Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/417c06d0-3203-44fd-b164-0aed50f5638b/bc7740bf-a991-3641-80b4-3550ba43a8a7.roa
File:                     bc7740bf-a991-3641-80b4-3550ba43a8a7.roa (raw, json)
Hash identifier:          Djoe517R0OMYl8mYs5TqwbWNL8Lv0gaxqJnXoueZ9fA=
Subject key identifier:   B8:52:86:22:54:E2:AF:59:6C:C6:BB:F5:37:13:45:74:DB:C9:97:92
Certificate issuer:       /CN=417c06d0-3203-44fd-b164-0aed50f5638b
Certificate serial:       010D0C9F432858486AC5979D60F8DAD1A10B8940
Authority key identifier: 00:CE:A0:C5:4C:5A:68:B3:D1:09:2A:66:78:F3:83:C9:42:07:C5:FD
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/417c06d0-3203-44fd-b164-0aed50f5638b.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/417c06d0-3203-44fd-b164-0aed50f5638b/bc7740bf-a991-3641-80b4-3550ba43a8a7.roa
Signing time:             Fri 03 Jan 2025 02:00:40 +0000
ROA not before:           Fri 03 Jan 2025 02:00:40 +0000
ROA not after:            Thu 03 Apr 2025 01:00:40 +0000
asID:                     397423
IP address blocks:        147.124.194.0/24 maxlen: 24
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:48:6a:c5:97:9d:60:f8:da:d1:a1:0b:89:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=417c06d0-3203-44fd-b164-0aed50f5638b
        Validity
            Not Before: Jan  3 02:00:40 2025 GMT
            Not After : Apr  3 01:00:40 2025 GMT
        Subject: CN=50b65989-2e97-4473-9fd4-c4da15c58bc6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:e6:cd:8e:c2:0e:26:4c:5a:bd:47:4c:7e:d4:
                    78:16:cd:c1:a8:84:85:94:79:41:d2:ac:0b:ed:d2:
                    cc:56:b1:31:a2:89:93:37:64:b1:ba:8f:67:cf:b9:
                    e8:d9:2c:65:a1:c0:36:dd:6d:b4:cc:ba:2d:bb:02:
                    07:36:04:79:ff:67:ea:26:57:4b:f9:0c:e8:54:4b:
                    7f:ff:f5:dc:05:8b:8e:a1:67:9c:23:e3:33:a3:01:
                    ae:36:55:c2:d6:9c:8c:12:2d:6f:a1:0f:49:bb:8c:
                    1c:0f:7f:96:6e:eb:2e:9a:b1:bf:fc:03:ac:81:b4:
                    46:53:19:07:39:5e:21:05:a9:8f:6e:51:54:7f:e0:
                    02:65:b5:77:63:1f:b6:ab:fd:93:5a:35:65:d6:f8:
                    0f:a2:fb:d1:c9:29:7e:2e:e1:2e:ca:8c:db:75:9b:
                    64:a7:c9:cd:88:4b:cf:ac:10:94:f1:7e:fe:db:e7:
                    67:4a:61:21:fd:4d:84:18:42:ab:af:7b:e2:69:00:
                    13:36:00:23:f7:13:97:4d:bc:92:53:e4:3d:6b:43:
                    88:25:7e:0a:ae:4a:bf:c1:b6:bd:6e:e0:e8:d4:d1:
                    56:d0:ba:2a:4a:4d:c4:e3:29:82:c0:32:f5:a0:c2:
                    9f:7f:d4:26:af:42:e3:97:14:11:71:dc:d6:ec:c0:
                    c5:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:52:86:22:54:E2:AF:59:6C:C6:BB:F5:37:13:45:74:DB:C9:97:92
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/417c06d0-3203-44fd-b164-0aed50f5638b/bc7740bf-a991-3641-80b4-3550ba43a8a7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/417c06d0-3203-44fd-b164-0aed50f5638b/417c06d0-3203-44fd-b164-0aed50f5638b.crl

            X509v3 Authority Key Identifier:
                keyid:00:CE:A0:C5:4C:5A:68:B3:D1:09:2A:66:78:F3:83:C9:42:07:C5:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/417c06d0-3203-44fd-b164-0aed50f5638b.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.124.194.0/24

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         11:60:54:41:1e:12:46:d2:96:51:1f:93:14:e3:8e:c8:35:ea:
         13:b0:71:6d:2f:5c:a0:7b:9a:76:da:b5:a0:34:3a:7e:50:8a:
         27:e4:c6:17:8b:04:e5:98:93:23:26:e4:d9:8f:d9:cd:8e:0c:
         20:e9:95:07:2f:19:71:47:41:74:7b:0e:39:4b:81:fb:68:b2:
         95:3c:f6:1b:a5:3d:45:d2:39:3a:de:65:55:18:07:d0:65:91:
         b7:ef:8b:7c:20:58:a7:fe:7e:1a:83:6c:e5:a8:a9:8c:7c:d8:
         0b:fd:b8:30:6f:86:d9:28:c2:43:39:fb:cf:ca:3a:6e:ec:44:
         93:ef:dc:1a:13:1f:c1:8d:dc:fd:a4:19:f2:02:9f:8f:92:aa:
         45:02:26:b3:44:1e:78:88:26:50:03:fc:23:6e:fb:7d:e6:4a:
         2b:04:97:c6:9a:f9:e7:c4:6a:59:6e:d2:c3:1f:94:4b:6b:ed:
         ea:90:7d:c2:16:8e:f0:1f:fc:3a:e4:cd:27:01:53:7b:03:0b:
         04:06:fd:03:f5:79:67:c0:49:cd:26:03:09:2e:d8:db:5a:b8:
         c6:e8:cc:b8:2d:c6:1a:a9:73:63:f8:fe:26:74:ff:31:f9:57:
         52:28:a9:c7:57:b6:3a:4c:28:d0:6d:7a:48:15:1f:42:94:f2:
         7a:b8:12:7d
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWEhqxZedYPja0aELiUAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkNDE3YzA2ZDAtMzIwMy00NGZkLWIxNjQtMGFlZDUwZjU2
MzhiMB4XDTI1MDEwMzAyMDA0MFoXDTI1MDQwMzAxMDA0MFowLzEtMCsGA1UEAxMk
NTBiNjU5ODktMmU5Ny00NDczLTlmZDQtYzRkYTE1YzU4YmM2MIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyObNjsIOJkxavUdMftR4Fs3BqISFlHlB0qwL
7dLMVrExoomTN2Sxuo9nz7no2SxlocA23W20zLotuwIHNgR5/2fqJldL+QzoVEt/
//XcBYuOoWecI+MzowGuNlXC1pyMEi1voQ9Ju4wcD3+WbusumrG//AOsgbRGUxkH
OV4hBamPblFUf+ACZbV3Yx+2q/2TWjVl1vgPovvRySl+LuEuyozbdZtkp8nNiEvP
rBCU8X7+2+dnSmEh/U2EGEKrr3viaQATNgAj9xOXTbySU+Q9a0OIJX4Krkq/wba9
buDo1NFW0LoqSk3E4ymCwDL1oMKff9Qmr0LjlxQRcdzW7MDFNQIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFLhShiJU4q9ZbMa79TcTRXTbyZeSMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy80MTdj
MDZkMC0zMjAzLTQ0ZmQtYjE2NC0wYWVkNTBmNTYzOGIvYmM3NzQwYmYtYTk5MS0z
NjQxLTgwYjQtMzU1MGJhNDNhOGE3LnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy81MjFlYjMzZi05
NjcyLTRjZDktYWNjZS0xMzcyMjdlOTcxYWMvNDE3YzA2ZDAtMzIwMy00NGZkLWIx
NjQtMGFlZDUwZjU2MzhiLzQxN2MwNmQwLTMyMDMtNDRmZC1iMTY0LTBhZWQ1MGY1
NjM4Yi5jcmwwHwYDVR0jBBgwFoAUAM6gxUxaaLPRCSpmePODyUIHxf0wDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzUyMWViMzNmLTk2NzItNGNk
OS1hY2NlLTEzNzIyN2U5NzFhYy80MTdjMDZkMC0zMjAzLTQ0ZmQtYjE2NC0wYWVk
NTBmNTYzOGIuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk3zCMFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBABFgVEEeEkbSllEfkxTjjsg16hOwcW0vXKB7mnbataA0On5QiifkxheL
BOWYkyMm5NmP2c2ODCDplQcvGXFHQXR7DjlLgftospU89hulPUXSOTreZVUYB9Bl
kbfvi3wgWKf+fhqDbOWoqYx82Av9uDBvhtkowkM5+8/KOm7sRJPv3BoTH8GN3P2k
GfICn4+SqkUCJrNEHniIJlAD/CNu+33mSisEl8aa+efEallu0sMflEtr7eqQfcIW
jvAf/DrkzScBU3sDCwQG/QP1eWfASc0mAwku2NtauMbozLgtxhqpc2P4/iZ0/zH5
V1IoqcdXtjpMKNBtekgVH0KU8nq4En0=
-----END CERTIFICATE-----
Generated at Fri Apr 11 23:30:58 2025 by rpki-client