Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/29d86e85-5ede-3efb-9db5-9ddd35a2452a.roa
File:                     29d86e85-5ede-3efb-9db5-9ddd35a2452a.roa (raw, json)
Hash identifier:          N7kEwh7ziCpnommER82Lxarjp6X475Io//QD+fFBSIg=
Subject key identifier:   F0:3C:BA:67:4A:FE:C9:7C:DF:2D:27:F6:FF:B8:5A:54:3E:F8:7B:A3
Certificate issuer:       /CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
Certificate serial:       010D0C9F4328584711E08632B1BD2361BC6CFB00
Authority key identifier: 77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/29d86e85-5ede-3efb-9db5-9ddd35a2452a.roa
Signing time:             Sun 01 Sep 2024 13:00:41 +0000
ROA not before:           Sun 01 Sep 2024 13:00:41 +0000
ROA not after:            Sat 30 Nov 2024 14:00:41 +0000
asID:                     7029
IP address blocks:        216.49.64.0/20 maxlen: 20
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:47:11:e0:86:32:b1:bd:23:61:bc:6c:fb:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
        Validity
            Not Before: Sep  1 13:00:41 2024 GMT
            Not After : Nov 30 14:00:41 2024 GMT
        Subject: CN=90ab51f0-6b68-40ef-a2e6-8ed48662043e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:3c:7d:72:94:cb:d0:4e:4b:50:1e:ec:d4:37:
                    e6:e3:0d:cb:97:c6:db:5c:df:ea:cf:4c:f9:f2:8c:
                    59:86:e2:49:1e:41:2f:0d:31:06:ff:0d:27:91:01:
                    04:47:1a:0b:4b:6a:13:02:70:1b:44:4d:0b:17:32:
                    89:8c:91:0c:05:2b:32:93:e1:ed:be:d4:6b:8d:da:
                    76:1b:6d:dc:3f:b3:95:56:af:da:da:84:be:a8:6f:
                    4a:82:29:19:27:49:4f:10:12:f2:b9:35:7c:45:29:
                    dd:2b:78:a6:d0:2a:25:dc:4a:95:73:56:75:63:d3:
                    7b:8a:eb:88:62:98:5d:7c:16:01:08:7d:8d:68:38:
                    85:bf:1c:0d:c9:bd:f2:a0:b6:a4:50:fc:af:7c:ac:
                    97:38:b3:d8:74:7f:53:29:f5:37:9b:68:5a:cd:74:
                    13:e6:7a:75:97:84:7d:0e:15:ce:d7:f8:7d:91:cc:
                    50:49:79:91:d3:92:76:7e:e5:5f:96:54:38:1c:9b:
                    d0:9a:f1:e6:3f:c4:68:09:65:29:ef:12:59:30:e3:
                    ee:ca:ee:41:0d:55:42:0d:5d:42:0f:4f:a7:e6:d3:
                    de:06:7d:de:6d:09:f7:09:29:ae:dd:e3:b9:b9:53:
                    40:97:a4:be:05:74:d2:2f:71:7c:0e:68:34:ad:16:
                    7f:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:3C:BA:67:4A:FE:C9:7C:DF:2D:27:F6:FF:B8:5A:54:3E:F8:7B:A3
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/29d86e85-5ede-3efb-9db5-9ddd35a2452a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/49bd506e-447c-48e7-9d44-4b373b35b2d3.crl

            X509v3 Authority Key Identifier:
                keyid:77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.49.64.0/20

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         31:2d:93:38:91:8e:77:08:8f:84:d0:98:d0:0d:0e:ed:8c:da:
         2f:8e:5f:1d:8c:28:dc:87:9c:99:00:c7:db:8a:a3:ac:ad:e4:
         ce:b2:8d:fc:5b:64:ac:88:bf:01:85:93:c7:92:41:93:e2:99:
         16:c1:bf:a1:4b:05:75:38:73:f4:d3:3f:6e:9b:ea:1c:e0:db:
         71:27:db:0d:42:e5:01:21:b9:8e:34:aa:31:13:ba:bb:56:06:
         93:41:34:ec:7f:32:f4:ef:ee:ea:aa:0a:a5:5e:c7:6a:76:60:
         b9:1d:ce:7a:f2:af:44:17:ca:ed:3f:bf:7d:77:fd:a6:bc:66:
         89:83:70:4e:be:c1:f3:5a:a3:8c:2a:87:a1:1d:17:3b:f4:7d:
         51:f8:db:41:c2:30:c8:a1:5f:bb:fc:4f:70:d3:6c:0f:07:42:
         bf:bd:86:4e:ca:e1:f1:88:48:57:56:31:8b:d3:1e:4a:3d:8b:
         e6:f1:3d:f4:9f:e7:f3:65:6a:00:f1:35:86:4c:02:c8:a9:02:
         cc:25:52:48:3f:32:89:e4:0d:1c:64:4a:71:a7:93:32:54:40:
         4e:98:86:62:14:4d:b2:3a:94:58:a0:0a:af:3e:93:87:76:4f:
         20:fb:e5:e5:f2:b1:3e:4a:b3:86:7c:00:e0:27:00:e2:2a:4f:
         be:21:ad:9b
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWEcR4IYysb0jYbxs+wAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkNDliZDUwNmUtNDQ3Yy00OGU3LTlkNDQtNGIzNzNiMzVi
MmQzMB4XDTI0MDkwMTEzMDA0MVoXDTI0MTEzMDE0MDA0MVowLzEtMCsGA1UEAxMk
OTBhYjUxZjAtNmI2OC00MGVmLWEyZTYtOGVkNDg2NjIwNDNlMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEApjx9cpTL0E5LUB7s1Dfm4w3Ll8bbXN/qz0z5
8oxZhuJJHkEvDTEG/w0nkQEERxoLS2oTAnAbRE0LFzKJjJEMBSsyk+HtvtRrjdp2
G23cP7OVVq/a2oS+qG9KgikZJ0lPEBLyuTV8RSndK3im0Col3EqVc1Z1Y9N7iuuI
YphdfBYBCH2NaDiFvxwNyb3yoLakUPyvfKyXOLPYdH9TKfU3m2hazXQT5np1l4R9
DhXO1/h9kcxQSXmR05J2fuVfllQ4HJvQmvHmP8RoCWUp7xJZMOPuyu5BDVVCDV1C
D0+n5tPeBn3ebQn3CSmu3eO5uVNAl6S+BXTSL3F8Dmg0rRZ/9wIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFPA8umdK/sl83y0n9v+4WlQ++HujMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy80OWJk
NTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3M2IzNWIyZDMvMjlkODZlODUtNWVkZS0z
ZWZiLTlkYjUtOWRkZDM1YTI0NTJhLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy81MjFlYjMzZi05
NjcyLTRjZDktYWNjZS0xMzcyMjdlOTcxYWMvNDliZDUwNmUtNDQ3Yy00OGU3LTlk
NDQtNGIzNzNiMzViMmQzLzQ5YmQ1MDZlLTQ0N2MtNDhlNy05ZDQ0LTRiMzczYjM1
YjJkMy5jcmwwHwYDVR0jBBgwFoAUdwOJO4YyY/94LoeEDRI/xecTaOQwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzUyMWViMzNmLTk2NzItNGNk
OS1hY2NlLTEzNzIyN2U5NzFhYy80OWJkNTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3
M2IzNWIyZDMuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQE2DFAMFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBADEtkziRjncIj4TQmNANDu2M2i+OXx2MKNyHnJkAx9uKo6yt5M6yjfxb
ZKyIvwGFk8eSQZPimRbBv6FLBXU4c/TTP26b6hzg23En2w1C5QEhuY40qjETurtW
BpNBNOx/MvTv7uqqCqVex2p2YLkdznryr0QXyu0/v313/aa8ZomDcE6+wfNao4wq
h6EdFzv0fVH420HCMMihX7v8T3DTbA8HQr+9hk7K4fGISFdWMYvTHko9i+bxPfSf
5/NlagDxNYZMAsipAswlUkg/MonkDRxkSnGnkzJUQE6YhmIUTbI6lFigCq8+k4d2
TyD75eXysT5Ks4Z8AOAnAOIqT74hrZs=
-----END CERTIFICATE-----
Generated at Fri Apr 11 22:45:23 2025 by rpki-client