Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/ff9fa84e-9783-4a0b-a58d-6dc8e2433d33/0509b386-9adf-4fc9-8860-cc55e8e021f1.roa
File:                     0509b386-9adf-4fc9-8860-cc55e8e021f1.roa (raw, json)
Hash identifier:          lgRJzfD57NtLVAmJN8n6q6HfM2Gc2qMWpXI2R0N1YM0=
Subject key identifier:   63:54:8E:54:EC:34:CC:4D:D6:90:84:45:26:BF:21:A6:F0:49:3C:E0
Certificate issuer:       /CN=1b1fe67321cf669f9c2b75369cc0fdd38c163c58b1d42d0107
Certificate serial:       7AEC0498C2D21D6556031B1AA13F36B6451F48A1
Authority key identifier: 15:F4:EF:04:F5:AF:23:96:C9:5F:16:42:E3:79:07:8B:48:8C:16:0B
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5b7fb122-dfdf-4c0c-b90d-3bc7a5feb82b/aaa76394-48fc-4ff3-b6aa-0693c55d758f/1b1fe67321cf669f9c2b75369cc0fdd38c163c58b1d42d0107.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/ff9fa84e-9783-4a0b-a58d-6dc8e2433d33/0509b386-9adf-4fc9-8860-cc55e8e021f1.roa
Signing time:             Mon 22 Apr 2024 00:00:00 +0000
ROA not before:           Mon 22 Apr 2024 00:00:00 +0000
ROA not after:            Mon 27 May 2024 23:59:59 +0000
asID:                     393929
IP address blocks:        173.82.75.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7a:ec:04:98:c2:d2:1d:65:56:03:1b:1a:a1:3f:36:b6:45:1f:48:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b1fe67321cf669f9c2b75369cc0fdd38c163c58b1d42d0107
        Validity
            Not Before: Apr 22 00:00:00 2024 GMT
            Not After : May 27 23:59:59 2024 GMT
        Subject: serialNumber=b2ae484b945c6a1591978cf0d97c7520fff6560a3af3b54b4635ecbf892854b0, CN=35095e3e-84cb-4ad0-bda1-6c6f8da69f61
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:fd:95:9e:da:d2:a4:11:7e:2c:8f:dd:7e:a8:
                    eb:0a:cb:07:a7:1f:c6:f4:03:5b:68:cb:7b:00:7e:
                    90:ce:64:b6:c7:b8:70:78:96:4b:58:ad:6b:e0:ed:
                    25:8b:7f:48:f6:65:96:95:b6:da:af:f9:63:9d:88:
                    1d:94:29:e4:83:ea:18:c8:a8:60:b4:0d:07:64:15:
                    44:7e:c9:72:03:18:f3:a9:dd:d0:de:36:19:b3:67:
                    7f:10:7a:3e:8a:11:49:0c:6e:09:35:ce:0c:d6:a3:
                    22:28:46:d2:a9:20:bc:a0:01:a5:8c:de:f7:55:a7:
                    77:41:6e:bb:3e:af:75:b6:83:b1:29:f6:b5:c0:e1:
                    40:a2:a5:2e:93:68:8a:38:f9:95:73:24:db:f6:1d:
                    7e:84:5b:c9:eb:10:dc:09:e7:5c:37:b2:2b:de:8b:
                    2f:e7:d8:21:58:19:15:b0:67:38:6f:4c:77:55:d4:
                    60:84:2d:68:49:c6:ba:d9:41:2e:22:e8:6c:51:55:
                    69:70:2f:1e:95:de:48:eb:a9:bc:f2:81:87:a7:5e:
                    0b:49:3d:a9:d4:ee:6b:73:5e:24:d4:39:86:2d:fc:
                    7c:ee:b0:7a:8c:2b:8c:1f:a4:6f:2f:7b:f7:63:a9:
                    9c:df:69:30:9f:0b:d7:cc:9a:3f:35:3b:9d:15:5f:
                    c8:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:54:8E:54:EC:34:CC:4D:D6:90:84:45:26:BF:21:A6:F0:49:3C:E0
            X509v3 Authority Key Identifier:
                keyid:15:F4:EF:04:F5:AF:23:96:C9:5F:16:42:E3:79:07:8B:48:8C:16:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5b7fb122-dfdf-4c0c-b90d-3bc7a5feb82b/aaa76394-48fc-4ff3-b6aa-0693c55d758f/1b1fe67321cf669f9c2b75369cc0fdd38c163c58b1d42d0107.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/ff9fa84e-9783-4a0b-a58d-6dc8e2433d33/0509b386-9adf-4fc9-8860-cc55e8e021f1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/ff9fa84e-9783-4a0b-a58d-6dc8e2433d33/z2afnCt1NpzA_dOMFjxYsdQtAQc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  173.82.75.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:84:05:d4:e0:68:43:07:aa:d4:c7:37:8a:91:28:b4:ca:7b:
         4f:c3:11:22:14:e4:3a:82:3f:c5:97:47:f1:4b:2a:35:97:1e:
         09:46:84:86:f2:dd:b9:25:a2:3c:9f:a3:84:71:50:ba:ef:d9:
         a2:25:31:f4:04:f0:e8:08:f6:9e:f8:6f:d0:d9:f6:74:b0:8b:
         ed:38:52:ca:c0:f9:11:48:9d:59:48:10:4f:a4:ec:c0:1a:e5:
         6b:a2:71:a1:ab:0e:63:52:fa:dc:08:0a:2c:e0:26:43:87:16:
         90:3e:53:94:52:be:f0:c7:c7:53:ba:87:36:4e:e9:16:31:8e:
         c0:ab:6b:ea:c6:ef:58:1a:78:e0:4b:e8:7d:6c:c3:a5:19:86:
         31:1d:02:26:2c:87:66:e1:da:bf:15:3b:39:3f:56:19:ab:23:
         18:1b:05:3f:19:7f:83:45:0e:81:86:75:a4:0a:40:d2:48:22:
         76:82:65:f1:cb:67:19:26:b3:4a:a0:1e:d8:2b:0b:43:32:00:
         be:c4:9a:ca:6b:74:e8:cd:fc:58:8c:f7:70:7d:df:6d:0b:11:
         f7:61:15:41:5f:a8:f1:a5:1e:90:2e:41:54:4f:da:93:47:c5:
         0e:a0:48:1a:84:ed:d6:27:8a:6b:08:a0:d9:e8:60:de:69:a5:
         23:74:7f:2f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUeuwEmMLSHWVWAxsaoT82tkUfSKEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMWIxZmU2NzMyMWNmNjY5ZjljMmI3NTM2OWNjMGZkZDM4
YzE2M2M1OGIxZDQyZDAxMDcwHhcNMjQwNDIyMDAwMDAwWhcNMjQwNTI3MjM1OTU5
WjB6MUkwRwYDVQQFE0BiMmFlNDg0Yjk0NWM2YTE1OTE5NzhjZjBkOTdjNzUyMGZm
ZjY1NjBhM2FmM2I1NGI0NjM1ZWNiZjg5Mjg1NGIwMS0wKwYDVQQDEyQzNTA5NWUz
ZS04NGNiLTRhZDAtYmRhMS02YzZmOGRhNjlmNjEwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCm/ZWe2tKkEX4sj91+qOsKywenH8b0A1toy3sAfpDOZLbH
uHB4lktYrWvg7SWLf0j2ZZaVttqv+WOdiB2UKeSD6hjIqGC0DQdkFUR+yXIDGPOp
3dDeNhmzZ38Qej6KEUkMbgk1zgzWoyIoRtKpILygAaWM3vdVp3dBbrs+r3W2g7Ep
9rXA4UCipS6TaIo4+ZVzJNv2HX6EW8nrENwJ51w3siveiy/n2CFYGRWwZzhvTHdV
1GCELWhJxrrZQS4i6GxRVWlwLx6V3kjrqbzygYenXgtJPanU7mtzXiTUOYYt/Hzu
sHqMK4wfpG8ve/djqZzfaTCfC9fMmj81O50VX8i/AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUY1SOVOw0zE3WkIRFJr8hpvBJPOAwHwYDVR0jBBgwFoAUFfTvBPWvI5bJ
XxZC43kHi0iMFgswDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzViN2ZiMTIyLWRmZGYtNGMwYy1iOTBkLTNiYzdhNWZlYjgyYi9hYWE3NjM5NC00
OGZjLTRmZjMtYjZhYS0wNjkzYzU1ZDc1OGYvMWIxZmU2NzMyMWNmNjY5ZjljMmI3
NTM2OWNjMGZkZDM4YzE2M2M1OGIxZDQyZDAxMDcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZmY5ZmE4NGUtOTc4My00YTBiLWE1OGQtNmRj
OGUyNDMzZDMzLzA1MDliMzg2LTlhZGYtNGZjOS04ODYwLWNjNTVlOGUwMjFmMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2ZmOWZhODRlLTk3ODMtNGEwYi1hNThk
LTZkYzhlMjQzM2QzMy96MmFmbkN0MU5wekFfZE9NRmp4WXNkUXRBUWMuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBACtUkswDQYJKoZIhvcNAQELBQADggEBAHaEBdTgaEMHqtTHN4qRKLTKe0/D
ESIU5DqCP8WXR/FLKjWXHglGhIby3bklojyfo4RxULrv2aIlMfQE8OgI9p74b9DZ
9nSwi+04UsrA+RFInVlIEE+k7MAa5WuicaGrDmNS+twICizgJkOHFpA+U5RSvvDH
x1O6hzZO6RYxjsCra+rG71gaeOBL6H1sw6UZhjEdAiYsh2bh2r8VOzk/VhmrIxgb
BT8Zf4NFDoGGdaQKQNJIInaCZfHLZxkms0qgHtgrC0MyAL7EmsprdOjN/FiM93B9
320LEfdhFUFfqPGlHpAuQVRP2pNHxQ6gSBqE7dYnimsIoNnoYN5ppSN0fy8=
-----END CERTIFICATE-----