Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/ff9fa84e-9783-4a0b-a58d-6dc8e2433d33/dc321690-857c-4bf5-b9f1-f76cf8d6d950.roa
File:                     dc321690-857c-4bf5-b9f1-f76cf8d6d950.roa (raw, json)
Hash identifier:          W8a/kCygSlY55wVBi1xQ5r87ZcgS+rkJNQqvA10flec=
Subject key identifier:   33:96:FD:F7:BA:C2:EF:D2:F0:4B:78:C6:95:18:14:57:6B:26:D7:7B
Certificate issuer:       /CN=1b1fe67321cf669f9c2b75369cc0fdd38c163c58b1d42d0107
Certificate serial:       22C62A537DBEE72F0AC31CED3AB19E2B9F30433B
Authority key identifier: 15:F4:EF:04:F5:AF:23:96:C9:5F:16:42:E3:79:07:8B:48:8C:16:0B
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5b7fb122-dfdf-4c0c-b90d-3bc7a5feb82b/aaa76394-48fc-4ff3-b6aa-0693c55d758f/1b1fe67321cf669f9c2b75369cc0fdd38c163c58b1d42d0107.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/ff9fa84e-9783-4a0b-a58d-6dc8e2433d33/dc321690-857c-4bf5-b9f1-f76cf8d6d950.roa
Signing time:             Mon 22 Apr 2024 00:00:00 +0000
ROA not before:           Mon 22 Apr 2024 00:00:00 +0000
ROA not after:            Mon 27 May 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        173.82.75.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:c6:2a:53:7d:be:e7:2f:0a:c3:1c:ed:3a:b1:9e:2b:9f:30:43:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b1fe67321cf669f9c2b75369cc0fdd38c163c58b1d42d0107
        Validity
            Not Before: Apr 22 00:00:00 2024 GMT
            Not After : May 27 23:59:59 2024 GMT
        Subject: serialNumber=ffa17869f388f54c857cdc34092b53e485f8a6271f7452a579a8d008fb1f69fd, CN=35095e3e-84cb-4ad0-bda1-6c6f8da69f61
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:3a:22:22:5f:1c:cd:3e:fa:ad:a1:c3:5a:db:
                    8b:ef:32:65:f9:cb:c0:1c:57:7a:55:fd:52:2a:84:
                    8c:42:85:ac:51:c5:23:71:01:fe:8d:a1:cb:3f:61:
                    34:7b:74:79:a0:1c:85:6f:5e:fd:76:5a:fb:4e:25:
                    d8:82:3d:9e:4b:6e:9e:65:b5:eb:01:4c:07:4e:6f:
                    53:3e:1c:ff:35:83:ae:b0:84:71:5d:ca:52:21:ec:
                    e0:b3:5d:d2:ca:56:60:c9:92:1f:61:40:16:b0:72:
                    c0:74:1b:40:94:da:40:bb:c9:ea:e3:de:05:70:36:
                    46:74:2b:f0:80:cd:e7:a0:e2:67:13:87:fa:8c:37:
                    31:61:a3:82:68:40:0d:0c:1d:4d:93:e7:2c:9a:0c:
                    13:e8:36:2a:a1:a9:8f:4d:28:c6:60:0b:ef:f0:90:
                    53:92:a9:e0:01:8a:4c:92:8a:5a:ed:73:05:21:9d:
                    1d:77:c7:be:36:52:3f:b3:68:11:4b:3d:63:15:67:
                    16:30:ce:d3:3c:5d:11:5f:07:3c:5b:01:d4:9e:7c:
                    dc:85:2f:85:94:36:a2:03:f5:c1:2a:f5:e5:d2:87:
                    d2:26:80:a8:1c:98:70:35:b6:b9:fd:cf:20:8f:a4:
                    df:16:13:e2:d0:84:b9:76:e6:ed:b4:a5:cf:6e:18:
                    3f:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:96:FD:F7:BA:C2:EF:D2:F0:4B:78:C6:95:18:14:57:6B:26:D7:7B
            X509v3 Authority Key Identifier:
                keyid:15:F4:EF:04:F5:AF:23:96:C9:5F:16:42:E3:79:07:8B:48:8C:16:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5b7fb122-dfdf-4c0c-b90d-3bc7a5feb82b/aaa76394-48fc-4ff3-b6aa-0693c55d758f/1b1fe67321cf669f9c2b75369cc0fdd38c163c58b1d42d0107.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/ff9fa84e-9783-4a0b-a58d-6dc8e2433d33/dc321690-857c-4bf5-b9f1-f76cf8d6d950.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/ff9fa84e-9783-4a0b-a58d-6dc8e2433d33/z2afnCt1NpzA_dOMFjxYsdQtAQc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  173.82.75.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:3d:74:bb:4e:e7:f8:19:3b:99:b1:60:67:db:70:35:f9:03:
         38:8e:59:d6:5e:a5:f6:2f:ad:12:70:50:1b:9f:89:5f:19:c4:
         8d:7e:48:92:37:62:a9:74:9b:31:08:5e:09:30:b7:ca:b4:b3:
         bd:68:4f:c4:fa:c1:5d:f3:83:e3:4d:fe:1c:dc:30:be:3d:3e:
         a9:91:a0:5b:44:39:4f:d0:82:2b:f3:46:6f:c0:ed:bf:38:f0:
         04:39:da:a7:dd:33:c5:e4:7a:85:49:26:8f:fa:7f:64:d8:a5:
         fd:e3:90:d6:3b:fb:f2:06:2a:8f:18:bc:5d:ae:e8:23:be:25:
         5d:fa:ba:c2:a3:9f:22:ea:69:95:c1:d2:0a:25:a6:c9:f3:15:
         f3:1a:35:77:fc:63:fc:54:e3:ad:5f:b1:8c:d4:00:ae:47:bf:
         6c:78:de:18:14:e4:98:b3:7e:d7:2d:29:18:e9:45:15:4b:f5:
         4a:36:74:c5:e0:89:d6:bf:02:e9:a8:52:3c:00:84:a4:63:d1:
         69:56:76:70:b7:c6:9e:a0:31:5f:c3:d9:44:df:11:72:7b:69:
         3f:40:73:31:36:ab:ae:d8:04:a9:a9:51:71:41:3b:77:f6:bc:
         1f:48:60:06:03:02:fc:14:ca:96:08:58:8b:06:26:97:aa:48:
         63:f2:d8:98
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUIsYqU32+5y8KwxztOrGeK58wQzswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMWIxZmU2NzMyMWNmNjY5ZjljMmI3NTM2OWNjMGZkZDM4
YzE2M2M1OGIxZDQyZDAxMDcwHhcNMjQwNDIyMDAwMDAwWhcNMjQwNTI3MjM1OTU5
WjB6MUkwRwYDVQQFE0BmZmExNzg2OWYzODhmNTRjODU3Y2RjMzQwOTJiNTNlNDg1
ZjhhNjI3MWY3NDUyYTU3OWE4ZDAwOGZiMWY2OWZkMS0wKwYDVQQDEyQzNTA5NWUz
ZS04NGNiLTRhZDAtYmRhMS02YzZmOGRhNjlmNjEwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCQOiIiXxzNPvqtocNa24vvMmX5y8AcV3pV/VIqhIxChaxR
xSNxAf6Nocs/YTR7dHmgHIVvXv12WvtOJdiCPZ5Lbp5ltesBTAdOb1M+HP81g66w
hHFdylIh7OCzXdLKVmDJkh9hQBawcsB0G0CU2kC7yerj3gVwNkZ0K/CAzeeg4mcT
h/qMNzFho4JoQA0MHU2T5yyaDBPoNiqhqY9NKMZgC+/wkFOSqeABikySilrtcwUh
nR13x742Uj+zaBFLPWMVZxYwztM8XRFfBzxbAdSefNyFL4WUNqID9cEq9eXSh9Im
gKgcmHA1trn9zyCPpN8WE+LQhLl25u20pc9uGD9lAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUM5b997rC79LwS3jGlRgUV2sm13swHwYDVR0jBBgwFoAUFfTvBPWvI5bJ
XxZC43kHi0iMFgswDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzViN2ZiMTIyLWRmZGYtNGMwYy1iOTBkLTNiYzdhNWZlYjgyYi9hYWE3NjM5NC00
OGZjLTRmZjMtYjZhYS0wNjkzYzU1ZDc1OGYvMWIxZmU2NzMyMWNmNjY5ZjljMmI3
NTM2OWNjMGZkZDM4YzE2M2M1OGIxZDQyZDAxMDcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZmY5ZmE4NGUtOTc4My00YTBiLWE1OGQtNmRj
OGUyNDMzZDMzL2RjMzIxNjkwLTg1N2MtNGJmNS1iOWYxLWY3NmNmOGQ2ZDk1MC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2ZmOWZhODRlLTk3ODMtNGEwYi1hNThk
LTZkYzhlMjQzM2QzMy96MmFmbkN0MU5wekFfZE9NRmp4WXNkUXRBUWMuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBACtUkswDQYJKoZIhvcNAQELBQADggEBAHg9dLtO5/gZO5mxYGfbcDX5AziO
WdZepfYvrRJwUBufiV8ZxI1+SJI3Yql0mzEIXgkwt8q0s71oT8T6wV3zg+NN/hzc
ML49PqmRoFtEOU/QgivzRm/A7b848AQ52qfdM8XkeoVJJo/6f2TYpf3jkNY7+/IG
Ko8YvF2u6CO+JV36usKjnyLqaZXB0golpsnzFfMaNXf8Y/xU461fsYzUAK5Hv2x4
3hgU5JizftctKRjpRRVL9Uo2dMXgida/AumoUjwAhKRj0WlWdnC3xp6gMV/D2UTf
EXJ7aT9AczE2q67YBKmpUXFBO3f2vB9IYAYDAvwUypYIWIsGJpeqSGPy2Jg=
-----END CERTIFICATE-----