Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/0d3a5699-3eb8-4ecb-80a5-e8761a19b971/d4586c07-e834-3712-8566-845eb39b828a.roa
File:                     d4586c07-e834-3712-8566-845eb39b828a.roa (raw, json)
Hash identifier:          xZJI4+CIbD+eJwvv8ERH2157fFd8rD6+W4e7OAYavBI=
Subject key identifier:   84:0F:C1:48:29:EC:09:22:CA:E7:4D:EC:AA:D1:97:D2:C7:BC:46:99
Certificate issuer:       /CN=0d3a5699-3eb8-4ecb-80a5-e8761a19b971
Certificate serial:       010D0C9F43285849393E7100D475AAAB23E6F658
Authority key identifier: 57:1A:A5:27:EC:17:91:77:8C:71:79:03:73:62:71:C5:53:17:64:66
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/0d3a5699-3eb8-4ecb-80a5-e8761a19b971.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/0d3a5699-3eb8-4ecb-80a5-e8761a19b971/d4586c07-e834-3712-8566-845eb39b828a.roa
Signing time:             Tue 18 Mar 2025 01:00:38 +0000
ROA not before:           Tue 18 Mar 2025 01:00:38 +0000
ROA not after:            Mon 16 Jun 2025 01:00:38 +0000
asID:                     18594
IP address blocks:        204.90.2.0/24 maxlen: 24
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:49:39:3e:71:00:d4:75:aa:ab:23:e6:f6:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d3a5699-3eb8-4ecb-80a5-e8761a19b971
        Validity
            Not Before: Mar 18 01:00:38 2025 GMT
            Not After : Jun 16 01:00:38 2025 GMT
        Subject: CN=eef2cfef-8e14-4425-8317-165a059981ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:16:a8:04:2a:11:c3:07:41:06:4d:66:80:b9:
                    d7:a5:f2:e1:9c:75:34:ab:57:f9:c2:59:84:d6:cc:
                    1a:a3:3d:42:c5:b6:de:5f:dd:12:51:60:f7:bc:63:
                    38:d7:20:1c:c5:9e:2e:43:aa:ed:4f:b4:28:71:39:
                    10:a7:e4:71:4f:f1:8f:15:e3:cd:39:02:73:a8:03:
                    42:a2:f4:43:fe:2e:be:1e:0e:0a:33:85:7a:9f:32:
                    9f:5d:b1:5c:67:45:4a:c0:a7:9b:36:cf:ab:99:95:
                    1f:b8:39:53:51:5f:e6:7d:0e:dd:4e:f6:15:45:ac:
                    a8:b8:7e:fd:f5:30:3b:34:fa:d2:d5:23:9d:45:1c:
                    30:f1:e2:99:84:24:5a:21:ed:6b:85:cf:47:2d:57:
                    87:e0:6e:2d:1c:94:4a:65:90:42:a8:81:b8:38:05:
                    2a:88:c0:d4:7e:60:d3:3a:5d:3d:de:9d:da:d1:cd:
                    a4:30:89:0f:04:a9:a5:0f:06:6b:59:09:61:15:09:
                    70:71:70:03:92:17:a0:73:26:63:84:74:95:fb:a9:
                    b8:0f:8e:e7:1d:b1:33:6c:79:72:6f:60:cd:5e:ed:
                    63:11:bd:03:2e:64:01:7d:47:23:a0:f8:78:0b:65:
                    d2:9c:53:91:f7:15:0c:02:e1:d9:09:9c:be:43:e4:
                    41:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:0F:C1:48:29:EC:09:22:CA:E7:4D:EC:AA:D1:97:D2:C7:BC:46:99
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/0d3a5699-3eb8-4ecb-80a5-e8761a19b971/d4586c07-e834-3712-8566-845eb39b828a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/0d3a5699-3eb8-4ecb-80a5-e8761a19b971/0d3a5699-3eb8-4ecb-80a5-e8761a19b971.crl

            X509v3 Authority Key Identifier:
