Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/417c06d0-3203-44fd-b164-0aed50f5638b/87e6120b-7356-3eef-b5af-00db88e229b2.roa
File:                     87e6120b-7356-3eef-b5af-00db88e229b2.roa (raw, json)
Hash identifier:          ulpH1X9XAu6ChGXUpV+kkh4ds5FYdn4lYQxI86zUlb4=
Subject key identifier:   F6:E9:C4:76:3A:EE:84:78:B4:68:CE:14:89:2B:1C:42:3B:0B:8F:19
Certificate issuer:       /CN=417c06d0-3203-44fd-b164-0aed50f5638b
Certificate serial:       010D0C9F432858483025403407240AD8C2D4A800
Authority key identifier: 00:CE:A0:C5:4C:5A:68:B3:D1:09:2A:66:78:F3:83:C9:42:07:C5:FD
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/417c06d0-3203-44fd-b164-0aed50f5638b.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/417c06d0-3203-44fd-b164-0aed50f5638b/87e6120b-7356-3eef-b5af-00db88e229b2.roa
Signing time:             Fri 13 Dec 2024 02:00:39 +0000
ROA not before:           Fri 13 Dec 2024 02:00:39 +0000
ROA not after:            Thu 13 Mar 2025 01:00:39 +0000
asID:                     211432
IP address blocks:        147.124.203.0/24 maxlen: 24
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:48:30:25:40:34:07:24:0a:d8:c2:d4:a8:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=417c06d0-3203-44fd-b164-0aed50f5638b
        Validity
            Not Before: Dec 13 02:00:39 2024 GMT
            Not After : Mar 13 01:00:39 2025 GMT
        Subject: CN=b7702176-947b-4cb6-ac50-4f34864fef7b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:4d:aa:58:43:60:fe:b7:01:15:f5:31:f6:c1:
                    fb:c2:7f:26:aa:0b:c8:cf:43:e2:3e:82:a4:29:b0:
                    12:2c:f7:07:cf:ca:05:e0:cf:c2:0a:29:0a:80:c3:
                    74:23:fe:c8:7a:af:65:24:f5:2d:2d:ec:46:f4:d5:
                    26:da:57:f6:ce:bf:d1:9e:be:28:85:cd:69:88:7e:
                    2b:20:9b:4c:01:79:a8:1a:da:bc:11:b0:57:73:0f:
                    7e:33:90:1d:76:65:28:02:97:af:25:a5:87:e3:02:
                    a0:60:a9:49:04:5c:c5:28:a9:27:5d:0f:98:c3:93:
                    29:e7:ab:e1:9d:b3:6d:e4:65:d7:fc:39:a1:d2:95:
                    82:85:6e:79:4d:85:4a:09:7a:f5:76:f6:d3:79:61:
                    58:22:19:c7:fa:96:18:67:40:9f:b0:b2:63:8c:73:
                    53:30:c1:ac:dc:4b:37:00:14:04:63:4f:a8:4f:70:
                    32:6a:73:3e:e2:fa:0e:cb:4f:1b:a4:26:9d:29:d1:
                    33:7f:e8:ce:a7:02:90:08:e8:2c:d9:2a:47:e8:e8:
                    4a:a8:df:ad:9b:01:2f:36:31:e4:74:39:ea:e9:59:
                    19:ae:91:6b:86:34:78:78:1c:79:00:13:de:a3:82:
                    e4:75:0b:08:de:75:10:9d:e3:f0:24:e0:78:bd:8b:
                    ed:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:E9:C4:76:3A:EE:84:78:B4:68:CE:14:89:2B:1C:42:3B:0B:8F:19
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/417c06d0-3203-44fd-b164-0aed50f5638b/87e6120b-7356-3eef-b5af-00db88e229b2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/417c06d0-3203-44fd-b164-0aed50f5638b/417c06d0-3203-44fd-b164-0aed50f5638b.crl

            X509v3 Authority Key Identifier:
                keyid:00:CE:A0:C5:4C:5A:68:B3:D1:09:2A:66:78:F3:83:C9:42:07:C5:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/417c06d0-3203-44fd-b164-0aed50f5638b.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.124.203.0/24

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         35:92:f5:52:51:cb:0f:23:c8:f1:25:db:5f:2a:79:89:26:50:
         8e:02:aa:22:75:f1:e6:f5:bf:62:78:65:3f:32:c6:24:fd:dc:
         f6:62:c5:7b:b5:69:1f:80:d7:53:d6:fb:ca:0a:0b:60:8d:d8:
         e2:9a:a4:90:41:08:09:61:b4:be:3d:d1:21:46:ac:d0:db:51:
         bf:51:5c:09:f2:8f:b1:f9:7a:a9:e2:49:7b:c7:82:f3:91:bd:
         7b:4c:08:e7:d3:d2:5f:61:9f:0f:1b:03:b9:74:ff:e2:0a:d7:
         ea:0c:da:10:c5:ec:dc:68:bf:d3:20:53:21:42:bf:1e:9e:8e:
         98:cf:e4:ae:f4:95:53:b1:c2:d6:67:45:72:77:6d:51:5d:24:
         cd:49:dd:66:02:0c:e4:be:1a:81:d6:f7:da:f7:fc:78:4c:b0:
         0e:97:a8:0a:d0:f5:ff:63:6d:44:1b:fb:84:58:4f:f1:39:10:
         67:0c:3b:ad:df:76:e9:3a:5f:3b:a8:6b:44:b3:00:e9:e0:d1:
         82:f4:bb:57:fe:48:eb:06:14:27:3a:0b:61:4d:34:62:af:0c:
         fc:a1:39:5f:b5:9c:63:ff:11:12:09:7f:4f:87:5e:e1:82:64:
         d3:67:5a:29:04:d6:6d:1e:7d:35:6d:fb:5a:36:19:1a:08:28:
         82:93:dc:f9
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWEgwJUA0ByQK2MLUqAAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkNDE3YzA2ZDAtMzIwMy00NGZkLWIxNjQtMGFlZDUwZjU2
MzhiMB4XDTI0MTIxMzAyMDAzOVoXDTI1MDMxMzAxMDAzOVowLzEtMCsGA1UEAxMk
Yjc3MDIxNzYtOTQ3Yi00Y2I2LWFjNTAtNGYzNDg2NGZlZjdiMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr02qWENg/rcBFfUx9sH7wn8mqgvIz0PiPoKk
KbASLPcHz8oF4M/CCikKgMN0I/7Ieq9lJPUtLexG9NUm2lf2zr/Rnr4ohc1piH4r
IJtMAXmoGtq8EbBXcw9+M5AddmUoApevJaWH4wKgYKlJBFzFKKknXQ+Yw5Mp56vh
nbNt5GXX/Dmh0pWChW55TYVKCXr1dvbTeWFYIhnH+pYYZ0CfsLJjjHNTMMGs3Es3
ABQEY0+oT3AyanM+4voOy08bpCadKdEzf+jOpwKQCOgs2SpH6OhKqN+tmwEvNjHk
dDnq6VkZrpFrhjR4eBx5ABPeo4LkdQsI3nUQnePwJOB4vYvtwQIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFPbpxHY67oR4tGjOFIkrHEI7C48ZMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy80MTdj
MDZkMC0zMjAzLTQ0ZmQtYjE2NC0wYWVkNTBmNTYzOGIvODdlNjEyMGItNzM1Ni0z
ZWVmLWI1YWYtMDBkYjg4ZTIyOWIyLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy81MjFlYjMzZi05
NjcyLTRjZDktYWNjZS0xMzcyMjdlOTcxYWMvNDE3YzA2ZDAtMzIwMy00NGZkLWIx
NjQtMGFlZDUwZjU2MzhiLzQxN2MwNmQwLTMyMDMtNDRmZC1iMTY0LTBhZWQ1MGY1
NjM4Yi5jcmwwHwYDVR0jBBgwFoAUAM6gxUxaaLPRCSpmePODyUIHxf0wDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzUyMWViMzNmLTk2NzItNGNk
OS1hY2NlLTEzNzIyN2U5NzFhYy80MTdjMDZkMC0zMjAzLTQ0ZmQtYjE2NC0wYWVk
NTBmNTYzOGIuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk3zLMFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBADWS9VJRyw8jyPEl218qeYkmUI4CqiJ18eb1v2J4ZT8yxiT93PZixXu1
aR+A11PW+8oKC2CN2OKapJBBCAlhtL490SFGrNDbUb9RXAnyj7H5eqniSXvHgvOR
vXtMCOfT0l9hnw8bA7l0/+IK1+oM2hDF7Nxov9MgUyFCvx6ejpjP5K70lVOxwtZn
RXJ3bVFdJM1J3WYCDOS+GoHW99r3/HhMsA6XqArQ9f9jbUQb+4RYT/E5EGcMO63f
duk6Xzuoa0SzAOng0YL0u1f+SOsGFCc6C2FNNGKvDPyhOV+1nGP/ERIJf0+HXuGC
ZNNnWikE1m0efTVt+1o2GRoIKIKT3Pk=
-----END CERTIFICATE-----
Generated at Fri Apr 11 23:25:51 2025 by rpki-client