Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/6e005a51-3e55-4f51-b393-eb9918255f3f/4a87f398-bd55-3be2-bd4f-fe75c2699d20.roa
File:                     4a87f398-bd55-3be2-bd4f-fe75c2699d20.roa (raw, json)
Hash identifier:          8T146YHs+NpVcBusfELwzBQgA+FGdC+TQQdgkLqK6NM=
Subject key identifier:   F8:D0:08:B8:95:9D:34:75:07:A4:B4:BC:01:4A:0C:A9:FE:48:83:D9
Certificate issuer:       /CN=6e005a51-3e55-4f51-b393-eb9918255f3f
Certificate serial:       010D0C9F43285841E53290CF73DA4629379CE540
Authority key identifier: 7F:A5:E1:54:6C:A5:D2:73:F1:13:35:41:34:9E:3D:AE:0F:EC:6B:FE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/6e005a51-3e55-4f51-b393-eb9918255f3f.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/6e005a51-3e55-4f51-b393-eb9918255f3f/4a87f398-bd55-3be2-bd4f-fe75c2699d20.roa
Signing time:             Tue 16 May 2023 01:00:16 +0000
ROA not before:           Tue 16 May 2023 01:00:16 +0000
ROA not after:            Mon 14 Aug 2023 01:00:16 +0000
asID:                     26968
IP address blocks:        67.158.50.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:41:e5:32:90:cf:73:da:46:29:37:9c:e5:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6e005a51-3e55-4f51-b393-eb9918255f3f
        Validity
            Not Before: May 16 01:00:16 2023 GMT
            Not After : Aug 14 01:00:16 2023 GMT
        Subject: CN=0cdafcd3-323b-4078-83cf-fb1f9e980e33
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:b3:c7:a2:04:76:fe:6c:5f:b4:e6:61:83:cf:
                    43:fc:e6:47:fe:69:08:35:a6:5c:c0:e8:25:5c:ad:
                    23:c1:90:4b:9b:8e:7b:c8:3a:5e:01:95:15:7d:5c:
                    47:92:e6:85:2e:fe:28:47:ed:a5:0b:41:59:40:fc:
                    5e:09:db:c8:c5:a9:06:20:9c:3c:2a:ae:a6:fa:23:
                    c4:69:41:78:17:ab:e4:ca:78:ee:1a:67:5d:36:6f:
                    82:ee:2e:7a:b9:d3:cf:48:64:dd:8e:1b:86:45:ad:
                    8e:17:1b:56:9f:5c:fc:b6:00:9b:ab:1c:b7:54:96:
                    5c:38:92:7d:63:76:4d:b2:1f:43:d4:5e:4c:a8:8b:
                    fe:b0:c5:5c:63:48:92:67:4d:f3:08:9d:8f:4b:25:
                    28:c7:de:6e:3a:2a:d8:78:8b:c3:ee:74:12:e8:07:
                    55:80:a6:87:bb:37:63:4e:4b:15:01:ea:47:20:15:
                    d4:aa:c4:a8:10:0e:50:36:b2:1b:7d:f4:9c:51:4a:
                    a0:8d:ef:ab:34:f9:4b:f1:27:11:8f:c1:6a:c0:fd:
                    6c:4e:cb:9d:0c:69:13:f7:3a:b8:76:d8:3c:82:34:
                    10:99:3b:74:60:2d:11:e2:ff:ab:9d:ff:f9:c7:cd:
                    0b:e5:a5:e5:c9:0a:24:94:90:8f:77:7d:b3:ad:4c:
                    26:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:D0:08:B8:95:9D:34:75:07:A4:B4:BC:01:4A:0C:A9:FE:48:83:D9
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/6e005a51-3e55-4f51-b393-eb9918255f3f/4a87f398-bd55-3be2-bd4f-fe75c2699d20.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/6e005a51-3e55-4f51-b393-eb9918255f3f/6e005a51-3e55-4f51-b393-eb9918255f3f.crl

            X509v3 Authority Key Identifier:
                keyid:7F:A5:E1:54:6C:A5:D2:73:F1:13:35:41:34:9E:3D:AE:0F:EC:6B:FE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/6e005a51-3e55-4f51-b393-eb9918255f3f.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  67.158.50.0/24

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         19:7c:37:aa:97:c9:9c:e7:f9:3a:7f:ce:14:4c:f3:a0:ae:e0:
         9e:31:71:05:66:33:80:42:df:30:6c:5f:b4:7e:ab:ed:7f:8d:
         a6:3f:b1:91:3b:f1:06:8c:f8:1c:ce:0e:79:e2:9e:d7:f8:3e:
         5f:bd:0e:e8:2f:2a:42:a3:67:6d:7a:64:65:ef:3a:8c:dd:89:
         e4:e7:c8:c4:ed:5f:f6:c6:64:88:54:b2:23:0f:3e:28:11:bc:
         9d:cc:9c:c8:1a:06:5e:c0:4b:13:b9:03:26:5e:2c:a5:95:6d:
         ab:b6:d1:f4:ae:3b:19:d9:7f:a3:18:80:2d:7a:08:7f:25:4f:
         2b:59:dd:c3:30:dc:cd:b4:a5:c6:af:74:f0:77:b7:93:03:fc:
         87:35:59:4a:5d:9b:b4:02:05:56:05:95:39:a6:7b:67:d6:9f:
         0a:1a:17:a5:4d:93:9a:ed:8c:ad:94:66:3b:95:9c:fa:72:ad:
         84:d8:49:71:b3:b7:38:0b:03:38:50:36:06:6c:63:cc:2b:36:
         82:eb:e6:89:d7:ae:6e:1e:61:1b:f4:c8:8a:a9:40:bc:8e:16:
         0c:31:e8:b8:d6:9d:f3:d9:ec:6a:23:13:1b:57:99:70:3d:96:
         ea:08:5b:5a:d9:8e:fb:67:73:ae:c7:94:6c:77:20:cf:5b:53:
         18:95:95:7d
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWEHlMpDPc9pGKTec5UAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkNmUwMDVhNTEtM2U1NS00ZjUxLWIzOTMtZWI5OTE4MjU1
ZjNmMB4XDTIzMDUxNjAxMDAxNloXDTIzMDgxNDAxMDAxNlowLzEtMCsGA1UEAxMk
MGNkYWZjZDMtMzIzYi00MDc4LTgzY2YtZmIxZjllOTgwZTMzMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjbPHogR2/mxftOZhg89D/OZH/mkINaZcwOgl
XK0jwZBLm457yDpeAZUVfVxHkuaFLv4oR+2lC0FZQPxeCdvIxakGIJw8Kq6m+iPE
aUF4F6vkynjuGmddNm+C7i56udPPSGTdjhuGRa2OFxtWn1z8tgCbqxy3VJZcOJJ9
Y3ZNsh9D1F5MqIv+sMVcY0iSZ03zCJ2PSyUox95uOirYeIvD7nQS6AdVgKaHuzdj
TksVAepHIBXUqsSoEA5QNrIbffScUUqgje+rNPlL8ScRj8FqwP1sTsudDGkT9zq4
dtg8gjQQmTt0YC0R4v+rnf/5x80L5aXlyQoklJCPd32zrUwmowIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFPjQCLiVnTR1B6S0vAFKDKn+SIPZMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi82ZTAw
NWE1MS0zZTU1LTRmNTEtYjM5My1lYjk5MTgyNTVmM2YvNGE4N2YzOTgtYmQ1NS0z
YmUyLWJkNGYtZmU3NWMyNjk5ZDIwLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy8yYTI0Njk0Ny0y
ZDYyLTRhNmMtYmEwNS04NzE4N2YwMDk5YjIvNmUwMDVhNTEtM2U1NS00ZjUxLWIz
OTMtZWI5OTE4MjU1ZjNmLzZlMDA1YTUxLTNlNTUtNGY1MS1iMzkzLWViOTkxODI1
NWYzZi5jcmwwHwYDVR0jBBgwFoAUf6XhVGyl0nPxEzVBNJ49rg/sa/4wDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzJhMjQ2OTQ3LTJkNjItNGE2
Yy1iYTA1LTg3MTg3ZjAwOTliMi82ZTAwNWE1MS0zZTU1LTRmNTEtYjM5My1lYjk5
MTgyNTVmM2YuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAQ54yMFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBABl8N6qXyZzn+Tp/zhRM86Cu4J4xcQVmM4BC3zBsX7R+q+1/jaY/sZE7
8QaM+BzODnnintf4Pl+9DugvKkKjZ216ZGXvOozdieTnyMTtX/bGZIhUsiMPPigR
vJ3MnMgaBl7ASxO5AyZeLKWVbau20fSuOxnZf6MYgC16CH8lTytZ3cMw3M20pcav
dPB3t5MD/Ic1WUpdm7QCBVYFlTmme2fWnwoaF6VNk5rtjK2UZjuVnPpyrYTYSXGz
tzgLAzhQNgZsY8wrNoLr5onXrm4eYRv0yIqpQLyOFgwx6LjWnfPZ7GojExtXmXA9
luoIW1rZjvtnc67HlGx3IM9bUxiVlX0=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:08:11 2024 by rpki-client on console-fra.rpki-client.org