Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d/908791ae-8a38-4ae8-a4af-e3de68a5db10/cf9ed7e4-6237-3814-94ca-eadf06bc38d9.roa
File:                     cf9ed7e4-6237-3814-94ca-eadf06bc38d9.roa (raw, json)
Hash identifier:          2Yi8gSuTDpLFJWn8M9cypkLX24ubqcYr5b82UJa4cSQ=
Subject key identifier:   D6:1C:4B:CC:84:4B:72:26:37:56:08:EC:56:01:B8:DD:7D:7C:38:9C
Certificate issuer:       /CN=908791ae-8a38-4ae8-a4af-e3de68a5db10
Certificate serial:       010D0C9F43285847C3449306B0A989D7BC369E40
Authority key identifier: A0:02:D7:1A:A0:F0:1F:AE:A9:96:C2:DF:30:3D:CA:14:2B:17:8E:F6
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d/908791ae-8a38-4ae8-a4af-e3de68a5db10.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d/908791ae-8a38-4ae8-a4af-e3de68a5db10/cf9ed7e4-6237-3814-94ca-eadf06bc38d9.roa
Signing time:             Mon 04 Nov 2024 02:00:36 +0000
ROA not before:           Mon 04 Nov 2024 02:00:36 +0000
ROA not after:            Sun 02 Feb 2025 02:00:36 +0000
asID:                     13768
IP address blocks:        65.39.220.0/22 maxlen: 22
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:47:c3:44:93:06:b0:a9:89:d7:bc:36:9e:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=908791ae-8a38-4ae8-a4af-e3de68a5db10
        Validity
            Not Before: Nov  4 02:00:36 2024 GMT
            Not After : Feb  2 02:00:36 2025 GMT
        Subject: CN=8558ee76-75fe-4a9b-aeba-9ab27647920c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:ba:f7:d9:e4:d0:86:9f:db:ba:8b:ce:6f:96:
                    18:61:2d:0a:24:88:61:a5:a0:4d:da:76:b6:fc:dc:
                    e5:63:71:1f:52:3a:a8:57:f5:a9:18:76:b8:a8:3c:
                    54:0c:87:71:1c:b0:6d:ef:ee:f5:d7:5d:52:69:b1:
                    48:8c:e0:06:41:38:a9:55:a1:85:50:cf:2b:22:6f:
                    56:62:cd:81:e5:16:e2:f1:44:4b:c8:95:3b:74:b3:
                    36:11:af:23:25:72:aa:18:79:41:95:e9:09:55:b7:
                    ba:4d:8b:59:e9:07:c0:af:f7:73:54:a5:db:1a:b2:
                    65:38:ca:2f:4d:02:13:56:f2:e6:2f:1f:c4:e3:89:
                    4a:db:f9:52:a5:24:a0:19:a1:e4:fd:9e:e8:48:a7:
                    96:5b:6e:51:70:b1:83:41:21:c8:87:4b:c5:b9:2e:
                    b5:a9:70:e1:a5:3e:70:dd:5a:4b:fb:84:65:10:07:
                    40:fd:a5:01:0c:fc:db:28:d5:dd:65:2a:53:6c:a3:
                    c7:3e:b0:89:31:9a:3a:65:76:fd:24:e7:5e:3b:7a:
                    be:ba:93:c6:d7:a1:e4:ca:ea:dd:f2:f4:63:17:c9:
                    ec:22:64:a9:86:d2:fc:e2:d9:c2:62:f3:cb:9a:5a:
                    3a:72:85:e9:97:d0:37:aa:2e:27:38:49:ff:15:58:
                    ed:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:1C:4B:CC:84:4B:72:26:37:56:08:EC:56:01:B8:DD:7D:7C:38:9C
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d/908791ae-8a38-4ae8-a4af-e3de68a5db10/cf9ed7e4-6237-3814-94ca-eadf06bc38d9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d/908791ae-8a38-4ae8-a4af-e3de68a5db10/908791ae-8a38-4ae8-a4af-e3de68a5db10.crl

            X509v3 Authority Key Identifier:
