Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/417c06d0-3203-44fd-b164-0aed50f5638b/41491787-a87b-3836-bc29-894a2094fd35.roa
File:                     41491787-a87b-3836-bc29-894a2094fd35.roa (raw, json)
Hash identifier:          T6xvdM3rnZc4Atgl2HjJ5kjKY3SkiAsdT5HXpqs7zis=
Subject key identifier:   BE:2A:C1:D5:2D:2A:54:DE:51:8F:4C:3A:50:66:83:23:D2:32:E8:C9
Certificate issuer:       /CN=417c06d0-3203-44fd-b164-0aed50f5638b
Certificate serial:       010D0C9F43285848A1360DAEA75FC8C423443D00
Authority key identifier: 00:CE:A0:C5:4C:5A:68:B3:D1:09:2A:66:78:F3:83:C9:42:07:C5:FD
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/417c06d0-3203-44fd-b164-0aed50f5638b.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/417c06d0-3203-44fd-b164-0aed50f5638b/41491787-a87b-3836-bc29-894a2094fd35.roa
Signing time:             Wed 22 Jan 2025 14:00:52 +0000
ROA not before:           Wed 22 Jan 2025 14:00:52 +0000
ROA not after:            Tue 22 Apr 2025 13:00:52 +0000
asID:                     397423
IP address blocks:        147.124.206.0/24 maxlen: 24
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:48:a1:36:0d:ae:a7:5f:c8:c4:23:44:3d:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=417c06d0-3203-44fd-b164-0aed50f5638b
        Validity
            Not Before: Jan 22 14:00:52 2025 GMT
            Not After : Apr 22 13:00:52 2025 GMT
        Subject: CN=116918df-1c1f-4a39-85ee-d3a3c8c7866f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:e6:95:20:02:98:09:f0:70:29:c4:21:7e:48:
                    65:ae:48:76:7e:0c:ad:37:46:d8:60:94:5a:ea:4b:
                    e0:3c:28:bb:7f:dc:1e:4c:16:ff:4e:89:45:ca:d9:
                    76:02:c6:b6:f1:74:44:5f:96:1f:77:48:fc:10:0e:
                    78:84:c8:f9:2f:81:95:36:cb:94:57:75:22:e3:3e:
                    51:10:cf:4f:f4:fe:6e:72:a9:7c:b5:43:6b:dd:79:
                    46:2b:01:e9:a5:21:a4:5e:88:41:98:aa:41:2a:e8:
                    c1:05:fa:15:ae:58:8f:89:cd:c8:55:81:a9:7d:b5:
                    9b:42:da:9f:77:a8:ee:6c:0d:2b:ca:85:0e:db:f2:
                    12:50:9d:3b:6a:8f:5b:52:9e:ac:6a:79:2e:da:f4:
                    bb:fe:62:ad:14:8b:49:17:11:7d:e6:b9:c1:6b:e5:
                    8e:7c:27:76:65:b2:7c:ed:3a:e9:73:b5:02:c0:5f:
                    7c:48:96:93:48:3a:b4:a2:34:8a:1a:68:02:2c:25:
                    a6:a0:a2:bb:2f:6a:6a:ef:45:96:f2:1d:ea:39:a5:
                    2d:4d:3a:27:a8:8e:77:e2:f0:37:3e:62:a9:25:1e:
                    8b:c8:48:f9:64:f2:9c:4e:9e:60:31:61:6c:1e:09:
                    83:db:38:4f:02:27:3b:1a:3f:38:e4:b3:c4:9e:1b:
                    a3:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:2A:C1:D5:2D:2A:54:DE:51:8F:4C:3A:50:66:83:23:D2:32:E8:C9
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/417c06d0-3203-44fd-b164-0aed50f5638b/41491787-a87b-3836-bc29-894a2094fd35.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/417c06d0-3203-44fd-b164-0aed50f5638b/417c06d0-3203-44fd-b164-0aed50f5638b.crl

            X509v3 Authority Key Identifier:
                keyid:00:CE:A0:C5:4C:5A:68:B3:D1:09:2A:66:78:F3:83:C9:42:07:C5:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/417c06d0-3203-44fd-b164-0aed50f5638b.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.124.206.0/24

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         01:02:a9:1a:ca:ce:35:80:7c:c4:59:87:39:f4:ea:3f:9c:c5:
         fd:c3:19:90:7d:c0:83:f4:2a:b4:4f:e2:f2:ed:c6:5d:4b:ab:
         07:cb:08:0b:09:bf:5d:c2:dd:16:d6:fa:7b:de:20:88:42:d9:
         fc:dc:2a:02:40:16:ef:98:fd:5f:0e:b4:1a:02:b1:7b:7e:d0:
         e8:d9:51:34:f2:52:ce:27:35:0d:17:0a:ba:b6:7a:31:3e:d5:
         6b:55:d1:48:da:c2:d7:85:56:77:78:41:b0:fb:48:46:a0:20:
         fd:20:fb:6c:65:bc:a8:0e:e9:3e:aa:0c:a1:a7:48:5b:9e:ad:
         f7:34:3a:1b:a3:57:6a:a4:91:9f:db:6e:e2:20:a5:4f:61:2c:
         75:55:8a:27:0f:9b:0b:ea:bd:88:92:8a:19:dc:31:1d:63:91:
         0f:b1:5f:25:e0:41:18:ad:eb:87:c7:d1:97:1f:58:c1:83:0c:
         f9:ee:f1:26:83:42:62:78:c7:de:2a:48:c5:09:7a:54:67:f9:
         d2:67:d1:7a:b1:48:a3:24:78:87:d4:59:0e:99:8d:5f:6f:51:
         3a:33:fc:87:77:0c:e1:d0:2f:df:8e:11:24:77:6b:37:5d:92:
         fb:dc:e3:9b:7f:38:35:67:a7:f3:dd:82:dc:90:12:97:8f:65:
         99:2e:d7:6e
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWEihNg2up1/IxCNEPQAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkNDE3YzA2ZDAtMzIwMy00NGZkLWIxNjQtMGFlZDUwZjU2
MzhiMB4XDTI1MDEyMjE0MDA1MloXDTI1MDQyMjEzMDA1MlowLzEtMCsGA1UEAxMk
MTE2OTE4ZGYtMWMxZi00YTM5LTg1ZWUtZDNhM2M4Yzc4NjZmMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzOaVIAKYCfBwKcQhfkhlrkh2fgytN0bYYJRa
6kvgPCi7f9weTBb/TolFytl2Asa28XREX5Yfd0j8EA54hMj5L4GVNsuUV3Ui4z5R
EM9P9P5ucql8tUNr3XlGKwHppSGkXohBmKpBKujBBfoVrliPic3IVYGpfbWbQtqf
d6jubA0ryoUO2/ISUJ07ao9bUp6sanku2vS7/mKtFItJFxF95rnBa+WOfCd2ZbJ8
7Trpc7UCwF98SJaTSDq0ojSKGmgCLCWmoKK7L2pq70WW8h3qOaUtTTonqI534vA3
PmKpJR6LyEj5ZPKcTp5gMWFsHgmD2zhPAic7Gj845LPEnhujPwIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFL4qwdUtKlTeUY9MOlBmgyPSMujJMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy80MTdj
MDZkMC0zMjAzLTQ0ZmQtYjE2NC0wYWVkNTBmNTYzOGIvNDE0OTE3ODctYTg3Yi0z
ODM2LWJjMjktODk0YTIwOTRmZDM1LnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy81MjFlYjMzZi05
NjcyLTRjZDktYWNjZS0xMzcyMjdlOTcxYWMvNDE3YzA2ZDAtMzIwMy00NGZkLWIx
NjQtMGFlZDUwZjU2MzhiLzQxN2MwNmQwLTMyMDMtNDRmZC1iMTY0LTBhZWQ1MGY1
NjM4Yi5jcmwwHwYDVR0jBBgwFoAUAM6gxUxaaLPRCSpmePODyUIHxf0wDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzUyMWViMzNmLTk2NzItNGNk
OS1hY2NlLTEzNzIyN2U5NzFhYy80MTdjMDZkMC0zMjAzLTQ0ZmQtYjE2NC0wYWVk
NTBmNTYzOGIuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk3zOMFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBAAECqRrKzjWAfMRZhzn06j+cxf3DGZB9wIP0KrRP4vLtxl1LqwfLCAsJ
v13C3RbW+nveIIhC2fzcKgJAFu+Y/V8OtBoCsXt+0OjZUTTyUs4nNQ0XCrq2ejE+
1WtV0UjawteFVnd4QbD7SEagIP0g+2xlvKgO6T6qDKGnSFuerfc0OhujV2qkkZ/b
buIgpU9hLHVViicPmwvqvYiSihncMR1jkQ+xXyXgQRit64fH0ZcfWMGDDPnu8SaD
QmJ4x94qSMUJelRn+dJn0XqxSKMkeIfUWQ6ZjV9vUToz/Id3DOHQL9+OESR3azdd
kvvc45t/ODVnp/PdgtyQEpePZZku124=
-----END CERTIFICATE-----
Generated at Fri Apr 11 23:35:54 2025 by rpki-client