Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/ff9fa84e-9783-4a0b-a58d-6dc8e2433d33/7198ab43-7bc6-49c3-86c2-1b4510bbbc76.roa
File:                     7198ab43-7bc6-49c3-86c2-1b4510bbbc76.roa (raw, json)
Hash identifier:          55b4ApGMpPDlTgKJkGo/W0smJ4SvX5ZOGRIEhWg85qE=
Subject key identifier:   CC:4E:20:7E:D5:2D:40:B6:DE:4C:5E:4D:CD:8E:6E:98:9F:19:36:4A
Certificate issuer:       /CN=1b1fe67321cf669f9c2b75369cc0fdd38c163c58b1d42d0107
Certificate serial:       370775A31361F34B023ABB05B0A196B4EADA0B79
Authority key identifier: 15:F4:EF:04:F5:AF:23:96:C9:5F:16:42:E3:79:07:8B:48:8C:16:0B
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5b7fb122-dfdf-4c0c-b90d-3bc7a5feb82b/aaa76394-48fc-4ff3-b6aa-0693c55d758f/1b1fe67321cf669f9c2b75369cc0fdd38c163c58b1d42d0107.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/ff9fa84e-9783-4a0b-a58d-6dc8e2433d33/7198ab43-7bc6-49c3-86c2-1b4510bbbc76.roa
Signing time:             Mon 22 Apr 2024 00:00:00 +0000
ROA not before:           Mon 22 Apr 2024 00:00:00 +0000
ROA not after:            Mon 27 May 2024 23:59:59 +0000
asID:                     8987
IP address blocks:        173.82.137.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:07:75:a3:13:61:f3:4b:02:3a:bb:05:b0:a1:96:b4:ea:da:0b:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b1fe67321cf669f9c2b75369cc0fdd38c163c58b1d42d0107
        Validity
            Not Before: Apr 22 00:00:00 2024 GMT
            Not After : May 27 23:59:59 2024 GMT
        Subject: serialNumber=1a35aed2505f36888d335790b5cb268b09a277c58864fbd188de806a70d32b43, CN=35095e3e-84cb-4ad0-bda1-6c6f8da69f61
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:8c:f1:d0:4f:1d:ae:5b:fd:3b:6c:4c:54:9d:
                    01:90:64:af:e4:8b:eb:03:98:7d:7c:bb:87:f2:46:
                    7b:88:22:60:26:45:49:5a:52:c1:92:a7:29:78:d4:
                    00:8e:b6:23:b7:98:cd:bf:dc:43:81:27:b6:13:da:
                    e2:b1:b6:77:08:b4:79:1c:f6:a3:63:53:a4:32:c4:
                    8b:1c:9e:25:62:9b:98:84:ba:bc:18:11:47:d7:e2:
                    19:be:0c:69:8f:b3:f3:e4:a6:67:03:46:12:7b:bd:
                    f2:74:82:bc:72:b7:ad:6b:19:a0:38:50:dd:70:05:
                    06:99:72:03:72:8d:2c:95:6b:1c:0b:4b:d2:6d:d7:
                    fd:eb:6b:68:9a:fd:fd:d6:af:0d:e5:5b:ce:52:e8:
                    9a:cc:51:4b:83:9d:c0:ec:b0:9a:89:81:5b:ad:0b:
                    54:b5:60:c7:a8:a2:f2:56:31:21:4c:96:e6:3c:ca:
                    13:5d:6d:1d:a3:ca:5e:b4:bf:f5:ce:2b:f0:1e:33:
                    bc:64:da:5b:f8:dd:b6:31:be:bd:57:3c:45:b9:be:
                    ba:77:fe:cd:04:97:0f:1b:be:6e:d4:37:c2:8f:b3:
                    a3:49:ff:8c:e7:ca:f9:7c:86:0f:b0:d6:0c:a1:e6:
                    0e:76:29:da:51:5c:af:6b:de:52:39:27:ef:29:30:
                    cd:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:4E:20:7E:D5:2D:40:B6:DE:4C:5E:4D:CD:8E:6E:98:9F:19:36:4A
            X509v3 Authority Key Identifier:
