Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/ff9fa84e-9783-4a0b-a58d-6dc8e2433d33/ccb7a125-9270-4625-923b-72434616d70f.roa
File:                     ccb7a125-9270-4625-923b-72434616d70f.roa (raw, json)
Hash identifier:          Y1HT3ANWTYQVc0OoTsMyybhVjiuwIRe2F8/RLdd82tQ=
Subject key identifier:   CA:73:B7:11:9A:FC:35:EC:BC:DD:E9:EE:F1:D8:7B:FC:CB:6A:DA:CA
Certificate issuer:       /CN=1b1fe67321cf669f9c2b75369cc0fdd38c163c58b1d42d0107
Certificate serial:       26F575CF6666D02F68BDEA855F45AB90A3FCC02E
Authority key identifier: 15:F4:EF:04:F5:AF:23:96:C9:5F:16:42:E3:79:07:8B:48:8C:16:0B
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5b7fb122-dfdf-4c0c-b90d-3bc7a5feb82b/aaa76394-48fc-4ff3-b6aa-0693c55d758f/1b1fe67321cf669f9c2b75369cc0fdd38c163c58b1d42d0107.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/ff9fa84e-9783-4a0b-a58d-6dc8e2433d33/ccb7a125-9270-4625-923b-72434616d70f.roa
Signing time:             Mon 22 Apr 2024 00:00:00 +0000
ROA not before:           Mon 22 Apr 2024 00:00:00 +0000
ROA not after:            Mon 27 May 2024 23:59:59 +0000
asID:                     8987
IP address blocks:        216.127.160.0/19 maxlen: 24
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            26:f5:75:cf:66:66:d0:2f:68:bd:ea:85:5f:45:ab:90:a3:fc:c0:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b1fe67321cf669f9c2b75369cc0fdd38c163c58b1d42d0107
        Validity
            Not Before: Apr 22 00:00:00 2024 GMT
            Not After : May 27 23:59:59 2024 GMT
        Subject: CN=35095e3e-84cb-4ad0-bda1-6c6f8da69f61
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:4b:1c:13:f8:f5:c7:0a:b2:18:70:b3:4f:a4:
                    88:39:4b:3c:1b:c2:5b:84:f2:00:9e:85:c9:5c:92:
                    73:59:0f:65:d9:b5:21:c5:ac:37:21:b8:d0:0e:bd:
                    7d:e5:94:84:8d:84:f1:d6:01:1b:e8:4d:66:a8:b6:
                    3f:c7:4b:a4:48:3e:c5:1b:74:33:a9:62:19:e3:23:
                    9a:b3:ce:27:bd:3a:12:9f:0e:f8:28:eb:c7:e9:e6:
                    33:ae:40:f6:59:c9:10:c4:7b:b5:42:8f:43:cd:fe:
                    da:8f:cf:de:d1:29:a6:24:7b:c7:c3:7b:43:2e:a3:
                    54:3d:79:be:35:22:ad:03:04:c1:bb:a8:ed:28:d8:
                    06:08:b1:fb:ab:19:a6:ab:2c:0c:79:6d:91:cd:91:
                    89:3d:92:92:ac:9d:1a:1d:51:c4:8e:94:74:0b:e6:
                    58:7e:3f:6a:de:82:ba:eb:f3:79:c8:d5:6d:df:01:
                    2a:c4:d9:c4:cb:69:74:cc:20:7f:3f:1f:63:04:b8:
                    ca:85:14:d7:7f:da:c8:c1:a6:9f:c5:30:4a:37:0a:
                    5f:ed:23:97:00:17:f8:37:ed:e3:d9:f8:42:5a:57:
                    79:d0:3b:9d:29:e3:db:03:eb:44:a3:7a:f2:e9:b2:
                    31:1e:9d:69:38:c5:e2:88:11:e3:20:2c:4d:ef:5b:
                    09:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:73:B7:11:9A:FC:35:EC:BC:DD:E9:EE:F1:D8:7B:FC:CB:6A:DA:CA
            X509v3 Authority Key Identifier:
                keyid:15:F4:EF:04:F5:AF:23:96:C9:5F:16:42:E3:79:07:8B:48:8C:16:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5b7fb122-dfdf-4c0c-b90d-3bc7a5feb82b/aaa76394-48fc-4ff3-b6aa-0693c55d758f/1b1fe67321cf669f9c2b75369cc0fdd38c163c58b1d42d0107.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/ff9fa84e-9783-4a0b-a58d-6dc8e2433d33/ccb7a125-9270-4625-923b-72434616d70f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/ff9fa84e-9783-4a0b-a58d-6dc8e2433d33/z2afnCt1NpzA_dOMFjxYsdQtAQc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.127.160.0/19

    Signature Algorithm: sha256WithRSAEncryption
         8c:b6:99:c0:0f:1f:3f:ee:49:21:f4:cd:30:63:d3:b7:4e:34:
         3e:2b:59:a9:68:e3:eb:ea:44:0f:48:4c:74:d2:2f:15:5a:da:
         09:ce:37:ad:82:9f:e7:0c:db:b3:76:30:6c:62:86:31:88:23:
         95:01:2a:7d:55:8c:f9:a1:3f:74:67:a4:8a:1a:6f:14:7c:92:
         7d:45:5e:81:89:0b:a8:88:d8:34:b4:79:98:f6:80:75:2a:53:
         46:77:3d:63:b4:89:9b:6d:bc:35:84:79:1e:99:af:6a:66:ae:
         0c:b2:8f:64:4b:ca:9c:30:82:dd:27:1d:06:41:3e:ec:1b:22:
         95:ab:d7:bc:58:07:b1:33:98:c3:dc:42:3e:1e:f8:52:b8:45:
         15:a9:69:2e:e4:6f:e3:6f:ab:9a:e2:80:36:e4:55:5a:db:cd:
         cf:7d:90:9e:c5:99:6e:c7:e7:d9:bf:7d:cc:e8:9a:07:97:cd:
         ef:98:57:d1:5e:ab:92:83:29:8f:63:04:07:b8:64:66:d8:4c:
         f4:44:57:54:5c:cc:7c:08:63:d9:85:4f:7f:cf:89:37:1a:51:
         b5:52:7d:7b:66:77:09:d2:50:b4:51:83:43:3b:ba:02:b1:b2:
         5d:f8:ef:6d:9a:16:7f:00:6d:9b:fe:75:4f:33:df:cb:b3:18:
         35:6b:2b:a6
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUJvV1z2Zm0C9oveqFX0WrkKP8wC4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMWIxZmU2NzMyMWNmNjY5ZjljMmI3NTM2OWNjMGZkZDM4
YzE2M2M1OGIxZDQyZDAxMDcwHhcNMjQwNDIyMDAwMDAwWhcNMjQwNTI3MjM1OTU5
WjB6MUkwRwYDVQQFE0A3MjI5OGYwOWMyNTVjMjRiMjQzN2M5MWJiNjY2N2FhZjMy
M2JjMjBmNzgzYjQyOWE0MTM4Nzk1N2RiNTk0MmQyMS0wKwYDVQQDEyQzNTA5NWUz
ZS04NGNiLTRhZDAtYmRhMS02YzZmOGRhNjlmNjEwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDbSxwT+PXHCrIYcLNPpIg5SzwbwluE8gCehclcknNZD2XZ
tSHFrDchuNAOvX3llISNhPHWARvoTWaotj/HS6RIPsUbdDOpYhnjI5qzzie9OhKf
Dvgo68fp5jOuQPZZyRDEe7VCj0PN/tqPz97RKaYke8fDe0Muo1Q9eb41Iq0DBMG7
qO0o2AYIsfurGaarLAx5bZHNkYk9kpKsnRodUcSOlHQL5lh+P2regrrr83nI1W3f
ASrE2cTLaXTMIH8/H2MEuMqFFNd/2sjBpp/FMEo3Cl/tI5cAF/g37ePZ+EJaV3nQ
O50p49sD60SjevLpsjEenWk4xeKIEeMgLE3vWwn3AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUynO3EZr8Ney83enu8dh7/Mtq2sowHwYDVR0jBBgwFoAUFfTvBPWvI5bJ
XxZC43kHi0iMFgswDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzViN2ZiMTIyLWRmZGYtNGMwYy1iOTBkLTNiYzdhNWZlYjgyYi9hYWE3NjM5NC00
OGZjLTRmZjMtYjZhYS0wNjkzYzU1ZDc1OGYvMWIxZmU2NzMyMWNmNjY5ZjljMmI3
NTM2OWNjMGZkZDM4YzE2M2M1OGIxZDQyZDAxMDcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZmY5ZmE4NGUtOTc4My00YTBiLWE1OGQtNmRj
OGUyNDMzZDMzL2NjYjdhMTI1LTkyNzAtNDYyNS05MjNiLTcyNDM0NjE2ZDcwZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2ZmOWZhODRlLTk3ODMtNGEwYi1hNThk
LTZkYzhlMjQzM2QzMy96MmFmbkN0MU5wekFfZE9NRmp4WXNkUXRBUWMuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAXYf6AwDQYJKoZIhvcNAQELBQADggEBAIy2mcAPHz/uSSH0zTBj07dOND4r
Walo4+vqRA9ITHTSLxVa2gnON62Cn+cM27N2MGxihjGII5UBKn1VjPmhP3RnpIoa
bxR8kn1FXoGJC6iI2DS0eZj2gHUqU0Z3PWO0iZttvDWEeR6Zr2pmrgyyj2RLypww
gt0nHQZBPuwbIpWr17xYB7EzmMPcQj4e+FK4RRWpaS7kb+Nvq5rigDbkVVrbzc99
kJ7FmW7H59m/fczomgeXze+YV9Feq5KDKY9jBAe4ZGbYTPREV1RczHwIY9mFT3/P
iTcaUbVSfXtmdwnSULRRg0M7ugKxsl34722aFn8AbZv+dU8z38uzGDVrK6Y=
-----END CERTIFICATE-----