Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/1d9dce24-d205-3cae-a68b-6e74b30ea645.roa
File:                     1d9dce24-d205-3cae-a68b-6e74b30ea645.roa (raw, json)
Hash identifier:          jP0mvK6lsoaAupqrmO87+5kb21iZoVV/MNXjI/q7vA8=
Subject key identifier:   26:A5:8B:6D:87:1D:FF:35:94:E8:3F:B4:CE:A0:40:B4:69:68:37:54
Certificate issuer:       /CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
Certificate serial:       010D0C9F4328584711E0AB8BB029E360CBD630C0
Authority key identifier: 77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/1d9dce24-d205-3cae-a68b-6e74b30ea645.roa
Signing time:             Sun 01 Sep 2024 13:00:41 +0000
ROA not before:           Sun 01 Sep 2024 13:00:41 +0000
ROA not after:            Sat 30 Nov 2024 14:00:41 +0000
asID:                     7029
IP address blocks:        209.86.0.0/16 maxlen: 16
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:47:11:e0:ab:8b:b0:29:e3:60:cb:d6:30:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
        Validity
            Not Before: Sep  1 13:00:41 2024 GMT
            Not After : Nov 30 14:00:41 2024 GMT
        Subject: CN=c4f3dbe0-b0bc-4e65-89ad-d4f66a981ccd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:46:72:23:51:d1:00:6f:3c:2b:74:85:d5:76:
                    19:a0:3e:88:a2:7f:49:fe:61:66:c8:03:c4:23:e4:
                    6b:b8:d9:d4:f8:bd:a6:81:6e:d2:72:0f:3c:dd:eb:
                    e3:ec:37:78:b1:f0:65:b0:13:7f:d7:93:b5:ac:cc:
                    6a:19:70:59:0d:7d:b4:93:15:ed:9b:60:9d:6b:76:
                    9c:6f:60:a1:6c:3f:db:c3:b7:1b:1a:a0:f2:84:7e:
                    07:b8:5e:92:4e:a6:d4:29:d0:df:2f:aa:37:ae:2d:
                    3f:db:62:5f:2b:94:0e:ec:22:3c:92:30:70:5c:5f:
                    b3:cc:df:45:32:26:94:fc:66:f3:7c:b5:c6:e1:a9:
                    c2:16:61:94:96:34:26:de:da:72:e7:30:78:28:4a:
                    dd:59:0c:a2:b1:ea:53:41:0d:50:69:1b:67:66:8c:
                    1f:42:5b:eb:3d:87:d2:05:18:b1:2d:9a:85:3a:d6:
                    54:d1:35:2d:d5:7f:7a:d1:fb:9c:99:23:49:db:18:
                    91:50:ed:a1:9d:51:30:c3:48:de:78:83:8f:a8:ce:
                    c7:11:43:41:eb:f3:64:72:ea:2c:6a:67:aa:4e:d2:
                    43:18:55:fb:f3:ba:da:26:20:c8:8d:5a:28:8e:e0:
                    3c:5c:df:33:5d:af:49:20:4a:4a:03:bd:dd:8e:26:
                    a8:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:A5:8B:6D:87:1D:FF:35:94:E8:3F:B4:CE:A0:40:B4:69:68:37:54
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/1d9dce24-d205-3cae-a68b-6e74b30ea645.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/49bd506e-447c-48e7-9d44-4b373b35b2d3.crl

            X509v3 Authority Key Identifier:
                keyid:77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  209.86.0.0/16

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         92:14:39:6a:01:05:0b:70:2e:f8:b4:f3:1b:6f:23:9c:d3:46:
         70:59:84:35:a8:50:c0:88:4f:58:1c:e4:bf:51:f7:da:c0:31:
         1c:a4:c3:ea:8e:b2:a5:db:4e:93:5a:be:1b:2b:7e:5e:0a:bc:
         ce:58:bc:a3:94:16:9c:be:01:c2:58:89:0c:af:f2:cd:83:8a:
         50:dc:67:4d:6a:28:91:cc:29:9a:20:e1:b8:cb:aa:cf:6b:a6:
         62:3e:f6:bb:a1:0b:f2:7b:17:30:cd:41:67:7a:5c:ec:17:6a:
         96:06:c5:cd:e0:c5:61:89:21:07:cd:f7:37:3c:e2:34:f2:d3:
         bf:79:08:21:16:e7:a2:43:1a:cb:e3:98:a3:73:13:d5:96:55:
         5d:4f:7d:22:11:50:7b:95:d9:34:32:e8:22:cd:e2:a7:a1:bb:
         7e:4e:09:9f:77:a9:3a:1b:63:1b:16:23:dc:59:54:6c:cf:87:
         56:4a:7d:3d:21:7d:24:a1:6f:ec:f8:97:30:45:84:8e:74:3a:
         8b:27:e2:e6:88:5c:e1:03:84:91:e8:97:c2:72:91:20:39:75:
         d2:2b:78:ba:fa:05:59:77:40:40:5a:9b:cf:8f:e0:e0:4f:bd:
         d5:f3:c6:6d:bd:5b:63:bd:aa:97:ed:5f:94:fd:99:ef:30:83:
         27:52:a5:8d
-----BEGIN CERTIFICATE-----
MIIGQjCCBSqgAwIBAgIUAQ0Mn0MoWEcR4KuLsCnjYMvWMMAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkNDliZDUwNmUtNDQ3Yy00OGU3LTlkNDQtNGIzNzNiMzVi
MmQzMB4XDTI0MDkwMTEzMDA0MVoXDTI0MTEzMDE0MDA0MVowLzEtMCsGA1UEAxMk
YzRmM2RiZTAtYjBiYy00ZTY1LTg5YWQtZDRmNjZhOTgxY2NkMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm0ZyI1HRAG88K3SF1XYZoD6Ion9J/mFmyAPE
I+RruNnU+L2mgW7Scg883evj7Dd4sfBlsBN/15O1rMxqGXBZDX20kxXtm2Cda3ac
b2ChbD/bw7cbGqDyhH4HuF6STqbUKdDfL6o3ri0/22JfK5QO7CI8kjBwXF+zzN9F
MiaU/GbzfLXG4anCFmGUljQm3tpy5zB4KErdWQyisepTQQ1QaRtnZowfQlvrPYfS
BRixLZqFOtZU0TUt1X960fucmSNJ2xiRUO2hnVEww0jeeIOPqM7HEUNB6/Nkcuos
ameqTtJDGFX787raJiDIjVoojuA8XN8zXa9JIEpKA73djiaokwIDAQABo4IDVDCC
A1AwHQYDVR0OBBYEFCali22HHf81lOg/tM6gQLRpaDdUMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy80OWJk
NTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3M2IzNWIyZDMvMWQ5ZGNlMjQtZDIwNS0z
Y2FlLWE2OGItNmU3NGIzMGVhNjQ1LnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy81MjFlYjMzZi05
NjcyLTRjZDktYWNjZS0xMzcyMjdlOTcxYWMvNDliZDUwNmUtNDQ3Yy00OGU3LTlk
NDQtNGIzNzNiMzViMmQzLzQ5YmQ1MDZlLTQ0N2MtNDhlNy05ZDQ0LTRiMzczYjM1
YjJkMy5jcmwwHwYDVR0jBBgwFoAUdwOJO4YyY/94LoeEDRI/xecTaOQwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzUyMWViMzNmLTk2NzItNGNk
OS1hY2NlLTEzNzIyN2U5NzFhYy80OWJkNTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3
M2IzNWIyZDMuY2VyMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA0VYwVAYD
VR0gAQH/BEowSDBGBggrBgEFBQcOAjA6MDgGCCsGAQUFBwIBFixodHRwczovL3d3
dy5hcmluLm5ldC9yZXNvdXJjZXMvcnBraS9jcHMuaHRtbDANBgkqhkiG9w0BAQsF
AAOCAQEAkhQ5agEFC3Au+LTzG28jnNNGcFmENahQwIhPWBzkv1H32sAxHKTD6o6y
pdtOk1q+Gyt+Xgq8zli8o5QWnL4BwliJDK/yzYOKUNxnTWookcwpmiDhuMuqz2um
Yj72u6EL8nsXMM1BZ3pc7BdqlgbFzeDFYYkhB833NzziNPLTv3kIIRbnokMay+OY
o3MT1ZZVXU99IhFQe5XZNDLoIs3ip6G7fk4Jn3epOhtjGxYj3FlUbM+HVkp9PSF9
JKFv7PiXMEWEjnQ6iyfi5ohc4QOEkeiXwnKRIDl10it4uvoFWXdAQFqbz4/g4E+9
1fPGbb1bY72ql+1flP2Z7zCDJ1KljQ==
-----END CERTIFICATE-----
Generated at Fri Apr 11 23:40:36 2025 by rpki-client