9d:ec:74:72:fb:5b:38:
                    ad:94:83:4d:50:c0:d6:b8:e2:6e:c0:dd:d2:e1:7a:
                    ee:4e:bd:a2:90:95:c4:69:ac:98:e7:81:67:b7:2a:
                    6c:0a:bc:a0:b4:95:88:28:bf:66:1e:d9:af:ba:9c:
                    16:66:2b:5c:f8:14:fd:ed:a3:0f:7e:e1:33:22:4a:
                    6c:cb:71:41:c9:80:68:c5:9b:45:83:92:23:a1:e5:
                    a6:88:3a:a4:9e:93:94:c4:06:90:b1:e5:7d:24:42:
                    f1:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:66:41:20:AE:2D:D0:C4:66:08:9E:EF:E8:D3:AB:1F:59:56:0B:81
            X509v3 Authority Key Identifier:
                keyid:B9:FD:D8:95:33:49:71:6A:DA:E7:A8:D1:BB:13:CC:27:F5:20:FF:D6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/member_repository/F3626CB6/02B8B9488BD911EB91C9A537F8AEA228/uf3YlTNJcWra56jRuxPMJ_Ug_9Y.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/arin/uf3YlTNJcWra56jRuxPMJ_Ug_9Y.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.afrinic.net/repository/member_repository/F3626CB6/02B8B9488BD911EB91C9A537F8AEA228/CF9DFC68590911EC88B26DD25A40D577.roa
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  156.0.104.0/21

    Signature Algorithm: sha256WithRSAEncryption
         86:7d:83:44:df:43:91:1e:28:ed:3d:c9:44:c3:1b:2a:b7:da:
         a0:09:84:02:dc:ba:6b:93:eb:e5:d9:3b:ba:ca:c1:f7:9f:c2:
         6c:7e:0c:56:b3:7f:51:41:81:00:02:63:9a:bc:8e:05:92:7f:
         c8:e8:ae:ed:23:2a:a1:45:0e:be:c8:60:3d:ea:13:d1:fb:88:
         5b:43:95:45:3f:44:be:eb:a2:b3:83:23:05:e2:6e:8b:23:a2:
         74:3e:02:32:5b:91:ae:ff:d2:ae:f5:0f:18:e8:93:e2:3b:4b:
         2f:a7:04:04:b4:f2:77:11:9f:7d:48:c2:3e:81:c1:3a:c7:0e:
         b8:1a:f6:a2:67:0d:f4:52:29:ec:e1:02:f2:27:e2:ce:c0:af:
         d9:75:bf:e1:d5:70:7b:54:09:48:2b:9d:4d:33:77:50:f7:3d:
         4c:e2:52:6e:09:b0:91:c5:64:8c:df:99:97:c5:43:6a:8f:1c:
         b2:74:7d:31:c3:8c:01:45:fa:04:45:0c:12:84:8e:98:6d:61:
         e7:47:bd:49:cc:12:b3:c4:20:d7:e6:70:00:ec:0e:45:c4:37:
         05:04:b0:3f:60:c5:b9:fa:63:f1:be:5f:8f:42:68:2e:50:97:
         64:9e:68:29:0b:99:f8:08:8e:cc:51:33:37:21:73:78:e0:4c:
         d7:c1:28:c4
-----BEGIN CERTIFICATE-----
MIIFgDCCBGigAwIBAgICAXYwDQYJKoZIhvcNAQELBQAwSDETMBEGA1UEAxMKRjM2
MjZDQjZBUjExMC8GA1UEBRMoQjlGREQ4OTUzMzQ5NzE2QURBRTdBOEQxQkIxM0ND
MjdGNTIwRkZENjAeFw0yMTEyMDkxNjA1MThaFw0yMzEyMDgxNjA1MThaMBgxFjAU
BgNVBAMMDTYxYjIyOTQxLWUwN2QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC9dSZLfQb69kUheifUdpLA9SijICCaZRd/Ipd/snM7UgCfRX1tDvpE9jae
PWxFuWiUYqhpfiU0GqjNrsGakA7H9iFxBNUS0LuwentnNH5ioUWfxYMUi/GLgGxX
5NxMmh6vxIKkPlPwN20GRiknbTGCBrex47HwJrUWoS1e04Ja2FNcxLuP+VoB62Ea
R+5Bs3tTUpRqLSMxN93iPJvTnex0cvtbOK2Ug01QwNa44m7A3dLheu5OvaKQlcRp
rJjngWe3KmwKvKC0lYgov2Ye2a+6nBZmK1z4FP3tow9+4TMiSmzLcUHJgGjFm0WD
kiOh5aaIOqSek5TEBpCx5X0kQvEpAgMBAAGjggKiMIICnjAdBgNVHQ4EFgQUv2ZB
IK4t0MRmCJ7v6NOrH1lWC4EwHwYDVR0jBBgwFoAUuf3YlTNJcWra56jRuxPMJ/Ug
/9YwDgYDVR0PAQH/BAQDAgeAMIGVBgNVHR8EgY0wgYowgYeggYSggYGGf3JzeW5j
Oi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJlcl9yZXBvc2l0b3J5
L0YzNjI2Q0I2LzAyQjhCOTQ4OEJEOTExRUI5MUM5QTUzN0Y4QUVBMjI4L3VmM1ls
VE5KY1dyYTU2alJ1eFBNSl9VZ185WS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVwb3NpdG9yeS9hcmlu
L3VmM1lsVE5KY1dyYTU2alJ1eFBNSl9VZ185WS5jZXIwTwYDVR0gAQH/BEUwQzBB
BggrBgEFBQcOAjA1MDMGCCsGAQUFBwIBFidodHRwczovL3Jwa2kuYWZyaW5pYy5u
ZXQvcG9saWN5L0NQUy5wZGYwgdsGCCsGAQUFBwELBIHOMIHLMIGRBggrBgEFBQcw
C4aBhHJzeW5jOi8vcnBraS5hZnJpbmljLm5ldC9yZXBvc2l0b3J5L21lbWJlcl9y
ZXBvc2l0b3J5L0YzNjI2Q0I2LzAyQjhCOTQ4OEJEOTExRUI5MUM5QTUzN0Y4QUVB
MjI4L0NGOURGQzY4NTkwOTExRUM4OEIyNkREMjVBNDBENTc3LnJvYTA1BggrBgEF
BQcwDYYpaHR0cHM6Ly9ycmRwLmFmcmluaWMubmV0L25vdGlmaWNhdGlvbi54bWww
HwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAOcAGgwDQYJKoZIhvcNAQELBQAD
ggEBAIZ9g0TfQ5EeKO09yUTDGyq32qAJhALcumuT6+XZO7rKwfefwmx+DFazf1FB
gQACY5q8jgWSf8joru0jKqFFDr7IYD3qE9H7iFtDlUU/RL7rorODIwXibosjonQ+
AjJbka7/0q71Dxjok+I7Sy+nBAS08ncRn31Iwj6BwTrHDrga9qJnDfRSKezhAvIn
4s7Ar9l1v+HVcHtUCUgrnU0zd1D3PUziUm4JsJHFZIzfmZfFQ2qPHLJ0fTHDjAFF
+gRFDBKEjphtYedHvUnMErPEINfmcADsDkXENwUEsD9gxbn6Y/G+X49CaC5Ql2Se
aCkLmfgIjsxRMzchc3jgTNfBKMQ=
-----END CERTIFICATE-----