Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/ff9fa84e-9783-4a0b-a58d-6dc8e2433d33/c703250b-e05e-4d1f-aa49-52612675500b.roa
File:                     c703250b-e05e-4d1f-aa49-52612675500b.roa (raw, json)
Hash identifier:          bKKxeXd+Q8JzY5wo8r/G8rftbFAfQNmH22c5g/oxFQs=
Subject key identifier:   01:CA:D6:6D:92:48:F6:65:C9:E7:AB:3D:FA:AE:43:40:8E:BA:03:EF
Certificate issuer:       /CN=1b1fe67321cf669f9c2b75369cc0fdd38c163c58b1d42d0107
Certificate serial:       1213F620E66AA1481F6959239F5E6F27888FEB68
Authority key identifier: 15:F4:EF:04:F5:AF:23:96:C9:5F:16:42:E3:79:07:8B:48:8C:16:0B
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5b7fb122-dfdf-4c0c-b90d-3bc7a5feb82b/aaa76394-48fc-4ff3-b6aa-0693c55d758f/1b1fe67321cf669f9c2b75369cc0fdd38c163c58b1d42d0107.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/ff9fa84e-9783-4a0b-a58d-6dc8e2433d33/c703250b-e05e-4d1f-aa49-52612675500b.roa
Signing time:             Mon 22 Apr 2024 00:00:00 +0000
ROA not before:           Mon 22 Apr 2024 00:00:00 +0000
ROA not after:            Mon 27 May 2024 23:59:59 +0000
asID:                     8987
IP address blocks:        66.152.164.0/24 maxlen: 24
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            12:13:f6:20:e6:6a:a1:48:1f:69:59:23:9f:5e:6f:27:88:8f:eb:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b1fe67321cf669f9c2b75369cc0fdd38c163c58b1d42d0107
        Validity
            Not Before: Apr 22 00:00:00 2024 GMT
            Not After : May 27 23:59:59 2024 GMT
        Subject: CN=35095e3e-84cb-4ad0-bda1-6c6f8da69f61
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f6:f9:53:f8:42:a2:ef:e4:33:7e:07:fe:3d:a0:
                    be:25:cc:0f:16:c7:a3:a3:51:5c:16:a2:84:2d:dd:
                    c6:a0:5c:c7:e4:52:1f:81:8d:0a:8d:42:ce:80:1a:
                    3a:0d:9c:87:a9:39:3c:5f:06:5b:ae:8c:39:5e:57:
                    65:0c:d8:a7:6a:cf:14:16:b1:f7:b4:c2:82:bd:07:
                    cc:02:d3:83:cf:b8:fa:96:3b:8d:60:6d:4e:9a:62:
                    a6:88:e7:f8:c8:e0:c6:11:3f:d9:cb:09:1d:e8:2b:
                    2e:42:01:32:de:6a:67:7a:44:36:8b:95:68:9e:25:
                    b6:18:90:8d:24:48:af:0c:aa:79:26:cd:2f:52:cf:
                    1f:9a:b4:ee:1b:c6:bf:aa:a3:03:64:db:14:da:e5:
                    ea:0a:c1:1a:3d:ef:8c:f0:b4:15:b4:30:d1:c0:da:
                    86:8e:de:71:03:90:e3:07:97:7e:51:74:09:1d:54:
                    18:04:56:c8:55:95:5d:9b:5d:1c:58:78:21:ff:06:
                    ba:83:81:6b:8e:31:31:a2:b4:ba:63:6b:23:f3:85:
                    48:32:7b:6c:2d:44:eb:8b:0f:64:d5:8f:1c:dd:8a:
                    d1:4c:c9:9a:59:dd:46:bb:73:13:5f:b6:b7:f7:09:
                    0e:1b:7c:ed:f1:7b:a7:dc:e5:97:1e:0d:1e:4f:d9:
                    01:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:CA:D6:6D:92:48:F6:65:C9:E7:AB:3D:FA:AE:43:40:8E:BA:03:EF
            X509v3 Authority Key Identifier:
                keyid:15:F4:EF:04:F5:AF:23:96:C9:5F:16:42:E3:79:07:8B:48:8C:16:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5b7fb122-dfdf-4c0c-b90d-3bc7a5feb82b/aaa76394-48fc-4ff3-b6aa-0693c55d758f/1b1fe67321cf669f9c2b75369cc0fdd38c163c58b1d42d0107.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/ff9fa84e-9783-4a0b-a58d-6dc8e2433d33/c703250b-e05e-4d1f-aa49-52612675500b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/ff9fa84e-9783-4a0b-a58d-6dc8e2433d33/z2afnCt1NpzA_dOMFjxYsdQtAQc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  66.152.164.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a5:e2:85:eb:34:9c:cc:c7:ad:74:9a:8e:13:61:7b:ea:aa:ac:
         32:d1:57:ad:de:b6:f7:dd:99:ed:80:86:78:e3:83:fe:26:9c:
         ec:37:1a:0c:d1:86:57:78:f4:93:10:52:39:20:b1:99:07:24:
         dd:bf:5f:12:c3:92:9a:55:9d:e9:a3:63:bd:b1:a0:62:28:5e:
         5b:13:ff:50:eb:3f:23:c9:a7:52:f3:b9:cf:a3:4c:1c:44:87:
         2e:a9:72:4d:8a:0b:67:6c:af:aa:04:f2:c5:58:db:77:02:b5:
         15:81:d6:80:b4:c2:ea:8d:0f:e2:fd:6f:04:9f:de:19:e7:21:
         b9:c3:6b:76:7b:72:15:54:3e:e7:da:1c:40:7c:5f:4b:2c:16:
         b6:3e:48:c6:a9:cc:e2:b2:b7:aa:e2:5b:32:42:ca:aa:88:56:
         24:ca:92:bc:6a:2b:6e:c3:e0:29:fb:d0:b7:08:dc:5b:09:72:
         cf:46:1e:9b:b4:9e:59:e4:70:e4:af:8e:90:51:e4:fb:5d:ee:
         9c:a8:d8:9e:6e:1a:4e:91:b0:f7:aa:a3:99:dd:f9:6f:f6:33:
         ed:61:19:fb:2a:05:ab:2c:bd:d5:44:82:a8:d2:41:d8:ef:c8:
         3a:47:c1:bb:e0:99:93:94:1e:8d:49:da:91:69:4f:7e:19:76:
         fa:c4:a5:69
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUEhP2IOZqoUgfaVkjn15vJ4iP62gwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMWIxZmU2NzMyMWNmNjY5ZjljMmI3NTM2OWNjMGZkZDM4
YzE2M2M1OGIxZDQyZDAxMDcwHhcNMjQwNDIyMDAwMDAwWhcNMjQwNTI3MjM1OTU5
WjB6MUkwRwYDVQQFE0BiY2U4ZDU3NmVlZTgzN2FmZGI3NGI5ZWE0ZjJhNzVhOTM0
YzhjMTFlYjkzZjM5NmU5MTQ3MTU2MjZlNzVhMjQ1MS0wKwYDVQQDEyQzNTA5NWUz
ZS04NGNiLTRhZDAtYmRhMS02YzZmOGRhNjlmNjEwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQD2+VP4QqLv5DN+B/49oL4lzA8Wx6OjUVwWooQt3cagXMfk
Uh+BjQqNQs6AGjoNnIepOTxfBluujDleV2UM2KdqzxQWsfe0woK9B8wC04PPuPqW
O41gbU6aYqaI5/jI4MYRP9nLCR3oKy5CATLeamd6RDaLlWieJbYYkI0kSK8Mqnkm
zS9Szx+atO4bxr+qowNk2xTa5eoKwRo974zwtBW0MNHA2oaO3nEDkOMHl35RdAkd
VBgEVshVlV2bXRxYeCH/BrqDgWuOMTGitLpjayPzhUgye2wtROuLD2TVjxzditFM
yZpZ3Ua7cxNftrf3CQ4bfO3xe6fc5ZceDR5P2QHrAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUAcrWbZJI9mXJ56s9+q5DQI66A+8wHwYDVR0jBBgwFoAUFfTvBPWvI5bJ
XxZC43kHi0iMFgswDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzViN2ZiMTIyLWRmZGYtNGMwYy1iOTBkLTNiYzdhNWZlYjgyYi9hYWE3NjM5NC00
OGZjLTRmZjMtYjZhYS0wNjkzYzU1ZDc1OGYvMWIxZmU2NzMyMWNmNjY5ZjljMmI3
NTM2OWNjMGZkZDM4YzE2M2M1OGIxZDQyZDAxMDcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZmY5ZmE4NGUtOTc4My00YTBiLWE1OGQtNmRj
OGUyNDMzZDMzL2M3MDMyNTBiLWUwNWUtNGQxZi1hYTQ5LTUyNjEyNjc1NTAwYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2ZmOWZhODRlLTk3ODMtNGEwYi1hNThk
LTZkYzhlMjQzM2QzMy96MmFmbkN0MU5wekFfZE9NRmp4WXNkUXRBUWMuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABCmKQwDQYJKoZIhvcNAQELBQADggEBAKXihes0nMzHrXSajhNhe+qqrDLR
V63etvfdme2Ahnjjg/4mnOw3GgzRhld49JMQUjkgsZkHJN2/XxLDkppVnemjY72x
oGIoXlsT/1DrPyPJp1Lzuc+jTBxEhy6pck2KC2dsr6oE8sVY23cCtRWB1oC0wuqN
D+L9bwSf3hnnIbnDa3Z7chVUPufaHEB8X0ssFrY+SMapzOKyt6riWzJCyqqIViTK
krxqK27D4Cn70LcI3FsJcs9GHpu0nlnkcOSvjpBR5Ptd7pyo2J5uGk6RsPeqo5nd
+W/2M+1hGfsqBassvdVEgqjSQdjvyDpHwbvgmZOUHo1J2pFpT34ZdvrEpWk=
-----END CERTIFICATE-----