Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf7f518c5d017f949e0c8c42f5/0/3136322e3232332e36342e302f32312d3234203d3e203534343731.roa
File:                     3136322e3232332e36342e302f32312d3234203d3e203534343731.roa (raw, json)
Hash identifier:          bvsp+FcBiIzjFYbfiVQN8rYLE5gW40vafJqgSkUVDH4=
Subject key identifier:   FD:BB:BF:2B:6E:E9:32:BF:DC:79:CA:9B:68:B4:4B:9D:61:3E:BD:86
Certificate issuer:       /CN=63ef6ba7c75b0732465686b4f94bffe5c8f62e466a4f048b0a
Certificate serial:       4924D2497D28BACE40039EEE4019F5A7FE8607C3
Authority key identifier: E5:2C:37:7F:6C:65:01:F9:CA:9E:EB:01:8F:66:22:B1:DC:E9:86:00
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/d7e20303-2390-47a7-b89c-842367be4584/63ef6ba7c75b0732465686b4f94bffe5c8f62e466a4f048b0a.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf7f518c5d017f949e0c8c42f5/0/3136322e3232332e36342e302f32312d3234203d3e203534343731.roa
Signing time:             Tue 11 Jul 2023 00:13:44 +0000
ROA not before:           Tue 11 Jul 2023 00:08:44 +0000
ROA not after:            Tue 09 Jul 2024 00:13:44 +0000
asID:                     54471
IP address blocks:        162.223.64.0/21 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            49:24:d2:49:7d:28:ba:ce:40:03:9e:ee:40:19:f5:a7:fe:86:07:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63ef6ba7c75b0732465686b4f94bffe5c8f62e466a4f048b0a
        Validity
            Not Before: Jul 11 00:08:44 2023 GMT
            Not After : Jul  9 00:13:44 2024 GMT
        Subject: CN=FDBBBF2B6EE932BFDC79CA9B68B44B9D613EBD86
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:1a:96:9d:98:b5:17:d5:98:00:cc:67:b5:34:
                    00:be:a1:2b:84:05:be:3d:6c:ab:6a:6f:cb:b2:da:
                    a3:a1:5b:e6:c5:a6:d7:6e:3d:3b:3a:94:41:d8:93:
                    31:c8:07:96:7e:bb:9e:44:49:b7:9d:36:fd:e9:c0:
                    16:84:85:bb:b7:bb:de:ea:f3:6a:f2:b2:9a:e2:7f:
                    8c:e7:63:14:55:12:30:29:7f:40:3a:c8:47:c4:8f:
                    79:29:88:30:48:75:f1:16:5f:dd:43:85:f2:39:25:
                    c5:3e:7d:11:12:bd:40:c7:2b:28:c8:07:a8:ff:57:
                    8f:26:23:20:92:c7:a9:85:e9:d9:82:f6:ef:93:72:
                    9f:72:48:97:5c:48:ab:89:7e:d3:87:43:ec:d0:cb:
                    93:31:48:f5:40:8d:d9:3f:b8:36:30:41:f9:be:4b:
                    c3:38:71:2c:3e:21:be:e4:84:cd:58:50:78:86:ef:
                    a1:e3:86:da:b6:86:e8:b8:34:cd:51:18:cd:e1:25:
                    62:ab:11:d1:b6:d9:24:f9:60:a4:53:14:7f:87:36:
                    72:19:5c:24:a1:df:39:e4:9e:89:4b:41:9f:ac:bf:
                    88:f9:1e:e1:aa:71:1f:35:20:66:6a:a8:19:d1:00:
                    e4:b1:4b:89:c6:dc:ab:3a:5a:73:5c:17:0e:6f:b2:
                    cc:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:BB:BF:2B:6E:E9:32:BF:DC:79:CA:9B:68:B4:4B:9D:61:3E:BD:86
            X509v3 Authority Key Identifier:
                keyid:E5:2C:37:7F:6C:65:01:F9:CA:9E:EB:01:8F:66:22:B1:DC:E9:86:00

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf7f518c5d017f949e0c8c42f5/0/E52C377F6C6501F9CA9EEB018F6622B1DCE98600.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/d7e20303-2390-47a7-b89c-842367be4584/63ef6ba7c75b0732465686b4f94bffe5c8f62e466a4f048b0a.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf7f518c5d017f949e0c8c42f5/0/3136322e3232332e36342e302f32312d3234203d3e203534343731.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  162.223.64.0/21

