Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/1f72bda1-87a9-3507-816b-f6177ed574af.roa
File:                     1f72bda1-87a9-3507-816b-f6177ed574af.roa (raw, json)
Hash identifier:          sPAkFaIj5VpW8+pUkcK1LQVrzVBlQ6naMdVNl+NGwDY=
Subject key identifier:   FA:8A:BB:2E:31:EE:BC:19:22:45:87:9A:AC:FC:FB:F6:1A:27:32:32
Certificate issuer:       /CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
Certificate serial:       010D0C9F4328584711E0845B0AD127AACA6DB480
Authority key identifier: 77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/1f72bda1-87a9-3507-816b-f6177ed574af.roa
Signing time:             Sun 01 Sep 2024 13:00:41 +0000
ROA not before:           Sun 01 Sep 2024 13:00:41 +0000
ROA not after:            Sat 30 Nov 2024 14:00:41 +0000
asID:                     7029
IP address blocks:        209.92.92.0/22 maxlen: 22
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:47:11:e0:84:5b:0a:d1:27:aa:ca:6d:b4:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
        Validity
            Not Before: Sep  1 13:00:41 2024 GMT
            Not After : Nov 30 14:00:41 2024 GMT
        Subject: CN=ba3534c8-3713-4afc-b288-2877055b1da2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:4e:d7:ba:07:3f:ab:57:db:51:27:33:36:65:
                    ce:4a:71:4b:3b:5b:d0:42:cd:56:37:fa:75:0d:19:
                    0c:ed:bd:31:34:0d:fe:8c:74:bc:9d:c5:1c:2c:fc:
                    a0:8c:29:4c:d4:c0:3b:3e:e7:8c:06:37:f0:3c:9f:
                    82:a9:09:86:42:5e:a4:ef:80:4b:7e:2a:b0:3a:0e:
                    53:39:71:56:aa:c2:ab:c4:18:5a:10:27:45:23:5e:
                    19:8f:f9:8e:d9:2a:62:01:88:4c:16:11:f3:6a:ea:
                    7f:a9:fe:23:59:f6:37:26:02:55:bb:27:e9:d8:39:
                    ad:05:b7:f7:49:17:d2:21:af:02:16:e8:24:2a:5a:
                    84:56:df:9d:33:7c:ed:f3:4a:4b:0f:c3:0b:e6:47:
                    47:63:2f:6b:cf:07:74:a6:b3:15:82:40:0d:25:06:
                    95:bb:9b:b8:1f:da:22:26:d4:93:5e:8b:10:db:d3:
                    09:64:3c:4d:6f:0d:a6:c5:25:aa:05:90:e7:2a:14:
                    b9:f2:7a:24:7a:43:4c:98:c8:7d:ae:e9:2d:b7:e7:
                    68:2b:bc:01:77:6d:10:5f:a4:f5:fb:d3:b9:33:21:
                    40:66:82:3f:bd:a6:c6:7f:1d:f1:58:72:77:24:b5:
                    7c:0f:38:79:a5:e7:69:7d:1f:3d:73:32:02:e4:ba:
                    5b:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:8A:BB:2E:31:EE:BC:19:22:45:87:9A:AC:FC:FB:F6:1A:27:32:32
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/1f72bda1-87a9-3507-816b-f6177ed574af.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/49bd506e-447c-48e7-9d44-4b373b35b2d3.crl

            X509v3 Authority Key Identifier:
                keyid:77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  209.92.92.0/22

