Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/209b30a5-7707-3cc3-aed2-78e750692c4f.roa
File:                     209b30a5-7707-3cc3-aed2-78e750692c4f.roa (raw, json)
Hash identifier:          on3kQCYUNZKRxGtFMqFbhtq0XpvF2h8o5WQ5uLMzRPY=
Subject key identifier:   E4:E5:33:08:8D:15:6A:6A:9F:5F:1B:CF:96:DC:75:E9:BC:14:2A:AB
Certificate issuer:       /CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
Certificate serial:       010D0C9F4328583D3F687109F847246D4CEB1680
Authority key identifier: 77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/209b30a5-7707-3cc3-aed2-78e750692c4f.roa
Signing time:             Tue 15 Mar 2022 04:00:00 +0000
ROA not before:           Tue 15 Mar 2022 04:00:00 +0000
ROA not after:            Tue 07 Mar 2028 05:00:00 +0000
asID:                     7029
IP address blocks:        206.216.96.0/20 maxlen: 20
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:3d:3f:68:71:09:f8:47:24:6d:4c:eb:16:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
        Validity
            Not Before: Mar 15 04:00:00 2022 GMT
            Not After : Mar  7 05:00:00 2028 GMT
        Subject: CN=ed974146-6529-4903-9452-318ba23f134b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:de:9a:75:2a:67:4a:f5:93:9b:e2:c8:aa:b0:
                    0c:e9:56:58:79:0c:b7:d9:3f:86:70:d2:f5:4a:01:
                    91:f4:a1:e8:55:3e:b9:a1:f0:7c:a1:19:fc:0c:8b:
                    a8:2f:a1:68:07:15:b6:f2:5a:55:9b:f6:1f:52:db:
                    f8:a8:dc:46:54:ef:33:42:85:79:e5:e4:53:ee:8f:
                    19:7b:f1:1d:16:91:7e:81:72:79:2e:f3:54:1d:58:
                    5b:a1:c5:93:a1:88:66:f7:d4:05:fb:b1:9c:92:6a:
                    e4:10:c6:32:01:05:2a:65:03:f5:1e:3f:71:2c:40:
                    77:8e:75:54:78:dc:a6:c6:01:10:52:55:e9:0c:62:
                    f1:b1:22:fb:0f:8b:24:a9:8e:c7:b0:e6:78:53:a2:
                    0b:17:cd:fe:e4:90:d5:63:d4:88:37:90:cf:9f:ca:
                    a4:22:31:13:b8:f7:d9:97:da:32:87:64:6f:5c:0c:
                    ef:82:e9:4c:e7:aa:b7:c8:4b:ef:7c:39:76:88:14:
                    f3:ad:df:2a:be:48:32:cc:7c:70:35:dd:af:2a:a5:
                    4c:ee:37:6e:5d:53:58:e1:00:c8:1f:91:be:1d:b7:
                    04:00:8a:00:f0:f7:a8:47:8a:70:c4:6f:a7:04:45:
                    d0:e7:a2:63:f5:bc:fb:36:c3:dd:c5:c9:94:a1:f7:
                    66:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:E5:33:08:8D:15:6A:6A:9F:5F:1B:CF:96:DC:75:E9:BC:14:2A:AB
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/209b30a5-7707-3cc3-aed2-78e750692c4f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/49bd506e-447c-48e7-9d44-4b373b35b2d3.crl

            X509v3 Authority Key Identifier:
                keyid:77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  206.216.96.0/20

