Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d/fba57140-a369-4a3a-8edc-69732d179924/16d2f51d-4925-351b-b1cd-0bc5d4e4cf07.roa
File:                     16d2f51d-4925-351b-b1cd-0bc5d4e4cf07.roa (raw, json)
Hash identifier:          Zj0sYAUvfHMKpuvmgrFJoQ12qJWT/0bkYUICpsAzIf8=
Subject key identifier:   08:97:B0:20:DA:5C:5E:EB:61:5A:8F:45:60:4C:97:84:8B:52:3F:98
Certificate issuer:       /CN=fba57140-a369-4a3a-8edc-69732d179924
Certificate serial:       010D0C9F4328584742BB5AA948A3EEBF3C489FC0
Authority key identifier: 0D:62:F8:D3:71:60:6D:A8:44:A4:7C:AB:CE:08:71:66:07:93:95:03
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d/fba57140-a369-4a3a-8edc-69732d179924.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d/fba57140-a369-4a3a-8edc-69732d179924/16d2f51d-4925-351b-b1cd-0bc5d4e4cf07.roa
Signing time:             Thu 19 Sep 2024 01:00:31 +0000
ROA not before:           Thu 19 Sep 2024 01:00:31 +0000
ROA not after:            Wed 18 Dec 2024 02:00:31 +0000
asID:                     201542
IP address blocks:        134.199.36.0/22 maxlen: 24
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:47:42:bb:5a:a9:48:a3:ee:bf:3c:48:9f:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fba57140-a369-4a3a-8edc-69732d179924
        Validity
            Not Before: Sep 19 01:00:31 2024 GMT
            Not After : Dec 18 02:00:31 2024 GMT
        Subject: CN=3be1909b-c394-4a7b-aa8a-2d429c0c31a8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:98:e1:d9:8b:7a:88:98:4e:cd:cf:e8:e6:db:
                    31:9e:e2:57:12:ad:31:10:8b:26:d4:94:db:17:cf:
                    0a:b3:bd:a3:29:68:f3:4b:77:f0:c0:dc:33:d5:8f:
                    fe:f7:2e:35:0c:0e:fb:1a:5d:0f:6a:2c:30:91:a6:
                    3d:a0:34:02:6e:bb:f7:70:c8:78:09:3f:a4:ad:a7:
                    08:41:ba:87:74:63:84:3a:69:86:64:d8:ec:83:31:
                    a1:0f:12:96:d3:b4:50:17:e8:69:42:da:37:2a:5e:
                    7f:82:64:27:81:3f:70:9c:92:9e:62:00:8d:9b:7a:
                    71:8f:51:c3:dd:a1:aa:64:35:08:99:f8:92:94:e3:
                    2a:f6:39:2d:da:f4:25:46:32:7a:e0:70:51:c8:0e:
                    1f:6f:ca:0c:99:4d:cf:ce:f5:6f:57:ad:9c:d7:f7:
                    76:d5:2f:f3:af:7d:df:91:a8:2c:9f:c6:47:9e:3c:
                    7a:d6:7c:e5:bd:f7:fe:c4:0b:6c:dd:b2:dc:71:5b:
                    64:d4:56:da:be:c0:a8:1e:de:0e:98:f6:39:2f:83:
                    74:e0:7d:74:b4:5a:f5:3d:15:70:8d:34:27:72:50:
                    14:f8:d1:ff:0c:29:1f:c7:af:e8:45:39:7b:70:19:
                    c8:47:2f:e1:a1:1f:87:92:48:53:57:f9:2c:4f:79:
                    61:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:97:B0:20:DA:5C:5E:EB:61:5A:8F:45:60:4C:97:84:8B:52:3F:98
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d/fba57140-a369-4a3a-8edc-69732d179924/16d2f51d-4925-351b-b1cd-0bc5d4e4cf07.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d/fba57140-a369-4a3a-8edc-69732d179924/fba57140-a369-4a3a-8edc-69732d179924.crl

            X509v3 Authority Key Identifier:
                keyid:0D:62:F8:D3:71:60:6D:A8:44:A4:7C:AB:CE:08:71:66:07:93:95:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d/fba57140-a369-4a3a-8edc-69732d179924.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  134.199.36.0/22

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         55:eb:2b:d5:1d:da:42:c8:3c:a5:1b:ec:a4:b1:73:13:c2:53:
         31:c7:a2:b7:1a:e7:aa:b9:f2:26:2b:d1:4b:fc:79:4b:08:9e:
         ce:af:cc:8e:1d:1a:02:9b:d1:69:1a:68:4b:bd:05:d6:01:6f:
         88:11:11:15:7b:2f:4e:bd:ec:87:24:79:ee:1a:85:76:72:a5:
         42:ff:76:c0:5b:c4:d2:d6:41:b1:09:b7:7a:f3:0e:c1:26:46:
         54:01:85:d4:58:4b:da:a0:5d:16:45:0e:2c:87:aa:ae:40:3b:
         7a:2b:ad:ed:3a:5b:4f:36:77:7f:e4:a9:dd:e8:9c:6d:63:08:
         72:60:cb:19:1d:20:de:6c:46:16:a6:bc:0c:b7:2b:0f:41:07:
         13:ab:96:96:4a:ce:65:b6:10:eb:ce:58:d1:b3:1d:16:bb:89:
         1f:d3:3e:4f:1e:f4:7c:de:74:8d:2e:06:07:d0:47:b1:ed:a4:
         be:df:50:ee:77:66:46:78:a4:65:41:b0:04:34:2b:14:3c:99:
         29:d5:29:a9:59:0c:ce:ad:74:0e:b7:07:60:31:95:f0:55:88:
         4a:d5:ce:18:2e:40:8f:ba:ee:b9:89:9f:fd:c3:8b:51:49:6e:
         8c:b4:d4:4a:74:af:36:b6:fe:f4:03:fd:61:96:3f:e9:85:47:
         3d:88:e9:68
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWEdCu1qpSKPuvzxIn8AwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkZmJhNTcxNDAtYTM2OS00YTNhLThlZGMtNjk3MzJkMTc5
OTI0MB4XDTI0MDkxOTAxMDAzMVoXDTI0MTIxODAyMDAzMVowLzEtMCsGA1UEAxMk
M2JlMTkwOWItYzM5NC00YTdiLWFhOGEtMmQ0MjljMGMzMWE4MIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxJjh2Yt6iJhOzc/o5tsxnuJXEq0xEIsm1JTb
F88Ks72jKWjzS3fwwNwz1Y/+9y41DA77Gl0PaiwwkaY9oDQCbrv3cMh4CT+kracI
QbqHdGOEOmmGZNjsgzGhDxKW07RQF+hpQto3Kl5/gmQngT9wnJKeYgCNm3pxj1HD
3aGqZDUImfiSlOMq9jkt2vQlRjJ64HBRyA4fb8oMmU3PzvVvV62c1/d21S/zr33f
kagsn8ZHnjx61nzlvff+xAts3bLccVtk1FbavsCoHt4OmPY5L4N04H10tFr1PRVw
jTQnclAU+NH/DCkfx6/oRTl7cBnIRy/hoR+HkkhTV/ksT3lh5wIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFAiXsCDaXF7rYVqPRWBMl4SLUj+YMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzRhYjdhZTRkLWJkN2ItNGIzMy05YTg4LTViMjJkMmE4MzM3ZC9mYmE1
NzE0MC1hMzY5LTRhM2EtOGVkYy02OTczMmQxNzk5MjQvMTZkMmY1MWQtNDkyNS0z
NTFiLWIxY2QtMGJjNWQ0ZTRjZjA3LnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy80YWI3YWU0ZC1i
ZDdiLTRiMzMtOWE4OC01YjIyZDJhODMzN2QvZmJhNTcxNDAtYTM2OS00YTNhLThl
ZGMtNjk3MzJkMTc5OTI0L2ZiYTU3MTQwLWEzNjktNGEzYS04ZWRjLTY5NzMyZDE3
OTkyNC5jcmwwHwYDVR0jBBgwFoAUDWL403FgbahEpHyrzghxZgeTlQMwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzRhYjdhZTRkLWJkN2ItNGIz
My05YTg4LTViMjJkMmE4MzM3ZC9mYmE1NzE0MC1hMzY5LTRhM2EtOGVkYy02OTcz
MmQxNzk5MjQuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQChsckMFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBAFXrK9Ud2kLIPKUb7KSxcxPCUzHHorca56q58iYr0Uv8eUsIns6vzI4d
GgKb0WkaaEu9BdYBb4gRERV7L0697Ickee4ahXZypUL/dsBbxNLWQbEJt3rzDsEm
RlQBhdRYS9qgXRZFDiyHqq5AO3orre06W082d3/kqd3onG1jCHJgyxkdIN5sRham
vAy3Kw9BBxOrlpZKzmW2EOvOWNGzHRa7iR/TPk8e9HzedI0uBgfQR7HtpL7fUO53
ZkZ4pGVBsAQ0KxQ8mSnVKalZDM6tdA63B2AxlfBViErVzhguQI+67rmJn/3Di1FJ
boy01Ep0rza2/vQD/WGWP+mFRz2I6Wg=
-----END CERTIFICATE-----