Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/ff9fa84e-9783-4a0b-a58d-6dc8e2433d33/0c0b6056-3105-48b7-91e7-855bf1da06e9.roa
File:                     0c0b6056-3105-48b7-91e7-855bf1da06e9.roa (raw, json)
Hash identifier:          r3oj25bgeji2eJ7I1+GxrpjSP0BG0OLhFgewHLoCYk4=
Subject key identifier:   E7:E7:0B:91:1E:D0:40:05:D3:6C:7F:F8:32:F1:3A:91:69:18:64:7F
Certificate issuer:       /CN=1b1fe67321cf669f9c2b75369cc0fdd38c163c58b1d42d0107
Certificate serial:       1E0A1D08E8654FD87C60EA98813117013BB9E81C
Authority key identifier: 15:F4:EF:04:F5:AF:23:96:C9:5F:16:42:E3:79:07:8B:48:8C:16:0B
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5b7fb122-dfdf-4c0c-b90d-3bc7a5feb82b/aaa76394-48fc-4ff3-b6aa-0693c55d758f/1b1fe67321cf669f9c2b75369cc0fdd38c163c58b1d42d0107.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/ff9fa84e-9783-4a0b-a58d-6dc8e2433d33/0c0b6056-3105-48b7-91e7-855bf1da06e9.roa
Signing time:             Mon 22 Apr 2024 00:00:00 +0000
ROA not before:           Mon 22 Apr 2024 00:00:00 +0000
ROA not after:            Mon 27 May 2024 23:59:59 +0000
asID:                     8987
IP address blocks:        208.70.72.0/21 maxlen: 24
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:0a:1d:08:e8:65:4f:d8:7c:60:ea:98:81:31:17:01:3b:b9:e8:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b1fe67321cf669f9c2b75369cc0fdd38c163c58b1d42d0107
        Validity
            Not Before: Apr 22 00:00:00 2024 GMT
            Not After : May 27 23:59:59 2024 GMT
        Subject: CN=35095e3e-84cb-4ad0-bda1-6c6f8da69f61
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:5f:db:66:fc:37:87:4f:53:4a:d3:f1:51:4f:
                    fd:e4:ab:b3:5a:22:c6:11:d5:26:33:af:10:f2:96:
                    ad:8e:b3:de:81:21:83:3d:39:58:ca:1a:08:f3:11:
                    f2:46:fa:f0:1e:f7:69:f7:a1:b7:f0:b1:b4:a3:27:
                    c2:89:59:ac:ec:8a:75:96:ce:c2:5c:74:84:3a:5e:
                    12:85:66:7a:45:1f:ab:cc:3b:26:05:ec:af:27:32:
                    a8:26:00:41:c0:68:84:0e:6c:60:b6:39:d2:84:d7:
                    0a:50:59:bf:44:d0:dc:01:67:47:ce:61:c4:fc:88:
                    a1:cc:34:04:1d:44:b2:57:62:42:52:2e:2a:f7:4d:
                    71:56:67:8f:a3:f6:3b:3c:e6:42:75:3d:18:88:4e:
                    11:12:60:ac:9e:df:d6:a1:ad:49:f5:13:89:62:e1:
                    40:87:6e:44:d2:d4:d7:6f:8d:ea:2a:21:fe:f0:b2:
                    9d:0a:2f:3e:cb:e3:eb:ae:aa:51:1f:58:3a:98:0a:
                    9f:95:a1:b2:c6:c7:ab:eb:d8:fe:e4:90:b5:ca:46:
                    41:49:58:8e:d5:6c:0f:c0:d6:c4:dd:51:c4:88:54:
                    7f:79:0f:8b:6a:bc:fa:f4:50:9c:7c:f5:ff:d5:1d:
                    c7:87:1f:03:eb:0b:b5:1f:67:cf:e0:49:2f:8b:54:
                    c9:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:E7:0B:91:1E:D0:40:05:D3:6C:7F:F8:32:F1:3A:91:69:18:64:7F
            X509v3 Authority Key Identifier:
                keyid:15:F4:EF:04:F5:AF:23:96:C9:5F:16:42:E3:79:07:8B:48:8C:16:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5b7fb122-dfdf-4c0c-b90d-3bc7a5feb82b/aaa76394-48fc-4ff3-b6aa-0693c55d758f/1b1fe67321cf669f9c2b75369cc0fdd38c163c58b1d42d0107.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/ff9fa84e-9783-4a0b-a58d-6dc8e2433d33/0c0b6056-3105-48b7-91e7-855bf1da06e9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/ff9fa84e-9783-4a0b-a58d-6dc8e2433d33/z2afnCt1NpzA_dOMFjxYsdQtAQc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  208.70.72.0/21

