Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/04cfdce1-3ab9-38e9-8823-79334ea9ed11.roa
File:                     04cfdce1-3ab9-38e9-8823-79334ea9ed11.roa (raw, json)
Hash identifier:          Ge8m0KWPonE+zx3pzSM2okhfqonb5pmwA01nL3H2udk=
Subject key identifier:   FF:5B:34:BB:F7:77:95:D8:45:21:35:12:91:FD:1A:2E:FD:E5:20:03
Certificate issuer:       /CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
Certificate serial:       010D0C9F4328584553331ED9D03B737360793E80
Authority key identifier: 77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/04cfdce1-3ab9-38e9-8823-79334ea9ed11.roa
Signing time:             Mon 25 Mar 2024 13:00:33 +0000
ROA not before:           Mon 25 Mar 2024 13:00:33 +0000
ROA not after:            Sun 23 Jun 2024 13:00:33 +0000
asID:                     7029
IP address blocks:        207.221.0.0/19 maxlen: 19
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:45:53:33:1e:d9:d0:3b:73:73:60:79:3e:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
        Validity
            Not Before: Mar 25 13:00:33 2024 GMT
            Not After : Jun 23 13:00:33 2024 GMT
        Subject: CN=8810ee0e-d86d-4fa5-8958-f75340c1d4b7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:c1:fa:de:0a:20:09:08:26:1a:1b:a5:5b:a2:
                    8c:30:d2:0b:68:11:40:c8:3a:a3:54:54:e7:76:3f:
                    08:e7:f4:a6:25:22:c1:7a:64:dd:f6:2e:75:5d:4b:
                    d4:3e:8b:25:d9:c1:13:cf:16:2d:25:ff:75:a2:da:
                    65:32:84:0e:eb:17:6d:db:f7:2e:1e:01:ca:94:53:
                    0d:d2:5f:88:9c:b3:46:7d:a1:36:b2:86:f9:90:89:
                    b2:3b:c6:17:3b:0a:43:45:e4:44:54:a6:c5:df:1d:
                    c1:ac:b3:89:69:ca:0b:7f:75:6a:00:d0:29:79:40:
                    76:77:29:14:bb:f4:dd:d8:db:0d:ad:03:4c:a2:d0:
                    12:4e:ba:55:14:c7:3d:1a:23:dc:82:7f:d3:fb:dd:
                    b0:3d:a8:95:ae:09:4b:e3:01:81:05:4c:10:27:02:
                    97:2e:87:71:b3:a7:d7:e9:92:6a:8f:5e:af:d9:66:
                    df:0e:91:a4:d1:4a:1f:66:2b:51:0a:ac:6c:b7:20:
                    53:22:ac:9f:85:a9:56:00:95:a9:55:02:f4:48:6f:
                    0d:81:5e:f5:d5:f1:f9:6a:07:e7:18:da:ae:5c:db:
                    f8:45:b3:15:cd:77:d8:b3:63:99:5d:4a:0c:7f:b1:
                    c5:6c:62:47:53:6f:41:8f:b6:7a:1b:fa:08:97:ca:
                    f3:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:5B:34:BB:F7:77:95:D8:45:21:35:12:91:FD:1A:2E:FD:E5:20:03
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/04cfdce1-3ab9-38e9-8823-79334ea9ed11.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/49bd506e-447c-48e7-9d44-4b373b35b2d3.crl

            X509v3 Authority Key Identifier:
                keyid:77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  207.221.0.0/19