                keyid:57:1A:A5:27:EC:17:91:77:8C:71:79:03:73:62:71:C5:53:17:64:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/0d3a5699-3eb8-4ecb-80a5-e8761a19b971.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  204.90.2.0/24

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         6e:83:62:33:ac:bf:2a:d8:9c:8d:72:31:d0:a9:c2:35:3d:92:
         9c:c0:f7:3f:64:fc:a2:85:93:a7:76:0e:b5:29:5c:4b:92:a8:
         ed:29:44:a6:2b:31:f9:fb:ef:29:36:54:44:a0:81:cf:c6:04:
         ec:6d:be:08:ad:2d:81:20:58:d4:59:c0:b1:a6:a8:23:de:29:
         76:dc:10:b0:bd:d0:b4:1d:f4:79:a4:05:38:4b:77:79:5a:f2:
         75:71:f9:c8:f7:36:15:4f:df:ea:77:8d:b1:63:de:bf:ca:ac:
         e2:b2:af:e2:e6:03:46:dd:1e:ab:a9:88:94:66:69:9a:04:f5:
         96:0a:eb:3a:5a:80:a2:ee:e6:9f:42:a3:3f:a1:c4:72:34:99:
         85:39:50:21:52:56:c8:07:6d:3a:b1:fe:23:03:55:63:9a:62:
         51:da:59:8b:94:26:e2:e0:ad:33:60:6b:9e:99:05:d1:fc:cb:
         63:3d:17:1f:a3:ee:ad:18:81:25:ae:50:8d:24:b7:3e:cf:58:
         6e:8a:a9:d7:cd:81:ad:aa:08:e4:4e:12:57:46:2a:f8:45:a4:
         8d:a5:54:fc:5d:27:f1:89:7b:94:62:bd:bc:ac:c3:d8:1a:f9:
         dd:42:6b:1c:7f:fd:ef:14:9c:6a:3e:c5:94:c1:4d:e5:6e:dd:
         3a:91:bd:c8
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWEk5PnEA1HWqqyPm9lgwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkMGQzYTU2OTktM2ViOC00ZWNiLTgwYTUtZTg3NjFhMTli
OTcxMB4XDTI1MDMxODAxMDAzOFoXDTI1MDYxNjAxMDAzOFowLzEtMCsGA1UEAxMk
ZWVmMmNmZWYtOGUxNC00NDI1LTgzMTctMTY1YTA1OTk4MWFlMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEApxaoBCoRwwdBBk1mgLnXpfLhnHU0q1f5wlmE
1swaoz1CxbbeX90SUWD3vGM41yAcxZ4uQ6rtT7QocTkQp+RxT/GPFePNOQJzqANC
ovRD/i6+Hg4KM4V6nzKfXbFcZ0VKwKebNs+rmZUfuDlTUV/mfQ7dTvYVRayouH79
9TA7NPrS1SOdRRww8eKZhCRaIe1rhc9HLVeH4G4tHJRKZZBCqIG4OAUqiMDUfmDT
Ol093p3a0c2kMIkPBKmlDwZrWQlhFQlwcXADkhegcyZjhHSV+6m4D47nHbEzbHly
b2DNXu1jEb0DLmQBfUcjoPh4C2XSnFOR9xUMAuHZCZy+Q+RBPwIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFIQPwUgp7AkiyudN7KrRl9LHvEaZMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy8wZDNh
NTY5OS0zZWI4LTRlY2ItODBhNS1lODc2MWExOWI5NzEvZDQ1ODZjMDctZTgzNC0z
NzEyLTg1NjYtODQ1ZWIzOWI4MjhhLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy81MjFlYjMzZi05
NjcyLTRjZDktYWNjZS0xMzcyMjdlOTcxYWMvMGQzYTU2OTktM2ViOC00ZWNiLTgw
YTUtZTg3NjFhMTliOTcxLzBkM2E1Njk5LTNlYjgtNGVjYi04MGE1LWU4NzYxYTE5
Yjk3MS5jcmwwHwYDVR0jBBgwFoAUVxqlJ+wXkXeMcXkDc2JxxVMXZGYwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzUyMWViMzNmLTk2NzItNGNk
OS1hY2NlLTEzNzIyN2U5NzFhYy8wZDNhNTY5OS0zZWI4LTRlY2ItODBhNS1lODc2
MWExOWI5NzEuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAzFoCMFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBAG6DYjOsvyrYnI1yMdCpwjU9kpzA9z9k/KKFk6d2DrUpXEuSqO0pRKYr
Mfn77yk2VESggc/GBOxtvgitLYEgWNRZwLGmqCPeKXbcELC90LQd9HmkBThLd3la
8nVx+cj3NhVP3+p3jbFj3r/KrOKyr+LmA0bdHqupiJRmaZoE9ZYK6zpagKLu5p9C
oz+hxHI0mYU5UCFSVsgHbTqx/iMDVWOaYlHaWYuUJuLgrTNga56ZBdH8y2M9Fx+j
7q0YgSWuUI0ktz7PWG6KqdfNga2qCOROEldGKvhFpI2lVPxdJ/GJe5Rivbysw9ga
+d1Caxx//e8UnGo+xZTBTeVu3TqRvcg=
-----END CERTIFICATE-----
Generated at Fri Apr 11 21:24:23 2025 by rpki-client