Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/417c06d0-3203-44fd-b164-0aed50f5638b/2a17de97-ac95-3741-9ebe-22d1315750a8.roa
File:                     2a17de97-ac95-3741-9ebe-22d1315750a8.roa (raw, json)
Hash identifier:          rLReKq9WnlCxm/ta4XL20zOyLIoK+wbvADu6CHYJCBY=
Subject key identifier:   68:E8:B5:5B:72:A4:15:ED:BF:B4:E5:5B:7C:12:D7:8A:E2:4E:73:85
Certificate issuer:       /CN=417c06d0-3203-44fd-b164-0aed50f5638b
Certificate serial:       010D0C9F43285848AF2B7E540F5C4E0C0869BBE0
Authority key identifier: 00:CE:A0:C5:4C:5A:68:B3:D1:09:2A:66:78:F3:83:C9:42:07:C5:FD
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/417c06d0-3203-44fd-b164-0aed50f5638b.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/417c06d0-3203-44fd-b164-0aed50f5638b/2a17de97-ac95-3741-9ebe-22d1315750a8.roa
Signing time:             Mon 27 Jan 2025 14:00:52 +0000
ROA not before:           Mon 27 Jan 2025 14:00:52 +0000
ROA not after:            Sun 27 Apr 2025 13:00:52 +0000
asID:                     397423
IP address blocks:        147.124.201.0/24 maxlen: 24
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:48:af:2b:7e:54:0f:5c:4e:0c:08:69:bb:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=417c06d0-3203-44fd-b164-0aed50f5638b
        Validity
            Not Before: Jan 27 14:00:52 2025 GMT
            Not After : Apr 27 13:00:52 2025 GMT
        Subject: CN=7e93e2bb-db36-44cc-a681-f77b3b1d50be
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:3b:5d:61:46:48:9f:2e:08:fc:2c:a0:67:70:
                    d6:77:13:f4:c5:67:94:e4:68:f5:d5:19:cd:a4:e4:
                    0e:c8:06:f1:cf:0f:30:b7:c3:ec:b1:b7:28:53:c7:
                    f5:c3:0e:8a:f8:66:04:db:98:9b:6e:60:93:69:b1:
                    4d:d4:64:a2:05:ec:b6:4d:fe:ea:8d:5f:bd:80:9a:
                    dc:0b:df:fd:b6:2c:88:4f:87:06:c2:30:49:0f:4b:
                    ea:a8:c7:3c:06:ed:7a:9d:72:a0:35:23:e5:28:bc:
                    9f:68:02:36:36:da:77:13:f0:98:6d:06:91:93:f3:
                    7b:e9:36:d4:c0:53:ec:0e:41:42:c8:90:d2:d7:29:
                    69:43:ab:be:7d:07:ae:37:19:30:8e:3d:17:f4:88:
                    0a:09:86:5a:e8:57:b5:92:4f:ea:89:2e:f6:56:fc:
                    e1:1b:77:60:89:11:fe:53:f0:f7:b6:f4:20:3d:c3:
                    c3:63:8f:63:93:09:d3:0e:05:a2:10:d3:b1:68:7b:
                    3b:01:6c:24:3e:01:d8:d4:3d:95:fa:ce:c5:18:6a:
                    e4:89:f3:49:3b:97:6c:e9:9f:0a:56:a8:71:37:49:
                    d6:c3:0a:9d:96:28:6f:99:41:f7:5d:45:e0:30:c5:
                    e4:d5:c1:ec:ae:8d:70:1f:18:a4:0c:bd:37:83:ea:
                    d4:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:E8:B5:5B:72:A4:15:ED:BF:B4:E5:5B:7C:12:D7:8A:E2:4E:73:85
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/417c06d0-3203-44fd-b164-0aed50f5638b/2a17de97-ac95-3741-9ebe-22d1315750a8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/417c06d0-3203-44fd-b164-0aed50f5638b/417c06d0-3203-44fd-b164-0aed50f5638b.crl

            X509v3 Authority Key Identifier:
                keyid:00:CE:A0:C5:4C:5A:68:B3:D1:09:2A:66:78:F3:83:C9:42:07:C5:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/417c06d0-3203-44fd-b164-0aed50f5638b.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.124.201.0/24

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         2d:da:a4:c0:5f:be:0f:9b:74:ff:c9:7a:6a:bd:d1:32:64:f7:
         a2:90:f7:fa:77:39:9e:62:b8:5a:ce:95:dd:44:73:65:0f:2f:
         ab:49:8d:94:22:86:b3:88:3d:9d:17:61:de:ca:6d:9c:3a:29:
         c2:5b:1d:39:bd:72:fd:f5:39:41:18:ce:75:71:95:ad:dd:85:
         ab:1c:ff:15:0e:9e:4e:a9:39:4e:aa:70:39:4e:fd:61:7d:a0:
         0e:bf:48:24:5c:45:ca:87:60:54:8b:f7:b5:c8:8c:7b:03:01:
         e6:8a:f4:f7:f5:7e:39:a3:2b:88:c8:a3:93:3b:4d:df:6f:c8:
         ff:58:98:18:3e:43:8c:c7:71:bd:60:06:ee:03:b8:d5:61:0b:
         6d:81:1c:23:54:ec:b1:08:96:03:a7:71:80:f2:00:2e:0c:67:
         7b:b9:2d:45:da:29:6f:54:39:d7:ed:3f:75:3b:38:4f:cd:8f:
         1d:52:36:48:77:74:30:f4:e3:66:cd:75:02:92:53:32:09:4e:
         f7:6d:d8:fd:ac:6a:a5:fc:99:2b:e5:87:23:3e:db:d0:67:c7:
         43:fd:8c:a4:00:c5:a4:44:60:de:ea:5d:29:66:f8:04:29:17:
         21:fe:ff:ea:2a:e7:59:60:cc:5b:d8:93:58:26:93:8a:a8:61:
         ce:8d:f2:c6
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWEivK35UD1xODAhpu+AwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkNDE3YzA2ZDAtMzIwMy00NGZkLWIxNjQtMGFlZDUwZjU2
MzhiMB4XDTI1MDEyNzE0MDA1MloXDTI1MDQyNzEzMDA1MlowLzEtMCsGA1UEAxMk
N2U5M2UyYmItZGIzNi00NGNjLWE2ODEtZjc3YjNiMWQ1MGJlMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuTtdYUZIny4I/CygZ3DWdxP0xWeU5Gj11RnN
pOQOyAbxzw8wt8PssbcoU8f1ww6K+GYE25ibbmCTabFN1GSiBey2Tf7qjV+9gJrc
C9/9tiyIT4cGwjBJD0vqqMc8Bu16nXKgNSPlKLyfaAI2Ntp3E/CYbQaRk/N76TbU
wFPsDkFCyJDS1ylpQ6u+fQeuNxkwjj0X9IgKCYZa6Fe1kk/qiS72VvzhG3dgiRH+
U/D3tvQgPcPDY49jkwnTDgWiENOxaHs7AWwkPgHY1D2V+s7FGGrkifNJO5ds6Z8K
VqhxN0nWwwqdlihvmUH3XUXgMMXk1cHsro1wHxikDL03g+rUDwIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFGjotVtypBXtv7TlW3wS14riTnOFMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy80MTdj
MDZkMC0zMjAzLTQ0ZmQtYjE2NC0wYWVkNTBmNTYzOGIvMmExN2RlOTctYWM5NS0z
NzQxLTllYmUtMjJkMTMxNTc1MGE4LnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy81MjFlYjMzZi05
NjcyLTRjZDktYWNjZS0xMzcyMjdlOTcxYWMvNDE3YzA2ZDAtMzIwMy00NGZkLWIx
NjQtMGFlZDUwZjU2MzhiLzQxN2MwNmQwLTMyMDMtNDRmZC1iMTY0LTBhZWQ1MGY1
NjM4Yi5jcmwwHwYDVR0jBBgwFoAUAM6gxUxaaLPRCSpmePODyUIHxf0wDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzUyMWViMzNmLTk2NzItNGNk
OS1hY2NlLTEzNzIyN2U5NzFhYy80MTdjMDZkMC0zMjAzLTQ0ZmQtYjE2NC0wYWVk
NTBmNTYzOGIuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk3zJMFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBAC3apMBfvg+bdP/Jemq90TJk96KQ9/p3OZ5iuFrOld1Ec2UPL6tJjZQi
hrOIPZ0XYd7KbZw6KcJbHTm9cv31OUEYznVxla3dhasc/xUOnk6pOU6qcDlO/WF9
oA6/SCRcRcqHYFSL97XIjHsDAeaK9Pf1fjmjK4jIo5M7Td9vyP9YmBg+Q4zHcb1g
Bu4DuNVhC22BHCNU7LEIlgOncYDyAC4MZ3u5LUXaKW9UOdftP3U7OE/Njx1SNkh3
dDD042bNdQKSUzIJTvdt2P2saqX8mSvlhyM+29Bnx0P9jKQAxaREYN7qXSlm+AQp
FyH+/+oq51lgzFvYk1gmk4qoYc6N8sY=
-----END CERTIFICATE-----
Generated at Fri Apr 11 23:35:40 2025 by rpki-client