    Signature Algorithm: sha256WithRSAEncryption
         01:ec:01:7c:5f:32:a4:f7:f1:ea:b0:45:88:30:5f:18:df:2e:
         9c:93:03:30:95:00:76:dd:a4:32:f1:a5:87:52:28:a1:af:49:
         df:9e:59:ff:8b:b6:10:fe:d5:00:23:7b:39:3a:cf:0d:95:15:
         ef:0b:b2:7a:73:ec:24:59:9d:7d:de:24:21:51:b7:9e:b7:2f:
         f2:b0:ad:a4:79:ff:d2:f1:e0:34:fc:42:8d:3c:17:41:d8:6b:
         1e:21:31:5d:89:c1:0c:4e:a0:9b:32:d5:83:14:5e:81:74:bd:
         b2:a5:1e:04:63:6d:79:75:8c:16:eb:1a:38:c0:64:62:e7:e8:
         ee:11:2b:81:44:b8:06:a2:fa:01:f8:65:d6:cb:9a:99:05:6e:
         d5:dc:20:45:5b:ad:8d:3a:1f:24:45:81:e2:87:c5:ca:a7:22:
         df:a8:ac:d5:36:3c:24:73:88:f1:6a:e2:4a:07:ec:97:ca:18:
         f2:dc:8d:2e:ed:d0:b4:c5:37:b8:59:1d:98:94:07:b3:cc:5d:
         16:da:84:4a:3e:d4:20:79:9d:f3:36:4f:b9:bb:f6:e3:b6:46:
         04:aa:4a:35:78:ac:01:7e:d6:0e:f9:55:5e:7b:f1:8e:fb:11:
         c8:8c:6e:86:29:83:06:03:b7:52:2e:cd:69:48:e9:92:d5:41:
         c7:90:1e:56
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUHgodCOhlT9h8YOqYgTEXATu56BwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMWIxZmU2NzMyMWNmNjY5ZjljMmI3NTM2OWNjMGZkZDM4
YzE2M2M1OGIxZDQyZDAxMDcwHhcNMjQwNDIyMDAwMDAwWhcNMjQwNTI3MjM1OTU5
WjB6MUkwRwYDVQQFE0A2MmIyZjgyNzVhNjhkZGM5MzM2MzdkMzQxZjU5MmY0ZmI4
OTI5NjE1MDVhOWVlZmExNGRiMDgwZGFkMzNlNzQ5MS0wKwYDVQQDEyQzNTA5NWUz
ZS04NGNiLTRhZDAtYmRhMS02YzZmOGRhNjlmNjEwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCwX9tm/DeHT1NK0/FRT/3kq7NaIsYR1SYzrxDylq2Os96B
IYM9OVjKGgjzEfJG+vAe92n3obfwsbSjJ8KJWazsinWWzsJcdIQ6XhKFZnpFH6vM
OyYF7K8nMqgmAEHAaIQObGC2OdKE1wpQWb9E0NwBZ0fOYcT8iKHMNAQdRLJXYkJS
Lir3TXFWZ4+j9js85kJ1PRiIThESYKye39ahrUn1E4li4UCHbkTS1NdvjeoqIf7w
sp0KLz7L4+uuqlEfWDqYCp+VobLGx6vr2P7kkLXKRkFJWI7VbA/A1sTdUcSIVH95
D4tqvPr0UJx89f/VHceHHwPrC7UfZ8/gSS+LVMnjAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU5+cLkR7QQAXTbH/4MvE6kWkYZH8wHwYDVR0jBBgwFoAUFfTvBPWvI5bJ
XxZC43kHi0iMFgswDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzViN2ZiMTIyLWRmZGYtNGMwYy1iOTBkLTNiYzdhNWZlYjgyYi9hYWE3NjM5NC00
OGZjLTRmZjMtYjZhYS0wNjkzYzU1ZDc1OGYvMWIxZmU2NzMyMWNmNjY5ZjljMmI3
NTM2OWNjMGZkZDM4YzE2M2M1OGIxZDQyZDAxMDcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZmY5ZmE4NGUtOTc4My00YTBiLWE1OGQtNmRj
OGUyNDMzZDMzLzBjMGI2MDU2LTMxMDUtNDhiNy05MWU3LTg1NWJmMWRhMDZlOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2ZmOWZhODRlLTk3ODMtNGEwYi1hNThk
LTZkYzhlMjQzM2QzMy96MmFmbkN0MU5wekFfZE9NRmp4WXNkUXRBUWMuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAPQRkgwDQYJKoZIhvcNAQELBQADggEBAAHsAXxfMqT38eqwRYgwXxjfLpyT
AzCVAHbdpDLxpYdSKKGvSd+eWf+LthD+1QAjezk6zw2VFe8Lsnpz7CRZnX3eJCFR
t563L/KwraR5/9Lx4DT8Qo08F0HYax4hMV2JwQxOoJsy1YMUXoF0vbKlHgRjbXl1
jBbrGjjAZGLn6O4RK4FEuAai+gH4ZdbLmpkFbtXcIEVbrY06HyRFgeKHxcqnIt+o
rNU2PCRziPFq4koH7JfKGPLcjS7t0LTFN7hZHZiUB7PMXRbahEo+1CB5nfM2T7m7
9uO2RgSqSjV4rAF+1g75VV578Y77EciMboYpgwYDt1IuzWlI6ZLVQceQHlY=
-----END CERTIFICATE-----