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         2a:67:78:87:bb:6e:8f:e4:47:6a:d2:c6:25:fe:1c:3c:e8:e5:
         07:98:6f:65:53:5c:f6:35:41:66:02:5e:b1:26:0b:32:7d:b9:
         06:4d:0f:85:6f:39:c2:53:18:9a:92:73:c5:6b:d0:0c:d7:ae:
         40:34:77:7f:58:0e:01:cb:cf:7e:6c:1c:28:06:e1:2d:0a:5e:
         01:e3:15:67:7b:75:58:2f:af:be:7d:4c:8f:2d:5b:32:e8:ff:
         b2:6e:da:c8:0b:d1:4a:87:b0:6b:97:4e:29:c0:92:6b:87:3e:
         1e:b8:39:5e:e3:60:68:74:b7:75:2e:d9:d6:ca:a8:74:6a:8c:
         d1:e4:22:de:72:b5:a9:3e:b3:d0:4a:e0:46:50:ec:54:76:39:
         ba:d3:70:83:56:b6:c0:64:cd:df:a6:cc:2f:eb:8f:79:ba:7a:
         9a:02:85:c5:b0:a8:9d:8b:aa:f6:44:89:c1:3a:11:e6:8c:1a:
         1e:be:1b:5c:cf:60:0d:f2:7d:8a:aa:ac:56:8c:93:93:f7:fe:
         9d:9e:60:0a:8d:11:a7:de:cd:93:08:f9:a3:a2:2b:36:3e:c8:
         53:8e:6a:13:07:d7:2d:5d:03:86:0e:b4:46:b4:e7:a9:f6:c7:
         45:49:f7:67:a9:d1:0f:38:e3:5b:4b:d7:ea:de:57:0a:6f:07:
         39:54:81:f4
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWD0/aHEJ+EckbUzrFoAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkNDliZDUwNmUtNDQ3Yy00OGU3LTlkNDQtNGIzNzNiMzVi
MmQzMB4XDTIyMDMxNTA0MDAwMFoXDTI4MDMwNzA1MDAwMFowLzEtMCsGA1UEAxMk
ZWQ5NzQxNDYtNjUyOS00OTAzLTk0NTItMzE4YmEyM2YxMzRiMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmN6adSpnSvWTm+LIqrAM6VZYeQy32T+GcNL1
SgGR9KHoVT65ofB8oRn8DIuoL6FoBxW28lpVm/YfUtv4qNxGVO8zQoV55eRT7o8Z
e/EdFpF+gXJ5LvNUHVhbocWToYhm99QF+7GckmrkEMYyAQUqZQP1Hj9xLEB3jnVU
eNymxgEQUlXpDGLxsSL7D4skqY7HsOZ4U6ILF83+5JDVY9SIN5DPn8qkIjETuPfZ
l9oyh2RvXAzvgulM56q3yEvvfDl2iBTzrd8qvkgyzHxwNd2vKqVM7jduXVNY4QDI
H5G+HbcEAIoA8PeoR4pwxG+nBEXQ56Jj9bz7NsPdxcmUofdmmQIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFOTlMwiNFWpqn18bz5bcdem8FCqrMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy80OWJk
NTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3M2IzNWIyZDMvMjA5YjMwYTUtNzcwNy0z
Y2MzLWFlZDItNzhlNzUwNjkyYzRmLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy81MjFlYjMzZi05
NjcyLTRjZDktYWNjZS0xMzcyMjdlOTcxYWMvNDliZDUwNmUtNDQ3Yy00OGU3LTlk
NDQtNGIzNzNiMzViMmQzLzQ5YmQ1MDZlLTQ0N2MtNDhlNy05ZDQ0LTRiMzczYjM1
YjJkMy5jcmwwHwYDVR0jBBgwFoAUdwOJO4YyY/94LoeEDRI/xecTaOQwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzUyMWViMzNmLTk2NzItNGNk
OS1hY2NlLTEzNzIyN2U5NzFhYy80OWJkNTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3
M2IzNWIyZDMuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEzthgMFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBACpneIe7bo/kR2rSxiX+HDzo5QeYb2VTXPY1QWYCXrEmCzJ9uQZND4Vv
OcJTGJqSc8Vr0AzXrkA0d39YDgHLz35sHCgG4S0KXgHjFWd7dVgvr759TI8tWzLo
/7Ju2sgL0UqHsGuXTinAkmuHPh64OV7jYGh0t3Uu2dbKqHRqjNHkIt5ytak+s9BK
4EZQ7FR2ObrTcINWtsBkzd+mzC/rj3m6epoChcWwqJ2LqvZEicE6EeaMGh6+G1zP
YA3yfYqqrFaMk5P3/p2eYAqNEafezZMI+aOiKzY+yFOOahMH1y1dA4YOtEa056n2
x0VJ92ep0Q8441tL1+reVwpvBzlUgfQ=
-----END CERTIFICATE-----
Generated at Fri Apr 11 22:42:44 2025 by rpki-client