Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/2a86ecfc-8b75-3574-a854-44321476babb.roa
File:                     2a86ecfc-8b75-3574-a854-44321476babb.roa (raw, json)
Hash identifier:          /MJFo6vlyzU3OG1DbRgUQIoz2MX8z0HmUb3MYQUvlrU=
Subject key identifier:   4B:60:99:56:CC:65:23:84:AA:5F:24:93:58:33:E1:A7:DF:EF:CA:FE
Certificate issuer:       /CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
Certificate serial:       010D0C9F4328584553331C8A6257DD3B6159A680
Authority key identifier: 77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/2a86ecfc-8b75-3574-a854-44321476babb.roa
Signing time:             Mon 25 Mar 2024 13:00:33 +0000
ROA not before:           Mon 25 Mar 2024 13:00:33 +0000
ROA not after:            Sun 23 Jun 2024 13:00:33 +0000
asID:                     7029
IP address blocks:        207.94.0.0/20 maxlen: 20
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:45:53:33:1c:8a:62:57:dd:3b:61:59:a6:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
        Validity
            Not Before: Mar 25 13:00:33 2024 GMT
            Not After : Jun 23 13:00:33 2024 GMT
        Subject: CN=40d74de5-12cc-4042-abdb-eb56cf1edd61
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:ce:97:96:13:12:75:ff:11:d4:8f:82:e2:ac:
                    3f:df:be:4c:68:4a:09:3c:0d:61:26:63:07:f1:2c:
                    f3:4a:d7:1e:d6:ea:3e:05:3c:04:93:3b:9e:91:ba:
                    47:25:1e:da:90:9b:4b:71:a3:e6:57:7b:47:6a:ac:
                    90:f0:d9:de:d4:79:8e:80:5d:35:c5:03:35:d4:d7:
                    8f:3d:82:ec:51:45:91:b9:e8:36:94:e8:0a:62:e7:
                    07:22:69:aa:df:6b:cf:01:f9:14:8d:56:72:d4:ed:
                    d1:80:76:6e:ff:5d:05:3c:27:7c:e1:13:6a:70:e8:
                    a5:c2:bf:67:41:86:5d:10:43:93:27:fa:ff:e8:95:
                    a1:a0:b0:e6:31:1a:17:1e:3b:3f:04:66:27:d1:ae:
                    0a:54:54:5a:46:03:c6:ca:af:81:bb:81:1c:c0:4a:
                    f5:6d:00:04:cb:b5:8f:ed:f6:04:08:af:e4:44:ef:
                    37:50:c5:bd:ce:16:0b:0b:0a:f0:7d:d2:f1:b0:02:
                    39:7b:9b:37:8e:a2:fc:cc:eb:7f:e3:54:aa:38:99:
                    87:b5:9a:45:c6:42:d9:44:e0:5f:46:c1:1e:f5:59:
                    39:c3:3b:28:08:7f:2c:c7:9d:c6:1b:ab:f7:31:31:
                    76:1a:69:cc:44:b2:a7:26:d4:87:72:c2:4d:69:9b:
                    a7:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:60:99:56:CC:65:23:84:AA:5F:24:93:58:33:E1:A7:DF:EF:CA:FE
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/2a86ecfc-8b75-3574-a854-44321476babb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/49bd506e-447c-48e7-9d44-4b373b35b2d3.crl

            X509v3 Authority Key Identifier:
                keyid:77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  207.94.0.0/20

