Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/417c06d0-3203-44fd-b164-0aed50f5638b/b0c9fb44-1e74-37c2-8ebc-ccbcf2fcd0c4.roa
File:                     b0c9fb44-1e74-37c2-8ebc-ccbcf2fcd0c4.roa (raw, json)
Hash identifier:          tZPV2O7r8NLRMT7kvENPwi9WcJBpQrfWcNCmOlok62Q=
Subject key identifier:   CF:C2:CA:A7:FB:83:7A:83:D1:F9:B8:29:63:DF:DE:26:DE:A8:C4:0B
Certificate issuer:       /CN=417c06d0-3203-44fd-b164-0aed50f5638b
Certificate serial:       010D0C9F43285848AF2B7A2A528C42FA49C74A80
Authority key identifier: 00:CE:A0:C5:4C:5A:68:B3:D1:09:2A:66:78:F3:83:C9:42:07:C5:FD
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/417c06d0-3203-44fd-b164-0aed50f5638b.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/417c06d0-3203-44fd-b164-0aed50f5638b/b0c9fb44-1e74-37c2-8ebc-ccbcf2fcd0c4.roa
Signing time:             Mon 27 Jan 2025 14:00:52 +0000
ROA not before:           Mon 27 Jan 2025 14:00:52 +0000
ROA not after:            Sun 27 Apr 2025 13:00:52 +0000
asID:                     397423
IP address blocks:        147.124.205.0/24 maxlen: 24
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:48:af:2b:7a:2a:52:8c:42:fa:49:c7:4a:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=417c06d0-3203-44fd-b164-0aed50f5638b
        Validity
            Not Before: Jan 27 14:00:52 2025 GMT
            Not After : Apr 27 13:00:52 2025 GMT
        Subject: CN=443db5fb-5702-4e29-a7bb-4b438448fc84
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:d2:55:ad:5c:c5:37:fa:de:35:a6:71:f3:14:
                    80:99:af:e9:c2:35:03:20:d8:19:41:d5:04:93:bf:
                    48:d7:6a:8c:ac:97:09:bf:ed:e1:ca:10:00:e7:72:
                    5d:c9:de:26:54:2b:16:8e:83:47:4b:b2:55:82:c3:
                    ed:b3:9a:ff:a5:41:73:7c:94:64:1a:30:d8:08:6a:
                    39:fc:9b:ff:be:7c:26:3d:f5:23:2d:ef:c1:60:50:
                    60:ce:ee:01:0e:a6:21:d4:27:a3:80:fd:a8:4e:28:
                    12:c0:ce:68:89:68:3b:9f:63:b2:c1:23:03:71:83:
                    5c:61:21:cf:21:78:88:84:71:85:8d:a8:19:9a:ac:
                    32:65:2a:52:c6:5d:73:e6:f1:30:b5:9b:71:83:f6:
                    36:ab:5a:39:11:87:fb:55:d5:65:9f:67:4f:72:3c:
                    2f:01:23:e5:58:22:40:06:5c:43:52:fb:dc:4f:ce:
                    9e:f1:94:89:ad:69:f1:25:06:a2:76:0c:4f:c7:1e:
                    93:87:bd:9a:1a:e8:29:54:05:ea:18:98:c6:38:ae:
                    c0:99:b4:5c:55:fb:77:22:56:46:19:95:2c:2a:69:
                    bb:3d:72:f5:21:e4:7c:50:86:44:2a:13:a4:32:ab:
                    d4:c5:66:d8:6c:12:87:e0:c7:d0:78:83:3b:dd:69:
                    4e:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:C2:CA:A7:FB:83:7A:83:D1:F9:B8:29:63:DF:DE:26:DE:A8:C4:0B
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/417c06d0-3203-44fd-b164-0aed50f5638b/b0c9fb44-1e74-37c2-8ebc-ccbcf2fcd0c4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/417c06d0-3203-44fd-b164-0aed50f5638b/417c06d0-3203-44fd-b164-0aed50f5638b.crl

            X509v3 Authority Key Identifier:
                keyid:00:CE:A0:C5:4C:5A:68:B3:D1:09:2A:66:78:F3:83:C9:42:07:C5:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/417c06d0-3203-44fd-b164-0aed50f5638b.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.124.205.0/24

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         be:1b:9d:30:a4:a6:ba:2a:c4:99:1b:48:fa:15:42:68:3b:24:
         47:3e:56:f9:8d:64:31:f4:c8:52:09:f2:4f:19:0b:f4:81:aa:
         b8:7f:ea:c4:56:7a:88:73:eb:c4:68:de:5f:04:8d:f8:0e:22:
         f2:b2:ec:e4:ad:c4:53:6e:79:41:9d:bf:c2:d7:b9:13:21:e4:
         69:57:9a:59:ab:01:dc:52:dc:ec:18:5b:72:d1:e3:85:88:86:
         5b:9f:8a:94:9b:50:59:60:1a:c1:8d:63:e8:6c:30:bd:12:09:
         77:f0:9f:7b:9d:5d:72:92:0b:0a:08:33:6f:ff:49:53:d9:4c:
         81:96:f9:f9:ca:88:6d:a3:fe:45:12:2d:db:72:9c:12:f1:f1:
         ca:2e:c3:67:1b:e7:44:f8:7b:00:fc:30:a0:5c:89:6e:2b:c0:
         d6:ca:6a:09:59:84:36:32:74:9a:d1:ec:18:90:e2:f9:b4:60:
         13:f6:4e:a9:ee:1e:b0:b3:73:3a:08:77:33:63:9a:52:1e:b4:
         9a:91:36:fd:ae:f6:50:b6:0e:c3:da:c4:29:0e:4f:18:9e:68:
         19:c2:5a:0b:d7:d0:3f:7e:eb:52:f2:88:25:c7:00:d1:c0:ae:
         59:d9:0a:3f:51:cb:ea:55:73:c4:d4:ac:bd:be:ca:a4:67:a4:
         e6:ee:68:db
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWEivK3oqUoxC+knHSoAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkNDE3YzA2ZDAtMzIwMy00NGZkLWIxNjQtMGFlZDUwZjU2
MzhiMB4XDTI1MDEyNzE0MDA1MloXDTI1MDQyNzEzMDA1MlowLzEtMCsGA1UEAxMk
NDQzZGI1ZmItNTcwMi00ZTI5LWE3YmItNGI0Mzg0NDhmYzg0MIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAotJVrVzFN/reNaZx8xSAma/pwjUDINgZQdUE
k79I12qMrJcJv+3hyhAA53Jdyd4mVCsWjoNHS7JVgsPts5r/pUFzfJRkGjDYCGo5
/Jv/vnwmPfUjLe/BYFBgzu4BDqYh1CejgP2oTigSwM5oiWg7n2OywSMDcYNcYSHP
IXiIhHGFjagZmqwyZSpSxl1z5vEwtZtxg/Y2q1o5EYf7VdVln2dPcjwvASPlWCJA
BlxDUvvcT86e8ZSJrWnxJQaidgxPxx6Th72aGugpVAXqGJjGOK7AmbRcVft3IlZG
GZUsKmm7PXL1IeR8UIZEKhOkMqvUxWbYbBKH4MfQeIM73WlOTQIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFM/Cyqf7g3qD0fm4KWPf3ibeqMQLMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy80MTdj
MDZkMC0zMjAzLTQ0ZmQtYjE2NC0wYWVkNTBmNTYzOGIvYjBjOWZiNDQtMWU3NC0z
N2MyLThlYmMtY2NiY2YyZmNkMGM0LnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy81MjFlYjMzZi05
NjcyLTRjZDktYWNjZS0xMzcyMjdlOTcxYWMvNDE3YzA2ZDAtMzIwMy00NGZkLWIx
NjQtMGFlZDUwZjU2MzhiLzQxN2MwNmQwLTMyMDMtNDRmZC1iMTY0LTBhZWQ1MGY1
NjM4Yi5jcmwwHwYDVR0jBBgwFoAUAM6gxUxaaLPRCSpmePODyUIHxf0wDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzUyMWViMzNmLTk2NzItNGNk
OS1hY2NlLTEzNzIyN2U5NzFhYy80MTdjMDZkMC0zMjAzLTQ0ZmQtYjE2NC0wYWVk
NTBmNTYzOGIuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk3zNMFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBAL4bnTCkproqxJkbSPoVQmg7JEc+VvmNZDH0yFIJ8k8ZC/SBqrh/6sRW
eohz68Ro3l8EjfgOIvKy7OStxFNueUGdv8LXuRMh5GlXmlmrAdxS3OwYW3LR44WI
hlufipSbUFlgGsGNY+hsML0SCXfwn3udXXKSCwoIM2//SVPZTIGW+fnKiG2j/kUS
LdtynBLx8couw2cb50T4ewD8MKBciW4rwNbKaglZhDYydJrR7BiQ4vm0YBP2Tqnu
HrCzczoIdzNjmlIetJqRNv2u9lC2DsPaxCkOTxieaBnCWgvX0D9+61LyiCXHANHA
rlnZCj9Ry+pVc8TUrL2+yqRnpObuaNs=
-----END CERTIFICATE-----
Generated at Fri Apr 11 22:51:38 2025 by rpki-client