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         24:c8:0c:58:a4:03:41:ef:3f:e8:11:49:b5:63:36:9f:9b:c8:
         3c:ba:b2:ee:10:23:03:5a:26:1d:1a:50:e6:bf:61:d3:37:e5:
         f6:8e:10:4a:ce:17:84:e8:b9:5f:c6:ed:4e:7f:2f:36:f2:fc:
         50:d7:42:dd:91:8b:26:55:fb:a5:09:19:7b:12:f7:c1:6c:78:
         29:69:de:5b:d1:70:d5:fe:b5:16:e3:f1:76:51:16:cc:4a:b4:
         5f:d1:10:70:20:3e:ff:8d:f8:8b:0b:dd:2f:ef:7e:54:eb:a9:
         cb:f3:8c:65:9c:f0:14:4f:8b:90:65:97:5b:e8:ab:a8:bb:db:
         df:61:66:7f:a2:d9:56:90:9a:d5:80:64:5c:90:75:29:65:15:
         42:6c:a3:c4:85:ac:35:7d:4f:d3:cc:15:f0:14:3d:7b:ef:7a:
         38:2f:7f:2d:01:92:95:ba:d3:a2:aa:c6:1e:98:6b:24:11:ed:
         bf:05:a8:ac:11:07:57:32:c8:46:eb:88:7a:e8:73:58:a5:2b:
         02:5b:f4:6a:a5:75:00:40:b6:a7:24:19:3c:02:c6:a6:97:8a:
         92:b1:f7:da:6e:2c:97:ea:f8:94:28:2b:ea:26:e6:ca:3b:93:
         41:2c:0f:4c:5d:27:af:fb:8a:fa:ae:30:85:26:27:f1:26:2c:
         f6:e5:1b:94
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWEcR4IRbCtEnqspttIAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkNDliZDUwNmUtNDQ3Yy00OGU3LTlkNDQtNGIzNzNiMzVi
MmQzMB4XDTI0MDkwMTEzMDA0MVoXDTI0MTEzMDE0MDA0MVowLzEtMCsGA1UEAxMk
YmEzNTM0YzgtMzcxMy00YWZjLWIyODgtMjg3NzA1NWIxZGEyMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt07Xugc/q1fbUSczNmXOSnFLO1vQQs1WN/p1
DRkM7b0xNA3+jHS8ncUcLPygjClM1MA7PueMBjfwPJ+CqQmGQl6k74BLfiqwOg5T
OXFWqsKrxBhaECdFI14Zj/mO2SpiAYhMFhHzaup/qf4jWfY3JgJVuyfp2DmtBbf3
SRfSIa8CFugkKlqEVt+dM3zt80pLD8ML5kdHYy9rzwd0prMVgkANJQaVu5u4H9oi
JtSTXosQ29MJZDxNbw2mxSWqBZDnKhS58nokekNMmMh9ruktt+doK7wBd20QX6T1
+9O5MyFAZoI/vabGfx3xWHJ3JLV8Dzh5pedpfR89czIC5LpbywIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFPqKuy4x7rwZIkWHmqz8+/YaJzIyMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy80OWJk
NTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3M2IzNWIyZDMvMWY3MmJkYTEtODdhOS0z
NTA3LTgxNmItZjYxNzdlZDU3NGFmLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy81MjFlYjMzZi05
NjcyLTRjZDktYWNjZS0xMzcyMjdlOTcxYWMvNDliZDUwNmUtNDQ3Yy00OGU3LTlk
NDQtNGIzNzNiMzViMmQzLzQ5YmQ1MDZlLTQ0N2MtNDhlNy05ZDQ0LTRiMzczYjM1
YjJkMy5jcmwwHwYDVR0jBBgwFoAUdwOJO4YyY/94LoeEDRI/xecTaOQwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzUyMWViMzNmLTk2NzItNGNk
OS1hY2NlLTEzNzIyN2U5NzFhYy80OWJkNTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3
M2IzNWIyZDMuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC0VxcMFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBACTIDFikA0HvP+gRSbVjNp+byDy6su4QIwNaJh0aUOa/YdM35faOEErO
F4TouV/G7U5/Lzby/FDXQt2RiyZV+6UJGXsS98FseClp3lvRcNX+tRbj8XZRFsxK
tF/REHAgPv+N+IsL3S/vflTrqcvzjGWc8BRPi5Bll1voq6i7299hZn+i2VaQmtWA
ZFyQdSllFUJso8SFrDV9T9PMFfAUPXvvejgvfy0BkpW606Kqxh6YayQR7b8FqKwR
B1cyyEbriHroc1ilKwJb9GqldQBAtqckGTwCxqaXipKx99puLJfq+JQoK+om5so7
k0EsD0xdJ6/7ivquMIUmJ/EmLPblG5Q=
-----END CERTIFICATE-----