                keyid:A0:02:D7:1A:A0:F0:1F:AE:A9:96:C2:DF:30:3D:CA:14:2B:17:8E:F6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d/908791ae-8a38-4ae8-a4af-e3de68a5db10.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  65.39.220.0/22

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         5f:74:a7:33:7d:d9:a3:e8:91:92:87:82:69:e7:4f:03:75:55:
         ef:23:c1:65:99:61:d6:de:cc:ec:fc:3c:42:36:2c:42:8c:78:
         dd:2b:39:0f:e3:a7:a9:af:04:1d:ec:c5:83:16:73:3a:04:c8:
         92:ed:f6:7c:74:3f:d2:c6:53:93:bc:64:73:3b:9f:d3:fc:b4:
         e1:95:b5:22:02:0a:93:01:50:43:45:d8:1b:e0:a7:88:28:d0:
         7c:e4:39:76:18:59:7e:b1:d0:17:e3:11:7a:50:e2:f2:8d:de:
         6e:c4:b4:a6:60:e2:93:ec:ec:52:00:75:99:92:34:8b:21:f1:
         a8:e7:8e:91:49:56:99:87:5d:8f:90:8d:b7:60:b0:2b:13:8e:
         bb:0b:95:83:1f:47:1d:a2:1d:26:76:bd:dc:57:c1:1f:5b:36:
         6c:23:c8:97:52:3e:0a:8e:e4:05:c6:3c:bf:4c:bb:3d:99:93:
         a3:d5:6b:ec:9f:b9:a8:58:dc:7f:06:19:c3:8d:31:97:b3:a4:
         5f:ac:16:06:ae:5c:bd:8c:53:02:98:10:c1:78:90:49:1a:1c:
         05:7c:4e:9b:a8:77:b6:ae:a8:87:39:48:ec:45:ae:9e:cc:cb:
         06:29:a8:e8:ef:0a:fa:58:18:93:dd:b8:d7:b3:d4:f1:d3:85:
         5c:5a:50:7e
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWEfDRJMGsKmJ17w2nkAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkOTA4NzkxYWUtOGEzOC00YWU4LWE0YWYtZTNkZTY4YTVk
YjEwMB4XDTI0MTEwNDAyMDAzNloXDTI1MDIwMjAyMDAzNlowLzEtMCsGA1UEAxMk
ODU1OGVlNzYtNzVmZS00YTliLWFlYmEtOWFiMjc2NDc5MjBjMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu7r32eTQhp/buovOb5YYYS0KJIhhpaBN2na2
/NzlY3EfUjqoV/WpGHa4qDxUDIdxHLBt7+71111SabFIjOAGQTipVaGFUM8rIm9W
Ys2B5Rbi8URLyJU7dLM2Ea8jJXKqGHlBlekJVbe6TYtZ6QfAr/dzVKXbGrJlOMov
TQITVvLmLx/E44lK2/lSpSSgGaHk/Z7oSKeWW25RcLGDQSHIh0vFuS61qXDhpT5w
3VpL+4RlEAdA/aUBDPzbKNXdZSpTbKPHPrCJMZo6ZXb9JOdeO3q+upPG16Hkyurd
8vRjF8nsImSphtL84tnCYvPLmlo6coXpl9A3qi4nOEn/FVjtmQIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFNYcS8yES3ImN1YI7FYBuN19fDicMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzRhYjdhZTRkLWJkN2ItNGIzMy05YTg4LTViMjJkMmE4MzM3ZC85MDg3
OTFhZS04YTM4LTRhZTgtYTRhZi1lM2RlNjhhNWRiMTAvY2Y5ZWQ3ZTQtNjIzNy0z
ODE0LTk0Y2EtZWFkZjA2YmMzOGQ5LnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy80YWI3YWU0ZC1i
ZDdiLTRiMzMtOWE4OC01YjIyZDJhODMzN2QvOTA4NzkxYWUtOGEzOC00YWU4LWE0
YWYtZTNkZTY4YTVkYjEwLzkwODc5MWFlLThhMzgtNGFlOC1hNGFmLWUzZGU2OGE1
ZGIxMC5jcmwwHwYDVR0jBBgwFoAUoALXGqDwH66plsLfMD3KFCsXjvYwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzRhYjdhZTRkLWJkN2ItNGIz
My05YTg4LTViMjJkMmE4MzM3ZC85MDg3OTFhZS04YTM4LTRhZTgtYTRhZi1lM2Rl
NjhhNWRiMTAuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCQSfcMFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBAF90pzN92aPokZKHgmnnTwN1Ve8jwWWZYdbezOz8PEI2LEKMeN0rOQ/j
p6mvBB3sxYMWczoEyJLt9nx0P9LGU5O8ZHM7n9P8tOGVtSICCpMBUENF2Bvgp4go
0HzkOXYYWX6x0BfjEXpQ4vKN3m7EtKZg4pPs7FIAdZmSNIsh8ajnjpFJVpmHXY+Q
jbdgsCsTjrsLlYMfRx2iHSZ2vdxXwR9bNmwjyJdSPgqO5AXGPL9Muz2Zk6PVa+yf
uahY3H8GGcONMZezpF+sFgauXL2MUwKYEMF4kEkaHAV8Tpuod7auqIc5SOxFrp7M
ywYpqOjvCvpYGJPduNez1PHThVxaUH4=
-----END CERTIFICATE-----
Generated at Fri Mar 14 08:10:52 2025 by rpki-client