Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/0d3a5699-3eb8-4ecb-80a5-e8761a19b971/c8ae2a3a-a784-320c-a476-6dac90106aa8.roa
File:                     c8ae2a3a-a784-320c-a476-6dac90106aa8.roa (raw, json)
Hash identifier:          Y63Y/rKilwT+zd6gl/jUKbC+A9uNsHY2bpg/5gMdT4k=
Subject key identifier:   CF:5B:43:DC:39:AF:50:93:DA:6E:1E:D8:1D:F3:6F:E3:5D:A1:51:87
Certificate issuer:       /CN=0d3a5699-3eb8-4ecb-80a5-e8761a19b971
Certificate serial:       010D0C9F43285849393E75EEDA7E0E7D3825D3A0
Authority key identifier: 57:1A:A5:27:EC:17:91:77:8C:71:79:03:73:62:71:C5:53:17:64:66
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/0d3a5699-3eb8-4ecb-80a5-e8761a19b971.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/0d3a5699-3eb8-4ecb-80a5-e8761a19b971/c8ae2a3a-a784-320c-a476-6dac90106aa8.roa
Signing time:             Tue 18 Mar 2025 01:00:38 +0000
ROA not before:           Tue 18 Mar 2025 01:00:38 +0000
ROA not after:            Mon 16 Jun 2025 01:00:38 +0000
asID:                     18594
IP address blocks:        199.254.202.0/24 maxlen: 24
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:49:39:3e:75:ee:da:7e:0e:7d:38:25:d3:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d3a5699-3eb8-4ecb-80a5-e8761a19b971
        Validity
            Not Before: Mar 18 01:00:38 2025 GMT
            Not After : Jun 16 01:00:38 2025 GMT
        Subject: CN=22ed2f66-5b63-4d8a-a2d3-d3b6f0864232
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:d7:1c:7b:13:84:f7:74:95:d5:58:89:3e:b7:
                    1b:58:4e:b9:f7:1e:52:11:58:03:45:02:11:81:21:
                    28:1a:bf:b2:6a:f2:0c:11:7b:0e:bf:80:0d:e7:02:
                    d7:4f:3f:57:52:34:07:a2:e0:b9:a8:f1:02:9c:37:
                    ba:58:c7:4d:44:90:fb:87:96:26:2b:e4:dc:21:ca:
                    57:44:23:a7:99:74:ff:48:57:59:b3:fc:a6:a3:73:
                    85:a8:a3:a4:a7:ff:87:ea:92:28:81:aa:8f:f4:08:
                    55:3b:cf:9a:44:51:87:97:69:81:3d:df:71:05:6c:
                    ce:45:46:26:57:98:b9:93:2e:a6:09:1e:ee:1e:20:
                    72:f7:67:8d:2c:fc:2b:d5:3b:25:37:22:2e:00:cc:
                    52:e5:24:b7:bb:0a:4d:c6:80:76:3b:7f:27:a6:55:
                    af:ea:7a:7a:16:ec:6f:6f:f6:7f:a9:17:ef:09:1a:
                    23:fb:41:5f:c8:4d:9b:a1:05:8f:60:d3:89:c7:be:
                    da:1e:ac:d4:d9:aa:96:71:4d:30:9d:88:c4:e7:dc:
                    d6:8b:e7:b0:c9:99:e5:76:17:7a:4d:8f:2c:85:54:
                    a9:75:c6:e9:48:64:db:43:9f:eb:6b:78:03:d9:7f:
                    6b:82:52:f1:f7:f6:64:f6:81:86:87:69:8f:6c:6b:
                    e3:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:5B:43:DC:39:AF:50:93:DA:6E:1E:D8:1D:F3:6F:E3:5D:A1:51:87
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/0d3a5699-3eb8-4ecb-80a5-e8761a19b971/c8ae2a3a-a784-320c-a476-6dac90106aa8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/0d3a5699-3eb8-4ecb-80a5-e8761a19b971/0d3a5699-3eb8-4ecb-80a5-e8761a19b971.crl

            X509v3 Authority Key Identifier:
                keyid:57:1A:A5:27:EC:17:91:77:8C:71:79:03:73:62:71:C5:53:17:64:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/0d3a5699-3eb8-4ecb-80a5-e8761a19b971.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.254.202.0/24

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         2a:e0:c0:b2:e6:7d:3e:07:70:98:56:24:c9:b5:c5:1c:e8:b7:
         9d:83:ef:7f:a8:ff:17:ef:2c:17:5a:8f:f2:5d:72:f8:d8:fa:
         24:3a:2d:fc:fa:6b:f1:d8:a3:07:80:c4:2f:67:b3:aa:bc:a1:
         2a:f6:ee:15:4f:09:90:34:5e:e8:6c:58:2c:8f:69:c8:31:2a:
         2d:32:c9:d2:11:0a:7c:82:76:9a:58:fa:68:36:d0:08:0b:e4:
         d7:13:76:aa:e7:a2:7e:f8:99:a6:d0:3f:e5:b4:51:82:21:0e:
         1f:1d:81:ee:e5:34:8e:64:c9:42:6d:c9:19:79:a4:75:7b:95:
         9a:b8:74:59:ce:e8:65:e8:ba:d0:13:96:2a:95:70:77:fb:db:
         60:b8:80:59:ba:b8:73:61:58:93:43:3b:ac:d7:e2:5a:cd:14:
         5a:9c:93:dc:cc:33:f6:31:34:62:86:64:ab:2d:a8:33:d5:a7:
         25:3b:13:7a:9b:4d:e7:55:06:7e:54:91:97:2c:d5:ce:48:70:
         81:a2:a0:13:f4:4a:6e:2e:e5:93:ee:e2:49:0a:81:07:a9:31:
         39:5d:e0:ea:12:e4:30:24:33:65:95:75:7f:f5:9c:2f:07:8f:
         17:5a:68:f1:bb:ae:be:6f:d0:31:32:98:10:90:28:f0:7c:b3:
         32:c7:41:7b
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWEk5PnXu2n4OfTgl06AwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkMGQzYTU2OTktM2ViOC00ZWNiLTgwYTUtZTg3NjFhMTli
OTcxMB4XDTI1MDMxODAxMDAzOFoXDTI1MDYxNjAxMDAzOFowLzEtMCsGA1UEAxMk
MjJlZDJmNjYtNWI2My00ZDhhLWEyZDMtZDNiNmYwODY0MjMyMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk9ccexOE93SV1ViJPrcbWE659x5SEVgDRQIR
gSEoGr+yavIMEXsOv4AN5wLXTz9XUjQHouC5qPECnDe6WMdNRJD7h5YmK+TcIcpX
RCOnmXT/SFdZs/ymo3OFqKOkp/+H6pIogaqP9AhVO8+aRFGHl2mBPd9xBWzORUYm
V5i5ky6mCR7uHiBy92eNLPwr1TslNyIuAMxS5SS3uwpNxoB2O38nplWv6np6Fuxv
b/Z/qRfvCRoj+0FfyE2boQWPYNOJx77aHqzU2aqWcU0wnYjE59zWi+ewyZnldhd6
TY8shVSpdcbpSGTbQ5/ra3gD2X9rglLx9/Zk9oGGh2mPbGvj+wIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFM9bQ9w5r1CT2m4e2B3zb+NdoVGHMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy8wZDNh
NTY5OS0zZWI4LTRlY2ItODBhNS1lODc2MWExOWI5NzEvYzhhZTJhM2EtYTc4NC0z
MjBjLWE0NzYtNmRhYzkwMTA2YWE4LnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy81MjFlYjMzZi05
NjcyLTRjZDktYWNjZS0xMzcyMjdlOTcxYWMvMGQzYTU2OTktM2ViOC00ZWNiLTgw
YTUtZTg3NjFhMTliOTcxLzBkM2E1Njk5LTNlYjgtNGVjYi04MGE1LWU4NzYxYTE5
Yjk3MS5jcmwwHwYDVR0jBBgwFoAUVxqlJ+wXkXeMcXkDc2JxxVMXZGYwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzUyMWViMzNmLTk2NzItNGNk
OS1hY2NlLTEzNzIyN2U5NzFhYy8wZDNhNTY5OS0zZWI4LTRlY2ItODBhNS1lODc2
MWExOWI5NzEuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAx/7KMFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBACrgwLLmfT4HcJhWJMm1xRzot52D73+o/xfvLBdaj/JdcvjY+iQ6Lfz6
a/HYoweAxC9ns6q8oSr27hVPCZA0XuhsWCyPacgxKi0yydIRCnyCdppY+mg20AgL
5NcTdqrnon74mabQP+W0UYIhDh8dge7lNI5kyUJtyRl5pHV7lZq4dFnO6GXoutAT
liqVcHf722C4gFm6uHNhWJNDO6zX4lrNFFqck9zMM/YxNGKGZKstqDPVpyU7E3qb
TedVBn5UkZcs1c5IcIGioBP0Sm4u5ZPu4kkKgQepMTld4OoS5DAkM2WVdX/1nC8H
jxdaaPG7rr5v0DEymBCQKPB8szLHQXs=
-----END CERTIFICATE-----
Generated at Fri Apr 11 21:10:10 2025 by rpki-client