Route Origin Authorization 

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d/bf7c43e7-0571-4d08-b71a-8b930dda9aad/cde42eb3-c2ba-399f-8901-c5830772f3dc.roa
File:                     cde42eb3-c2ba-399f-8901-c5830772f3dc.roa (raw, json)
Hash identifier:          TN2J3oU+CDJQftgvEE/dVHKuFtfZnmQMED2+INdWUIE=
Subject key identifier:   AA:E4:E0:A4:DC:94:BB:27:9D:38:74:5C:DC:C5:C2:A1:20:68:47:E5
Certificate issuer:       /CN=bf7c43e7-0571-4d08-b71a-8b930dda9aad
Certificate serial:       010D0C9F432858476B364865353EFF88E4426A80
Authority key identifier: 79:9A:9F:EA:8D:05:18:92:60:86:70:C3:43:10:E3:27:21:E0:14:A8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d/bf7c43e7-0571-4d08-b71a-8b930dda9aad.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d/bf7c43e7-0571-4d08-b71a-8b930dda9aad/cde42eb3-c2ba-399f-8901-c5830772f3dc.roa
Signing time:             Thu 03 Oct 2024 13:00:41 +0000
ROA not before:           Thu 03 Oct 2024 13:00:41 +0000
ROA not after:            Wed 01 Jan 2025 14:00:41 +0000
asID:                     4213
IP address blocks:        96.62.120.0/22 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:47:6b:36:48:65:35:3e:ff:88:e4:42:6a:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf7c43e7-0571-4d08-b71a-8b930dda9aad
        Validity
            Not Before: Oct  3 13:00:41 2024 GMT
            Not After : Jan  1 14:00:41 2025 GMT
        Subject: CN=85add9c9-8bf7-429a-ba48-1ddefa583189
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:7b:e6:63:90:cc:e6:17:0d:5c:3f:1e:bc:83:
                    e9:66:ad:73:6d:04:c2:1a:67:8b:84:90:a3:10:b5:
                    5e:b2:58:61:70:49:a9:56:05:61:f6:85:c4:4b:99:
                    0a:95:5b:7d:0e:10:91:94:36:98:9b:eb:42:e6:62:
                    4e:c2:08:e3:d5:b1:09:78:5b:aa:8f:eb:6d:92:e5:
                    c9:75:5f:86:63:a2:ea:34:43:5d:49:bc:f3:cf:eb:
                    c5:14:5e:fa:0b:1d:19:c0:5a:aa:bc:c8:55:9c:4a:
                    b2:bd:4c:1d:36:a2:3b:34:a7:a6:6a:91:64:3b:36:
                    62:5c:62:cc:1c:2a:32:c4:9b:15:bb:f4:85:94:a4:
                    11:ef:59:72:0c:e1:97:ae:82:db:da:b7:8d:e7:71:
                    8b:0d:7f:73:39:d2:18:b9:72:07:b6:69:26:c4:88:
                    44:7a:3a:13:14:29:66:a8:b3:6d:9b:b0:64:b7:24:
                    bd:bc:eb:14:b0:da:91:52:b5:5a:6a:2c:33:5a:f6:
                    b5:50:2e:00:06:9a:69:fd:05:bd:05:c7:2c:fd:b6:
                    31:c1:fa:a7:25:7e:0c:5e:65:c4:f8:12:cd:62:7a:
                    ad:03:56:4e:82:36:20:d8:4d:29:3b:cf:19:60:24:
                    8d:cc:62:54:7d:36:6c:53:48:da:5c:1b:64:fe:24:
                    64:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:E4:E0:A4:DC:94:BB:27:9D:38:74:5C:DC:C5:C2:A1:20:68:47:E5
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d/bf7c43e7-0571-4d08-b71a-8b930dda9aad/cde42eb3-c2ba-399f-8901-c5830772f3dc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d/bf7c43e7-0571-4d08-b71a-8b930dda9aad/bf7c43e7-0571-4d08-b71a-8b930dda9aad.crl

            X509v3 Authority Key Identifier:
                keyid:79:9A:9F:EA:8D:05:18:92:60:86:70:C3:43:10:E3:27:21:E0:14:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d/bf7c43e7-0571-4d08-b71a-8b930dda9aad.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  96.62.120.0/22

