Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/2212581b-c442-3c21-b9a9-74f2d53ec6ed.roa
File:                     2212581b-c442-3c21-b9a9-74f2d53ec6ed.roa (raw, json)
Hash identifier:          STe/ecyXS7ikxha9DpwXNpdYAbZzNxtkQ1HwYenjqZ8=
Subject key identifier:   C8:D9:12:B1:34:9C:59:95:BA:1C:A7:76:65:79:14:93:53:D8:29:E9
Certificate issuer:       /CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
Certificate serial:       010D0C9F4328583D57E42F7B31213240738B4080
Authority key identifier: 77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/2212581b-c442-3c21-b9a9-74f2d53ec6ed.roa
Signing time:             Thu 24 Mar 2022 04:00:00 +0000
ROA not before:           Thu 24 Mar 2022 04:00:00 +0000
ROA not after:            Thu 16 Mar 2028 04:00:00 +0000
asID:                     7029
IP address blocks:        209.168.128.0/17 maxlen: 17
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:3d:57:e4:2f:7b:31:21:32:40:73:8b:40:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
        Validity
            Not Before: Mar 24 04:00:00 2022 GMT
            Not After : Mar 16 04:00:00 2028 GMT
        Subject: CN=687f5f76-3c11-44c9-94ea-e22794ab8904
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:08:af:58:fc:de:92:4c:f4:92:d2:98:82:ea:
                    c3:f3:d9:0e:24:b4:13:37:1e:b3:4e:8c:47:e8:da:
                    88:01:79:ca:3d:c7:c2:ab:58:93:a0:b0:f8:9c:11:
                    90:a3:f3:b9:81:15:b2:33:8b:14:56:c3:ba:c5:d2:
                    3a:5a:e4:c9:05:d7:b5:e5:9f:82:12:b4:55:05:25:
                    24:a7:40:3e:06:af:82:2b:41:b1:fc:05:5a:a0:69:
                    73:c2:4e:00:ea:3f:97:29:23:cb:70:dc:59:e8:10:
                    ec:49:f5:81:ea:ec:92:9f:38:db:43:f4:7c:c2:da:
                    37:bf:f8:91:08:c1:e8:06:b7:83:c5:87:af:15:46:
                    54:b5:42:b9:23:96:25:ee:37:ce:be:53:d9:43:8b:
                    f0:92:a0:a6:45:29:e9:40:6b:d0:63:6a:dd:c7:62:
                    ce:2d:58:eb:9f:ab:93:fa:30:ce:23:44:df:2a:c9:
                    c0:84:cb:4a:1a:0c:64:28:c5:5a:bf:e7:91:25:a5:
                    7c:ef:7c:b7:f2:e6:23:91:97:0c:de:ef:15:d7:f9:
                    7a:5a:b6:9c:88:7b:bc:a5:97:d1:38:74:c2:92:cc:
                    fd:85:2d:76:9a:8b:d8:ec:8c:8f:80:27:16:8f:df:
                    c4:f9:6e:4d:e3:66:89:8d:b2:5e:1e:e9:88:dc:4e:
                    eb:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:D9:12:B1:34:9C:59:95:BA:1C:A7:76:65:79:14:93:53:D8:29:E9
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/2212581b-c442-3c21-b9a9-74f2d53ec6ed.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/49bd506e-447c-48e7-9d44-4b373b35b2d3.crl

            X509v3 Authority Key Identifier:
                keyid:77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  209.168.128.0/17