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         40:e4:ba:9d:9c:f5:23:ea:47:ab:a9:2d:ee:07:05:92:29:3e:
         2f:a3:d8:1c:8f:b1:e0:cd:9e:d2:35:95:3f:67:ee:92:d5:5a:
         2d:2b:eb:a8:1d:99:bf:19:f2:90:f5:af:2b:c0:02:30:8a:c0:
         b0:a0:76:bd:d1:ce:bc:de:ed:b1:14:95:94:3c:92:ed:34:ad:
         60:9b:cb:2b:e7:56:4e:fe:8c:c8:23:d4:61:7c:ac:3c:94:ba:
         03:c9:91:34:44:9e:0c:0b:5c:4a:d9:94:96:0c:44:11:da:db:
         c3:52:b9:9d:2d:ec:ae:c5:fd:04:e5:21:fd:d4:51:e8:46:b6:
         17:dd:dc:99:c0:11:aa:5e:7c:41:ca:ec:f5:29:b8:53:76:ca:
         76:07:ed:db:84:58:f2:91:e1:5b:a5:e5:eb:08:08:1a:82:25:
         75:03:b8:a6:e5:88:b8:3e:fc:24:a2:4d:87:81:89:2e:f4:0d:
         96:23:58:e6:f7:e1:97:f0:32:17:cf:77:d3:e9:99:5a:26:7b:
         dd:94:33:65:62:b7:77:00:16:08:fa:7b:57:ad:99:f1:fd:84:
         bd:79:d6:8a:f2:a6:1a:31:01:49:bc:d1:1e:80:74:8f:5d:bb:
         9f:e8:f3:7f:0a:75:59:be:a4:99:0e:6f:c4:e8:19:15:55:5e:
         2f:4e:91:89
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWEVTMx7Z0Dtzc2B5PoAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkNDliZDUwNmUtNDQ3Yy00OGU3LTlkNDQtNGIzNzNiMzVi
MmQzMB4XDTI0MDMyNTEzMDAzM1oXDTI0MDYyMzEzMDAzM1owLzEtMCsGA1UEAxMk
ODgxMGVlMGUtZDg2ZC00ZmE1LTg5NTgtZjc1MzQwYzFkNGI3MIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlMH63gogCQgmGhulW6KMMNILaBFAyDqjVFTn
dj8I5/SmJSLBemTd9i51XUvUPosl2cETzxYtJf91otplMoQO6xdt2/cuHgHKlFMN
0l+InLNGfaE2sob5kImyO8YXOwpDReREVKbF3x3BrLOJacoLf3VqANApeUB2dykU
u/Td2NsNrQNMotASTrpVFMc9GiPcgn/T+92wPaiVrglL4wGBBUwQJwKXLodxs6fX
6ZJqj16v2WbfDpGk0UofZitRCqxstyBTIqyfhalWAJWpVQL0SG8NgV711fH5agfn
GNquXNv4RbMVzXfYs2OZXUoMf7HFbGJHU29Bj7Z6G/oIl8rzQQIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFP9bNLv3d5XYRSE1EpH9Gi795SADMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy80OWJk
NTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3M2IzNWIyZDMvMDRjZmRjZTEtM2FiOS0z
OGU5LTg4MjMtNzkzMzRlYTllZDExLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy81MjFlYjMzZi05
NjcyLTRjZDktYWNjZS0xMzcyMjdlOTcxYWMvNDliZDUwNmUtNDQ3Yy00OGU3LTlk
NDQtNGIzNzNiMzViMmQzLzQ5YmQ1MDZlLTQ0N2MtNDhlNy05ZDQ0LTRiMzczYjM1
YjJkMy5jcmwwHwYDVR0jBBgwFoAUdwOJO4YyY/94LoeEDRI/xecTaOQwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzUyMWViMzNmLTk2NzItNGNk
OS1hY2NlLTEzNzIyN2U5NzFhYy80OWJkNTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3
M2IzNWIyZDMuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFz90AMFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBAEDkup2c9SPqR6upLe4HBZIpPi+j2ByPseDNntI1lT9n7pLVWi0r66gd
mb8Z8pD1ryvAAjCKwLCgdr3Rzrze7bEUlZQ8ku00rWCbyyvnVk7+jMgj1GF8rDyU
ugPJkTREngwLXErZlJYMRBHa28NSuZ0t7K7F/QTlIf3UUehGthfd3JnAEapefEHK
7PUpuFN2ynYH7duEWPKR4Vul5esICBqCJXUDuKbliLg+/CSiTYeBiS70DZYjWOb3
4ZfwMhfPd9PpmVome92UM2Vit3cAFgj6e1etmfH9hL151oryphoxAUm80R6AdI9d
u5/o838KdVm+pJkOb8ToGRVVXi9OkYk=
-----END CERTIFICATE-----
Generated at Fri Apr 11 22:28:11 2025 by rpki-client