Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/417c06d0-3203-44fd-b164-0aed50f5638b/639fcbf3-386e-3552-affc-95eb1a774ef6.roa
File:                     639fcbf3-386e-3552-affc-95eb1a774ef6.roa (raw, json)
Hash identifier:          nNiynOkn5iq7e9/4IeZqEIeGTuBlEgTw1dPGr9XUqus=
Subject key identifier:   C5:CC:9E:7C:DA:CD:8C:6F:42:7E:92:A9:74:3F:2D:D1:D4:2B:B3:B5
Certificate issuer:       /CN=417c06d0-3203-44fd-b164-0aed50f5638b
Certificate serial:       010D0C9F43285848A830B50714AEECD32382FF80
Authority key identifier: 00:CE:A0:C5:4C:5A:68:B3:D1:09:2A:66:78:F3:83:C9:42:07:C5:FD
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/417c06d0-3203-44fd-b164-0aed50f5638b.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/417c06d0-3203-44fd-b164-0aed50f5638b/639fcbf3-386e-3552-affc-95eb1a774ef6.roa
Signing time:             Sat 25 Jan 2025 02:00:39 +0000
ROA not before:           Sat 25 Jan 2025 02:00:39 +0000
ROA not after:            Fri 25 Apr 2025 01:00:39 +0000
asID:                     397373
IP address blocks:        147.124.198.0/24 maxlen: 24
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:48:a8:30:b5:07:14:ae:ec:d3:23:82:ff:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=417c06d0-3203-44fd-b164-0aed50f5638b
        Validity
            Not Before: Jan 25 02:00:39 2025 GMT
            Not After : Apr 25 01:00:39 2025 GMT
        Subject: CN=f59dd4a8-898a-40f4-b918-8671a975daf3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:ef:24:c8:6b:d1:c9:19:90:00:79:b7:3d:3f:
                    f0:fd:1c:37:2e:a0:5b:19:a0:0b:b0:97:12:8e:49:
                    64:c7:a9:dd:ab:0b:da:e9:9a:4d:da:c2:a3:1b:fe:
                    54:38:0a:e6:b0:2a:9d:86:cd:44:46:5c:59:52:cf:
                    ac:d1:a4:3c:8c:70:05:98:a2:74:0b:e5:e4:96:b4:
                    2b:d7:25:57:34:eb:e3:52:53:22:57:ce:10:a5:cd:
                    ef:03:32:0d:a7:d1:a4:3b:cf:bd:0b:bf:2f:5e:75:
                    f9:5a:f9:f9:29:43:2a:a2:ce:44:25:90:f3:73:e8:
                    47:93:e1:f1:11:32:4c:0e:cd:a4:c7:5d:da:6d:54:
                    94:f8:36:c4:73:7a:de:a6:44:6d:c7:b6:40:89:fe:
                    3e:1b:2d:3c:57:43:da:f7:e8:83:8a:63:9c:b5:c9:
                    c4:b3:f5:68:a7:dd:8f:fe:b2:9b:d1:da:21:10:37:
                    58:99:2c:c7:8e:e6:e4:a6:f2:b7:04:09:79:fc:dd:
                    bb:8d:ae:3c:04:9d:de:3e:6e:79:18:cd:5e:a8:2c:
                    46:9a:c3:1a:2f:1f:82:d5:40:46:61:ba:15:55:64:
                    43:05:c8:04:ea:75:ef:16:a2:1f:78:e5:e8:5c:f0:
                    df:78:fc:db:9c:3e:b6:91:ac:ce:19:17:05:dc:5a:
                    2d:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:CC:9E:7C:DA:CD:8C:6F:42:7E:92:A9:74:3F:2D:D1:D4:2B:B3:B5
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/417c06d0-3203-44fd-b164-0aed50f5638b/639fcbf3-386e-3552-affc-95eb1a774ef6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/417c06d0-3203-44fd-b164-0aed50f5638b/417c06d0-3203-44fd-b164-0aed50f5638b.crl

            X509v3 Authority Key Identifier:
                keyid:00:CE:A0:C5:4C:5A:68:B3:D1:09:2A:66:78:F3:83:C9:42:07:C5:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/417c06d0-3203-44fd-b164-0aed50f5638b.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.124.198.0/24

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         9c:e1:0f:7e:9d:e7:ce:26:22:2f:79:7d:cc:8d:97:05:b4:ed:
         00:c1:38:e8:9f:3f:e8:34:22:2c:0a:98:85:90:2d:6e:ac:9f:
         19:85:2f:2a:16:dd:82:19:ae:32:a7:0e:8d:bc:52:3d:58:7d:
         49:cf:5d:50:09:7d:4a:86:bd:78:38:f5:88:e6:b8:dd:ce:e9:
         88:87:ff:ed:c0:b1:b8:8c:a7:3e:88:a5:9f:c2:a6:24:db:bc:
         73:80:27:c2:c8:1e:7c:52:ac:0e:07:9c:a7:a3:8f:a3:5c:5b:
         98:00:f2:db:3a:fe:94:68:02:f9:14:92:55:4e:d5:89:0a:86:
         3a:7f:15:68:de:d4:7e:47:cd:f2:89:83:af:4b:8b:d6:1a:80:
         0a:03:3a:8a:75:1e:23:60:ed:cb:d5:1f:8a:1a:28:df:4f:a1:
         6a:37:6e:21:58:b7:c8:6f:7a:b8:6e:0a:a4:ce:57:c2:5f:7b:
         6d:84:1b:10:8c:48:2e:dc:1b:ba:42:8b:76:41:dc:9f:94:8b:
         88:6e:c2:12:30:0d:18:58:e7:d1:a6:b5:b7:9f:e3:33:40:6a:
         b5:e2:90:ab:38:79:17:87:ec:46:5b:ee:aa:f6:25:2a:e7:c1:
         33:b2:8e:73:6a:27:0d:ac:37:2f:69:e5:ea:26:54:ec:0e:51:
         fa:c3:e4:f4
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWEioMLUHFK7s0yOC/4AwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkNDE3YzA2ZDAtMzIwMy00NGZkLWIxNjQtMGFlZDUwZjU2
MzhiMB4XDTI1MDEyNTAyMDAzOVoXDTI1MDQyNTAxMDAzOVowLzEtMCsGA1UEAxMk
ZjU5ZGQ0YTgtODk4YS00MGY0LWI5MTgtODY3MWE5NzVkYWYzMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhO8kyGvRyRmQAHm3PT/w/Rw3LqBbGaALsJcS
jklkx6ndqwva6ZpN2sKjG/5UOArmsCqdhs1ERlxZUs+s0aQ8jHAFmKJ0C+XklrQr
1yVXNOvjUlMiV84Qpc3vAzINp9GkO8+9C78vXnX5Wvn5KUMqos5EJZDzc+hHk+Hx
ETJMDs2kx13abVSU+DbEc3repkRtx7ZAif4+Gy08V0Pa9+iDimOctcnEs/Vop92P
/rKb0dohEDdYmSzHjubkpvK3BAl5/N27ja48BJ3ePm55GM1eqCxGmsMaLx+C1UBG
YboVVWRDBcgE6nXvFqIfeOXoXPDfePzbnD62kazOGRcF3FotmwIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFMXMnnzazYxvQn6SqXQ/LdHUK7O1MIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy80MTdj
MDZkMC0zMjAzLTQ0ZmQtYjE2NC0wYWVkNTBmNTYzOGIvNjM5ZmNiZjMtMzg2ZS0z
NTUyLWFmZmMtOTVlYjFhNzc0ZWY2LnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy81MjFlYjMzZi05
NjcyLTRjZDktYWNjZS0xMzcyMjdlOTcxYWMvNDE3YzA2ZDAtMzIwMy00NGZkLWIx
NjQtMGFlZDUwZjU2MzhiLzQxN2MwNmQwLTMyMDMtNDRmZC1iMTY0LTBhZWQ1MGY1
NjM4Yi5jcmwwHwYDVR0jBBgwFoAUAM6gxUxaaLPRCSpmePODyUIHxf0wDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzUyMWViMzNmLTk2NzItNGNk
OS1hY2NlLTEzNzIyN2U5NzFhYy80MTdjMDZkMC0zMjAzLTQ0ZmQtYjE2NC0wYWVk
NTBmNTYzOGIuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk3zGMFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBAJzhD36d584mIi95fcyNlwW07QDBOOifP+g0IiwKmIWQLW6snxmFLyoW
3YIZrjKnDo28Uj1YfUnPXVAJfUqGvXg49YjmuN3O6YiH/+3AsbiMpz6IpZ/CpiTb
vHOAJ8LIHnxSrA4HnKejj6NcW5gA8ts6/pRoAvkUklVO1YkKhjp/FWje1H5HzfKJ
g69Li9YagAoDOop1HiNg7cvVH4oaKN9PoWo3biFYt8hverhuCqTOV8Jfe22EGxCM
SC7cG7pCi3ZB3J+Ui4huwhIwDRhY59Gmtbef4zNAarXikKs4eReH7EZb7qr2JSrn
wTOyjnNqJw2sNy9p5eomVOwOUfrD5PQ=
-----END CERTIFICATE-----
Generated at Fri Apr 11 23:33:26 2025 by rpki-client