Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/0d3a5699-3eb8-4ecb-80a5-e8761a19b971/e7681ea2-8291-3000-8a57-dc6bfaead88c.roa
File:                     e7681ea2-8291-3000-8a57-dc6bfaead88c.roa (raw, json)
Hash identifier:          ymcO2RCCEhU+3PlqkM6TBuuJs6bJu8fyabs5dSAS0M4=
Subject key identifier:   2C:6D:4A:6F:21:FB:B5:BE:BD:35:E8:86:6A:3E:9E:D3:7B:B2:A2:D1
Certificate issuer:       /CN=0d3a5699-3eb8-4ecb-80a5-e8761a19b971
Certificate serial:       010D0C9F43285849393E70724E18B7AFA246F300
Authority key identifier: 57:1A:A5:27:EC:17:91:77:8C:71:79:03:73:62:71:C5:53:17:64:66
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/0d3a5699-3eb8-4ecb-80a5-e8761a19b971.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/0d3a5699-3eb8-4ecb-80a5-e8761a19b971/e7681ea2-8291-3000-8a57-dc6bfaead88c.roa
Signing time:             Tue 18 Mar 2025 01:00:38 +0000
ROA not before:           Tue 18 Mar 2025 01:00:38 +0000
ROA not after:            Mon 16 Jun 2025 01:00:38 +0000
asID:                     18594
IP address blocks:        64.57.144.0/24 maxlen: 24
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:49:39:3e:70:72:4e:18:b7:af:a2:46:f3:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d3a5699-3eb8-4ecb-80a5-e8761a19b971
        Validity
            Not Before: Mar 18 01:00:38 2025 GMT
            Not After : Jun 16 01:00:38 2025 GMT
        Subject: CN=bf271770-1073-42c0-b82a-3737517d2e46
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:37:bc:f6:bb:4e:d0:e1:1e:6e:24:60:27:0a:
                    7f:d5:94:50:81:6d:6e:eb:9c:cc:4d:21:c6:41:76:
                    80:0d:1d:79:e7:da:09:fd:03:4f:65:ed:bd:42:d0:
                    8b:8c:6d:10:9a:38:9b:2c:90:2e:6f:5b:61:70:24:
                    1d:9f:c9:29:18:ec:4d:bf:0b:0d:cf:5a:58:72:d1:
                    83:c3:77:05:ac:f1:ba:9c:04:e6:b7:a0:fa:25:3d:
                    38:46:38:3f:ee:e4:14:11:f4:97:bc:c4:14:56:d1:
                    76:05:a7:98:11:5a:bf:54:b6:b0:68:bc:e6:bf:d3:
                    eb:81:63:ef:43:1a:95:a6:e9:79:0d:10:eb:07:13:
                    f9:23:9b:d8:b1:4f:03:a3:c8:09:47:a0:59:0c:c1:
                    ae:a9:05:e9:e2:02:2b:34:74:ad:a5:f5:f4:04:c3:
                    18:30:2d:eb:1d:56:1a:33:87:db:ad:8b:0f:c1:88:
                    36:11:1d:e6:c7:64:63:70:68:3a:9c:ca:63:70:ed:
                    d6:ec:cc:19:71:c3:39:18:ef:19:fc:a7:eb:da:3c:
                    59:e0:41:54:9b:05:db:b4:4b:00:ab:8d:f1:2e:ed:
                    71:5d:a0:b5:fd:6c:19:06:3d:3a:36:ff:89:8c:28:
                    2c:86:99:e6:a3:a1:ea:31:2d:22:8d:59:ba:4d:de:
                    b8:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:6D:4A:6F:21:FB:B5:BE:BD:35:E8:86:6A:3E:9E:D3:7B:B2:A2:D1
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/0d3a5699-3eb8-4ecb-80a5-e8761a19b971/e7681ea2-8291-3000-8a57-dc6bfaead88c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/0d3a5699-3eb8-4ecb-80a5-e8761a19b971/0d3a5699-3eb8-4ecb-80a5-e8761a19b971.crl

            X509v3 Authority Key Identifier:
                keyid:57:1A:A5:27:EC:17:91:77:8C:71:79:03:73:62:71:C5:53:17:64:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/0d3a5699-3eb8-4ecb-80a5-e8761a19b971.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.57.144.0/24

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         60:ad:fa:98:56:fa:83:c7:7d:7b:3d:06:1e:05:39:42:f6:f0:
         05:3b:63:56:ad:11:96:ca:b2:02:64:5d:82:78:57:62:88:1f:
         f6:db:70:a5:fd:3a:34:c4:1d:0d:42:d6:2e:82:a4:31:73:56:
         a3:ed:5d:da:42:cb:75:7f:c8:1f:4b:18:85:8d:da:d7:14:86:
         18:bc:ff:ff:f5:5d:a3:bf:5f:a0:62:39:70:86:0e:e7:7b:3f:
         5b:9d:ba:14:cc:b3:03:93:c8:17:03:68:a1:23:a0:28:8e:86:
         4d:18:af:4f:dc:cb:04:16:79:eb:67:b4:13:5e:1a:d1:c6:d3:
         a2:1d:ad:48:aa:bd:51:d1:61:8f:69:60:f0:81:58:24:99:7f:
         51:93:c3:e0:66:1c:22:d6:a8:83:60:b1:28:11:f9:58:d3:49:
         29:fa:88:77:be:12:c0:f3:5e:1f:ab:eb:13:bb:87:a4:f5:24:
         ac:88:5c:e4:06:fd:fc:c0:5e:95:2f:94:eb:c1:ff:41:13:7b:
         22:04:60:b9:e6:ba:54:93:c2:5e:82:62:93:95:55:86:21:d9:
         4a:63:cc:8b:61:7c:b6:79:d2:32:b2:9f:6b:95:43:f7:6a:c6:
         8a:7f:c5:06:46:dc:87:cc:67:a7:f6:d4:fe:a2:d8:dc:e2:d7:
         4e:40:c4:a9
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWEk5PnByThi3r6JG8wAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkMGQzYTU2OTktM2ViOC00ZWNiLTgwYTUtZTg3NjFhMTli
OTcxMB4XDTI1MDMxODAxMDAzOFoXDTI1MDYxNjAxMDAzOFowLzEtMCsGA1UEAxMk
YmYyNzE3NzAtMTA3My00MmMwLWI4MmEtMzczNzUxN2QyZTQ2MIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgDe89rtO0OEebiRgJwp/1ZRQgW1u65zMTSHG
QXaADR1559oJ/QNPZe29QtCLjG0QmjibLJAub1thcCQdn8kpGOxNvwsNz1pYctGD
w3cFrPG6nATmt6D6JT04Rjg/7uQUEfSXvMQUVtF2BaeYEVq/VLawaLzmv9PrgWPv
QxqVpul5DRDrBxP5I5vYsU8Do8gJR6BZDMGuqQXp4gIrNHStpfX0BMMYMC3rHVYa
M4fbrYsPwYg2ER3mx2RjcGg6nMpjcO3W7MwZccM5GO8Z/Kfr2jxZ4EFUmwXbtEsA
q43xLu1xXaC1/WwZBj06Nv+JjCgshpnmo6HqMS0ijVm6Td640QIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFCxtSm8h+7W+vTXohmo+ntN7sqLRMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy8wZDNh
NTY5OS0zZWI4LTRlY2ItODBhNS1lODc2MWExOWI5NzEvZTc2ODFlYTItODI5MS0z
MDAwLThhNTctZGM2YmZhZWFkODhjLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy81MjFlYjMzZi05
NjcyLTRjZDktYWNjZS0xMzcyMjdlOTcxYWMvMGQzYTU2OTktM2ViOC00ZWNiLTgw
YTUtZTg3NjFhMTliOTcxLzBkM2E1Njk5LTNlYjgtNGVjYi04MGE1LWU4NzYxYTE5
Yjk3MS5jcmwwHwYDVR0jBBgwFoAUVxqlJ+wXkXeMcXkDc2JxxVMXZGYwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzUyMWViMzNmLTk2NzItNGNk
OS1hY2NlLTEzNzIyN2U5NzFhYy8wZDNhNTY5OS0zZWI4LTRlY2ItODBhNS1lODc2
MWExOWI5NzEuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAQDmQMFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBAGCt+phW+oPHfXs9Bh4FOUL28AU7Y1atEZbKsgJkXYJ4V2KIH/bbcKX9
OjTEHQ1C1i6CpDFzVqPtXdpCy3V/yB9LGIWN2tcUhhi8///1XaO/X6BiOXCGDud7
P1uduhTMswOTyBcDaKEjoCiOhk0Yr0/cywQWeetntBNeGtHG06IdrUiqvVHRYY9p
YPCBWCSZf1GTw+BmHCLWqINgsSgR+VjTSSn6iHe+EsDzXh+r6xO7h6T1JKyIXOQG
/fzAXpUvlOvB/0ETeyIEYLnmulSTwl6CYpOVVYYh2UpjzIthfLZ50jKyn2uVQ/dq
xop/xQZG3IfMZ6f21P6i2Nzi105AxKk=
-----END CERTIFICATE-----
Generated at Fri Apr 11 21:28:31 2025 by rpki-client