Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/0d3a5699-3eb8-4ecb-80a5-e8761a19b971/7b5cbc42-95de-3deb-9008-d08a807b8c43.roa
File:                     7b5cbc42-95de-3deb-9008-d08a807b8c43.roa (raw, json)
Hash identifier:          vR3cP8NGFEXZg3uev6ibePbvuiSHlGod6p2kIpGPXY8=
Subject key identifier:   E0:B5:C7:1D:C0:5C:15:9F:9B:E0:B1:F7:6E:F5:E8:0A:00:0E:36:E8
Certificate issuer:       /CN=0d3a5699-3eb8-4ecb-80a5-e8761a19b971
Certificate serial:       010D0C9F43285849393E758FFC31FD20FABC3F80
Authority key identifier: 57:1A:A5:27:EC:17:91:77:8C:71:79:03:73:62:71:C5:53:17:64:66
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/0d3a5699-3eb8-4ecb-80a5-e8761a19b971.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/0d3a5699-3eb8-4ecb-80a5-e8761a19b971/7b5cbc42-95de-3deb-9008-d08a807b8c43.roa
Signing time:             Tue 18 Mar 2025 01:00:38 +0000
ROA not before:           Tue 18 Mar 2025 01:00:38 +0000
ROA not after:            Mon 16 Jun 2025 01:00:38 +0000
asID:                     18659
IP address blocks:        74.120.157.0/24 maxlen: 24
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:49:39:3e:75:8f:fc:31:fd:20:fa:bc:3f:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d3a5699-3eb8-4ecb-80a5-e8761a19b971
        Validity
            Not Before: Mar 18 01:00:38 2025 GMT
            Not After : Jun 16 01:00:38 2025 GMT
        Subject: CN=aabae595-823c-4e3a-941b-142bb1eff38e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:fe:47:84:86:ed:e7:95:78:ce:92:49:63:30:
                    1d:dc:4f:6d:21:37:03:44:6f:15:5c:8b:1d:2f:9b:
                    06:cd:34:26:d4:d3:9c:d2:ba:ee:95:2f:19:24:b2:
                    c9:3c:63:39:52:cd:0b:5a:3d:09:81:1b:4b:8d:19:
                    ae:1e:e5:80:62:38:37:f1:b2:df:66:2f:e6:50:bb:
                    56:09:94:bb:0d:1b:ca:b0:c7:cc:47:fc:98:d9:19:
                    42:5d:e2:96:6c:1c:c7:ff:00:d0:96:14:52:2b:52:
                    51:43:4d:0e:8e:ee:42:1e:7f:32:16:78:3d:ec:b5:
                    0a:38:9e:c9:86:be:85:8d:56:90:2e:2b:2d:08:6b:
                    6b:db:1d:5e:9d:0f:74:21:92:78:61:d5:9b:ba:87:
                    9d:bd:30:65:db:13:0a:44:f6:9a:31:ce:9b:84:17:
                    66:32:ac:5a:8f:42:eb:1a:75:35:ee:08:14:e2:72:
                    ce:54:5b:bf:ac:dc:c0:49:44:1b:49:00:89:4f:66:
                    2d:42:d5:db:e0:f4:44:15:87:56:2a:40:1f:c3:82:
                    f1:34:68:22:e1:fb:bb:c7:9d:31:75:c6:0c:51:bd:
                    60:59:35:83:02:0f:e4:38:7a:db:24:74:07:b3:d0:
                    36:8a:88:3b:07:dc:ef:bf:88:3f:3e:d5:4a:25:d3:
                    b6:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:B5:C7:1D:C0:5C:15:9F:9B:E0:B1:F7:6E:F5:E8:0A:00:0E:36:E8
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/0d3a5699-3eb8-4ecb-80a5-e8761a19b971/7b5cbc42-95de-3deb-9008-d08a807b8c43.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/0d3a5699-3eb8-4ecb-80a5-e8761a19b971/0d3a5699-3eb8-4ecb-80a5-e8761a19b971.crl

            X509v3 Authority Key Identifier:
                keyid:57:1A:A5:27:EC:17:91:77:8C:71:79:03:73:62:71:C5:53:17:64:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/0d3a5699-3eb8-4ecb-80a5-e8761a19b971.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  74.120.157.0/24

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         8f:2a:a9:b7:92:cd:c6:af:91:09:18:bd:41:8a:20:e8:0c:bb:
         b6:9b:20:9b:8b:7a:4a:a2:d5:64:5f:01:15:9b:a7:36:d3:7c:
         3d:6c:88:fd:bd:f8:4d:c6:32:c2:ad:07:f6:70:d8:4c:cc:3f:
         05:c9:1e:e4:dd:98:d6:3d:d4:bb:cb:b6:64:6e:f2:24:1d:9c:
         ff:3a:7a:e5:8c:6c:4b:10:39:52:4b:be:d0:d2:74:23:f2:16:
         e5:14:b3:7a:85:7c:83:a7:c2:0d:b0:1c:5c:16:b0:2e:11:5c:
         2f:6f:3f:52:dc:69:b8:ec:11:c5:8a:df:d3:b6:29:36:b2:96:
         6f:56:43:5f:d9:e2:40:51:86:f7:34:fc:19:78:65:b6:01:82:
         33:20:4e:a6:74:56:31:82:1c:0d:19:df:72:00:62:5f:29:15:
         04:10:76:df:44:16:17:96:51:d4:2c:62:96:a4:f5:5f:c7:a0:
         33:49:da:ed:0b:4f:37:7c:66:08:56:39:d5:b8:0b:4f:db:83:
         d0:1e:31:98:60:d7:c8:29:2b:e8:17:19:ce:ed:56:85:c7:70:
         7b:3b:20:98:23:a7:81:46:f4:e0:b1:26:01:05:b7:43:f6:8a:
         82:ce:d1:a0:0e:46:74:32:b5:e9:0c:9c:cb:83:3b:67:2d:ab:
         2d:b6:45:10
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWEk5PnWP/DH9IPq8P4AwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkMGQzYTU2OTktM2ViOC00ZWNiLTgwYTUtZTg3NjFhMTli
OTcxMB4XDTI1MDMxODAxMDAzOFoXDTI1MDYxNjAxMDAzOFowLzEtMCsGA1UEAxMk
YWFiYWU1OTUtODIzYy00ZTNhLTk0MWItMTQyYmIxZWZmMzhlMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEApv5HhIbt55V4zpJJYzAd3E9tITcDRG8VXIsd
L5sGzTQm1NOc0rrulS8ZJLLJPGM5Us0LWj0JgRtLjRmuHuWAYjg38bLfZi/mULtW
CZS7DRvKsMfMR/yY2RlCXeKWbBzH/wDQlhRSK1JRQ00Oju5CHn8yFng97LUKOJ7J
hr6FjVaQListCGtr2x1enQ90IZJ4YdWbuoedvTBl2xMKRPaaMc6bhBdmMqxaj0Lr
GnU17ggU4nLOVFu/rNzASUQbSQCJT2YtQtXb4PREFYdWKkAfw4LxNGgi4fu7x50x
dcYMUb1gWTWDAg/kOHrbJHQHs9A2iog7B9zvv4g/PtVKJdO2rQIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFOC1xx3AXBWfm+Cx92716AoADjboMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy8wZDNh
NTY5OS0zZWI4LTRlY2ItODBhNS1lODc2MWExOWI5NzEvN2I1Y2JjNDItOTVkZS0z
ZGViLTkwMDgtZDA4YTgwN2I4YzQzLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy81MjFlYjMzZi05
NjcyLTRjZDktYWNjZS0xMzcyMjdlOTcxYWMvMGQzYTU2OTktM2ViOC00ZWNiLTgw
YTUtZTg3NjFhMTliOTcxLzBkM2E1Njk5LTNlYjgtNGVjYi04MGE1LWU4NzYxYTE5
Yjk3MS5jcmwwHwYDVR0jBBgwFoAUVxqlJ+wXkXeMcXkDc2JxxVMXZGYwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzUyMWViMzNmLTk2NzItNGNk
OS1hY2NlLTEzNzIyN2U5NzFhYy8wZDNhNTY5OS0zZWI4LTRlY2ItODBhNS1lODc2
MWExOWI5NzEuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQASnidMFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBAI8qqbeSzcavkQkYvUGKIOgMu7abIJuLekqi1WRfARWbpzbTfD1siP29
+E3GMsKtB/Zw2EzMPwXJHuTdmNY91LvLtmRu8iQdnP86euWMbEsQOVJLvtDSdCPy
FuUUs3qFfIOnwg2wHFwWsC4RXC9vP1LcabjsEcWK39O2KTaylm9WQ1/Z4kBRhvc0
/Bl4ZbYBgjMgTqZ0VjGCHA0Z33IAYl8pFQQQdt9EFheWUdQsYpak9V/HoDNJ2u0L
Tzd8ZghWOdW4C0/bg9AeMZhg18gpK+gXGc7tVoXHcHs7IJgjp4FG9OCxJgEFt0P2
ioLO0aAORnQytekMnMuDO2ctqy22RRA=
-----END CERTIFICATE-----
Generated at Fri Apr 11 21:28:06 2025 by rpki-client