Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/8e2f3353-82b9-432b-bd94-000bf5cef0c3/823d422f-b829-30f1-896f-7ad2d3888438.roa
File:                     823d422f-b829-30f1-896f-7ad2d3888438.roa (raw, json)
Hash identifier:          l/6iznnJW1YGzz2+098r/Zv9ECKTDemb3Yn5XrXTpYQ=
Subject key identifier:   15:4C:1A:97:4A:36:8F:08:8D:76:E5:F8:2C:EE:85:9B:62:95:C4:C8
Certificate issuer:       /CN=8e2f3353-82b9-432b-bd94-000bf5cef0c3
Certificate serial:       010D0C9F43285847CA3F7EF0E67EB336A25A9B00
Authority key identifier: B4:B5:6C:64:46:3D:47:EB:DC:A5:0E:CB:D0:7B:9A:33:43:55:40:45
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/8e2f3353-82b9-432b-bd94-000bf5cef0c3.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/8e2f3353-82b9-432b-bd94-000bf5cef0c3/823d422f-b829-30f1-896f-7ad2d3888438.roa
Signing time:             Wed 06 Nov 2024 14:00:41 +0000
ROA not before:           Wed 06 Nov 2024 14:00:41 +0000
ROA not after:            Tue 04 Feb 2025 14:00:41 +0000
asID:                     21928
IP address blocks:        99.200.0.0/13 maxlen: 24
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:47:ca:3f:7e:f0:e6:7e:b3:36:a2:5a:9b:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8e2f3353-82b9-432b-bd94-000bf5cef0c3
        Validity
            Not Before: Nov  6 14:00:41 2024 GMT
            Not After : Feb  4 14:00:41 2025 GMT
        Subject: CN=a736bea5-86fe-4666-9c01-d18a724e3bb9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:71:f8:eb:2b:92:27:89:9b:c0:b3:03:c8:c3:
                    87:43:2b:99:0c:ee:ed:9e:3e:af:be:32:30:09:1f:
                    15:64:ab:18:01:95:d8:34:4d:5b:28:07:2f:75:10:
                    33:1d:95:57:9f:19:17:56:04:ca:4c:88:73:cf:7b:
                    93:99:96:7f:07:f5:8d:03:a6:40:28:f0:be:3f:2d:
                    49:de:d5:08:dd:e6:a2:4a:0f:c1:1b:0b:04:ed:64:
                    69:44:e6:f4:05:95:c4:44:fa:91:df:34:46:85:15:
                    d1:79:89:94:ce:6d:d7:61:ee:4c:f1:0b:fc:b4:9f:
                    5d:d4:16:ef:28:73:b4:a7:d2:f9:c5:e9:c8:50:23:
                    29:39:3b:2c:74:b1:5f:48:a0:13:fe:50:06:c4:5d:
                    bc:87:f5:62:1b:f9:a1:c6:17:8f:5d:9d:85:91:40:
                    22:73:36:8c:50:b2:0f:af:9e:1a:2f:49:e3:e3:d9:
                    ec:f9:a3:1f:93:2a:7c:e3:63:47:af:e6:17:85:f7:
                    36:cc:b6:af:63:5b:b1:a0:da:b3:92:f5:63:53:67:
                    35:b8:9a:0b:07:7b:c7:ea:54:42:e6:82:7f:36:10:
                    96:26:ea:c5:d5:d7:69:be:d4:25:27:1d:63:5e:9a:
                    84:0f:4f:53:24:78:47:12:4a:fe:1b:80:33:a0:85:
                    45:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:4C:1A:97:4A:36:8F:08:8D:76:E5:F8:2C:EE:85:9B:62:95:C4:C8
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/8e2f3353-82b9-432b-bd94-000bf5cef0c3/823d422f-b829-30f1-896f-7ad2d3888438.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/8e2f3353-82b9-432b-bd94-000bf5cef0c3/8e2f3353-82b9-432b-bd94-000bf5cef0c3.crl

            X509v3 Authority Key Identifier:
                keyid:B4:B5:6C:64:46:3D:47:EB:DC:A5:0E:CB:D0:7B:9A:33:43:55:40:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/8e2f3353-82b9-432b-bd94-000bf5cef0c3.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.200.0.0/13

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         6a:35:6f:b2:ff:be:a1:f3:d6:7a:32:79:32:c4:27:cd:55:2f:
         a3:a5:86:f3:32:a1:d9:b4:fc:b1:f2:f0:21:84:72:fb:b6:9a:
         16:b0:e5:49:50:ba:54:2b:b6:c7:5f:d5:83:72:0d:0f:07:73:
         95:7d:a3:b3:33:ad:b8:2a:3c:cc:c4:37:c8:33:c1:a8:df:46:
         22:19:11:79:8d:e4:0c:f3:e2:dc:56:95:b2:13:99:d2:9f:8b:
         d6:76:aa:a0:e8:52:07:73:ac:c8:67:24:79:d2:02:f7:90:03:
         34:aa:b7:81:be:c0:02:1d:b4:76:16:65:be:20:ef:34:a9:f3:
         af:44:38:8b:bf:a5:a3:ca:ae:61:86:95:ee:53:d4:d9:cc:ce:
         f9:76:b3:b6:c1:c2:8d:ff:01:40:68:b5:11:6c:e0:38:f0:f1:
         3f:61:14:21:78:ad:6c:bb:78:aa:bd:69:65:92:ab:e4:34:52:
         5d:80:d3:8a:2d:29:9f:90:c6:ba:4d:65:08:52:fb:a4:38:23:
         b6:83:e6:ac:b6:cd:96:b0:de:e3:e9:56:46:9c:63:2a:36:7b:
         cd:35:ad:96:c5:4c:2c:f7:da:5b:7a:fa:45:89:97:12:f7:92:
         80:b1:e5:36:d1:9a:22:25:d7:35:53:9b:89:c8:f9:19:13:45:
         db:a6:0e:65
-----BEGIN CERTIFICATE-----
MIIGQjCCBSqgAwIBAgIUAQ0Mn0MoWEfKP37w5n6zNqJamwAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkOGUyZjMzNTMtODJiOS00MzJiLWJkOTQtMDAwYmY1Y2Vm
MGMzMB4XDTI0MTEwNjE0MDA0MVoXDTI1MDIwNDE0MDA0MVowLzEtMCsGA1UEAxMk
YTczNmJlYTUtODZmZS00NjY2LTljMDEtZDE4YTcyNGUzYmI5MIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvnH46yuSJ4mbwLMDyMOHQyuZDO7tnj6vvjIw
CR8VZKsYAZXYNE1bKAcvdRAzHZVXnxkXVgTKTIhzz3uTmZZ/B/WNA6ZAKPC+Py1J
3tUI3eaiSg/BGwsE7WRpROb0BZXERPqR3zRGhRXReYmUzm3XYe5M8Qv8tJ9d1Bbv
KHO0p9L5xenIUCMpOTssdLFfSKAT/lAGxF28h/ViG/mhxhePXZ2FkUAiczaMULIP
r54aL0nj49ns+aMfkyp842NHr+YXhfc2zLavY1uxoNqzkvVjU2c1uJoLB3vH6lRC
5oJ/NhCWJurF1ddpvtQlJx1jXpqED09TJHhHEkr+G4AzoIVF1wIDAQABo4IDVDCC
A1AwHQYDVR0OBBYEFBVMGpdKNo8IjXbl+CzuhZtilcTIMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84ZTJm
MzM1My04MmI5LTQzMmItYmQ5NC0wMDBiZjVjZWYwYzMvODIzZDQyMmYtYjgyOS0z
MGYxLTg5NmYtN2FkMmQzODg4NDM4LnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy8yYTI0Njk0Ny0y
ZDYyLTRhNmMtYmEwNS04NzE4N2YwMDk5YjIvOGUyZjMzNTMtODJiOS00MzJiLWJk
OTQtMDAwYmY1Y2VmMGMzLzhlMmYzMzUzLTgyYjktNDMyYi1iZDk0LTAwMGJmNWNl
ZjBjMy5jcmwwHwYDVR0jBBgwFoAUtLVsZEY9R+vcpQ7L0HuaM0NVQEUwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzJhMjQ2OTQ3LTJkNjItNGE2
Yy1iYTA1LTg3MTg3ZjAwOTliMi84ZTJmMzM1My04MmI5LTQzMmItYmQ5NC0wMDBi
ZjVjZWYwYzMuY2VyMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMDY8gwVAYD
VR0gAQH/BEowSDBGBggrBgEFBQcOAjA6MDgGCCsGAQUFBwIBFixodHRwczovL3d3
dy5hcmluLm5ldC9yZXNvdXJjZXMvcnBraS9jcHMuaHRtbDANBgkqhkiG9w0BAQsF
AAOCAQEAajVvsv++ofPWejJ5MsQnzVUvo6WG8zKh2bT8sfLwIYRy+7aaFrDlSVC6
VCu2x1/Vg3INDwdzlX2jszOtuCo8zMQ3yDPBqN9GIhkReY3kDPPi3FaVshOZ0p+L
1naqoOhSB3OsyGckedIC95ADNKq3gb7AAh20dhZlviDvNKnzr0Q4i7+lo8quYYaV
7lPU2czO+XaztsHCjf8BQGi1EWzgOPDxP2EUIXitbLt4qr1pZZKr5DRSXYDTii0p
n5DGuk1lCFL7pDgjtoPmrLbNlrDe4+lWRpxjKjZ7zTWtlsVMLPfaW3r6RYmXEveS
gLHlNtGaIiXXNVObicj5GRNF26YOZQ==
-----END CERTIFICATE-----
Generated at Sun Feb 16 15:48:26 2025 by rpki-client