Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/ff9fa84e-9783-4a0b-a58d-6dc8e2433d33/76660b17-6eb2-4ba8-9190-9dc2ab712337.roa
File:                     76660b17-6eb2-4ba8-9190-9dc2ab712337.roa (raw, json)
Hash identifier:          +upNDgMklKg5x20RitIfYWtbzd91NEUYY9AU3cQgYz0=
Subject key identifier:   9A:DE:91:DD:83:A7:0E:83:2D:FD:2C:21:CD:F0:74:02:CA:F1:A9:15
Certificate issuer:       /CN=1b1fe67321cf669f9c2b75369cc0fdd38c163c58b1d42d0107
Certificate serial:       23F9C24F60C2DB7023C6AF52D6706075D2F3DAD8
Authority key identifier: 15:F4:EF:04:F5:AF:23:96:C9:5F:16:42:E3:79:07:8B:48:8C:16:0B
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5b7fb122-dfdf-4c0c-b90d-3bc7a5feb82b/aaa76394-48fc-4ff3-b6aa-0693c55d758f/1b1fe67321cf669f9c2b75369cc0fdd38c163c58b1d42d0107.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/ff9fa84e-9783-4a0b-a58d-6dc8e2433d33/76660b17-6eb2-4ba8-9190-9dc2ab712337.roa
Signing time:             Mon 22 Apr 2024 00:00:00 +0000
ROA not before:           Mon 22 Apr 2024 00:00:00 +0000
ROA not after:            Mon 27 May 2024 23:59:59 +0000
asID:                     35916
IP address blocks:        173.82.27.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            23:f9:c2:4f:60:c2:db:70:23:c6:af:52:d6:70:60:75:d2:f3:da:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b1fe67321cf669f9c2b75369cc0fdd38c163c58b1d42d0107
        Validity
            Not Before: Apr 22 00:00:00 2024 GMT
            Not After : May 27 23:59:59 2024 GMT
        Subject: serialNumber=0424bdbd3a78d23bd0345d915cda79d185bb64df1f9ca53c382a89019eb2e97d, CN=35095e3e-84cb-4ad0-bda1-6c6f8da69f61
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:cc:1f:7c:66:c5:b7:59:f3:f2:bb:82:d7:1a:
                    10:1b:bf:f3:2e:c0:84:10:ae:de:bd:cd:ce:0a:ed:
                    99:75:f6:ed:36:b7:a1:41:22:c5:5d:a8:fc:f9:b6:
                    81:29:4b:3d:cc:0a:78:2e:26:ab:42:67:e4:93:8d:
                    5e:7e:59:c8:71:51:c6:d2:a4:e0:81:37:3d:8b:80:
                    61:05:d5:09:b0:82:ed:07:0d:f4:48:e3:f2:2f:26:
                    70:73:37:ff:0f:45:38:38:1d:a6:7c:65:ae:35:13:
                    e0:50:1e:01:dc:19:23:1a:51:e2:65:dd:ac:c3:1b:
                    43:b6:bf:34:06:e6:e1:eb:c9:bc:74:5f:3b:d0:20:
                    2f:ec:56:81:54:ab:8b:30:12:6c:0c:c8:32:52:7f:
                    b0:ec:1e:b0:7d:47:56:dd:fd:23:07:5e:4b:d6:93:
                    3c:90:b2:99:f2:e6:55:ce:16:83:6b:ac:55:7a:8b:
                    51:85:60:d7:68:02:62:53:70:58:5a:b4:b3:d1:61:
                    fb:1a:f1:57:d9:6c:96:a3:5b:6a:72:d8:4e:90:81:
                    cf:7d:5d:20:5e:72:cc:73:b7:47:1a:e1:5f:a1:66:
                    34:a1:e3:d0:98:1e:6d:2f:cc:3c:c5:88:07:0c:95:
                    11:6b:23:51:58:ff:ca:0d:98:e5:90:68:52:6a:3e:
                    59:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:DE:91:DD:83:A7:0E:83:2D:FD:2C:21:CD:F0:74:02:CA:F1:A9:15
            X509v3 Authority Key Identifier:
                keyid:15:F4:EF:04:F5:AF:23:96:C9:5F:16:42:E3:79:07:8B:48:8C:16:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5b7fb122-dfdf-4c0c-b90d-3bc7a5feb82b/aaa76394-48fc-4ff3-b6aa-0693c55d758f/1b1fe67321cf669f9c2b75369cc0fdd38c163c58b1d42d0107.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/ff9fa84e-9783-4a0b-a58d-6dc8e2433d33/76660b17-6eb2-4ba8-9190-9dc2ab712337.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/ff9fa84e-9783-4a0b-a58d-6dc8e2433d33/z2afnCt1NpzA_dOMFjxYsdQtAQc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  173.82.27.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:90:d1:9d:02:19:fc:f7:38:d3:48:b4:4b:cc:84:db:02:96:
         b0:94:7c:12:57:18:aa:74:99:62:cf:49:cb:04:e8:38:0f:52:
         e5:fc:df:84:14:73:a9:86:e2:79:e1:41:63:58:c8:6d:88:29:
         10:89:b7:41:bf:74:67:0b:e6:17:80:d8:2a:71:32:e9:1c:84:
         1b:ea:35:fd:d6:ac:0c:6a:e3:62:a5:0b:f1:36:0d:a7:60:71:
         0b:1a:bb:b7:42:da:a4:25:47:25:8c:5c:be:11:87:a1:56:1b:
         ab:03:fc:86:17:b7:32:75:03:62:16:e9:fc:59:d6:d4:eb:cc:
         3d:c4:41:31:7f:cb:1f:bf:fd:f0:a1:60:73:1f:da:29:b4:2c:
         1b:be:96:98:e8:aa:6f:f0:5c:cd:fc:35:28:cc:4e:20:9c:81:
         e5:1e:e3:7f:3d:1c:b2:c0:03:54:35:3a:34:08:38:94:6c:08:
         c5:83:d9:2d:87:88:05:d3:f8:1f:97:02:d7:56:e9:3e:d2:85:
         f5:a1:c9:b5:f6:05:2d:56:4d:be:03:ce:db:b1:fb:1d:6a:2b:
         2f:8b:2c:e1:2c:1e:89:3d:f3:ff:21:7b:33:9e:41:94:8d:6c:
         72:a4:db:f3:be:2e:fd:ef:61:71:35:4b:c6:77:83:34:4e:89:
         f1:79:e3:12
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUI/nCT2DC23Ajxq9S1nBgddLz2tgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMWIxZmU2NzMyMWNmNjY5ZjljMmI3NTM2OWNjMGZkZDM4
YzE2M2M1OGIxZDQyZDAxMDcwHhcNMjQwNDIyMDAwMDAwWhcNMjQwNTI3MjM1OTU5
WjB6MUkwRwYDVQQFE0AwNDI0YmRiZDNhNzhkMjNiZDAzNDVkOTE1Y2RhNzlkMTg1
YmI2NGRmMWY5Y2E1M2MzODJhODkwMTllYjJlOTdkMS0wKwYDVQQDEyQzNTA5NWUz
ZS04NGNiLTRhZDAtYmRhMS02YzZmOGRhNjlmNjEwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCgzB98ZsW3WfPyu4LXGhAbv/MuwIQQrt69zc4K7Zl19u02
t6FBIsVdqPz5toEpSz3MCnguJqtCZ+STjV5+WchxUcbSpOCBNz2LgGEF1Qmwgu0H
DfRI4/IvJnBzN/8PRTg4HaZ8Za41E+BQHgHcGSMaUeJl3azDG0O2vzQG5uHrybx0
XzvQIC/sVoFUq4swEmwMyDJSf7DsHrB9R1bd/SMHXkvWkzyQspny5lXOFoNrrFV6
i1GFYNdoAmJTcFhatLPRYfsa8VfZbJajW2py2E6Qgc99XSBecsxzt0ca4V+hZjSh
49CYHm0vzDzFiAcMlRFrI1FY/8oNmOWQaFJqPllhAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUmt6R3YOnDoMt/SwhzfB0AsrxqRUwHwYDVR0jBBgwFoAUFfTvBPWvI5bJ
XxZC43kHi0iMFgswDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzViN2ZiMTIyLWRmZGYtNGMwYy1iOTBkLTNiYzdhNWZlYjgyYi9hYWE3NjM5NC00
OGZjLTRmZjMtYjZhYS0wNjkzYzU1ZDc1OGYvMWIxZmU2NzMyMWNmNjY5ZjljMmI3
NTM2OWNjMGZkZDM4YzE2M2M1OGIxZDQyZDAxMDcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZmY5ZmE4NGUtOTc4My00YTBiLWE1OGQtNmRj
OGUyNDMzZDMzLzc2NjYwYjE3LTZlYjItNGJhOC05MTkwLTlkYzJhYjcxMjMzNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2ZmOWZhODRlLTk3ODMtNGEwYi1hNThk
LTZkYzhlMjQzM2QzMy96MmFmbkN0MU5wekFfZE9NRmp4WXNkUXRBUWMuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBACtUhswDQYJKoZIhvcNAQELBQADggEBADOQ0Z0CGfz3ONNItEvMhNsClrCU
fBJXGKp0mWLPScsE6DgPUuX834QUc6mG4nnhQWNYyG2IKRCJt0G/dGcL5heA2Cpx
MukchBvqNf3WrAxq42KlC/E2DadgcQsau7dC2qQlRyWMXL4Rh6FWG6sD/IYXtzJ1
A2IW6fxZ1tTrzD3EQTF/yx+//fChYHMf2im0LBu+lpjoqm/wXM38NSjMTiCcgeUe
4389HLLAA1Q1OjQIOJRsCMWD2S2HiAXT+B+XAtdW6T7ShfWhybX2BS1WTb4Dztux
+x1qKy+LLOEsHok98/8hezOeQZSNbHKk2/O+Lv3vYXE1S8Z3gzROifF54xI=
-----END CERTIFICATE-----