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         a4:f9:44:76:6c:26:18:d3:49:cd:60:7c:e2:dd:ea:0f:de:eb:
         ea:d7:49:39:56:85:0e:ae:71:1a:57:ee:3c:56:40:87:13:8e:
         cd:9f:df:7c:ec:72:3c:26:bc:c9:36:06:0a:6a:41:0d:31:33:
         c7:14:96:73:63:7f:cb:c5:7a:93:9b:f7:73:21:0d:be:ee:f2:
         d8:66:3d:af:2c:ff:29:7b:85:82:5a:4d:3e:d0:53:b9:b2:f9:
         71:6b:0c:e3:57:aa:24:f6:7c:52:da:89:37:d3:64:f6:c0:a4:
         43:19:68:40:b5:60:68:5c:a9:31:f0:a6:e6:2d:31:d3:1d:ad:
         bd:94:f3:92:5a:33:c4:a0:ae:97:90:1c:18:dc:dd:0e:8d:f8:
         67:fe:5c:17:bf:4d:eb:f7:4b:0e:2e:84:11:f1:ad:7e:75:00:
         22:7e:eb:8a:a4:10:2b:78:08:a9:9a:86:03:d2:0d:03:6a:72:
         bd:ac:74:f8:eb:56:32:a1:52:f1:c0:b7:e3:e5:2c:09:d6:d7:
         ab:a1:36:28:7b:65:7e:ad:cd:ed:d9:db:51:b9:de:3f:22:a9:
         68:32:5f:88:75:20:00:63:97:68:27:4f:8d:5f:87:c4:80:a8:
         f3:25:f8:2a:86:9d:0f:d4:d7:bc:1c:b4:39:d5:d5:1b:49:a2:
         ec:9a:f8:aa
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWEdrNkhlNT7/iORCaoAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkYmY3YzQzZTctMDU3MS00ZDA4LWI3MWEtOGI5MzBkZGE5
YWFkMB4XDTI0MTAwMzEzMDA0MVoXDTI1MDEwMTE0MDA0MVowLzEtMCsGA1UEAxMk
ODVhZGQ5YzktOGJmNy00MjlhLWJhNDgtMWRkZWZhNTgzMTg5MIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3HvmY5DM5hcNXD8evIPpZq1zbQTCGmeLhJCj
ELVeslhhcEmpVgVh9oXES5kKlVt9DhCRlDaYm+tC5mJOwgjj1bEJeFuqj+ttkuXJ
dV+GY6LqNENdSbzzz+vFFF76Cx0ZwFqqvMhVnEqyvUwdNqI7NKemapFkOzZiXGLM
HCoyxJsVu/SFlKQR71lyDOGXroLb2reN53GLDX9zOdIYuXIHtmkmxIhEejoTFClm
qLNtm7BktyS9vOsUsNqRUrVaaiwzWva1UC4ABppp/QW9Bccs/bYxwfqnJX4MXmXE
+BLNYnqtA1ZOgjYg2E0pO88ZYCSNzGJUfTZsU0jaXBtk/iRkhwIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFKrk4KTclLsnnTh0XNzFwqEgaEflMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzRhYjdhZTRkLWJkN2ItNGIzMy05YTg4LTViMjJkMmE4MzM3ZC9iZjdj
NDNlNy0wNTcxLTRkMDgtYjcxYS04YjkzMGRkYTlhYWQvY2RlNDJlYjMtYzJiYS0z
OTlmLTg5MDEtYzU4MzA3NzJmM2RjLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy80YWI3YWU0ZC1i
ZDdiLTRiMzMtOWE4OC01YjIyZDJhODMzN2QvYmY3YzQzZTctMDU3MS00ZDA4LWI3
MWEtOGI5MzBkZGE5YWFkL2JmN2M0M2U3LTA1NzEtNGQwOC1iNzFhLThiOTMwZGRh
OWFhZC5jcmwwHwYDVR0jBBgwFoAUeZqf6o0FGJJghnDDQxDjJyHgFKgwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzRhYjdhZTRkLWJkN2ItNGIz
My05YTg4LTViMjJkMmE4MzM3ZC9iZjdjNDNlNy0wNTcxLTRkMDgtYjcxYS04Yjkz
MGRkYTlhYWQuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCYD54MFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBAKT5RHZsJhjTSc1gfOLd6g/e6+rXSTlWhQ6ucRpX7jxWQIcTjs2f33zs
cjwmvMk2BgpqQQ0xM8cUlnNjf8vFepOb93MhDb7u8thmPa8s/yl7hYJaTT7QU7my
+XFrDONXqiT2fFLaiTfTZPbApEMZaEC1YGhcqTHwpuYtMdMdrb2U85JaM8SgrpeQ
HBjc3Q6N+Gf+XBe/Tev3Sw4uhBHxrX51ACJ+64qkECt4CKmahgPSDQNqcr2sdPjr
VjKhUvHAt+PlLAnW16uhNih7ZX6tze3Z21G53j8iqWgyX4h1IABjl2gnT41fh8SA
qPMl+CqGnQ/U17wctDnV1RtJouya+Ko=
-----END CERTIFICATE-----
Generated at Thu Oct 31 15:31:01 2024 by rpki-client on console-fra.rpki-client.org