Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/0/32332e3134322e32362e302f32342d3234203d3e20323035363633.roa
File:                     32332e3134322e32362e302f32342d3234203d3e20323035363633.roa (raw, json)
Hash identifier:          Q9MkEMOCnfRH49gYikFfFGMOd1RRj0eIVynZ0ZD+wn4=
Subject key identifier:   E7:43:D0:F4:29:BB:74:F9:13:3E:CD:4D:FD:82:9D:AD:61:57:B9:A7
Certificate issuer:       /CN=6916ebca586a822a5426c8bac8ea2e5e25e5def6c3210f28c5
Certificate serial:       595D192F34B7BA27C2FC9CDEC838FEA217E5B66E
Authority key identifier: F7:CA:76:95:FC:79:BE:2F:5B:AC:B4:B4:5D:5A:A5:60:79:CA:93:36
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/3098fc14-29c9-4916-b03a-ae4a2af101cd/6916ebca586a822a5426c8bac8ea2e5e25e5def6c3210f28c5.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/0/32332e3134322e32362e302f32342d3234203d3e20323035363633.roa
Signing time:             Wed 11 Jun 2025 19:59:45 +0000
ROA not before:           Wed 11 Jun 2025 19:54:45 +0000
ROA not after:            Wed 10 Jun 2026 19:59:45 +0000
asID:                     205663
IP address blocks:        23.142.26.0/24 maxlen: 24
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            59:5d:19:2f:34:b7:ba:27:c2:fc:9c:de:c8:38:fe:a2:17:e5:b6:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6916ebca586a822a5426c8bac8ea2e5e25e5def6c3210f28c5
        Validity
            Not Before: Jun 11 19:54:45 2025 GMT
            Not After : Jun 10 19:59:45 2026 GMT
        Subject: CN=E743D0F429BB74F9133ECD4DFD829DAD6157B9A7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:85:2e:df:e8:ae:bc:01:94:23:be:ab:0f:47:
                    fb:34:11:6f:62:51:45:4c:46:b9:18:ce:8c:8d:48:
                    68:7e:51:7e:0a:35:af:83:d8:8b:50:b5:65:7e:91:
                    2f:ce:7a:08:c6:38:d6:b6:2b:40:9c:a2:92:0c:de:
                    3c:87:65:1b:46:9b:e2:c0:b9:d2:32:1e:1b:16:c5:
                    0a:e2:62:65:6c:6b:c8:f1:db:c6:4f:94:a6:c4:e3:
                    b8:8a:67:3f:59:5a:f7:0a:60:e5:95:41:7a:39:99:
                    94:9e:60:45:f9:79:42:56:30:26:4c:19:72:a7:e7:
                    c1:50:89:a4:72:93:21:f5:73:fb:ad:73:0a:14:a0:
                    87:ee:c7:45:8e:27:e6:d1:a3:40:02:f9:7d:d9:c1:
                    d6:05:a5:09:a0:da:05:4c:43:2f:62:eb:f4:fc:39:
                    62:e6:48:ee:17:00:3b:f1:11:d0:e8:8a:6d:3c:99:
                    71:25:20:cd:a3:0f:47:56:31:ac:a2:47:c0:c4:be:
                    60:05:1c:ba:8c:38:75:90:25:12:f3:53:b7:39:e4:
                    5c:a4:88:a1:02:0b:fb:0e:81:fc:37:6c:51:e4:37:
                    40:41:cb:67:5c:29:cd:31:7a:d1:77:29:fd:f8:00:
                    39:37:c6:37:d7:5c:b5:47:da:e2:0c:a4:a5:38:9c:
                    42:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:43:D0:F4:29:BB:74:F9:13:3E:CD:4D:FD:82:9D:AD:61:57:B9:A7
            X509v3 Authority Key Identifier:
                keyid:F7:CA:76:95:FC:79:BE:2F:5B:AC:B4:B4:5D:5A:A5:60:79:CA:93:36

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/0/F7CA7695FC79BE2F5BACB4B45D5AA56079CA9336.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/3098fc14-29c9-4916-b03a-ae4a2af101cd/6916ebca586a822a5426c8bac8ea2e5e25e5def6c3210f28c5.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/0/32332e3134322e32362e302f32342d3234203d3e20323035363633.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.142.26.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:9b:61:c2:09:5a:fc:88:f7:32:1a:e8:74:b6:ad:71:93:aa:
