Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/ff9fa84e-9783-4a0b-a58d-6dc8e2433d33/14d325ec-4981-4d29-b99f-bfb9af4b00b7.roa
File:                     14d325ec-4981-4d29-b99f-bfb9af4b00b7.roa (raw, json)
Hash identifier:          4+Gu58C77gqfMZ3e/0J9/9k/TL4dj2rM8rwp5iJCBsg=
Subject key identifier:   C9:37:75:62:E7:97:DF:8C:86:1E:10:B5:94:10:A7:08:41:5B:02:C4
Certificate issuer:       /CN=1b1fe67321cf669f9c2b75369cc0fdd38c163c58b1d42d0107
Certificate serial:       56475809D8F7764296FE3575FF57969831D6BFB2
Authority key identifier: 15:F4:EF:04:F5:AF:23:96:C9:5F:16:42:E3:79:07:8B:48:8C:16:0B
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5b7fb122-dfdf-4c0c-b90d-3bc7a5feb82b/aaa76394-48fc-4ff3-b6aa-0693c55d758f/1b1fe67321cf669f9c2b75369cc0fdd38c163c58b1d42d0107.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/ff9fa84e-9783-4a0b-a58d-6dc8e2433d33/14d325ec-4981-4d29-b99f-bfb9af4b00b7.roa
Signing time:             Mon 22 Apr 2024 00:00:00 +0000
ROA not before:           Mon 22 Apr 2024 00:00:00 +0000
ROA not after:            Mon 27 May 2024 23:59:59 +0000
asID:                     35916
IP address blocks:        66.152.160.0/19 maxlen: 24
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            56:47:58:09:d8:f7:76:42:96:fe:35:75:ff:57:96:98:31:d6:bf:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b1fe67321cf669f9c2b75369cc0fdd38c163c58b1d42d0107
        Validity
            Not Before: Apr 22 00:00:00 2024 GMT
            Not After : May 27 23:59:59 2024 GMT
        Subject: CN=35095e3e-84cb-4ad0-bda1-6c6f8da69f61
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:77:50:23:bc:28:ec:98:31:f5:20:9b:1f:83:
                    c1:39:0d:80:0d:c9:56:b6:45:3c:5d:de:03:20:32:
                    82:9a:3f:cb:53:28:3f:b1:9b:be:92:bb:27:5b:b8:
                    7b:63:30:0a:dc:3f:89:c9:e5:4e:4f:18:42:fa:3c:
                    7e:65:79:c8:ff:e5:bf:5f:be:af:6a:24:cd:1e:78:
                    8f:eb:aa:4b:bf:42:d9:67:c1:ff:5f:61:a7:ce:26:
                    ec:20:65:d8:21:4f:8b:80:36:fe:6e:dd:b2:07:37:
                    a7:8d:36:7e:6e:e5:56:be:0a:8b:74:10:7b:78:1f:
                    fc:88:74:0c:65:02:ea:89:b1:dd:40:e1:f9:af:85:
                    f5:5d:14:90:fd:ad:82:0c:0c:92:13:25:bb:62:e5:
                    d1:38:9c:fa:b6:6e:73:64:b5:fd:a5:91:f5:0b:cc:
                    26:51:f4:32:e6:76:15:0b:d0:6a:22:40:78:a0:94:
                    67:a1:30:21:31:68:45:66:28:6a:9e:89:65:13:45:
                    97:cd:2c:9b:43:6c:c1:06:4d:89:ab:84:5d:9f:df:
                    f7:99:c2:68:a8:58:d5:86:4e:c9:1e:f3:45:95:99:
                    2e:77:53:08:71:8f:29:99:85:92:e5:82:eb:ae:d9:
                    a1:10:36:f7:0f:02:58:e0:7b:18:12:11:bd:99:57:
                    8a:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:37:75:62:E7:97:DF:8C:86:1E:10:B5:94:10:A7:08:41:5B:02:C4
            X509v3 Authority Key Identifier:
                keyid:15:F4:EF:04:F5:AF:23:96:C9:5F:16:42:E3:79:07:8B:48:8C:16:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5b7fb122-dfdf-4c0c-b90d-3bc7a5feb82b/aaa76394-48fc-4ff3-b6aa-0693c55d758f/1b1fe67321cf669f9c2b75369cc0fdd38c163c58b1d42d0107.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/ff9fa84e-9783-4a0b-a58d-6dc8e2433d33/14d325ec-4981-4d29-b99f-bfb9af4b00b7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/ff9fa84e-9783-4a0b-a58d-6dc8e2433d33/z2afnCt1NpzA_dOMFjxYsdQtAQc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  66.152.160.0/19

    Signature Algorithm: sha256WithRSAEncryption
         88:1a:56:58:c3:ee:1a:32:f1:fa:78:1d:3c:f6:2b:39:82:bf:
         b4:85:90:cc:e9:1a:a5:72:a0:2e:6c:ba:87:6b:4c:32:b8:c8:
         5c:a3:e0:38:d9:07:a7:11:59:de:72:7f:79:9b:68:55:99:f8:
         21:77:69:a7:ba:29:10:bd:3b:43:25:0a:da:e3:df:1e:f6:63:
         f7:b3:48:0e:59:17:50:9a:00:2d:7a:a5:8a:7f:f9:ac:74:07:
         ae:7b:92:fc:81:8d:b8:1a:0e:2c:3e:fc:21:1c:b7:6f:a1:21:
         9b:92:e6:a0:73:61:ae:aa:96:02:d6:9c:5a:29:e4:42:1e:bd:
         f0:6b:19:ea:52:09:c0:22:0d:db:23:ac:a7:ad:b7:7d:40:6c:
         19:8d:3e:24:d4:35:84:96:52:43:dd:68:27:da:75:e3:0f:76:
         29:93:b3:7a:8f:9b:fe:1f:41:74:67:a0:2c:a0:86:31:36:c6:
         f4:a0:92:03:9c:e8:94:c2:e7:85:26:39:49:16:5d:c3:fd:dd:
         91:78:46:65:35:1d:d0:6c:21:a0:fc:65:be:1e:c0:44:82:db:
         5f:8d:aa:ab:79:e9:e4:1e:98:32:cd:a5:39:71:80:2c:d7:68:
         12:a4:17:05:c7:64:9b:ac:c2:c8:f9:d3:40:62:91:b9:e9:73:
         e7:13:4c:f2
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUVkdYCdj3dkKW/jV1/1eWmDHWv7IwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMWIxZmU2NzMyMWNmNjY5ZjljMmI3NTM2OWNjMGZkZDM4
YzE2M2M1OGIxZDQyZDAxMDcwHhcNMjQwNDIyMDAwMDAwWhcNMjQwNTI3MjM1OTU5
WjB6MUkwRwYDVQQFE0BiZmY4NjI4OGIzZDIzZDk2OGNjZTUxNzE1NTc0ZWY1ZDU1
MDE1NDM1OWQ4YWJkNzM5YzU3MjJhNWUwNTNlZWE5MS0wKwYDVQQDEyQzNTA5NWUz
ZS04NGNiLTRhZDAtYmRhMS02YzZmOGRhNjlmNjEwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC+d1AjvCjsmDH1IJsfg8E5DYANyVa2RTxd3gMgMoKaP8tT
KD+xm76SuydbuHtjMArcP4nJ5U5PGEL6PH5lecj/5b9fvq9qJM0eeI/rqku/Qtln
wf9fYafOJuwgZdghT4uANv5u3bIHN6eNNn5u5Va+Cot0EHt4H/yIdAxlAuqJsd1A
4fmvhfVdFJD9rYIMDJITJbti5dE4nPq2bnNktf2lkfULzCZR9DLmdhUL0GoiQHig
lGehMCExaEVmKGqeiWUTRZfNLJtDbMEGTYmrhF2f3/eZwmioWNWGTske80WVmS53
UwhxjymZhZLlguuu2aEQNvcPAljgexgSEb2ZV4pTAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUyTd1YueX34yGHhC1lBCnCEFbAsQwHwYDVR0jBBgwFoAUFfTvBPWvI5bJ
XxZC43kHi0iMFgswDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzViN2ZiMTIyLWRmZGYtNGMwYy1iOTBkLTNiYzdhNWZlYjgyYi9hYWE3NjM5NC00
OGZjLTRmZjMtYjZhYS0wNjkzYzU1ZDc1OGYvMWIxZmU2NzMyMWNmNjY5ZjljMmI3
NTM2OWNjMGZkZDM4YzE2M2M1OGIxZDQyZDAxMDcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZmY5ZmE4NGUtOTc4My00YTBiLWE1OGQtNmRj
OGUyNDMzZDMzLzE0ZDMyNWVjLTQ5ODEtNGQyOS1iOTlmLWJmYjlhZjRiMDBiNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2ZmOWZhODRlLTk3ODMtNGEwYi1hNThk
LTZkYzhlMjQzM2QzMy96MmFmbkN0MU5wekFfZE9NRmp4WXNkUXRBUWMuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAVCmKAwDQYJKoZIhvcNAQELBQADggEBAIgaVljD7hoy8fp4HTz2KzmCv7SF
kMzpGqVyoC5suodrTDK4yFyj4DjZB6cRWd5yf3mbaFWZ+CF3aae6KRC9O0MlCtrj
3x72Y/ezSA5ZF1CaAC16pYp/+ax0B657kvyBjbgaDiw+/CEct2+hIZuS5qBzYa6q
lgLWnFop5EIevfBrGepSCcAiDdsjrKett31AbBmNPiTUNYSWUkPdaCfadeMPdimT
s3qPm/4fQXRnoCyghjE2xvSgkgOc6JTC54UmOUkWXcP93ZF4RmU1HdBsIaD8Zb4e
wESC21+Nqqt56eQemDLNpTlxgCzXaBKkFwXHZJuswsj500Bikbnpc+cTTPI=
-----END CERTIFICATE-----