Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d/91e8565b-cd85-4439-818b-0c669c1e609a/cd4edf63-b492-3c1a-9e91-df12f44f4bc7.roa
File:                     cd4edf63-b492-3c1a-9e91-df12f44f4bc7.roa (raw, json)
Hash identifier:          kSDbxKo58oAcB22c1Sj0ZAZzkB3vyzD/DoLdIYUceLs=
Subject key identifier:   EF:94:D0:5E:9F:22:FC:F4:1F:E2:F7:BE:5A:50:29:78:7E:2A:22:37
Certificate issuer:       /CN=91e8565b-cd85-4439-818b-0c669c1e609a
Certificate serial:       010D0C9F43285848BD20E67F786D9457856B0D80
Authority key identifier: 3A:C3:89:20:04:27:04:1A:BD:A1:42:37:C3:1D:D3:7A:76:DE:DA:F6
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d/91e8565b-cd85-4439-818b-0c669c1e609a.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d/91e8565b-cd85-4439-818b-0c669c1e609a/cd4edf63-b492-3c1a-9e91-df12f44f4bc7.roa
Signing time:             Sat 01 Feb 2025 14:00:51 +0000
ROA not before:           Sat 01 Feb 2025 14:00:51 +0000
ROA not after:            Fri 02 May 2025 13:00:51 +0000
asID:                     22241
IP address blocks:        2620:59:2000::/48 maxlen: 48
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:48:bd:20:e6:7f:78:6d:94:57:85:6b:0d:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=91e8565b-cd85-4439-818b-0c669c1e609a
        Validity
            Not Before: Feb  1 14:00:51 2025 GMT
            Not After : May  2 13:00:51 2025 GMT
        Subject: CN=382d5c89-e958-4f7b-9a61-b236316d5209
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:34:59:c7:0b:db:16:90:80:d3:4f:97:6b:15:
                    a8:c7:6e:d3:de:7e:3e:ff:ed:50:7b:55:a6:9f:8d:
                    df:ab:18:10:45:c5:4d:18:56:71:8d:be:74:08:48:
                    2b:9c:ed:93:66:e0:7c:53:5e:e3:dd:26:47:61:a0:
                    45:d7:23:89:3e:cf:5c:52:40:72:9e:6d:6e:3a:6c:
                    f6:61:e2:ce:82:b4:14:a0:cc:d3:f9:9d:19:5a:3b:
                    79:72:09:d3:98:ef:50:28:9d:dc:c3:f3:19:fe:92:
                    7d:1d:72:ce:f0:a1:40:ac:14:33:80:9d:43:ef:be:
                    17:03:3c:a5:f5:71:be:20:e9:f4:25:38:bf:6d:fd:
                    93:fd:0b:b7:dd:f2:d7:00:30:d1:c6:3e:5f:21:aa:
                    fa:a0:36:bb:f0:36:0e:12:ee:c9:80:dc:a5:ed:5b:
                    c2:43:17:d0:f9:7c:34:f1:ce:d7:22:8e:3e:3e:37:
                    63:89:c2:85:97:c7:ef:34:5d:04:59:36:8d:2c:54:
                    74:f6:53:be:0d:b2:de:2a:74:df:5a:69:a2:84:05:
                    e8:15:12:0e:c4:31:47:f4:f8:b7:e8:be:b2:38:d9:
                    cc:29:0a:9a:a7:5a:a7:c9:90:32:39:c2:d4:f6:a0:
                    3d:05:bc:e6:3d:dd:9f:ea:37:41:ad:bf:71:c2:e2:
                    f0:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:94:D0:5E:9F:22:FC:F4:1F:E2:F7:BE:5A:50:29:78:7E:2A:22:37
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d/91e8565b-cd85-4439-818b-0c669c1e609a/cd4edf63-b492-3c1a-9e91-df12f44f4bc7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d/91e8565b-cd85-4439-818b-0c669c1e609a/91e8565b-cd85-4439-818b-0c669c1e609a.crl

            X509v3 Authority Key Identifier:
                keyid:3A:C3:89:20:04:27:04:1A:BD:A1:42:37:C3:1D:D3:7A:76:DE:DA:F6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d/91e8565b-cd85-4439-818b-0c669c1e609a.cer

            sbgp-ipAddrBlock: critical
                IPv6:
                  2620:59:2000::/48