         72:d4:68:2c:c7:a8:58:e1:e8:1d:3a:6b:9a:e3:87:93:7f:f8:
         c6:8d:f1:d5:8f:70:59:3d:43:42:94:5e:85:6c:b7:de:37:79:
         7d:40:69:d3:a3:4a:6f:6e:22:5b:89:62:c3:51:7e:cc:c8:61:
         f7:79:d0:56:d2:13:25:60:f1:3f:55:a8:37:18:0c:04:8f:d3:
         81:d1:25:a2:f0:b3:1e:5b:c1:e3:4e:51:00:0f:e8:9d:d6:24:
         e1:d9:ee:e7:2d:1a:7c:5a:d7:88:3b:cf:a5:76:dd:61:99:85:
         38:85:d5:32:7f:38:b8:3a:0e:79:6d:8b:2e:25:11:59:f2:f0:
         40:77:f5:f4:f3:b6:0c:d4:08:96:4b:ae:89:b2:26:f6:c3:b2:
         04:10:ba:d6:9b:b2:70:a0:92:b2:31:9b:91:f0:a8:88:74:6d:
         6a:ed:31:79:a3:60:39:c2:4f:e0:07:a7:51:16:b7:25:d7:12:
         6f:38:96:4a:78:f3:ea:12:c5:99:54:9b:90:a4:58:86:8d:33:
         83:20:9b:24:0d:be:27:27:7b:cc:8d:09:f5:52:cb:96:f9:69:
         e0:61:81:19:56:74:20:74:e3:d6:5a:e8:be:35:95:85:42:4e:
         3f:d2:3f:d4
-----BEGIN CERTIFICATE-----
MIIFsjCCBJqgAwIBAgIUWV0ZLzS3uifC/JzeyDj+ohfltm4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNjkxNmViY2E1ODZhODIyYTU0MjZjOGJhYzhlYTJlNWUy
NWU1ZGVmNmMzMjEwZjI4YzUwHhcNMjUwNjExMTk1NDQ1WhcNMjYwNjEwMTk1OTQ1
WjAzMTEwLwYDVQQDEyhFNzQzRDBGNDI5QkI3NEY5MTMzRUNENERGRDgyOURBRDYx
NTdCOUE3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsYUu3+iuvAGU
I76rD0f7NBFvYlFFTEa5GM6MjUhoflF+CjWvg9iLULVlfpEvznoIxjjWtitAnKKS
DN48h2UbRpviwLnSMh4bFsUK4mJlbGvI8dvGT5SmxOO4imc/WVr3CmDllUF6OZmU
nmBF+XlCVjAmTBlyp+fBUImkcpMh9XP7rXMKFKCH7sdFjifm0aNAAvl92cHWBaUJ
oNoFTEMvYuv0/Dli5kjuFwA78RHQ6IptPJlxJSDNow9HVjGsokfAxL5gBRy6jDh1
kCUS81O3OeRcpIihAgv7DoH8N2xR5DdAQctnXCnNMXrRdyn9+AA5N8Y311y1R9ri
DKSlOJxCMwIDAQABo4ICsjCCAq4wHQYDVR0OBBYEFOdD0PQpu3T5Ez7NTf2Cna1h
V7mnMB8GA1UdIwQYMBaAFPfKdpX8eb4vW6y0tF1apWB5ypM2MA4GA1UdDwEB/wQE
AwIHgDCBhQYDVR0fBH4wfDB6oHigdoZ0cnN5bmM6Ly9ycGtpLXJwcy5hcmluLm5l
dC9yZXBvc2l0b3J5LzhhODQ4YWRmODUwZDA2M2UwMTg1NzU1YzkxYmUzZjlkLzAv
RjdDQTc2OTVGQzc5QkUyRjVCQUNCNEI0NUQ1QUE1NjA3OUNBOTMzNi5jcmwwgfMG
CCsGAQUFBwEBBIHmMIHjMIHgBggrBgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmlu
Lm5ldC9yZXBvc2l0b3J5L2FyaW4tcnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2Ut
YjA4Yy0yMTcxZGEyMTU3ZDMvMDM1NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5
ZWYzMjIzLzMwOThmYzE0LTI5YzktNDkxNi1iMDNhLWFlNGEyYWYxMDFjZC82OTE2
ZWJjYTU4NmE4MjJhNTQyNmM4YmFjOGVhMmU1ZTI1ZTVkZWY2YzMyMTBmMjhjNS5j
ZXIwgaIGCCsGAQUFBwELBIGVMIGSMIGPBggrBgEFBQcwC4aBgnJzeW5jOi8vcnBr
aS1ycHMuYXJpbi5uZXQvcmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1
NWM5MWJlM2Y5ZC8wLzMyMzMyZTMxMzQzMjJlMzIzNjJlMzAyZjMyMzQyZDMyMzQy
MDNkM2UyMDMyMzAzNTM2MzYzMy5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcO
AjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEABeOGjANBgkqhkiG9w0BAQsF
AAOCAQEAUpthwgla/Ij3MhrodLatcZOqctRoLMeoWOHoHTprmuOHk3/4xo3x1Y9w
WT1DQpRehWy33jd5fUBp06NKb24iW4liw1F+zMhh93nQVtITJWDxP1WoNxgMBI/T
gdElovCzHlvB405RAA/ondYk4dnu5y0afFrXiDvPpXbdYZmFOIXVMn84uDoOeW2L
LiURWfLwQHf19PO2DNQIlkuuibIm9sOyBBC61puycKCSsjGbkfCoiHRtau0xeaNg
OcJP4AenURa3JdcSbziWSnjz6hLFmVSbkKRYho0zgyCbJA2+Jyd7zI0J9VLLlvlp
4GGBGVZ0IHTj1lrovjWVhUJOP9I/1A==
-----END CERTIFICATE-----
Generated at Thu Jul 3 01:20:51 2025 by rpki-client