Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/24e0d685-7c8a-397e-96fe-81fe12deee51.roa
File:                     24e0d685-7c8a-397e-96fe-81fe12deee51.roa (raw, json)
Hash identifier:          BXw/fop4KBDMW15D3DMwAuDk2tw/0cj2hHfZZV7T3R0=
Subject key identifier:   0C:AF:DB:45:3C:CD:4E:2F:D0:F3:B3:20:3A:93:2A:AC:84:BC:BB:90
Certificate issuer:       /CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
Certificate serial:       010D0C9F4328584553332382F40A44BCC8DB93A0
Authority key identifier: 77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/24e0d685-7c8a-397e-96fe-81fe12deee51.roa
Signing time:             Mon 25 Mar 2024 13:00:33 +0000
ROA not before:           Mon 25 Mar 2024 13:00:33 +0000
ROA not after:            Sun 23 Jun 2024 13:00:33 +0000
asID:                     7029
IP address blocks:        209.92.89.0/24 maxlen: 24
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:45:53:33:23:82:f4:0a:44:bc:c8:db:93:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
        Validity
            Not Before: Mar 25 13:00:33 2024 GMT
            Not After : Jun 23 13:00:33 2024 GMT
        Subject: CN=f9646dfe-b298-4bfc-a163-2f86a805612a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:26:b6:96:cb:e8:7f:d0:e6:21:e7:d8:cf:f3:
                    da:04:ed:fe:1e:4b:77:1c:fe:4f:5f:0a:5d:d4:76:
                    4a:9a:12:3a:a7:7d:72:97:a1:d1:44:00:80:84:fe:
                    60:98:96:78:cc:ab:13:cb:7d:b7:8a:80:14:5b:1b:
                    df:0b:59:69:cf:77:73:80:55:29:de:59:be:01:1c:
                    17:12:e8:41:c8:f3:c2:16:18:56:a7:c0:bc:af:ce:
                    64:d6:2e:66:4b:a2:f0:4d:2b:76:0e:2b:f5:e4:15:
                    58:ef:59:82:52:1c:ca:ca:21:b6:2b:1f:92:64:d0:
                    ab:28:91:cb:81:48:ff:88:e0:32:3e:c2:5c:b5:8f:
                    fb:1e:47:05:dc:8b:24:60:81:83:45:d9:3d:91:e6:
                    f9:fa:fb:74:fb:14:66:82:97:f1:f5:f9:b6:f4:60:
                    14:ab:43:88:72:18:4f:c8:f1:5a:31:9d:da:03:4f:
                    b9:04:aa:e1:01:e9:0d:a7:40:be:ba:51:c9:90:5c:
                    87:52:5c:e7:a0:9d:4c:de:94:82:c5:93:40:87:a3:
                    7e:dd:6e:c1:e9:48:63:69:9b:3c:b6:83:6f:fe:d9:
                    ca:45:ef:b5:50:28:0d:05:7d:ea:db:bc:99:96:60:
                    8e:be:03:33:b4:a5:d0:c3:8d:47:69:65:cc:47:a7:
                    a5:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:AF:DB:45:3C:CD:4E:2F:D0:F3:B3:20:3A:93:2A:AC:84:BC:BB:90
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/24e0d685-7c8a-397e-96fe-81fe12deee51.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/49bd506e-447c-48e7-9d44-4b373b35b2d3.crl

            X509v3 Authority Key Identifier:
                keyid:77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  209.92.89.0/24