                keyid:15:F4:EF:04:F5:AF:23:96:C9:5F:16:42:E3:79:07:8B:48:8C:16:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5b7fb122-dfdf-4c0c-b90d-3bc7a5feb82b/aaa76394-48fc-4ff3-b6aa-0693c55d758f/1b1fe67321cf669f9c2b75369cc0fdd38c163c58b1d42d0107.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/ff9fa84e-9783-4a0b-a58d-6dc8e2433d33/7198ab43-7bc6-49c3-86c2-1b4510bbbc76.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/ff9fa84e-9783-4a0b-a58d-6dc8e2433d33/z2afnCt1NpzA_dOMFjxYsdQtAQc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  173.82.137.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:31:c2:84:86:7b:92:94:e2:cd:7d:e7:3b:dc:5b:0b:49:a2:
         c4:61:bc:80:d8:6e:be:1e:b8:f1:0a:14:50:cb:22:47:c6:81:
         ed:82:ce:fb:1d:f0:f2:4f:04:14:22:76:9a:e9:57:25:25:be:
         0d:13:4f:2e:7a:b5:19:c6:1f:05:86:f9:6b:8c:23:70:11:29:
         38:57:28:25:04:fa:a2:88:d7:99:93:15:bf:ec:6f:58:af:6b:
         0d:fc:af:cb:9e:08:4e:a0:64:6e:94:e7:8e:0f:86:bc:0f:00:
         cf:b9:dc:a3:10:c6:ac:cc:0d:fa:02:95:7a:14:8d:01:fd:5d:
         03:c2:09:7d:1b:0b:44:c0:00:47:fa:6e:f1:4f:03:92:11:68:
         37:ef:80:1a:ee:d1:ef:8c:2e:e7:46:c9:b4:c7:3f:7d:45:66:
         87:5a:06:39:e1:e8:c0:c9:1d:c5:5a:23:5f:e2:b7:6e:b6:16:
         d3:f4:59:9e:b1:0c:39:6a:fe:85:96:df:7f:c6:6e:3c:15:5b:
         81:59:d5:65:93:3c:34:5c:a9:4b:ef:6f:24:51:d4:df:b6:9d:
         b7:89:ca:5e:42:b8:9c:db:76:07:e3:86:7f:d5:e1:3d:19:95:
         d6:e9:bc:0e:6f:12:6e:74:d0:d3:3d:cb:8f:45:7f:a9:ee:1a:
         50:28:e1:d4
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUNwd1oxNh80sCOrsFsKGWtOraC3kwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMWIxZmU2NzMyMWNmNjY5ZjljMmI3NTM2OWNjMGZkZDM4
YzE2M2M1OGIxZDQyZDAxMDcwHhcNMjQwNDIyMDAwMDAwWhcNMjQwNTI3MjM1OTU5
WjB6MUkwRwYDVQQFE0AxYTM1YWVkMjUwNWYzNjg4OGQzMzU3OTBiNWNiMjY4YjA5
YTI3N2M1ODg2NGZiZDE4OGRlODA2YTcwZDMyYjQzMS0wKwYDVQQDEyQzNTA5NWUz
ZS04NGNiLTRhZDAtYmRhMS02YzZmOGRhNjlmNjEwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDijPHQTx2uW/07bExUnQGQZK/ki+sDmH18u4fyRnuIImAm
RUlaUsGSpyl41ACOtiO3mM2/3EOBJ7YT2uKxtncItHkc9qNjU6QyxIscniVim5iE
urwYEUfX4hm+DGmPs/PkpmcDRhJ7vfJ0grxyt61rGaA4UN1wBQaZcgNyjSyVaxwL
S9Jt1/3ra2ia/f3Wrw3lW85S6JrMUUuDncDssJqJgVutC1S1YMeoovJWMSFMluY8
yhNdbR2jyl60v/XOK/AeM7xk2lv43bYxvr1XPEW5vrp3/s0Elw8bvm7UN8KPs6NJ
/4znyvl8hg+w1gyh5g52KdpRXK9r3lI5J+8pMM0bAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUzE4gftUtQLbeTF5NzY5umJ8ZNkowHwYDVR0jBBgwFoAUFfTvBPWvI5bJ
XxZC43kHi0iMFgswDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzViN2ZiMTIyLWRmZGYtNGMwYy1iOTBkLTNiYzdhNWZlYjgyYi9hYWE3NjM5NC00
OGZjLTRmZjMtYjZhYS0wNjkzYzU1ZDc1OGYvMWIxZmU2NzMyMWNmNjY5ZjljMmI3
NTM2OWNjMGZkZDM4YzE2M2M1OGIxZDQyZDAxMDcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZmY5ZmE4NGUtOTc4My00YTBiLWE1OGQtNmRj
OGUyNDMzZDMzLzcxOThhYjQzLTdiYzYtNDljMy04NmMyLTFiNDUxMGJiYmM3Ni5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2ZmOWZhODRlLTk3ODMtNGEwYi1hNThk
LTZkYzhlMjQzM2QzMy96MmFmbkN0MU5wekFfZE9NRmp4WXNkUXRBUWMuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBACtUokwDQYJKoZIhvcNAQELBQADggEBACIxwoSGe5KU4s195zvcWwtJosRh
vIDYbr4euPEKFFDLIkfGge2Czvsd8PJPBBQidprpVyUlvg0TTy56tRnGHwWG+WuM
I3ARKThXKCUE+qKI15mTFb/sb1ivaw38r8ueCE6gZG6U544PhrwPAM+53KMQxqzM
DfoClXoUjQH9XQPCCX0bC0TAAEf6bvFPA5IRaDfvgBru0e+MLudGybTHP31FZoda
Bjnh6MDJHcVaI1/it262FtP0WZ6xDDlq/oWW33/GbjwVW4FZ1WWTPDRcqUvvbyRR
1N+2nbeJyl5CuJzbdgfjhn/V4T0ZldbpvA5vEm500NM9y49Ff6nuGlAo4dQ=
-----END CERTIFICATE-----