Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/ff9fa84e-9783-4a0b-a58d-6dc8e2433d33/f6b673f3-bad5-4ed1-bd67-6541cc43ee76.roa
File:                     f6b673f3-bad5-4ed1-bd67-6541cc43ee76.roa (raw, json)
Hash identifier:          4BYY4KW83XV44ZJP9/6Zf3GSy3g0suhs0cBXgD+vobw=
Subject key identifier:   4B:4B:86:10:A7:45:83:7E:DD:4A:A0:74:90:C9:AD:F5:10:62:B4:A3
Certificate issuer:       /CN=1b1fe67321cf669f9c2b75369cc0fdd38c163c58b1d42d0107
Certificate serial:       65B3D435888602FA2F1C8D5F977D8897F1090814
Authority key identifier: 15:F4:EF:04:F5:AF:23:96:C9:5F:16:42:E3:79:07:8B:48:8C:16:0B
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5b7fb122-dfdf-4c0c-b90d-3bc7a5feb82b/aaa76394-48fc-4ff3-b6aa-0693c55d758f/1b1fe67321cf669f9c2b75369cc0fdd38c163c58b1d42d0107.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/ff9fa84e-9783-4a0b-a58d-6dc8e2433d33/f6b673f3-bad5-4ed1-bd67-6541cc43ee76.roa
Signing time:             Mon 22 Apr 2024 00:00:00 +0000
ROA not before:           Mon 22 Apr 2024 00:00:00 +0000
ROA not after:            Mon 27 May 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        66.152.164.0/24 maxlen: 24
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:b3:d4:35:88:86:02:fa:2f:1c:8d:5f:97:7d:88:97:f1:09:08:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b1fe67321cf669f9c2b75369cc0fdd38c163c58b1d42d0107
        Validity
            Not Before: Apr 22 00:00:00 2024 GMT
            Not After : May 27 23:59:59 2024 GMT
        Subject: CN=35095e3e-84cb-4ad0-bda1-6c6f8da69f61
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:50:1e:3a:b9:f4:7c:9d:c8:e9:8a:58:96:a5:
                    1d:35:13:84:23:47:f0:55:5d:b3:4a:c2:e3:2a:d3:
                    74:74:d6:ad:fd:a6:97:60:95:94:04:3c:91:f1:fa:
                    01:d3:dd:0d:c7:15:b5:2c:af:b4:66:b6:9a:c8:7d:
                    de:0b:1f:9c:71:69:6d:23:ec:7d:7c:f1:6c:84:31:
                    ae:9a:ae:ef:e5:bb:6a:7f:10:cd:2b:a4:98:97:c7:
                    29:10:49:23:11:b5:7e:f8:37:c8:e6:fc:79:7f:9d:
                    a0:80:82:9d:49:86:d4:67:fc:66:ec:44:66:e0:39:
                    e0:93:dc:7a:18:03:d0:81:1c:c6:65:23:7c:86:60:
                    2a:a2:eb:17:7d:0c:ee:2b:86:b2:0c:6f:2f:7e:80:
                    f7:a9:3c:1e:66:25:a9:e9:0d:db:35:05:86:a9:a6:
                    6f:c0:c0:9e:c2:96:7f:96:e5:b9:13:59:94:4e:40:
                    a4:41:8e:38:f6:41:a3:f1:f5:65:0a:9c:4a:28:56:
                    ea:ac:95:76:20:a2:5d:70:ea:dd:24:d2:bd:b4:46:
                    f8:62:91:af:29:ba:fd:c9:0a:eb:0d:62:6c:88:bc:
                    b6:eb:fe:16:20:ac:f0:8c:5e:cf:8d:d3:21:58:ab:
                    f3:fd:96:47:ce:08:e7:93:4b:a5:77:3e:b8:71:52:
                    2c:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:4B:86:10:A7:45:83:7E:DD:4A:A0:74:90:C9:AD:F5:10:62:B4:A3
            X509v3 Authority Key Identifier:
                keyid:15:F4:EF:04:F5:AF:23:96:C9:5F:16:42:E3:79:07:8B:48:8C:16:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5b7fb122-dfdf-4c0c-b90d-3bc7a5feb82b/aaa76394-48fc-4ff3-b6aa-0693c55d758f/1b1fe67321cf669f9c2b75369cc0fdd38c163c58b1d42d0107.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/ff9fa84e-9783-4a0b-a58d-6dc8e2433d33/f6b673f3-bad5-4ed1-bd67-6541cc43ee76.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/ff9fa84e-9783-4a0b-a58d-6dc8e2433d33/z2afnCt1NpzA_dOMFjxYsdQtAQc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  66.152.164.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:f0:71:20:90:db:cb:5b:06:12:8e:9d:ec:13:6a:60:f7:59:
         91:0b:03:0d:c9:29:24:6a:75:93:89:95:cd:31:27:3d:61:e2:
         ae:6c:1e:e2:7d:5e:25:4c:80:df:41:7a:f0:93:1c:1a:2d:4e:
         1f:91:32:e0:c6:4b:9e:44:76:52:98:0a:6b:d8:e8:e3:85:01:
         62:66:02:b9:22:70:c3:0c:ef:40:60:b7:aa:21:97:25:00:8f:
         44:68:64:5b:13:0f:0c:cb:f4:4b:a2:ec:38:b3:a2:06:04:82:
         60:6e:4e:07:f6:f6:26:c2:69:d6:2a:ee:ea:b8:57:9d:2a:e6:
         b2:e4:ae:34:66:18:ac:e2:2c:68:28:a5:8d:68:8b:8b:b4:37:
         a8:a7:22:50:4c:fe:24:c8:46:20:2b:a6:c1:9c:5d:43:a1:44:
         2b:dd:62:86:c0:83:ae:87:9b:f2:f8:5f:7b:77:a5:58:b6:af:
         c5:1a:60:71:b8:e4:d1:82:e4:14:d2:a7:bd:d5:ac:62:bd:fe:
         7c:0d:3e:e1:8b:a2:cb:6c:6f:fc:17:32:88:e0:bc:0b:e9:db:
         8b:a2:d0:af:c3:90:14:ca:a0:d5:4a:89:d9:ec:03:f7:5c:38:
         dd:55:51:74:69:06:e1:31:67:c3:90:10:eb:c9:e5:cc:79:7b:
         e2:69:76:67
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUZbPUNYiGAvovHI1fl32Il/EJCBQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMWIxZmU2NzMyMWNmNjY5ZjljMmI3NTM2OWNjMGZkZDM4
YzE2M2M1OGIxZDQyZDAxMDcwHhcNMjQwNDIyMDAwMDAwWhcNMjQwNTI3MjM1OTU5
WjB6MUkwRwYDVQQFE0AxZGZmOWU5N2I1ZWQ3YjMxZjdlYTE2ZmIzOTBhMmRiYjI0
ZGQ2ZDgzODUwOWJkNmU1NzJmZGIzODExZmM5ZGYyMS0wKwYDVQQDEyQzNTA5NWUz
ZS04NGNiLTRhZDAtYmRhMS02YzZmOGRhNjlmNjEwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC2UB46ufR8ncjpiliWpR01E4QjR/BVXbNKwuMq03R01q39
ppdglZQEPJHx+gHT3Q3HFbUsr7RmtprIfd4LH5xxaW0j7H188WyEMa6aru/lu2p/
EM0rpJiXxykQSSMRtX74N8jm/Hl/naCAgp1JhtRn/GbsRGbgOeCT3HoYA9CBHMZl
I3yGYCqi6xd9DO4rhrIMby9+gPepPB5mJanpDds1BYappm/AwJ7Cln+W5bkTWZRO
QKRBjjj2QaPx9WUKnEooVuqslXYgol1w6t0k0r20Rvhika8puv3JCusNYmyIvLbr
/hYgrPCMXs+N0yFYq/P9lkfOCOeTS6V3PrhxUizHAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUS0uGEKdFg37dSqB0kMmt9RBitKMwHwYDVR0jBBgwFoAUFfTvBPWvI5bJ
XxZC43kHi0iMFgswDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzViN2ZiMTIyLWRmZGYtNGMwYy1iOTBkLTNiYzdhNWZlYjgyYi9hYWE3NjM5NC00
OGZjLTRmZjMtYjZhYS0wNjkzYzU1ZDc1OGYvMWIxZmU2NzMyMWNmNjY5ZjljMmI3
NTM2OWNjMGZkZDM4YzE2M2M1OGIxZDQyZDAxMDcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZmY5ZmE4NGUtOTc4My00YTBiLWE1OGQtNmRj
OGUyNDMzZDMzL2Y2YjY3M2YzLWJhZDUtNGVkMS1iZDY3LTY1NDFjYzQzZWU3Ni5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2ZmOWZhODRlLTk3ODMtNGEwYi1hNThk
LTZkYzhlMjQzM2QzMy96MmFmbkN0MU5wekFfZE9NRmp4WXNkUXRBUWMuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABCmKQwDQYJKoZIhvcNAQELBQADggEBAA/wcSCQ28tbBhKOnewTamD3WZEL
Aw3JKSRqdZOJlc0xJz1h4q5sHuJ9XiVMgN9BevCTHBotTh+RMuDGS55EdlKYCmvY
6OOFAWJmArkicMMM70Bgt6ohlyUAj0RoZFsTDwzL9Eui7DizogYEgmBuTgf29ibC
adYq7uq4V50q5rLkrjRmGKziLGgopY1oi4u0N6inIlBM/iTIRiArpsGcXUOhRCvd
YobAg66Hm/L4X3t3pVi2r8UaYHG45NGC5BTSp73VrGK9/nwNPuGLostsb/wXMojg
vAvp24ui0K/DkBTKoNVKidnsA/dcON1VUXRpBuExZ8OQEOvJ5cx5e+Jpdmc=
-----END CERTIFICATE-----