Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/417c06d0-3203-44fd-b164-0aed50f5638b/5fd0d95e-22dd-3220-9e54-409383a6b63c.roa
File:                     5fd0d95e-22dd-3220-9e54-409383a6b63c.roa (raw, json)
Hash identifier:          P8VG9OdDr/l1PzXm3XSHPO5P/w2SPumhSQP4QkqjgKs=
Subject key identifier:   02:2A:91:8D:7F:99:AC:AF:0D:F7:FE:74:6B:EF:53:1E:EA:42:00:2E
Certificate issuer:       /CN=417c06d0-3203-44fd-b164-0aed50f5638b
Certificate serial:       010D0C9F43285848A1360D85FE84BE2F9E0A1C00
Authority key identifier: 00:CE:A0:C5:4C:5A:68:B3:D1:09:2A:66:78:F3:83:C9:42:07:C5:FD
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/417c06d0-3203-44fd-b164-0aed50f5638b.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/417c06d0-3203-44fd-b164-0aed50f5638b/5fd0d95e-22dd-3220-9e54-409383a6b63c.roa
Signing time:             Wed 22 Jan 2025 14:00:52 +0000
ROA not before:           Wed 22 Jan 2025 14:00:52 +0000
ROA not after:            Tue 22 Apr 2025 13:00:52 +0000
asID:                     397423
IP address blocks:        147.124.204.0/24 maxlen: 24
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:48:a1:36:0d:85:fe:84:be:2f:9e:0a:1c:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=417c06d0-3203-44fd-b164-0aed50f5638b
        Validity
            Not Before: Jan 22 14:00:52 2025 GMT
            Not After : Apr 22 13:00:52 2025 GMT
        Subject: CN=ae5a7698-7d3d-4e8e-bd7a-41225a3abff5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:f4:17:b2:ef:8b:a1:02:f0:b6:5c:1c:9e:ff:
                    69:f4:3d:28:53:62:3d:3b:35:32:c8:48:4f:33:c2:
                    f7:e2:81:a3:c7:4d:b7:de:20:72:c9:da:4d:1b:1c:
                    20:5d:a5:dc:fc:59:13:37:10:3f:cf:10:1a:47:11:
                    44:e8:4e:61:e7:c0:60:a1:35:0c:c1:54:b5:04:23:
                    e2:1e:6f:5c:02:9f:1f:e8:a2:c7:df:ae:c2:e6:bb:
                    d9:6e:e3:69:b0:82:ae:81:6b:1e:af:e7:b2:8b:e8:
                    11:e6:1f:86:36:0d:e8:2e:e0:bb:4f:25:87:26:60:
                    41:53:97:e5:9f:93:dc:a0:a4:9e:d4:71:46:c3:36:
                    a6:9b:09:81:28:ba:0a:21:ec:4a:a7:70:d2:0f:1a:
                    8f:5d:73:14:d9:77:b2:d0:42:f2:b3:a4:ba:21:39:
                    77:b6:f1:4b:d3:e2:88:82:c9:29:10:f0:12:9c:42:
                    17:0b:36:84:f7:13:16:d3:3e:ce:89:35:cb:29:61:
                    f7:f4:76:c9:c4:dd:21:f8:62:50:09:bd:25:e6:c2:
                    64:b0:0f:4b:7c:c4:52:77:90:d3:ce:44:80:33:88:
                    db:58:50:c0:38:ab:48:d9:21:a6:e0:f8:56:70:1a:
                    21:f8:b2:69:3a:f9:f1:88:e7:38:08:dd:b3:be:3c:
                    19:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:2A:91:8D:7F:99:AC:AF:0D:F7:FE:74:6B:EF:53:1E:EA:42:00:2E
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/417c06d0-3203-44fd-b164-0aed50f5638b/5fd0d95e-22dd-3220-9e54-409383a6b63c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/417c06d0-3203-44fd-b164-0aed50f5638b/417c06d0-3203-44fd-b164-0aed50f5638b.crl

            X509v3 Authority Key Identifier:
                keyid:00:CE:A0:C5:4C:5A:68:B3:D1:09:2A:66:78:F3:83:C9:42:07:C5:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/417c06d0-3203-44fd-b164-0aed50f5638b.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.124.204.0/24

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         17:93:f4:ff:e2:51:6c:67:37:a8:2c:86:95:e8:e7:a3:2e:9d:
         ff:73:8e:d4:30:c3:fb:c9:a1:14:53:96:fe:6d:02:6b:3e:49:
         59:76:6d:75:b7:bb:d2:8e:5e:29:d3:69:1b:8c:f7:2a:3e:3e:
         1d:47:38:ab:b2:da:f1:b0:e8:fe:0e:c0:a5:c2:22:ec:b2:9c:
         5f:54:8a:07:a6:3b:9f:d3:b0:d7:23:60:7f:5d:2f:48:fe:13:
         51:48:b0:5f:9d:76:cf:6d:66:20:ae:c5:ac:bd:36:fa:3b:7e:
         ca:f2:3b:9b:16:96:47:96:b2:f5:53:51:84:8a:14:19:dd:23:
         dc:ff:e0:be:6c:42:26:a3:3e:90:be:3a:fc:98:9c:d5:dc:f3:
         5c:bd:ac:8e:bc:1a:39:87:1c:c8:02:f0:f8:34:61:00:a7:f3:
         0d:e6:7e:05:a3:35:21:a9:94:24:9d:1c:11:16:99:a9:8f:ee:
         88:b5:15:ca:9a:d9:92:76:a7:4b:54:cd:ba:53:8f:e2:22:09:
         86:0d:f5:c6:57:f9:12:cd:be:eb:67:01:ca:2d:f4:d6:5e:64:
         7c:d8:41:2e:ad:9e:bd:d6:03:e9:7d:da:8a:cc:03:3f:e0:8d:
         54:3e:df:46:b9:cc:9f:c8:71:87:54:c1:0b:eb:bb:9e:5e:73:
         d4:82:db:50
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWEihNg2F/oS+L54KHAAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkNDE3YzA2ZDAtMzIwMy00NGZkLWIxNjQtMGFlZDUwZjU2
MzhiMB4XDTI1MDEyMjE0MDA1MloXDTI1MDQyMjEzMDA1MlowLzEtMCsGA1UEAxMk
YWU1YTc2OTgtN2QzZC00ZThlLWJkN2EtNDEyMjVhM2FiZmY1MIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4PQXsu+LoQLwtlwcnv9p9D0oU2I9OzUyyEhP
M8L34oGjx0233iByydpNGxwgXaXc/FkTNxA/zxAaRxFE6E5h58BgoTUMwVS1BCPi
Hm9cAp8f6KLH367C5rvZbuNpsIKugWser+eyi+gR5h+GNg3oLuC7TyWHJmBBU5fl
n5PcoKSe1HFGwzammwmBKLoKIexKp3DSDxqPXXMU2Xey0ELys6S6ITl3tvFL0+KI
gskpEPASnEIXCzaE9xMW0z7OiTXLKWH39HbJxN0h+GJQCb0l5sJksA9LfMRSd5DT
zkSAM4jbWFDAOKtI2SGm4PhWcBoh+LJpOvnxiOc4CN2zvjwZwQIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFAIqkY1/mayvDff+dGvvUx7qQgAuMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy80MTdj
MDZkMC0zMjAzLTQ0ZmQtYjE2NC0wYWVkNTBmNTYzOGIvNWZkMGQ5NWUtMjJkZC0z
MjIwLTllNTQtNDA5MzgzYTZiNjNjLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy81MjFlYjMzZi05
NjcyLTRjZDktYWNjZS0xMzcyMjdlOTcxYWMvNDE3YzA2ZDAtMzIwMy00NGZkLWIx
NjQtMGFlZDUwZjU2MzhiLzQxN2MwNmQwLTMyMDMtNDRmZC1iMTY0LTBhZWQ1MGY1
NjM4Yi5jcmwwHwYDVR0jBBgwFoAUAM6gxUxaaLPRCSpmePODyUIHxf0wDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzUyMWViMzNmLTk2NzItNGNk
OS1hY2NlLTEzNzIyN2U5NzFhYy80MTdjMDZkMC0zMjAzLTQ0ZmQtYjE2NC0wYWVk
NTBmNTYzOGIuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk3zMMFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBABeT9P/iUWxnN6gshpXo56Munf9zjtQww/vJoRRTlv5tAms+SVl2bXW3
u9KOXinTaRuM9yo+Ph1HOKuy2vGw6P4OwKXCIuyynF9UigemO5/TsNcjYH9dL0j+
E1FIsF+dds9tZiCuxay9Nvo7fsryO5sWlkeWsvVTUYSKFBndI9z/4L5sQiajPpC+
OvyYnNXc81y9rI68GjmHHMgC8Pg0YQCn8w3mfgWjNSGplCSdHBEWmamP7oi1Fcqa
2ZJ2p0tUzbpTj+IiCYYN9cZX+RLNvutnAcot9NZeZHzYQS6tnr3WA+l92orMAz/g
jVQ+30a5zJ/IcYdUwQvru55ec9SC21A=
-----END CERTIFICATE-----
Generated at Fri Apr 11 23:28:17 2025 by rpki-client