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         39:26:e9:b9:a4:50:70:1b:57:11:0a:a0:3f:32:db:f2:1e:c3:
         55:a9:10:67:3b:c7:90:d1:93:a6:94:02:00:e7:b9:a3:15:34:
         08:88:ec:5a:93:bc:49:a5:02:ab:6e:a4:74:8d:dd:1c:58:ed:
         7b:97:5b:48:d0:9b:b4:88:45:d6:c8:21:4c:f4:1a:6c:dc:b3:
         7b:b6:ff:4a:0b:f0:b5:a9:2c:ac:c5:2a:d6:e5:68:76:e0:a9:
         86:ee:79:d5:9b:f4:7f:3b:bd:1c:99:2d:ef:89:5d:10:d2:48:
         5a:cc:f1:e0:6c:aa:11:30:59:0c:e0:c9:80:26:62:9d:71:d6:
         0b:ed:15:5a:59:0b:4c:aa:f8:77:24:7f:31:30:93:61:c2:b0:
         f0:09:32:9b:66:c6:2b:44:f1:5a:29:c8:4a:ef:b8:af:28:0b:
         6f:e8:16:ee:82:f1:4f:2b:95:02:43:26:91:2d:db:1f:60:36:
         9a:e7:ac:ae:d4:e4:cc:0c:48:5b:29:a1:f7:8e:ec:60:86:27:
         1c:9d:43:46:61:50:87:63:ef:64:71:17:f5:86:d5:7c:3c:e6:
         d7:d1:8c:8a:87:1f:c0:71:02:91:19:18:a1:32:a7:2f:f1:92:
         71:99:a8:09:17:93:f9:ab:ee:37:28:32:20:be:d4:80:0f:6a:
         3d:38:cd:ef
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWD1X5C97MSEyQHOLQIAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkNDliZDUwNmUtNDQ3Yy00OGU3LTlkNDQtNGIzNzNiMzVi
MmQzMB4XDTIyMDMyNDA0MDAwMFoXDTI4MDMxNjA0MDAwMFowLzEtMCsGA1UEAxMk
Njg3ZjVmNzYtM2MxMS00NGM5LTk0ZWEtZTIyNzk0YWI4OTA0MIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEArQivWPzekkz0ktKYgurD89kOJLQTNx6zToxH
6NqIAXnKPcfCq1iToLD4nBGQo/O5gRWyM4sUVsO6xdI6WuTJBde15Z+CErRVBSUk
p0A+Bq+CK0Gx/AVaoGlzwk4A6j+XKSPLcNxZ6BDsSfWB6uySnzjbQ/R8wto3v/iR
CMHoBreDxYevFUZUtUK5I5Yl7jfOvlPZQ4vwkqCmRSnpQGvQY2rdx2LOLVjrn6uT
+jDOI0TfKsnAhMtKGgxkKMVav+eRJaV873y38uYjkZcM3u8V1/l6WraciHu8pZfR
OHTCksz9hS12movY7IyPgCcWj9/E+W5N42aJjbJeHumI3E7rWwIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFMjZErE0nFmVuhyndmV5FJNT2CnpMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy80OWJk
NTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3M2IzNWIyZDMvMjIxMjU4MWItYzQ0Mi0z
YzIxLWI5YTktNzRmMmQ1M2VjNmVkLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy81MjFlYjMzZi05
NjcyLTRjZDktYWNjZS0xMzcyMjdlOTcxYWMvNDliZDUwNmUtNDQ3Yy00OGU3LTlk
NDQtNGIzNzNiMzViMmQzLzQ5YmQ1MDZlLTQ0N2MtNDhlNy05ZDQ0LTRiMzczYjM1
YjJkMy5jcmwwHwYDVR0jBBgwFoAUdwOJO4YyY/94LoeEDRI/xecTaOQwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzUyMWViMzNmLTk2NzItNGNk
OS1hY2NlLTEzNzIyN2U5NzFhYy80OWJkNTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3
M2IzNWIyZDMuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQH0aiAMFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBADkm6bmkUHAbVxEKoD8y2/Iew1WpEGc7x5DRk6aUAgDnuaMVNAiI7FqT
vEmlAqtupHSN3RxY7XuXW0jQm7SIRdbIIUz0Gmzcs3u2/0oL8LWpLKzFKtblaHbg
qYbuedWb9H87vRyZLe+JXRDSSFrM8eBsqhEwWQzgyYAmYp1x1gvtFVpZC0yq+Hck
fzEwk2HCsPAJMptmxitE8VopyErvuK8oC2/oFu6C8U8rlQJDJpEt2x9gNprnrK7U
5MwMSFspofeO7GCGJxydQ0ZhUIdj72RxF/WG1Xw85tfRjIqHH8BxApEZGKEypy/x
knGZqAkXk/mr7jcoMiC+1IAPaj04ze8=
-----END CERTIFICATE-----
Generated at Sat Apr 12 01:04:56 2025 by rpki-client