Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/ff9fa84e-9783-4a0b-a58d-6dc8e2433d33/4df6aadd-1ef4-41bd-a091-5164c382ff38.roa
File:                     4df6aadd-1ef4-41bd-a091-5164c382ff38.roa (raw, json)
Hash identifier:          BTnQG7ggogBSk6fhZANjEPgSf4P69plQc78Pe2fByuk=
Subject key identifier:   0D:0F:81:5A:C4:0F:23:9F:F3:7B:AB:07:03:7E:48:43:C4:9E:3F:F0
Certificate issuer:       /CN=1b1fe67321cf669f9c2b75369cc0fdd38c163c58b1d42d0107
Certificate serial:       377AC263BE6BC9FF62DE6B40AA6E1EB2F4DF066C
Authority key identifier: 15:F4:EF:04:F5:AF:23:96:C9:5F:16:42:E3:79:07:8B:48:8C:16:0B
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5b7fb122-dfdf-4c0c-b90d-3bc7a5feb82b/aaa76394-48fc-4ff3-b6aa-0693c55d758f/1b1fe67321cf669f9c2b75369cc0fdd38c163c58b1d42d0107.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/ff9fa84e-9783-4a0b-a58d-6dc8e2433d33/4df6aadd-1ef4-41bd-a091-5164c382ff38.roa
Signing time:             Mon 22 Apr 2024 00:00:00 +0000
ROA not before:           Mon 22 Apr 2024 00:00:00 +0000
ROA not after:            Mon 27 May 2024 23:59:59 +0000
asID:                     35916
IP address blocks:        173.82.75.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:7a:c2:63:be:6b:c9:ff:62:de:6b:40:aa:6e:1e:b2:f4:df:06:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b1fe67321cf669f9c2b75369cc0fdd38c163c58b1d42d0107
        Validity
            Not Before: Apr 22 00:00:00 2024 GMT
            Not After : May 27 23:59:59 2024 GMT
        Subject: serialNumber=b52d1fc3d4a1d245bdd9891c24d3657a1dd4d885593175bac2cc744d0c3b1415, CN=35095e3e-84cb-4ad0-bda1-6c6f8da69f61
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:12:ed:df:39:8d:cf:c0:b5:cc:a5:43:1f:08:
                    96:13:31:70:97:bd:70:3c:f5:6f:aa:8b:45:c6:d0:
                    36:67:4a:dd:80:02:14:08:ce:31:8b:1b:72:a0:26:
                    51:79:06:5e:bf:34:c0:dc:23:3d:f8:6b:c3:17:7c:
                    d7:e4:75:b7:e6:0d:ce:cf:cb:66:7e:b1:85:76:a2:
                    0a:33:46:60:86:25:56:52:e2:4b:33:28:c3:65:f9:
                    e5:d0:af:5a:8d:6c:55:e1:45:b7:6b:d6:7b:78:63:
                    94:a4:41:6e:72:95:2d:00:f9:a0:08:eb:4c:69:a7:
                    ef:b3:37:9d:7c:a8:80:04:5c:42:c8:f5:68:75:42:
                    6b:b6:be:b4:cb:a2:9f:f5:4a:00:17:da:b5:b5:a2:
                    ba:b7:f9:a2:02:e7:81:2c:76:88:9b:cc:05:bc:e9:
                    1a:af:d8:7d:46:d2:2c:fa:47:4a:fb:94:0f:79:41:
                    1e:d3:86:7e:5c:4b:3e:8a:32:56:db:c2:68:3b:99:
                    a3:2b:49:0e:90:04:27:6b:f0:48:f3:94:97:ca:35:
                    a9:c8:b7:ea:cd:88:09:1d:c2:b2:2f:e9:18:83:64:
                    0c:1c:6c:0d:fa:74:5c:3a:f6:02:a6:6d:5a:11:33:
                    c0:83:de:d3:f1:a6:e6:ee:69:41:32:94:02:5d:72:
                    0c:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:0F:81:5A:C4:0F:23:9F:F3:7B:AB:07:03:7E:48:43:C4:9E:3F:F0
            X509v3 Authority Key Identifier:
                keyid:15:F4:EF:04:F5:AF:23:96:C9:5F:16:42:E3:79:07:8B:48:8C:16:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5b7fb122-dfdf-4c0c-b90d-3bc7a5feb82b/aaa76394-48fc-4ff3-b6aa-0693c55d758f/1b1fe67321cf669f9c2b75369cc0fdd38c163c58b1d42d0107.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/ff9fa84e-9783-4a0b-a58d-6dc8e2433d33/4df6aadd-1ef4-41bd-a091-5164c382ff38.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/ff9fa84e-9783-4a0b-a58d-6dc8e2433d33/z2afnCt1NpzA_dOMFjxYsdQtAQc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  173.82.75.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:10:a6:3a:a9:9a:f9:8e:41:3c:0e:cd:99:3d:9c:80:a7:4b:
         22:15:20:9f:2e:a2:69:25:88:6a:64:6d:fe:c5:df:09:18:ab:
         39:73:df:8a:cb:d2:fc:aa:42:81:3d:b1:3d:27:23:77:d0:7c:
         15:19:2c:a8:42:3d:b7:7a:5a:e6:1a:e9:71:52:6d:52:46:95:
         42:28:e6:d5:d1:c3:3a:9c:09:dd:e1:a6:e8:f4:0f:45:1a:e9:
         ec:1b:20:63:59:8b:af:db:7e:90:0d:21:2e:64:d9:8e:5c:95:
         bb:d1:04:96:c3:83:cd:59:0e:07:cd:88:8f:14:5d:0f:29:80:
         fc:24:49:1d:48:b6:31:21:e3:e3:8c:9d:62:77:59:94:05:f3:
         8e:c4:12:c9:2a:71:18:e8:60:26:03:27:3e:51:87:c6:d7:19:
         cc:b1:b7:f9:32:b7:80:02:6c:0d:02:67:d4:53:79:55:aa:0d:
         b8:51:62:3a:55:04:d2:ec:c6:6b:79:4a:7f:79:bd:4a:b5:b5:
         59:9f:04:06:fc:d8:92:95:ad:3f:de:24:17:14:0a:1c:3b:b0:
         65:09:15:04:4f:74:26:a8:47:d2:ef:bf:9a:c8:53:c7:e4:b3:
         2e:70:19:5c:bb:56:7f:c0:2a:28:31:ec:e3:7a:b9:00:8e:a1:
         d9:10:c5:8c
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUN3rCY75ryf9i3mtAqm4esvTfBmwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMWIxZmU2NzMyMWNmNjY5ZjljMmI3NTM2OWNjMGZkZDM4
YzE2M2M1OGIxZDQyZDAxMDcwHhcNMjQwNDIyMDAwMDAwWhcNMjQwNTI3MjM1OTU5
WjB6MUkwRwYDVQQFE0BiNTJkMWZjM2Q0YTFkMjQ1YmRkOTg5MWMyNGQzNjU3YTFk
ZDRkODg1NTkzMTc1YmFjMmNjNzQ0ZDBjM2IxNDE1MS0wKwYDVQQDEyQzNTA5NWUz
ZS04NGNiLTRhZDAtYmRhMS02YzZmOGRhNjlmNjEwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCpEu3fOY3PwLXMpUMfCJYTMXCXvXA89W+qi0XG0DZnSt2A
AhQIzjGLG3KgJlF5Bl6/NMDcIz34a8MXfNfkdbfmDc7Py2Z+sYV2ogozRmCGJVZS
4kszKMNl+eXQr1qNbFXhRbdr1nt4Y5SkQW5ylS0A+aAI60xpp++zN518qIAEXELI
9Wh1Qmu2vrTLop/1SgAX2rW1orq3+aIC54EsdoibzAW86Rqv2H1G0iz6R0r7lA95
QR7Thn5cSz6KMlbbwmg7maMrSQ6QBCdr8EjzlJfKNanIt+rNiAkdwrIv6RiDZAwc
bA36dFw69gKmbVoRM8CD3tPxpubuaUEylAJdcgznAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUDQ+BWsQPI5/ze6sHA35IQ8SeP/AwHwYDVR0jBBgwFoAUFfTvBPWvI5bJ
XxZC43kHi0iMFgswDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzViN2ZiMTIyLWRmZGYtNGMwYy1iOTBkLTNiYzdhNWZlYjgyYi9hYWE3NjM5NC00
OGZjLTRmZjMtYjZhYS0wNjkzYzU1ZDc1OGYvMWIxZmU2NzMyMWNmNjY5ZjljMmI3
NTM2OWNjMGZkZDM4YzE2M2M1OGIxZDQyZDAxMDcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZmY5ZmE4NGUtOTc4My00YTBiLWE1OGQtNmRj
OGUyNDMzZDMzLzRkZjZhYWRkLTFlZjQtNDFiZC1hMDkxLTUxNjRjMzgyZmYzOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2ZmOWZhODRlLTk3ODMtNGEwYi1hNThk
LTZkYzhlMjQzM2QzMy96MmFmbkN0MU5wekFfZE9NRmp4WXNkUXRBUWMuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBACtUkswDQYJKoZIhvcNAQELBQADggEBAEIQpjqpmvmOQTwOzZk9nICnSyIV
IJ8uomkliGpkbf7F3wkYqzlz34rL0vyqQoE9sT0nI3fQfBUZLKhCPbd6WuYa6XFS
bVJGlUIo5tXRwzqcCd3hpuj0D0Ua6ewbIGNZi6/bfpANIS5k2Y5clbvRBJbDg81Z
DgfNiI8UXQ8pgPwkSR1ItjEh4+OMnWJ3WZQF847EEskqcRjoYCYDJz5Rh8bXGcyx
t/kyt4ACbA0CZ9RTeVWqDbhRYjpVBNLsxmt5Sn95vUq1tVmfBAb82JKVrT/eJBcU
Chw7sGUJFQRPdCaoR9Lvv5rIU8fksy5wGVy7Vn/AKigx7ON6uQCOodkQxYw=
-----END CERTIFICATE-----