Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/0d3a5699-3eb8-4ecb-80a5-e8761a19b971/7e39b765-e3e8-3881-9da8-a808c316afd5.roa
File:                     7e39b765-e3e8-3881-9da8-a808c316afd5.roa (raw, json)
Hash identifier:          PixyUgLfo4rFvm5VPSIYp3SR9FxVs/DGZe2YDzC1Fo0=
Subject key identifier:   40:C9:AF:AA:39:81:FB:6E:1F:86:BB:1B:09:9E:72:3B:D7:E0:E8:47
Certificate issuer:       /CN=0d3a5699-3eb8-4ecb-80a5-e8761a19b971
Certificate serial:       010D0C9F43285849393E75DB5ACCE9BD31DE5A80
Authority key identifier: 57:1A:A5:27:EC:17:91:77:8C:71:79:03:73:62:71:C5:53:17:64:66
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/0d3a5699-3eb8-4ecb-80a5-e8761a19b971.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/0d3a5699-3eb8-4ecb-80a5-e8761a19b971/7e39b765-e3e8-3881-9da8-a808c316afd5.roa
Signing time:             Tue 18 Mar 2025 01:00:38 +0000
ROA not before:           Tue 18 Mar 2025 01:00:38 +0000
ROA not after:            Mon 16 Jun 2025 01:00:38 +0000
asID:                     18659
IP address blocks:        208.74.167.0/24 maxlen: 24
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:49:39:3e:75:db:5a:cc:e9:bd:31:de:5a:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d3a5699-3eb8-4ecb-80a5-e8761a19b971
        Validity
            Not Before: Mar 18 01:00:38 2025 GMT
            Not After : Jun 16 01:00:38 2025 GMT
        Subject: CN=3f7a114d-9ab5-440b-988b-6c3ce6b97e52
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:63:23:27:e1:63:63:5e:75:04:8c:f7:c4:ed:
                    ac:59:e9:2b:ae:a8:a3:ed:57:a0:ce:ce:92:6c:b0:
                    7e:45:9c:79:b5:c9:b9:5b:d6:8b:86:29:da:72:8f:
                    62:22:2c:9a:fd:b6:67:84:18:74:81:c1:f3:12:67:
                    73:a6:53:a1:8f:39:5b:7d:33:e0:13:da:24:10:dc:
                    33:93:00:f7:45:fa:5a:60:11:2b:b5:85:19:66:f5:
                    72:83:15:32:bb:62:72:e3:92:7d:ea:96:5f:5c:a2:
                    12:0a:92:5e:fa:c1:a4:b6:f9:f2:70:53:60:fb:9d:
                    3d:f3:d5:03:6d:6c:2b:49:d8:c9:cb:f7:4e:cd:6d:
                    f3:95:af:b8:d5:0c:f5:61:1a:8c:cf:03:59:3c:e4:
                    b2:51:f7:85:5d:38:98:35:d3:14:48:7a:75:db:fc:
                    42:f9:14:4f:4e:e3:25:da:07:03:2a:18:f9:da:67:
                    00:24:8c:c0:a5:7c:4f:5f:88:af:5d:25:0e:c4:b4:
                    a3:72:bc:e9:dd:6f:a0:d8:59:5c:25:d1:27:53:a0:
                    39:3f:e6:40:12:cb:bd:a8:d9:53:6f:d1:d5:29:fc:
                    bc:5f:a8:98:90:9a:15:33:83:68:56:b5:33:56:ae:
                    2c:36:1d:a8:0f:45:f8:4b:36:c8:07:83:c1:d0:00:
                    e3:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:C9:AF:AA:39:81:FB:6E:1F:86:BB:1B:09:9E:72:3B:D7:E0:E8:47
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/0d3a5699-3eb8-4ecb-80a5-e8761a19b971/7e39b765-e3e8-3881-9da8-a808c316afd5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/0d3a5699-3eb8-4ecb-80a5-e8761a19b971/0d3a5699-3eb8-4ecb-80a5-e8761a19b971.crl

            X509v3 Authority Key Identifier:
                keyid:57:1A:A5:27:EC:17:91:77:8C:71:79:03:73:62:71:C5:53:17:64:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/0d3a5699-3eb8-4ecb-80a5-e8761a19b971.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  208.74.167.0/24

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         a2:bb:4f:98:e6:9c:ed:eb:2f:86:92:e1:d7:0c:67:0d:fc:12:
         9f:c0:60:95:78:7c:18:69:a0:4a:6b:23:60:06:32:ad:db:66:
         80:39:54:ac:f9:d1:37:0f:89:a4:c0:3f:fd:2a:d2:e1:8f:d3:
         76:9a:41:f8:55:39:3c:cc:1b:97:32:41:f9:09:06:ca:15:28:
         4b:3d:6f:18:21:7b:28:18:73:85:49:67:d4:31:8b:b4:81:9e:
         c6:40:31:c7:eb:bb:9e:e0:5c:6a:5a:96:ae:fa:36:76:69:47:
         9b:ce:e0:01:74:c1:dc:13:25:b7:6f:32:e9:eb:98:6a:c0:03:
         ee:6a:c4:d3:ac:8f:32:e4:e5:3a:52:4e:83:1d:5b:ea:ce:42:
         26:00:56:f1:18:0e:cf:e7:7b:6c:2c:34:2a:39:de:f6:23:be:
         75:cd:46:68:ea:62:dd:2c:7b:1e:8f:49:35:51:ed:8f:60:4a:
         df:70:0f:25:cb:72:fb:f8:14:1f:e8:33:64:47:23:2c:01:ea:
         ee:2c:4c:8a:81:17:33:97:e2:42:9b:0f:c1:a6:5a:0a:dd:91:
         0d:1c:db:6b:d1:94:b7:30:c6:94:92:ef:e5:ba:b7:36:42:92:
         4a:1b:a6:5f:35:6f:3e:bd:61:9d:39:c6:96:10:7f:a7:61:3b:
         d5:94:af:57
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWEk5PnXbWszpvTHeWoAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkMGQzYTU2OTktM2ViOC00ZWNiLTgwYTUtZTg3NjFhMTli
OTcxMB4XDTI1MDMxODAxMDAzOFoXDTI1MDYxNjAxMDAzOFowLzEtMCsGA1UEAxMk
M2Y3YTExNGQtOWFiNS00NDBiLTk4OGItNmMzY2U2Yjk3ZTUyMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiGMjJ+FjY151BIz3xO2sWekrrqij7Vegzs6S
bLB+RZx5tcm5W9aLhinaco9iIiya/bZnhBh0gcHzEmdzplOhjzlbfTPgE9okENwz
kwD3RfpaYBErtYUZZvVygxUyu2Jy45J96pZfXKISCpJe+sGktvnycFNg+50989UD
bWwrSdjJy/dOzW3zla+41Qz1YRqMzwNZPOSyUfeFXTiYNdMUSHp12/xC+RRPTuMl
2gcDKhj52mcAJIzApXxPX4ivXSUOxLSjcrzp3W+g2FlcJdEnU6A5P+ZAEsu9qNlT
b9HVKfy8X6iYkJoVM4NoVrUzVq4sNh2oD0X4SzbIB4PB0ADjkwIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFEDJr6o5gftuH4a7GwmecjvX4OhHMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy8wZDNh
NTY5OS0zZWI4LTRlY2ItODBhNS1lODc2MWExOWI5NzEvN2UzOWI3NjUtZTNlOC0z
ODgxLTlkYTgtYTgwOGMzMTZhZmQ1LnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy81MjFlYjMzZi05
NjcyLTRjZDktYWNjZS0xMzcyMjdlOTcxYWMvMGQzYTU2OTktM2ViOC00ZWNiLTgw
YTUtZTg3NjFhMTliOTcxLzBkM2E1Njk5LTNlYjgtNGVjYi04MGE1LWU4NzYxYTE5
Yjk3MS5jcmwwHwYDVR0jBBgwFoAUVxqlJ+wXkXeMcXkDc2JxxVMXZGYwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzUyMWViMzNmLTk2NzItNGNk
OS1hY2NlLTEzNzIyN2U5NzFhYy8wZDNhNTY5OS0zZWI4LTRlY2ItODBhNS1lODc2
MWExOWI5NzEuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA0EqnMFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBAKK7T5jmnO3rL4aS4dcMZw38Ep/AYJV4fBhpoEprI2AGMq3bZoA5VKz5
0TcPiaTAP/0q0uGP03aaQfhVOTzMG5cyQfkJBsoVKEs9bxgheygYc4VJZ9Qxi7SB
nsZAMcfru57gXGpalq76NnZpR5vO4AF0wdwTJbdvMunrmGrAA+5qxNOsjzLk5TpS
ToMdW+rOQiYAVvEYDs/ne2wsNCo53vYjvnXNRmjqYt0sex6PSTVR7Y9gSt9wDyXL
cvv4FB/oM2RHIywB6u4sTIqBFzOX4kKbD8GmWgrdkQ0c22vRlLcwxpSS7+W6tzZC
kkobpl81bz69YZ05xpYQf6dhO9WUr1c=
-----END CERTIFICATE-----