Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/2aa42989-d082-3078-a1ac-811e64159d4e.roa
File:                     2aa42989-d082-3078-a1ac-811e64159d4e.roa (raw, json)
Hash identifier:          xK/U1zHIvrPfJI9syyGeCptXyl/RBFAEbOjVUh1e7Zc=
Subject key identifier:   13:70:D8:3E:57:0A:C9:8F:2F:D3:E6:03:76:1B:06:02:B3:D6:9F:1F
Certificate issuer:       /CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
Certificate serial:       010D0C9F43285847F15544E29C29DE4E867AA880
Authority key identifier: 77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/2aa42989-d082-3078-a1ac-811e64159d4e.roa
Signing time:             Wed 20 Nov 2024 14:00:52 +0000
ROA not before:           Wed 20 Nov 2024 14:00:52 +0000
ROA not after:            Tue 18 Feb 2025 14:00:52 +0000
asID:                     33596
IP address blocks:        67.210.65.0/24 maxlen: 24
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:47:f1:55:44:e2:9c:29:de:4e:86:7a:a8:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
        Validity
            Not Before: Nov 20 14:00:52 2024 GMT
            Not After : Feb 18 14:00:52 2025 GMT
        Subject: CN=d063cc29-1075-4936-b5c4-a067fd33241f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:8f:2c:f9:f4:6d:65:80:58:7f:73:1f:cb:f9:
                    4c:67:10:57:92:b8:10:fa:44:35:bc:5a:fc:9b:ee:
                    ea:a0:bd:12:d1:93:3d:28:71:24:f9:da:64:50:e6:
                    9f:40:64:0b:45:bc:a9:67:5e:52:dd:78:42:ca:c0:
                    cf:38:eb:e2:07:1d:14:37:c1:3e:01:cd:3c:3c:62:
                    d2:99:49:3d:6d:e8:89:50:5f:75:d6:9a:05:e9:21:
                    b9:f6:04:49:51:a1:bf:b5:63:43:86:17:63:09:c4:
                    28:22:ba:66:8d:0d:ef:1e:ce:3b:c6:f2:e8:1d:63:
                    31:fa:97:b3:ea:74:70:ce:5e:e6:e0:e1:f6:a0:a5:
                    a2:99:9b:02:89:78:b3:2c:e5:ae:ec:cb:1c:f9:d3:
                    8a:be:6d:0f:a7:28:24:a4:23:2a:03:c9:b1:00:cb:
                    7d:ea:d2:e3:de:e4:fe:48:2f:6a:8c:ce:95:cf:6d:
                    82:fb:19:d6:90:f9:a7:11:71:ec:32:3f:58:f5:b9:
                    a8:a5:86:84:49:57:8d:d4:b2:e1:64:b9:b2:ad:09:
                    c4:70:ad:b0:a0:52:80:39:77:27:68:25:fe:ed:9f:
                    a7:a0:a7:d0:56:b3:de:f4:99:7f:f7:8b:87:69:7e:
                    d5:3b:81:7d:7d:47:c3:9b:c2:59:c4:d5:1e:82:ac:
                    20:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:70:D8:3E:57:0A:C9:8F:2F:D3:E6:03:76:1B:06:02:B3:D6:9F:1F
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/2aa42989-d082-3078-a1ac-811e64159d4e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/49bd506e-447c-48e7-9d44-4b373b35b2d3.crl

            X509v3 Authority Key Identifier:
                keyid:77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  67.210.65.0/24