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         68:e1:80:bc:43:77:a5:52:3b:a9:2f:33:95:a6:01:de:20:1c:
         79:33:10:dd:94:0f:68:93:70:3e:71:aa:06:a8:22:ae:6d:14:
         ed:ff:97:cd:27:55:f3:dd:3d:d5:84:6e:d9:3e:f5:e1:95:1e:
         d8:33:91:68:e9:12:31:1e:e2:ed:7d:44:4c:17:61:7e:47:a2:
         5d:6a:a4:a5:46:37:b1:5a:2a:a3:8a:71:9c:52:d9:32:f3:a2:
         ae:bf:78:1b:cc:a6:21:70:9a:59:10:2e:5d:dd:34:62:b8:6c:
         6e:bd:62:3d:2f:bb:4b:b1:69:14:26:26:74:b5:a4:2f:9c:61:
         41:07:a8:2b:3a:14:ce:cd:99:c6:5a:10:1e:7f:91:2b:df:c7:
         9a:6d:ea:ef:d3:5a:dd:20:fb:00:22:89:f3:1e:0a:ef:4a:eb:
         5e:c0:20:d1:a1:64:a1:29:60:4a:00:b1:ad:98:ed:c6:91:df:
         c9:8d:59:c0:6e:63:91:8b:8c:61:62:1f:10:6c:6f:20:78:9b:
         cd:26:b4:ff:7e:4c:a6:f3:69:52:50:d9:f0:cd:6e:45:b9:8c:
         5b:84:af:ee:7e:ac:79:93:a2:bf:a3:ee:fa:b6:c3:f3:25:9b:
         9b:53:2e:69:fc:a8:bf:19:30:fb:a7:49:3d:e3:fb:e8:f5:da:
         38:ad:68:d3
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWEVTMxyKYlfdO2FZpoAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkNDliZDUwNmUtNDQ3Yy00OGU3LTlkNDQtNGIzNzNiMzVi
MmQzMB4XDTI0MDMyNTEzMDAzM1oXDTI0MDYyMzEzMDAzM1owLzEtMCsGA1UEAxMk
NDBkNzRkZTUtMTJjYy00MDQyLWFiZGItZWI1NmNmMWVkZDYxMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhM6XlhMSdf8R1I+C4qw/375MaEoJPA1hJmMH
8SzzStce1uo+BTwEkzuekbpHJR7akJtLcaPmV3tHaqyQ8Nne1HmOgF01xQM11NeP
PYLsUUWRueg2lOgKYucHImmq32vPAfkUjVZy1O3RgHZu/10FPCd84RNqcOilwr9n
QYZdEEOTJ/r/6JWhoLDmMRoXHjs/BGYn0a4KVFRaRgPGyq+Bu4EcwEr1bQAEy7WP
7fYECK/kRO83UMW9zhYLCwrwfdLxsAI5e5s3jqL8zOt/41SqOJmHtZpFxkLZROBf
RsEe9Vk5wzsoCH8sx53GG6v3MTF2GmnMRLKnJtSHcsJNaZun0wIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFEtgmVbMZSOEql8kk1gz4aff78r+MIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy80OWJk
NTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3M2IzNWIyZDMvMmE4NmVjZmMtOGI3NS0z
NTc0LWE4NTQtNDQzMjE0NzZiYWJiLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy81MjFlYjMzZi05
NjcyLTRjZDktYWNjZS0xMzcyMjdlOTcxYWMvNDliZDUwNmUtNDQ3Yy00OGU3LTlk
NDQtNGIzNzNiMzViMmQzLzQ5YmQ1MDZlLTQ0N2MtNDhlNy05ZDQ0LTRiMzczYjM1
YjJkMy5jcmwwHwYDVR0jBBgwFoAUdwOJO4YyY/94LoeEDRI/xecTaOQwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzUyMWViMzNmLTk2NzItNGNk
OS1hY2NlLTEzNzIyN2U5NzFhYy80OWJkNTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3
M2IzNWIyZDMuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEz14AMFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBAGjhgLxDd6VSO6kvM5WmAd4gHHkzEN2UD2iTcD5xqgaoIq5tFO3/l80n
VfPdPdWEbtk+9eGVHtgzkWjpEjEe4u19REwXYX5Hol1qpKVGN7FaKqOKcZxS2TLz
oq6/eBvMpiFwmlkQLl3dNGK4bG69Yj0vu0uxaRQmJnS1pC+cYUEHqCs6FM7NmcZa
EB5/kSvfx5pt6u/TWt0g+wAiifMeCu9K617AINGhZKEpYEoAsa2Y7caR38mNWcBu
Y5GLjGFiHxBsbyB4m80mtP9+TKbzaVJQ2fDNbkW5jFuEr+5+rHmTor+j7vq2w/Ml
m5tTLmn8qL8ZMPunST3j++j12jitaNM=
-----END CERTIFICATE-----
Generated at Fri Apr 11 22:58:02 2025 by rpki-client