Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/ff9fa84e-9783-4a0b-a58d-6dc8e2433d33/7e166f41-db2f-40b3-9542-76912f73c273.roa
File:                     7e166f41-db2f-40b3-9542-76912f73c273.roa (raw, json)
Hash identifier:          eZG2Q60is86ah8VEuWtxmAnqlZO3KD+v6UKSqiWmeOM=
Subject key identifier:   A5:09:2E:00:9B:60:91:E7:E5:D0:A5:FA:5A:62:36:E2:B3:74:DC:19
Certificate issuer:       /CN=1b1fe67321cf669f9c2b75369cc0fdd38c163c58b1d42d0107
Certificate serial:       66BAD5166A6296C66665AEB4C6FDA92EBD35FC53
Authority key identifier: 15:F4:EF:04:F5:AF:23:96:C9:5F:16:42:E3:79:07:8B:48:8C:16:0B
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5b7fb122-dfdf-4c0c-b90d-3bc7a5feb82b/aaa76394-48fc-4ff3-b6aa-0693c55d758f/1b1fe67321cf669f9c2b75369cc0fdd38c163c58b1d42d0107.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/ff9fa84e-9783-4a0b-a58d-6dc8e2433d33/7e166f41-db2f-40b3-9542-76912f73c273.roa
Signing time:             Mon 22 Apr 2024 00:00:00 +0000
ROA not before:           Mon 22 Apr 2024 00:00:00 +0000
ROA not after:            Mon 27 May 2024 23:59:59 +0000
asID:                     395681
IP address blocks:        173.82.27.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:ba:d5:16:6a:62:96:c6:66:65:ae:b4:c6:fd:a9:2e:bd:35:fc:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b1fe67321cf669f9c2b75369cc0fdd38c163c58b1d42d0107
        Validity
            Not Before: Apr 22 00:00:00 2024 GMT
            Not After : May 27 23:59:59 2024 GMT
        Subject: serialNumber=dccb40e6ce18de6de12c43775830a7f3d269faf336f7cd89f50b36633afac83f, CN=35095e3e-84cb-4ad0-bda1-6c6f8da69f61
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:9b:60:9b:3a:b4:bc:d0:f3:f4:41:b7:07:6c:
                    5c:20:f5:52:a5:f1:6e:c3:5b:45:c4:54:94:4b:54:
                    86:4e:24:94:2b:23:30:e8:fc:74:c9:dc:1a:5f:a5:
                    2c:bc:8f:e8:5d:c8:68:d1:98:90:af:89:b8:ce:5b:
                    a4:86:ec:72:7d:a3:29:67:cc:14:9a:ee:a0:b7:be:
                    a4:78:9c:91:a7:4e:60:7a:ad:21:1a:96:9c:3f:38:
                    04:33:d7:20:a9:7f:c6:b1:1e:06:30:a4:26:6f:13:
                    e7:25:34:14:25:03:34:c5:e1:9d:02:20:d1:ee:2a:
                    c8:fa:ca:49:6a:68:ae:8d:60:03:06:1b:37:f5:fc:
                    72:ef:68:17:0d:7f:3f:36:3d:23:11:c9:b2:21:4d:
                    7f:a7:39:2a:69:81:1a:fb:48:a1:7f:f2:75:a9:7e:
                    f8:42:d4:c9:5e:49:ed:83:a6:ad:cd:02:9c:15:9b:
                    de:8d:d1:7d:3d:1b:76:cf:b0:26:01:01:a7:46:53:
                    89:17:f4:5b:4f:08:00:ac:b1:34:27:15:cd:3c:f3:
                    cc:d3:1f:a9:4a:6b:87:57:fa:87:d2:c9:36:09:c9:
                    08:91:55:c9:cf:b9:7e:6d:fe:b4:31:71:3c:2a:22:
                    87:7a:db:c6:4a:a0:43:58:bf:9c:bf:6a:17:a9:84:
                    0a:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:09:2E:00:9B:60:91:E7:E5:D0:A5:FA:5A:62:36:E2:B3:74:DC:19
            X509v3 Authority Key Identifier:
                keyid:15:F4:EF:04:F5:AF:23:96:C9:5F:16:42:E3:79:07:8B:48:8C:16:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5b7fb122-dfdf-4c0c-b90d-3bc7a5feb82b/aaa76394-48fc-4ff3-b6aa-0693c55d758f/1b1fe67321cf669f9c2b75369cc0fdd38c163c58b1d42d0107.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/ff9fa84e-9783-4a0b-a58d-6dc8e2433d33/7e166f41-db2f-40b3-9542-76912f73c273.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/ff9fa84e-9783-4a0b-a58d-6dc8e2433d33/z2afnCt1NpzA_dOMFjxYsdQtAQc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  173.82.27.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:b6:af:ff:71:aa:29:48:a3:7a:72:39:0d:4c:52:9a:dd:dc:
         a3:67:e7:bc:77:dd:99:36:0d:3d:1b:b2:7d:b3:37:3a:5d:a6:
         92:6d:c4:0e:b4:ea:47:88:74:73:f8:5c:c7:7a:4f:aa:4b:89:
         ba:42:c0:0e:2f:13:be:ff:2c:31:a5:5b:b8:ff:87:05:3e:cb:
         54:3e:07:6a:cd:92:f1:49:e2:ab:45:4d:d2:65:0f:b3:69:1d:
         a5:95:cc:5c:e9:4b:55:63:0b:bc:3f:5b:01:b9:e1:9e:e4:33:
         10:c0:a7:e5:9d:00:1a:30:56:68:89:80:af:72:9e:fd:2d:04:
         37:34:75:be:19:69:7d:7f:dd:1a:7e:89:d9:99:0c:43:5f:6c:
         db:87:e5:65:46:e9:e0:77:d2:6f:5b:2b:ad:10:37:e4:c0:77:
         76:14:68:bc:51:55:f1:13:61:df:1e:26:15:be:c9:a6:f6:51:
         8e:b2:d0:f5:35:9d:a4:7c:14:dd:56:98:f7:1b:e8:17:60:0f:
         68:13:3d:b3:0b:25:ef:4b:c5:0d:81:9c:ac:85:32:e8:58:3d:
         ad:7e:a8:0c:e4:42:e2:64:55:11:79:9f:93:62:40:22:e8:5c:
         94:c0:cc:62:10:0d:0c:f4:69:ca:dd:4b:d8:d0:8c:73:2d:9c:
         40:46:37:bc
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUZrrVFmpilsZmZa60xv2pLr01/FMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMWIxZmU2NzMyMWNmNjY5ZjljMmI3NTM2OWNjMGZkZDM4
YzE2M2M1OGIxZDQyZDAxMDcwHhcNMjQwNDIyMDAwMDAwWhcNMjQwNTI3MjM1OTU5
WjB6MUkwRwYDVQQFE0BkY2NiNDBlNmNlMThkZTZkZTEyYzQzNzc1ODMwYTdmM2Qy
NjlmYWYzMzZmN2NkODlmNTBiMzY2MzNhZmFjODNmMS0wKwYDVQQDEyQzNTA5NWUz
ZS04NGNiLTRhZDAtYmRhMS02YzZmOGRhNjlmNjEwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCom2CbOrS80PP0QbcHbFwg9VKl8W7DW0XEVJRLVIZOJJQr
IzDo/HTJ3BpfpSy8j+hdyGjRmJCvibjOW6SG7HJ9oylnzBSa7qC3vqR4nJGnTmB6
rSEalpw/OAQz1yCpf8axHgYwpCZvE+clNBQlAzTF4Z0CINHuKsj6yklqaK6NYAMG
Gzf1/HLvaBcNfz82PSMRybIhTX+nOSppgRr7SKF/8nWpfvhC1MleSe2Dpq3NApwV
m96N0X09G3bPsCYBAadGU4kX9FtPCACssTQnFc0888zTH6lKa4dX+ofSyTYJyQiR
VcnPuX5t/rQxcTwqIod628ZKoENYv5y/ahephAopAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUpQkuAJtgkefl0KX6WmI24rN03BkwHwYDVR0jBBgwFoAUFfTvBPWvI5bJ
XxZC43kHi0iMFgswDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzViN2ZiMTIyLWRmZGYtNGMwYy1iOTBkLTNiYzdhNWZlYjgyYi9hYWE3NjM5NC00
OGZjLTRmZjMtYjZhYS0wNjkzYzU1ZDc1OGYvMWIxZmU2NzMyMWNmNjY5ZjljMmI3
NTM2OWNjMGZkZDM4YzE2M2M1OGIxZDQyZDAxMDcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZmY5ZmE4NGUtOTc4My00YTBiLWE1OGQtNmRj
OGUyNDMzZDMzLzdlMTY2ZjQxLWRiMmYtNDBiMy05NTQyLTc2OTEyZjczYzI3My5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2ZmOWZhODRlLTk3ODMtNGEwYi1hNThk
LTZkYzhlMjQzM2QzMy96MmFmbkN0MU5wekFfZE9NRmp4WXNkUXRBUWMuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBACtUhswDQYJKoZIhvcNAQELBQADggEBAHC2r/9xqilIo3pyOQ1MUprd3KNn
57x33Zk2DT0bsn2zNzpdppJtxA606keIdHP4XMd6T6pLibpCwA4vE77/LDGlW7j/
hwU+y1Q+B2rNkvFJ4qtFTdJlD7NpHaWVzFzpS1VjC7w/WwG54Z7kMxDAp+WdABow
VmiJgK9ynv0tBDc0db4ZaX1/3Rp+idmZDENfbNuH5WVG6eB30m9bK60QN+TAd3YU
aLxRVfETYd8eJhW+yab2UY6y0PU1naR8FN1WmPcb6BdgD2gTPbMLJe9LxQ2BnKyF
MuhYPa1+qAzkQuJkVRF5n5NiQCLoXJTAzGIQDQz0acrdS9jQjHMtnEBGN7w=
-----END CERTIFICATE-----