Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/3/3130332e3231342e37312e302f32342d3234203d3e203230333236.roa
File:                     3130332e3231342e37312e302f32342d3234203d3e203230333236.roa (raw, json)
Hash identifier:          aamka175HhgOUrDEYx1U6mYO/QaFhe746lbcLDhxIsI=
Subject key identifier:   37:2A:BD:E6:E7:79:B7:21:79:EB:92:1D:51:74:B2:68:4B:4A:F4:FA
Certificate issuer:       /CN=A91115900000/serialNumber=5953AC0A64BF9656B442D3C32313435ECB495F68
Certificate serial:       7E1BF748A14A244BAFA0A073AAC5F7FF0E2A6636
Authority key identifier: 59:53:AC:0A:64:BF:96:56:B4:42:D3:C3:23:13:43:5E:CB:49:5F:68
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/WVOsCmS_lla0QtPDIxNDXstJX2g.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/3/3130332e3231342e37312e302f32342d3234203d3e203230333236.roa
Signing time:             Tue 03 Jan 2023 02:07:02 +0000
ROA not before:           Tue 03 Jan 2023 02:02:02 +0000
ROA not after:            Tue 02 Jan 2024 02:07:02 +0000
asID:                     20326
IP address blocks:        103.214.71.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7e:1b:f7:48:a1:4a:24:4b:af:a0:a0:73:aa:c5:f7:ff:0e:2a:66:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91115900000/serialNumber=5953AC0A64BF9656B442D3C32313435ECB495F68
        Validity
            Not Before: Jan  3 02:02:02 2023 GMT
            Not After : Jan  2 02:07:02 2024 GMT
        Subject: CN=372ABDE6E779B72179EB921D5174B2684B4AF4FA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:43:69:1b:9a:82:43:13:a9:58:b1:43:76:0b:
                    0c:79:bc:3a:9b:ea:b7:21:d7:b9:b4:93:c8:e9:20:
                    f9:4b:a2:33:bf:50:51:a2:77:65:b3:b6:72:70:02:
                    2d:6c:7b:26:f7:78:a3:09:39:b3:38:a0:2f:11:68:
                    d5:67:42:77:78:6c:5e:ec:95:97:06:59:f3:c1:27:
                    89:1e:0f:39:91:75:3c:0d:e4:d9:2f:a5:97:a8:0d:
                    e7:55:63:7d:32:90:30:94:f7:a7:eb:90:52:07:b8:
                    84:63:ed:24:d4:c9:e2:d1:d7:bf:7e:92:2f:f0:35:
                    dc:33:a8:ce:f3:5d:9a:4a:03:9f:4e:ce:8c:b7:6c:
                    8d:7e:29:0e:a5:ae:cb:e6:6d:fe:61:de:c3:17:77:
                    13:51:03:2a:0c:d7:1c:db:d9:1f:90:e9:ce:58:ed:
                    3b:5d:f1:97:d4:64:46:d2:91:a4:22:b4:d4:5e:40:
                    07:b7:e2:55:94:82:a5:d1:f8:93:d2:b1:97:91:6d:
                    02:48:4d:0c:a1:78:18:87:aa:af:df:1b:94:c1:59:
                    ba:77:f9:91:87:97:f7:a6:42:df:17:78:4c:ab:b0:
                    5f:6b:dd:3d:cc:c8:76:51:bc:f1:c0:59:47:0a:d0:
                    03:ce:c4:1f:9c:cf:cb:2f:ed:be:d8:83:09:be:8b:
                    3b:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:2A:BD:E6:E7:79:B7:21:79:EB:92:1D:51:74:B2:68:4B:4A:F4:FA
            X509v3 Authority Key Identifier:
                keyid:59:53:AC:0A:64:BF:96:56:B4:42:D3:C3:23:13:43:5E:CB:49:5F:68

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/3/5953AC0A64BF9656B442D3C32313435ECB495F68.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/WVOsCmS_lla0QtPDIxNDXstJX2g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/3/3130332e3231342e37312e302f32342d3234203d3e203230333236.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.214.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:cc:6e:8f:13:25:d7:cb:e4:4b:5a:47:2d:de:84:c8:67:fb:
         40:e7:b4:e4:e9:58:d6:9b:64:82:86:a3:73:42:18:02:b1:ed:
         f7:7c:15:e4:1c:82:8c:12:ed:5a:6a:b1:06:47:fc:ee:cf:24:
         e4:15:21:d2:b6:77:e3:38:79:ea:3b:78:ec:b6:b2:52:65:47:
         90:6f:3f:4b:41:24:7b:78:5e:e1:f9:5b:d1:2d:ac:82:b1:c6:
         6e:0d:b2:06:d3:15:1f:21:d3:1f:1c:37:21:a3:63:44:44:16:
         14:3c:70:a1:d5:b1:0d:93:71:f7:78:ea:4a:75:db:2b:4c:f2:
         ef:c2:02:ff:f1:a8:20:ba:02:03:5a:3e:06:6e:48:43:98:ff:
         67:bb:69:cd:c0:c2:2a:84:58:e2:eb:29:62:aa:1b:66:1a:b7:
         0b:f6:34:83:6e:c2:2a:ce:9e:2b:84:39:ca:67:c3:ea:9f:23:
         e2:94:d1:94:80:74:73:49:e5:b2:f3:6a:5b:04:74:21:8a:90:
         1d:d9:02:2f:95:1d:ad:c3:21:e0:05:e1:fb:72:13:a7:49:85:
         64:b8:f4:81:a2:d4:3b:87:e1:a8:cf:c6:ac:42:b9:4e:c3:52:
         41:7d:49:50:99:a1:83:29:fb:fe:c9:29:53:68:29:da:60:9d:
         1e:58:d7:dd
-----BEGIN CERTIFICATE-----
MIIFSTCCBDGgAwIBAgIUfhv3SKFKJEuvoKBzqsX3/w4qZjYwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxMTE1OTAwMDAwMTEwLwYDVQQFEyg1OTUzQUMwQTY0
QkY5NjU2QjQ0MkQzQzMyMzEzNDM1RUNCNDk1RjY4MB4XDTIzMDEwMzAyMDIwMloX
DTI0MDEwMjAyMDcwMlowMzExMC8GA1UEAxMoMzcyQUJERTZFNzc5QjcyMTc5RUI5
MjFENTE3NEIyNjg0QjRBRjRGQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJxDaRuagkMTqVixQ3YLDHm8OpvqtyHXubSTyOkg+UuiM79QUaJ3ZbO2cnAC
LWx7Jvd4owk5szigLxFo1WdCd3hsXuyVlwZZ88EniR4POZF1PA3k2S+ll6gN51Vj
fTKQMJT3p+uQUge4hGPtJNTJ4tHXv36SL/A13DOozvNdmkoDn07OjLdsjX4pDqWu
y+Zt/mHewxd3E1EDKgzXHNvZH5DpzljtO13xl9RkRtKRpCK01F5AB7fiVZSCpdH4
k9Kxl5FtAkhNDKF4GIeqr98blMFZunf5kYeX96ZC3xd4TKuwX2vdPczIdlG88cBZ
RwrQA87EH5zPyy/tvtiDCb6LO+MCAwEAAaOCAjwwggI4MB0GA1UdDgQWBBQ3Kr3m
53m3IXnrkh1RdLJoS0r0+jAfBgNVHSMEGDAWgBRZU6wKZL+WVrRC08MjE0Ney0lf
aDAOBgNVHQ8BAf8EBAMCB4AwgYUGA1UdHwR+MHwweqB4oHaGdHJzeW5jOi8vcnBr
aS1ycHMuYXJpbi5uZXQvcmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1
NWM5MWJlM2Y5ZC8zLzU5NTNBQzBBNjRCRjk2NTZCNDQyRDNDMzIzMTM0MzVFQ0I0
OTVGNjguY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9y
cGtpLmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3
QzcyRkQxRkYyL1dWT3NDbVNfbGxhMFF0UERJeE5EWHN0SlgyZy5jZXIwgaIGCCsG
AQUFBwELBIGVMIGSMIGPBggrBgEFBQcwC4aBgnJzeW5jOi8vcnBraS1ycHMuYXJp
bi5uZXQvcmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5
ZC8zLzMxMzAzMzJlMzIzMTM0MmUzNzMxMmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIw
MzIzMDMzMzIzNi5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEF
BQcBBwEB/wQQMA4wDAQCAAEwBgMEAGfWRzANBgkqhkiG9w0BAQsFAAOCAQEAQ8xu
jxMl18vkS1pHLd6EyGf7QOe05OlY1ptkgoajc0IYArHt93wV5ByCjBLtWmqxBkf8
7s8k5BUh0rZ34zh56jt47LayUmVHkG8/S0Eke3he4flb0S2sgrHGbg2yBtMVHyHT
Hxw3IaNjREQWFDxwodWxDZNx93jqSnXbK0zy78IC//GoILoCA1o+Bm5IQ5j/Z7tp
zcDCKoRY4uspYqobZhq3C/Y0g27CKs6eK4Q5ymfD6p8j4pTRlIB0c0nlsvNqWwR0
IYqQHdkCL5UdrcMh4AXh+3ITp0mFZLj0gaLUO4fhqM/GrEK5TsNSQX1JUJmhgyn7
/skpU2gp2mCdHljX3Q==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:46:44 2024 by rpki-client on console-ams.rpki-client.org