Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/ff9fa84e-9783-4a0b-a58d-6dc8e2433d33/77c95251-d7f2-4f97-ad2f-add28a7860ee.roa
File:                     77c95251-d7f2-4f97-ad2f-add28a7860ee.roa (raw, json)
Hash identifier:          Hqnu3wmb/FpyyUywhdKZTm7o2K1AyocybyEU3htRTyc=
Subject key identifier:   7E:D6:AD:36:20:5C:80:E6:D1:0C:8B:4F:AC:95:BA:AB:3D:70:F4:6A
Certificate issuer:       /CN=1b1fe67321cf669f9c2b75369cc0fdd38c163c58b1d42d0107
Certificate serial:       58E1435B64C9D7AF2CC6A8A49E28C898CFC5EA96
Authority key identifier: 15:F4:EF:04:F5:AF:23:96:C9:5F:16:42:E3:79:07:8B:48:8C:16:0B
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5b7fb122-dfdf-4c0c-b90d-3bc7a5feb82b/aaa76394-48fc-4ff3-b6aa-0693c55d758f/1b1fe67321cf669f9c2b75369cc0fdd38c163c58b1d42d0107.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/ff9fa84e-9783-4a0b-a58d-6dc8e2433d33/77c95251-d7f2-4f97-ad2f-add28a7860ee.roa
Signing time:             Mon 22 Apr 2024 00:00:00 +0000
ROA not before:           Mon 22 Apr 2024 00:00:00 +0000
ROA not after:            Mon 27 May 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        173.82.183.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:e1:43:5b:64:c9:d7:af:2c:c6:a8:a4:9e:28:c8:98:cf:c5:ea:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b1fe67321cf669f9c2b75369cc0fdd38c163c58b1d42d0107
        Validity
            Not Before: Apr 22 00:00:00 2024 GMT
            Not After : May 27 23:59:59 2024 GMT
        Subject: serialNumber=9ca00270a269160bdbbef4070590bc8dba1e90cc606a3b593280ca43011aeb0d, CN=35095e3e-84cb-4ad0-bda1-6c6f8da69f61
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:4c:33:83:a3:20:21:42:b1:86:71:eb:1b:94:
                    92:b0:c6:b9:cd:f5:48:a4:29:88:c9:75:8c:fb:ba:
                    02:4f:41:b8:f7:13:03:a1:88:06:bc:ae:9a:ee:c5:
                    4c:a9:fc:16:07:1b:b9:2e:e2:a2:b5:34:b7:84:ca:
                    f1:e4:85:39:45:c8:98:cd:70:a2:8c:71:0f:ad:ad:
                    de:07:16:ee:3a:57:2f:ff:27:d6:c3:75:dd:cf:95:
                    d0:27:f9:b6:7a:3a:0d:26:ee:75:b9:f3:66:4d:45:
                    98:fa:30:7c:0f:05:0f:5c:c1:e1:38:96:11:9a:df:
                    36:63:b2:75:e3:a4:26:cd:25:0d:84:16:d0:09:e7:
                    4e:eb:c7:fc:dc:db:42:b9:3f:51:a0:5d:ec:59:3a:
                    81:53:c8:17:24:6a:5d:24:a4:2a:cc:d3:5d:ae:2c:
                    77:36:09:80:74:b9:42:ab:88:8d:3d:71:f1:d9:66:
                    fb:0e:5b:0e:78:fd:9d:31:65:cc:bb:1f:a0:75:ce:
                    ae:01:a2:81:73:05:8b:d7:60:32:c9:b4:fd:1f:ed:
                    84:ab:55:07:a5:df:97:8a:15:1f:e5:15:01:e8:8d:
                    aa:eb:bc:bf:dd:bc:35:3b:7e:49:7b:d0:1e:ea:fe:
                    fe:f6:f2:e5:08:21:0e:4e:81:73:e5:11:04:bb:88:
                    60:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:D6:AD:36:20:5C:80:E6:D1:0C:8B:4F:AC:95:BA:AB:3D:70:F4:6A
            X509v3 Authority Key Identifier:
                keyid:15:F4:EF:04:F5:AF:23:96:C9:5F:16:42:E3:79:07:8B:48:8C:16:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5b7fb122-dfdf-4c0c-b90d-3bc7a5feb82b/aaa76394-48fc-4ff3-b6aa-0693c55d758f/1b1fe67321cf669f9c2b75369cc0fdd38c163c58b1d42d0107.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/ff9fa84e-9783-4a0b-a58d-6dc8e2433d33/77c95251-d7f2-4f97-ad2f-add28a7860ee.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/ff9fa84e-9783-4a0b-a58d-6dc8e2433d33/z2afnCt1NpzA_dOMFjxYsdQtAQc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  173.82.183.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:fa:b1:aa:ac:a9:1f:8e:8d:0b:13:8a:78:55:39:29:2b:53:
         76:dd:2e:3e:12:00:96:68:f1:ac:27:85:7f:61:47:97:8f:a8:
         f5:08:56:3b:ee:99:12:4c:8f:9e:96:8e:be:46:ac:9a:d2:11:
         77:43:fc:42:d2:f2:a4:ab:a2:3b:d1:00:b4:23:02:7b:c3:1e:
         bc:7e:2b:84:e6:26:42:c8:12:64:0d:b5:63:f7:2c:a3:6e:90:
         86:dc:d9:6f:86:7b:bb:39:cf:7a:dd:50:b1:5e:cb:c4:01:a4:
         d1:00:a7:ca:9b:11:d7:bb:77:0c:1c:2f:75:af:4d:10:f0:78:
         76:a5:17:ee:21:53:8b:fb:e9:6b:21:85:84:48:c3:89:59:55:
         8a:b9:ff:48:93:4f:7c:39:19:66:67:3c:51:7a:2f:b0:33:6c:
         14:53:20:aa:f0:26:5a:73:94:ea:8d:71:8e:54:ff:be:cc:15:
         9f:c2:76:f4:a1:25:c9:b9:5c:1a:f7:dc:02:49:2a:27:29:b4:
         f5:f1:20:4f:2f:81:d0:57:9c:d4:4a:5d:bb:51:72:cb:39:94:
         1b:e0:95:7e:ec:5f:69:f2:16:e5:42:cd:dc:78:e3:51:e3:ba:
         40:0d:28:47:3a:48:64:5c:7f:c1:2b:1e:79:9f:2a:00:0e:87:
         26:6c:ba:b9
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUWOFDW2TJ168sxqiknijImM/F6pYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMWIxZmU2NzMyMWNmNjY5ZjljMmI3NTM2OWNjMGZkZDM4
YzE2M2M1OGIxZDQyZDAxMDcwHhcNMjQwNDIyMDAwMDAwWhcNMjQwNTI3MjM1OTU5
WjB6MUkwRwYDVQQFE0A5Y2EwMDI3MGEyNjkxNjBiZGJiZWY0MDcwNTkwYmM4ZGJh
MWU5MGNjNjA2YTNiNTkzMjgwY2E0MzAxMWFlYjBkMS0wKwYDVQQDEyQzNTA5NWUz
ZS04NGNiLTRhZDAtYmRhMS02YzZmOGRhNjlmNjEwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCQTDODoyAhQrGGcesblJKwxrnN9UikKYjJdYz7ugJPQbj3
EwOhiAa8rpruxUyp/BYHG7ku4qK1NLeEyvHkhTlFyJjNcKKMcQ+trd4HFu46Vy//
J9bDdd3PldAn+bZ6Og0m7nW582ZNRZj6MHwPBQ9cweE4lhGa3zZjsnXjpCbNJQ2E
FtAJ507rx/zc20K5P1GgXexZOoFTyBckal0kpCrM012uLHc2CYB0uUKriI09cfHZ
ZvsOWw54/Z0xZcy7H6B1zq4BooFzBYvXYDLJtP0f7YSrVQel35eKFR/lFQHojarr
vL/dvDU7fkl70B7q/v728uUIIQ5OgXPlEQS7iGA3AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUftatNiBcgObRDItPrJW6qz1w9GowHwYDVR0jBBgwFoAUFfTvBPWvI5bJ
XxZC43kHi0iMFgswDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzViN2ZiMTIyLWRmZGYtNGMwYy1iOTBkLTNiYzdhNWZlYjgyYi9hYWE3NjM5NC00
OGZjLTRmZjMtYjZhYS0wNjkzYzU1ZDc1OGYvMWIxZmU2NzMyMWNmNjY5ZjljMmI3
NTM2OWNjMGZkZDM4YzE2M2M1OGIxZDQyZDAxMDcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZmY5ZmE4NGUtOTc4My00YTBiLWE1OGQtNmRj
OGUyNDMzZDMzLzc3Yzk1MjUxLWQ3ZjItNGY5Ny1hZDJmLWFkZDI4YTc4NjBlZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2ZmOWZhODRlLTk3ODMtNGEwYi1hNThk
LTZkYzhlMjQzM2QzMy96MmFmbkN0MU5wekFfZE9NRmp4WXNkUXRBUWMuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBACtUrcwDQYJKoZIhvcNAQELBQADggEBADf6saqsqR+OjQsTinhVOSkrU3bd
Lj4SAJZo8awnhX9hR5ePqPUIVjvumRJMj56Wjr5GrJrSEXdD/ELS8qSrojvRALQj
AnvDHrx+K4TmJkLIEmQNtWP3LKNukIbc2W+Ge7s5z3rdULFey8QBpNEAp8qbEde7
dwwcL3WvTRDweHalF+4hU4v76WshhYRIw4lZVYq5/0iTT3w5GWZnPFF6L7AzbBRT
IKrwJlpzlOqNcY5U/77MFZ/CdvShJcm5XBr33AJJKicptPXxIE8vgdBXnNRKXbtR
css5lBvglX7sX2nyFuVCzdx441HjukANKEc6SGRcf8ErHnmfKgAOhyZsurk=
-----END CERTIFICATE-----