Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/417c06d0-3203-44fd-b164-0aed50f5638b/a0b6de0c-1f37-3fcc-882c-34d7ea4c8be8.roa
File:                     a0b6de0c-1f37-3fcc-882c-34d7ea4c8be8.roa (raw, json)
Hash identifier:          mzJuW0xtnToaaHYNMmnYrQiGDaMbTF4REHhweVrsVS4=
Subject key identifier:   BE:F2:D9:88:E3:15:FB:52:81:BA:0E:2E:48:5C:FD:91:C1:E4:9D:B3
Certificate issuer:       /CN=417c06d0-3203-44fd-b164-0aed50f5638b
Certificate serial:       010D0C9F43285848A830A7FCD44EC578CB762F80
Authority key identifier: 00:CE:A0:C5:4C:5A:68:B3:D1:09:2A:66:78:F3:83:C9:42:07:C5:FD
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/417c06d0-3203-44fd-b164-0aed50f5638b.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/417c06d0-3203-44fd-b164-0aed50f5638b/a0b6de0c-1f37-3fcc-882c-34d7ea4c8be8.roa
Signing time:             Sat 25 Jan 2025 02:00:39 +0000
ROA not before:           Sat 25 Jan 2025 02:00:39 +0000
ROA not after:            Fri 25 Apr 2025 01:00:39 +0000
asID:                     397423
IP address blocks:        147.124.192.0/24 maxlen: 24
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:48:a8:30:a7:fc:d4:4e:c5:78:cb:76:2f:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=417c06d0-3203-44fd-b164-0aed50f5638b
        Validity
            Not Before: Jan 25 02:00:39 2025 GMT
            Not After : Apr 25 01:00:39 2025 GMT
        Subject: CN=c826082e-4dde-4aba-8902-9458d3f9a975
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:39:75:70:a2:af:eb:0f:84:b8:e1:69:36:95:
                    91:3f:1b:3b:97:e4:6c:bd:b1:2f:ad:6e:f3:82:2f:
                    1e:24:c9:8b:22:b2:be:46:09:28:3e:02:c3:06:8f:
                    96:64:b6:43:e7:2d:13:85:65:ee:cc:5f:72:37:3a:
                    a3:fc:bf:22:98:21:b8:06:91:e8:4f:aa:03:a2:d1:
                    8e:38:57:4e:41:6c:e6:5e:1a:fc:cb:0d:0a:99:16:
                    8e:3e:8a:e1:b6:df:f2:0c:5b:7e:40:a5:88:27:b6:
                    7c:ce:04:08:49:b5:33:3e:d6:8f:00:9f:ab:6d:7a:
                    24:90:08:df:17:31:3c:bd:9d:14:63:9a:e9:8e:a9:
                    e5:c1:38:69:98:97:ca:e1:a3:fb:dd:5e:53:d6:d9:
                    37:37:45:25:e7:4d:04:14:b6:f6:98:98:1f:b9:e0:
                    f4:c3:fa:cb:7b:00:14:90:c2:9f:31:37:90:d7:8d:
                    30:1a:6d:81:ef:4e:ea:cb:6d:90:d7:f8:27:8c:1b:
                    d0:c8:a5:e5:83:6d:d1:81:21:7f:a5:40:af:de:ae:
                    7a:da:d2:1f:70:4e:b5:e9:ba:09:9d:bd:5a:94:bd:
                    2f:c9:2f:b3:f6:a1:1b:ea:38:40:d8:08:90:01:8f:
                    4a:88:56:87:2a:53:f8:4b:09:dd:7f:7a:0f:d3:8a:
                    a6:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:F2:D9:88:E3:15:FB:52:81:BA:0E:2E:48:5C:FD:91:C1:E4:9D:B3
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/417c06d0-3203-44fd-b164-0aed50f5638b/a0b6de0c-1f37-3fcc-882c-34d7ea4c8be8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/417c06d0-3203-44fd-b164-0aed50f5638b/417c06d0-3203-44fd-b164-0aed50f5638b.crl

            X509v3 Authority Key Identifier:
                keyid:00:CE:A0:C5:4C:5A:68:B3:D1:09:2A:66:78:F3:83:C9:42:07:C5:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/417c06d0-3203-44fd-b164-0aed50f5638b.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.124.192.0/24

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         d0:8e:37:19:37:df:e2:68:b1:20:5e:cf:0c:a5:cd:67:a8:7a:
         7b:a6:d9:d2:e1:fa:74:a5:da:5e:ac:ec:ef:b3:d1:d6:ef:ce:
         fb:00:52:f8:ee:eb:1a:a8:3a:88:6f:93:1e:12:62:6a:6f:ed:
         1d:7e:45:54:ac:f5:a8:66:cf:47:20:55:52:72:af:53:59:01:
         fd:75:18:80:01:9c:66:25:09:af:69:75:c5:29:a1:d4:14:55:
         54:40:df:45:73:7b:24:c5:8e:1c:0a:34:d3:e2:17:16:05:29:
         99:40:67:85:18:e8:59:0f:ab:75:09:30:68:6a:8a:3a:2d:f1:
         4f:25:a4:68:a2:27:27:44:0b:b1:c3:4b:45:59:e4:32:34:e4:
         bb:a9:50:fb:74:9d:72:de:c8:c1:b7:69:9f:77:56:a0:25:83:
         c1:cf:cc:20:c5:8a:6e:a6:a0:57:70:76:f5:b7:b9:a9:fd:13:
         ea:d0:7e:d8:6b:a4:0f:78:fd:9c:4c:c8:70:1d:d4:52:62:07:
         f9:fe:4b:0b:b4:5d:88:96:4d:81:c4:4b:f6:81:d5:45:c5:2a:
         ed:ce:a5:3c:51:be:4a:b6:b8:19:e3:22:07:cf:6a:f0:e4:61:
         9e:56:34:f7:ac:30:a3:b3:e2:42:6c:40:f3:c5:70:00:41:12:
         e2:32:01:44
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWEioMKf81E7FeMt2L4AwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkNDE3YzA2ZDAtMzIwMy00NGZkLWIxNjQtMGFlZDUwZjU2
MzhiMB4XDTI1MDEyNTAyMDAzOVoXDTI1MDQyNTAxMDAzOVowLzEtMCsGA1UEAxMk
YzgyNjA4MmUtNGRkZS00YWJhLTg5MDItOTQ1OGQzZjlhOTc1MIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhDl1cKKv6w+EuOFpNpWRPxs7l+RsvbEvrW7z
gi8eJMmLIrK+RgkoPgLDBo+WZLZD5y0ThWXuzF9yNzqj/L8imCG4BpHoT6oDotGO
OFdOQWzmXhr8yw0KmRaOPorhtt/yDFt+QKWIJ7Z8zgQISbUzPtaPAJ+rbXokkAjf
FzE8vZ0UY5rpjqnlwThpmJfK4aP73V5T1tk3N0Ul500EFLb2mJgfueD0w/rLewAU
kMKfMTeQ140wGm2B707qy22Q1/gnjBvQyKXlg23RgSF/pUCv3q562tIfcE616boJ
nb1alL0vyS+z9qEb6jhA2AiQAY9KiFaHKlP4Swndf3oP04qmGQIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFL7y2YjjFftSgboOLkhc/ZHB5J2zMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy80MTdj
MDZkMC0zMjAzLTQ0ZmQtYjE2NC0wYWVkNTBmNTYzOGIvYTBiNmRlMGMtMWYzNy0z
ZmNjLTg4MmMtMzRkN2VhNGM4YmU4LnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy81MjFlYjMzZi05
NjcyLTRjZDktYWNjZS0xMzcyMjdlOTcxYWMvNDE3YzA2ZDAtMzIwMy00NGZkLWIx
NjQtMGFlZDUwZjU2MzhiLzQxN2MwNmQwLTMyMDMtNDRmZC1iMTY0LTBhZWQ1MGY1
NjM4Yi5jcmwwHwYDVR0jBBgwFoAUAM6gxUxaaLPRCSpmePODyUIHxf0wDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzUyMWViMzNmLTk2NzItNGNk
OS1hY2NlLTEzNzIyN2U5NzFhYy80MTdjMDZkMC0zMjAzLTQ0ZmQtYjE2NC0wYWVk
NTBmNTYzOGIuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk3zAMFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBANCONxk33+JosSBezwylzWeoenum2dLh+nSl2l6s7O+z0dbvzvsAUvju
6xqoOohvkx4SYmpv7R1+RVSs9ahmz0cgVVJyr1NZAf11GIABnGYlCa9pdcUpodQU
VVRA30VzeyTFjhwKNNPiFxYFKZlAZ4UY6FkPq3UJMGhqijot8U8lpGiiJydEC7HD
S0VZ5DI05LupUPt0nXLeyMG3aZ93VqAlg8HPzCDFim6moFdwdvW3uan9E+rQfthr
pA94/ZxMyHAd1FJiB/n+Swu0XYiWTYHES/aB1UXFKu3OpTxRvkq2uBnjIgfPavDk
YZ5WNPesMKOz4kJsQPPFcABBEuIyAUQ=
-----END CERTIFICATE-----