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         8c:b1:ff:a1:72:a8:27:e7:fe:50:86:b7:96:d0:57:68:29:37:
         2d:dd:f9:f2:15:9a:d5:2a:86:c9:3f:cc:b1:0c:ce:9f:18:16:
         df:db:c1:fb:69:fc:c7:d6:39:27:66:fe:68:48:1b:72:37:d9:
         9a:f5:a9:7d:f5:b1:72:c3:94:e1:16:2b:48:9f:a8:01:57:af:
         84:2a:43:5d:85:c9:71:be:ce:59:be:58:fe:85:75:f5:c7:47:
         d0:4e:e5:2f:c4:23:7d:08:cf:45:ea:fa:80:a2:5c:38:e6:40:
         f9:13:39:4f:d3:2d:1f:b6:f1:f3:d3:5a:30:a8:bc:76:88:64:
         b9:af:6f:45:66:e3:17:66:cc:5d:5c:e5:62:41:03:a1:df:10:
         31:3c:6f:6c:40:15:e8:72:65:93:2f:05:97:36:25:05:5d:80:
         4c:a3:49:7d:ea:33:8a:9a:4d:69:ca:9a:41:0d:07:b6:3b:0d:
         a7:fa:84:8e:69:be:01:91:9f:3f:7a:a5:05:4a:5b:30:81:a8:
         1e:55:9f:d9:b5:3c:23:a2:6a:3e:67:2c:64:c6:d6:d0:1a:45:
         33:75:33:97:fe:da:f3:87:a9:d7:72:e0:a1:75:5b:f4:72:40:
         66:83:be:78:17:cd:61:19:82:0d:37:82:20:92:fe:ae:9e:46:
         35:bd:15:19
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWEfxVUTinCneToZ6qIAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkNDliZDUwNmUtNDQ3Yy00OGU3LTlkNDQtNGIzNzNiMzVi
MmQzMB4XDTI0MTEyMDE0MDA1MloXDTI1MDIxODE0MDA1MlowLzEtMCsGA1UEAxMk
ZDA2M2NjMjktMTA3NS00OTM2LWI1YzQtYTA2N2ZkMzMyNDFmMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnY8s+fRtZYBYf3Mfy/lMZxBXkrgQ+kQ1vFr8
m+7qoL0S0ZM9KHEk+dpkUOafQGQLRbypZ15S3XhCysDPOOviBx0UN8E+Ac08PGLS
mUk9beiJUF911poF6SG59gRJUaG/tWNDhhdjCcQoIrpmjQ3vHs47xvLoHWMx+pez
6nRwzl7m4OH2oKWimZsCiXizLOWu7Msc+dOKvm0PpygkpCMqA8mxAMt96tLj3uT+
SC9qjM6Vz22C+xnWkPmnEXHsMj9Y9bmopYaESVeN1LLhZLmyrQnEcK2woFKAOXcn
aCX+7Z+noKfQVrPe9Jl/94uHaX7VO4F9fUfDm8JZxNUegqwg+QIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFBNw2D5XCsmPL9PmA3YbBgKz1p8fMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy80OWJk
NTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3M2IzNWIyZDMvMmFhNDI5ODktZDA4Mi0z
MDc4LWExYWMtODExZTY0MTU5ZDRlLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy81MjFlYjMzZi05
NjcyLTRjZDktYWNjZS0xMzcyMjdlOTcxYWMvNDliZDUwNmUtNDQ3Yy00OGU3LTlk
NDQtNGIzNzNiMzViMmQzLzQ5YmQ1MDZlLTQ0N2MtNDhlNy05ZDQ0LTRiMzczYjM1
YjJkMy5jcmwwHwYDVR0jBBgwFoAUdwOJO4YyY/94LoeEDRI/xecTaOQwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzUyMWViMzNmLTk2NzItNGNk
OS1hY2NlLTEzNzIyN2U5NzFhYy80OWJkNTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3
M2IzNWIyZDMuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAQ9JBMFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBAIyx/6FyqCfn/lCGt5bQV2gpNy3d+fIVmtUqhsk/zLEMzp8YFt/bwftp
/MfWOSdm/mhIG3I32Zr1qX31sXLDlOEWK0ifqAFXr4QqQ12FyXG+zlm+WP6FdfXH
R9BO5S/EI30Iz0Xq+oCiXDjmQPkTOU/TLR+28fPTWjCovHaIZLmvb0Vm4xdmzF1c
5WJBA6HfEDE8b2xAFehyZZMvBZc2JQVdgEyjSX3qM4qaTWnKmkENB7Y7Daf6hI5p
vgGRnz96pQVKWzCBqB5Vn9m1PCOiaj5nLGTG1tAaRTN1M5f+2vOHqddy4KF1W/Ry
QGaDvngXzWEZgg03giCS/q6eRjW9FRk=
-----END CERTIFICATE-----
Generated at Sun Feb 16 20:19:13 2025 by rpki-client