Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/417c06d0-3203-44fd-b164-0aed50f5638b/61afc90b-6803-38fb-9a83-96444100f072.roa
File:                     61afc90b-6803-38fb-9a83-96444100f072.roa (raw, json)
Hash identifier:          0z/uE1UTmwQVrVX5ZAU0toz+7pzFaWhzm//xx08Edm4=
Subject key identifier:   35:43:4F:59:07:1B:65:BE:F3:38:B5:85:96:77:51:C7:F6:E8:49:AE
Certificate issuer:       /CN=417c06d0-3203-44fd-b164-0aed50f5638b
Certificate serial:       010D0C9F4328584891DB3268AEAAE9F0D5359BC0
Authority key identifier: 00:CE:A0:C5:4C:5A:68:B3:D1:09:2A:66:78:F3:83:C9:42:07:C5:FD
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/417c06d0-3203-44fd-b164-0aed50f5638b.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/417c06d0-3203-44fd-b164-0aed50f5638b/61afc90b-6803-38fb-9a83-96444100f072.roa
Signing time:             Fri 17 Jan 2025 02:00:40 +0000
ROA not before:           Fri 17 Jan 2025 02:00:40 +0000
ROA not after:            Thu 17 Apr 2025 01:00:40 +0000
asID:                     396026
IP address blocks:        147.124.202.0/24 maxlen: 24
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:48:91:db:32:68:ae:aa:e9:f0:d5:35:9b:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=417c06d0-3203-44fd-b164-0aed50f5638b
        Validity
            Not Before: Jan 17 02:00:40 2025 GMT
            Not After : Apr 17 01:00:40 2025 GMT
        Subject: CN=b3f44ed4-0c6f-4d28-9c5e-182921742935
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:f3:96:89:6d:67:c6:17:3e:10:23:72:f2:c0:
                    f9:ad:4a:b3:0c:fa:6c:57:90:ae:9c:87:74:88:ce:
                    d3:fa:de:5a:d7:07:0b:62:87:fc:6a:c5:4d:91:90:
                    c5:88:4e:0a:66:05:eb:c7:19:d9:e5:9f:dc:10:47:
                    12:fa:b6:1a:b2:d9:63:91:72:cc:ee:31:2d:19:55:
                    17:69:b4:95:cf:8f:8f:05:94:44:57:26:2d:a8:14:
                    f5:86:0a:81:49:c8:5e:e6:81:bd:30:57:b0:74:50:
                    8b:88:41:36:41:27:aa:2b:b5:88:bf:78:5e:3f:aa:
                    4f:78:c8:c6:bd:8f:aa:d3:ad:bc:a1:f6:50:78:f1:
                    e9:92:32:2b:fe:46:f7:60:d2:c9:02:43:4a:f2:c7:
                    cb:37:47:1f:aa:f8:ff:89:67:cf:ac:b1:31:f9:4f:
                    67:3f:80:c7:4a:ac:8f:c2:a9:63:63:0c:68:41:be:
                    42:92:79:63:e3:81:84:26:f6:40:c7:77:bb:ea:69:
                    52:66:a7:9c:82:01:87:fa:9d:78:7e:b3:9c:59:6d:
                    de:dc:87:0f:ad:67:52:ad:b4:30:b3:0e:52:eb:eb:
                    9f:bf:62:3c:90:e1:22:08:e1:cf:e1:c1:bb:68:bc:
                    01:e9:28:2f:76:82:1a:ce:58:14:80:f1:41:c3:53:
                    3c:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:43:4F:59:07:1B:65:BE:F3:38:B5:85:96:77:51:C7:F6:E8:49:AE
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/417c06d0-3203-44fd-b164-0aed50f5638b/61afc90b-6803-38fb-9a83-96444100f072.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/417c06d0-3203-44fd-b164-0aed50f5638b/417c06d0-3203-44fd-b164-0aed50f5638b.crl

            X509v3 Authority Key Identifier:
                keyid:00:CE:A0:C5:4C:5A:68:B3:D1:09:2A:66:78:F3:83:C9:42:07:C5:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/417c06d0-3203-44fd-b164-0aed50f5638b.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.124.202.0/24

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         5e:b9:25:d7:fa:d2:e7:dc:79:7c:01:b4:8c:4f:a3:02:97:44:
         49:29:0a:d9:40:e5:8e:2f:28:f0:4b:b8:04:f1:05:95:10:a9:
         92:b0:18:96:30:81:13:be:f8:a9:94:6d:27:0b:1b:e7:ec:31:
         10:17:5d:37:ff:27:0a:6c:de:86:31:c4:63:d9:1b:7f:4f:d2:
         5d:d3:fe:42:47:15:83:e7:76:f4:76:59:5d:9c:66:ee:dc:c0:
         47:c0:f8:08:38:75:54:13:d5:14:50:1f:38:d4:4d:67:cd:27:
         c6:a0:0c:72:34:7e:5b:18:a1:6a:82:81:3d:d6:6c:2e:fa:85:
         4d:d2:80:bc:06:cc:70:1a:28:62:77:88:69:42:d2:58:b5:56:
         5b:5f:b5:52:35:20:c1:45:93:aa:48:63:6f:bd:7a:e8:d7:ea:
         e9:96:09:b2:12:c7:9f:9e:92:f5:92:5e:63:41:de:b6:74:cc:
         53:57:eb:f0:d9:05:a6:ef:57:7d:36:d2:9b:ec:ad:35:58:40:
         c0:0d:c3:d6:e1:13:e4:d1:0e:7a:83:5b:54:ac:f2:78:cb:c2:
         96:fc:ad:ae:51:41:18:43:aa:3d:1f:dd:86:57:13:bc:6a:44:
         9e:d8:6d:8b:ac:2d:e8:3e:fc:8f:aa:9f:ce:a6:66:1e:0d:39:
         3e:f3:6f:4a
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWEiR2zJorqrp8NU1m8AwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkNDE3YzA2ZDAtMzIwMy00NGZkLWIxNjQtMGFlZDUwZjU2
MzhiMB4XDTI1MDExNzAyMDA0MFoXDTI1MDQxNzAxMDA0MFowLzEtMCsGA1UEAxMk
YjNmNDRlZDQtMGM2Zi00ZDI4LTljNWUtMTgyOTIxNzQyOTM1MIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg/OWiW1nxhc+ECNy8sD5rUqzDPpsV5CunId0
iM7T+t5a1wcLYof8asVNkZDFiE4KZgXrxxnZ5Z/cEEcS+rYastljkXLM7jEtGVUX
abSVz4+PBZREVyYtqBT1hgqBSche5oG9MFewdFCLiEE2QSeqK7WIv3heP6pPeMjG
vY+q0628ofZQePHpkjIr/kb3YNLJAkNK8sfLN0cfqvj/iWfPrLEx+U9nP4DHSqyP
wqljYwxoQb5Cknlj44GEJvZAx3e76mlSZqecggGH+p14frOcWW3e3IcPrWdSrbQw
sw5S6+ufv2I8kOEiCOHP4cG7aLwB6SgvdoIazlgUgPFBw1M8HwIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFDVDT1kHG2W+8zi1hZZ3Ucf26EmuMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy80MTdj
MDZkMC0zMjAzLTQ0ZmQtYjE2NC0wYWVkNTBmNTYzOGIvNjFhZmM5MGItNjgwMy0z
OGZiLTlhODMtOTY0NDQxMDBmMDcyLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy81MjFlYjMzZi05
NjcyLTRjZDktYWNjZS0xMzcyMjdlOTcxYWMvNDE3YzA2ZDAtMzIwMy00NGZkLWIx
NjQtMGFlZDUwZjU2MzhiLzQxN2MwNmQwLTMyMDMtNDRmZC1iMTY0LTBhZWQ1MGY1
NjM4Yi5jcmwwHwYDVR0jBBgwFoAUAM6gxUxaaLPRCSpmePODyUIHxf0wDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzUyMWViMzNmLTk2NzItNGNk
OS1hY2NlLTEzNzIyN2U5NzFhYy80MTdjMDZkMC0zMjAzLTQ0ZmQtYjE2NC0wYWVk
NTBmNTYzOGIuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk3zKMFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBAF65Jdf60ufceXwBtIxPowKXREkpCtlA5Y4vKPBLuATxBZUQqZKwGJYw
gRO++KmUbScLG+fsMRAXXTf/Jwps3oYxxGPZG39P0l3T/kJHFYPndvR2WV2cZu7c
wEfA+Ag4dVQT1RRQHzjUTWfNJ8agDHI0flsYoWqCgT3WbC76hU3SgLwGzHAaKGJ3
iGlC0li1VltftVI1IMFFk6pIY2+9eujX6umWCbISx5+ekvWSXmNB3rZ0zFNX6/DZ
BabvV3020pvsrTVYQMANw9bhE+TRDnqDW1Ss8njLwpb8ra5RQRhDqj0f3YZXE7xq
RJ7YbYusLeg+/I+qn86mZh4NOT7zb0o=
-----END CERTIFICATE-----
Generated at Fri Apr 11 23:27:02 2025 by rpki-client