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         31:14:97:06:6c:11:92:f8:dd:7c:bb:f4:1b:85:e4:c5:73:63:
         75:d1:91:27:21:4f:11:07:83:08:d6:f9:fd:21:6b:9e:43:c4:
         b2:ce:94:68:92:2b:d2:97:34:01:46:50:f4:60:f4:a6:3e:94:
         32:5a:c2:de:c5:dc:ed:87:ac:17:6c:a2:47:ad:a2:ac:b7:76:
         3f:99:3b:e5:cd:75:64:b5:06:cb:6b:76:b0:b4:12:b5:96:f5:
         bb:43:c0:94:86:09:a6:99:0d:7e:73:3a:c4:63:10:14:50:90:
         d7:08:fe:d3:aa:14:f2:ab:e7:ea:28:b4:7a:10:55:de:88:c4:
         74:90:25:29:2e:ad:39:e0:67:5d:2b:a9:49:a9:81:c6:11:ea:
         21:f1:39:27:c4:e7:83:55:a1:16:45:7d:ba:db:3c:54:cb:1c:
         6e:18:36:87:84:59:c6:e9:8a:92:76:cc:71:ea:f2:4e:c1:ce:
         2b:4b:8c:d1:10:88:ab:b5:33:d2:cf:80:98:8a:25:d6:bd:f8:
         b8:59:06:1e:db:a7:80:24:76:6f:f8:81:06:9c:94:3f:b8:94:
         d9:c4:61:3b:b9:a6:23:c6:b8:21:cb:57:36:c6:7a:aa:a0:00:
         44:f2:81:b4:be:49:25:28:be:05:d3:c3:cc:52:1c:7d:71:0e:
         be:02:49:94
-----BEGIN CERTIFICATE-----
MIIGRjCCBS6gAwIBAgIUAQ0Mn0MoWEi9IOZ/eG2UV4VrDYAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkOTFlODU2NWItY2Q4NS00NDM5LTgxOGItMGM2NjljMWU2
MDlhMB4XDTI1MDIwMTE0MDA1MVoXDTI1MDUwMjEzMDA1MVowLzEtMCsGA1UEAxMk
MzgyZDVjODktZTk1OC00ZjdiLTlhNjEtYjIzNjMxNmQ1MjA5MIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxDRZxwvbFpCA00+XaxWox27T3n4+/+1Qe1Wm
n43fqxgQRcVNGFZxjb50CEgrnO2TZuB8U17j3SZHYaBF1yOJPs9cUkBynm1uOmz2
YeLOgrQUoMzT+Z0ZWjt5cgnTmO9QKJ3cw/MZ/pJ9HXLO8KFArBQzgJ1D774XAzyl
9XG+IOn0JTi/bf2T/Qu33fLXADDRxj5fIar6oDa78DYOEu7JgNyl7VvCQxfQ+Xw0
8c7XIo4+PjdjicKFl8fvNF0EWTaNLFR09lO+DbLeKnTfWmmihAXoFRIOxDFH9Pi3
6L6yONnMKQqap1qnyZAyOcLU9qA9BbzmPd2f6jdBrb9xwuLwSwIDAQABo4IDWDCC
A1QwHQYDVR0OBBYEFO+U0F6fIvz0H+L3vlpQKXh+KiI3MIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzRhYjdhZTRkLWJkN2ItNGIzMy05YTg4LTViMjJkMmE4MzM3ZC85MWU4
NTY1Yi1jZDg1LTQ0MzktODE4Yi0wYzY2OWMxZTYwOWEvY2Q0ZWRmNjMtYjQ5Mi0z
YzFhLTllOTEtZGYxMmY0NGY0YmM3LnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy80YWI3YWU0ZC1i
ZDdiLTRiMzMtOWE4OC01YjIyZDJhODMzN2QvOTFlODU2NWItY2Q4NS00NDM5LTgx
OGItMGM2NjljMWU2MDlhLzkxZTg1NjViLWNkODUtNDQzOS04MThiLTBjNjY5YzFl
NjA5YS5jcmwwHwYDVR0jBBgwFoAUOsOJIAQnBBq9oUI3wx3Tenbe2vYwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzRhYjdhZTRkLWJkN2ItNGIz
My05YTg4LTViMjJkMmE4MzM3ZC85MWU4NTY1Yi1jZDg1LTQ0MzktODE4Yi0wYzY2
OWMxZTYwOWEuY2VyMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAJiAAWSAA
MFQGA1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6
Ly93d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcN
AQELBQADggEBADEUlwZsEZL43Xy79BuF5MVzY3XRkSchTxEHgwjW+f0ha55DxLLO
lGiSK9KXNAFGUPRg9KY+lDJawt7F3O2HrBdsoketoqy3dj+ZO+XNdWS1BstrdrC0
ErWW9btDwJSGCaaZDX5zOsRjEBRQkNcI/tOqFPKr5+ootHoQVd6IxHSQJSkurTng
Z10rqUmpgcYR6iHxOSfE54NVoRZFfbrbPFTLHG4YNoeEWcbpipJ2zHHq8k7BzitL
jNEQiKu1M9LPgJiKJda9+LhZBh7bp4Akdm/4gQaclD+4lNnEYTu5piPGuCHLVzbG
eqqgAETygbS+SSUovgXTw8xSHH1xDr4CSZQ=
-----END CERTIFICATE-----
Generated at Fri Apr 4 16:04:47 2025 by rpki-client