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         8d:51:8d:82:d1:b5:6b:4d:17:16:e1:71:d8:14:38:1b:f2:a2:
         55:88:1d:7e:34:22:9d:af:3b:cd:97:ca:2d:92:fd:63:f8:34:
         6f:33:0d:70:fd:0e:74:07:6f:8a:8f:6b:b0:e9:ba:9d:06:40:
         51:b0:ad:c0:01:32:4f:07:96:f2:6c:f1:f7:d9:8d:c7:5c:a2:
         56:1a:96:b6:9d:d4:f5:d9:2d:c2:8b:43:e6:ef:d2:00:2e:e7:
         66:3f:0b:1f:26:ff:b8:71:10:3e:09:43:fd:29:82:95:f4:d6:
         11:02:54:70:b3:ea:f5:93:5b:f6:80:3e:90:3b:08:ca:b8:29:
         51:b0:be:cf:99:1f:ed:45:8f:3f:17:fd:89:54:5e:d5:f2:2b:
         c9:86:01:70:33:23:82:c1:7d:57:aa:1a:c2:94:fe:84:89:71:
         ff:3b:fc:44:93:ed:86:71:62:59:5c:32:2a:39:dd:1c:6f:57:
         86:0e:af:e0:c0:64:8e:b4:41:c9:df:3f:ce:d1:10:e6:6e:56:
         47:27:f6:1b:77:9e:9c:aa:2c:c0:cc:5c:83:eb:73:63:cd:b0:
         d7:d9:ff:25:26:27:ff:3d:d7:ae:74:42:62:69:66:f9:d0:d9:
         9d:8e:17:ec:6c:2c:8e:77:a3:55:3d:a1:4a:5f:8f:35:53:45:
         50:da:14:1b
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWEVTMyOC9ApEvMjbk6AwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkNDliZDUwNmUtNDQ3Yy00OGU3LTlkNDQtNGIzNzNiMzVi
MmQzMB4XDTI0MDMyNTEzMDAzM1oXDTI0MDYyMzEzMDAzM1owLzEtMCsGA1UEAxMk
Zjk2NDZkZmUtYjI5OC00YmZjLWExNjMtMmY4NmE4MDU2MTJhMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsCa2lsvof9DmIefYz/PaBO3+Hkt3HP5PXwpd
1HZKmhI6p31yl6HRRACAhP5gmJZ4zKsTy323ioAUWxvfC1lpz3dzgFUp3lm+ARwX
EuhByPPCFhhWp8C8r85k1i5mS6LwTSt2Div15BVY71mCUhzKyiG2Kx+SZNCrKJHL
gUj/iOAyPsJctY/7HkcF3IskYIGDRdk9keb5+vt0+xRmgpfx9fm29GAUq0OIchhP
yPFaMZ3aA0+5BKrhAekNp0C+ulHJkFyHUlznoJ1M3pSCxZNAh6N+3W7B6UhjaZs8
toNv/tnKRe+1UCgNBX3q27yZlmCOvgMztKXQw41HaWXMR6elxwIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFAyv20U8zU4v0POzIDqTKqyEvLuQMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy80OWJk
NTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3M2IzNWIyZDMvMjRlMGQ2ODUtN2M4YS0z
OTdlLTk2ZmUtODFmZTEyZGVlZTUxLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy81MjFlYjMzZi05
NjcyLTRjZDktYWNjZS0xMzcyMjdlOTcxYWMvNDliZDUwNmUtNDQ3Yy00OGU3LTlk
NDQtNGIzNzNiMzViMmQzLzQ5YmQ1MDZlLTQ0N2MtNDhlNy05ZDQ0LTRiMzczYjM1
YjJkMy5jcmwwHwYDVR0jBBgwFoAUdwOJO4YyY/94LoeEDRI/xecTaOQwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzUyMWViMzNmLTk2NzItNGNk
OS1hY2NlLTEzNzIyN2U5NzFhYy80OWJkNTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3
M2IzNWIyZDMuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA0VxZMFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBAI1RjYLRtWtNFxbhcdgUOBvyolWIHX40Ip2vO82Xyi2S/WP4NG8zDXD9
DnQHb4qPa7Dpup0GQFGwrcABMk8HlvJs8ffZjcdcolYalrad1PXZLcKLQ+bv0gAu
52Y/Cx8m/7hxED4JQ/0pgpX01hECVHCz6vWTW/aAPpA7CMq4KVGwvs+ZH+1Fjz8X
/YlUXtXyK8mGAXAzI4LBfVeqGsKU/oSJcf87/EST7YZxYllcMio53RxvV4YOr+DA
ZI60QcnfP87REOZuVkcn9ht3npyqLMDMXIPrc2PNsNfZ/yUmJ/891650QmJpZvnQ
2Z2OF+xsLI53o1U9oUpfjzVTRVDaFBs=
-----END CERTIFICATE-----