    Signature Algorithm: sha256WithRSAEncryption
         66:da:e8:4d:be:4c:b1:fd:16:ee:12:bd:29:d6:5c:2f:4c:d7:
         c0:70:f7:10:55:77:3b:02:83:e0:6d:43:58:bf:a6:62:1d:23:
         ca:53:a9:61:f5:01:ba:21:bf:80:eb:b6:72:e4:e0:17:ba:1b:
         9e:eb:5b:9b:3f:ea:67:6c:ee:1e:f8:00:6b:67:85:df:42:88:
         c1:b0:21:c1:a4:04:0d:46:5e:c6:f6:fb:ca:fd:c4:00:bf:ce:
         0e:e2:bb:69:54:cd:6c:21:0e:b0:d0:1e:a0:a5:c3:16:4d:7c:
         ff:f3:a7:ce:9a:39:5d:3e:38:8e:2b:bb:78:1e:bb:8f:a7:4d:
         35:b4:75:82:90:da:53:22:be:0f:95:04:78:d6:25:5f:38:64:
         cc:b5:bf:29:9a:bc:9e:f7:fd:37:eb:ef:5e:b5:b8:7c:32:73:
         6c:66:14:eb:f0:7d:b4:a2:a0:4a:0e:48:44:ff:74:f7:08:85:
         ee:35:0b:26:89:ee:ac:80:7c:61:d5:c0:99:0d:b1:e0:83:ec:
         54:c3:db:67:90:bb:e7:d9:ef:33:25:75:63:38:74:cc:bd:54:
         71:13:5f:b1:b6:2b:7b:2c:eb:d0:a1:53:9d:ea:6a:cd:63:52:
         f8:33:35:cb:6b:95:04:86:d8:e4:a2:43:28:1a:db:f0:72:8a:
         be:8e:2c:86
-----BEGIN CERTIFICATE-----
MIIFsjCCBJqgAwIBAgIUSSTSSX0ous5AA57uQBn1p/6GB8MwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNjNlZjZiYTdjNzViMDczMjQ2NTY4NmI0Zjk0YmZmZTVj
OGY2MmU0NjZhNGYwNDhiMGEwHhcNMjMwNzExMDAwODQ0WhcNMjQwNzA5MDAxMzQ0
WjAzMTEwLwYDVQQDEyhGREJCQkYyQjZFRTkzMkJGREM3OUNBOUI2OEI0NEI5RDYx
M0VCRDg2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqhqWnZi1F9WY
AMxntTQAvqErhAW+PWyram/LstqjoVvmxabXbj07OpRB2JMxyAeWfrueREm3nTb9
6cAWhIW7t7ve6vNq8rKa4n+M52MUVRIwKX9AOshHxI95KYgwSHXxFl/dQ4XyOSXF
Pn0REr1AxysoyAeo/1ePJiMgksephenZgvbvk3KfckiXXEiriX7Th0Ps0MuTMUj1
QI3ZP7g2MEH5vkvDOHEsPiG+5ITNWFB4hu+h44batobouDTNURjN4SViqxHRttkk
+WCkUxR/hzZyGVwkod855J6JS0GfrL+I+R7hqnEfNSBmaqgZ0QDksUuJxtyrOlpz
XBcOb7LMxwIDAQABo4ICsjCCAq4wHQYDVR0OBBYEFP27vytu6TK/3HnKm2i0S51h
Pr2GMB8GA1UdIwQYMBaAFOUsN39sZQH5yp7rAY9mIrHc6YYAMA4GA1UdDwEB/wQE
AwIHgDCBhQYDVR0fBH4wfDB6oHigdoZ0cnN5bmM6Ly9ycGtpLXJwcy5hcmluLm5l
dC9yZXBvc2l0b3J5LzhhODQ4YWRmN2Y1MThjNWQwMTdmOTQ5ZTBjOGM0MmY1LzAv
RTUyQzM3N0Y2QzY1MDFGOUNBOUVFQjAxOEY2NjIyQjFEQ0U5ODYwMC5jcmwwgfMG
CCsGAQUFBwEBBIHmMIHjMIHgBggrBgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmlu
Lm5ldC9yZXBvc2l0b3J5L2FyaW4tcnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2Ut
YjA4Yy0yMTcxZGEyMTU3ZDMvNTIxZWIzM2YtOTY3Mi00Y2Q5LWFjY2UtMTM3MjI3
ZTk3MWFjL2Q3ZTIwMzAzLTIzOTAtNDdhNy1iODljLTg0MjM2N2JlNDU4NC82M2Vm
NmJhN2M3NWIwNzMyNDY1Njg2YjRmOTRiZmZlNWM4ZjYyZTQ2NmE0ZjA0OGIwYS5j
ZXIwgaIGCCsGAQUFBwELBIGVMIGSMIGPBggrBgEFBQcwC4aBgnJzeW5jOi8vcnBr
aS1ycHMuYXJpbi5uZXQvcmVwb3NpdG9yeS84YTg0OGFkZjdmNTE4YzVkMDE3Zjk0
OWUwYzhjNDJmNS8wLzMxMzYzMjJlMzIzMjMzMmUzNjM0MmUzMDJmMzIzMTJkMzIz
NDIwM2QzZTIwMzUzNDM0MzczMS5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcO
AjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEA6LfQDANBgkqhkiG9w0BAQsF
AAOCAQEAZtroTb5Msf0W7hK9KdZcL0zXwHD3EFV3OwKD4G1DWL+mYh0jylOpYfUB
uiG/gOu2cuTgF7obnutbmz/qZ2zuHvgAa2eF30KIwbAhwaQEDUZexvb7yv3EAL/O
DuK7aVTNbCEOsNAeoKXDFk18//Onzpo5XT44jiu7eB67j6dNNbR1gpDaUyK+D5UE
eNYlXzhkzLW/KZq8nvf9N+vvXrW4fDJzbGYU6/B9tKKgSg5IRP909wiF7jULJonu
rIB8YdXAmQ2x4IPsVMPbZ5C759nvMyV1Yzh0zL1UcRNfsbYreyzr0KFTnepqzWNS
+DM1y2uVBIbY5KJDKBrb8HKKvo4shg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:41:07 2024 by rpki-client on console-fra.rpki-client.org