Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/2c6c45f5-0e63-3b3b-a453-4f9360f9d75e.roa
File:                     2c6c45f5-0e63-3b3b-a453-4f9360f9d75e.roa (raw, json)
Hash identifier:          ZtW2gPoGGzLNYOwtxEsqsZdKEv/qrrVceFuqSzbw0Tc=
Subject key identifier:   6E:E6:FA:3F:67:50:30:6C:EE:EE:50:88:13:93:86:A0:24:91:39:BD
Certificate issuer:       /CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
Certificate serial:       010D0C9F432858455332DE418F3B0045863FDC80
Authority key identifier: 77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/2c6c45f5-0e63-3b3b-a453-4f9360f9d75e.roa
Signing time:             Mon 25 Mar 2024 13:00:33 +0000
ROA not before:           Mon 25 Mar 2024 13:00:33 +0000
ROA not after:            Sun 23 Jun 2024 13:00:33 +0000
asID:                     7029
IP address blocks:        64.82.0.0/17 maxlen: 17
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:45:53:32:de:41:8f:3b:00:45:86:3f:dc:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
        Validity
            Not Before: Mar 25 13:00:33 2024 GMT
            Not After : Jun 23 13:00:33 2024 GMT
        Subject: CN=22a6a3c3-2fa0-40c5-9a4d-29f13bc1a209
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:09:e2:d3:11:d6:61:ab:b5:3a:e8:6e:ea:e0:
                    e6:71:f6:97:3b:f5:95:ae:fe:df:b8:03:11:ee:ea:
                    7e:9e:07:4a:98:f4:a7:91:44:c5:f4:21:8a:88:bc:
                    8d:a3:3a:1c:1e:88:79:ff:09:1a:62:45:cb:1e:bc:
                    a6:59:e0:aa:4b:79:aa:0f:78:ca:af:fe:a8:1a:ae:
                    2f:4c:70:ab:7a:f2:db:6b:7f:e5:21:37:40:d1:99:
                    db:2f:bd:3f:9a:22:eb:60:ed:95:4c:94:dd:38:30:
                    0a:cc:aa:fe:88:0a:25:bc:bb:cc:0f:20:05:0d:b7:
                    c8:5d:9b:7b:46:06:49:c1:0a:7a:8f:57:bd:ba:c6:
                    16:e4:26:89:f5:84:32:1a:85:f6:9b:a6:64:0c:04:
                    f9:29:cb:9d:f4:11:53:ae:a0:93:28:02:3c:3e:cf:
                    d3:59:50:0c:94:9c:ea:eb:e7:12:81:d8:45:12:e0:
                    d9:b1:2a:50:85:01:a9:02:07:dc:26:c5:c9:09:7b:
                    0b:25:2f:71:23:6d:27:fb:37:c7:f6:ba:29:e0:8f:
                    80:35:05:b8:9b:8a:89:d6:89:6b:72:d4:6e:15:8a:
                    93:a0:a6:be:81:cd:ed:ab:64:63:f0:75:c5:f3:01:
                    29:18:7e:9a:fc:b4:48:76:d6:87:a7:6b:7e:7e:d7:
                    60:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:E6:FA:3F:67:50:30:6C:EE:EE:50:88:13:93:86:A0:24:91:39:BD
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/2c6c45f5-0e63-3b3b-a453-4f9360f9d75e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/49bd506e-447c-48e7-9d44-4b373b35b2d3.crl

            X509v3 Authority Key Identifier:
                keyid:77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.82.0.0/17

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         42:3a:5c:90:a3:23:ec:ef:ed:02:d3:57:03:e5:5d:09:82:46:
         b1:de:0d:d5:42:70:c0:55:00:e8:af:8b:fe:1a:41:7f:7d:21:
         f6:33:dd:85:b6:8d:7d:c3:7a:0e:a8:23:5c:b4:6d:f2:07:6e:
         34:23:25:9a:39:1c:db:8c:df:04:72:cf:9b:e3:0d:cc:20:a0:
         f6:c2:c7:ce:70:3e:a1:6f:50:ad:7e:74:c2:eb:d5:27:3c:b6:
         c9:bf:81:94:34:b6:cf:7c:db:76:5f:15:59:c3:a2:19:53:22:
         07:5f:99:bf:cd:e6:93:c3:ad:70:3a:45:50:d1:72:39:cc:12:
         6a:80:d2:66:d2:8e:d6:b5:6e:ee:47:6a:23:89:49:28:50:a1:
         b9:09:e9:5c:85:ee:51:d7:57:c8:a3:cf:77:37:55:65:3e:f6:
         e6:37:c2:12:a2:ca:e2:79:58:35:6d:c1:4f:91:26:73:a3:1e:
         11:9e:5b:7b:96:f0:62:0e:cf:d2:dd:61:81:ea:85:aa:bb:8c:
         66:f8:1d:c0:d0:21:18:40:8b:a4:75:bc:6f:14:83:9a:85:f9:
         d8:7d:73:cd:0f:27:e1:33:a0:01:af:72:e8:ad:37:2c:c9:19:
         3e:4c:bb:aa:4b:0b:a5:33:63:37:a3:f2:db:ab:95:31:d7:18:
         41:e7:02:91
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWEVTMt5BjzsARYY/3IAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkNDliZDUwNmUtNDQ3Yy00OGU3LTlkNDQtNGIzNzNiMzVi
MmQzMB4XDTI0MDMyNTEzMDAzM1oXDTI0MDYyMzEzMDAzM1owLzEtMCsGA1UEAxMk
MjJhNmEzYzMtMmZhMC00MGM1LTlhNGQtMjlmMTNiYzFhMjA5MIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgQni0xHWYau1Ouhu6uDmcfaXO/WVrv7fuAMR
7up+ngdKmPSnkUTF9CGKiLyNozocHoh5/wkaYkXLHrymWeCqS3mqD3jKr/6oGq4v
THCrevLba3/lITdA0ZnbL70/miLrYO2VTJTdODAKzKr+iAolvLvMDyAFDbfIXZt7
RgZJwQp6j1e9usYW5CaJ9YQyGoX2m6ZkDAT5Kcud9BFTrqCTKAI8Ps/TWVAMlJzq
6+cSgdhFEuDZsSpQhQGpAgfcJsXJCXsLJS9xI20n+zfH9rop4I+ANQW4m4qJ1olr
ctRuFYqToKa+gc3tq2Rj8HXF8wEpGH6a/LRIdtaHp2t+ftdgKQIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFG7m+j9nUDBs7u5QiBOThqAkkTm9MIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy80OWJk
NTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3M2IzNWIyZDMvMmM2YzQ1ZjUtMGU2My0z
YjNiLWE0NTMtNGY5MzYwZjlkNzVlLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy81MjFlYjMzZi05
NjcyLTRjZDktYWNjZS0xMzcyMjdlOTcxYWMvNDliZDUwNmUtNDQ3Yy00OGU3LTlk
NDQtNGIzNzNiMzViMmQzLzQ5YmQ1MDZlLTQ0N2MtNDhlNy05ZDQ0LTRiMzczYjM1
YjJkMy5jcmwwHwYDVR0jBBgwFoAUdwOJO4YyY/94LoeEDRI/xecTaOQwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzUyMWViMzNmLTk2NzItNGNk
OS1hY2NlLTEzNzIyN2U5NzFhYy80OWJkNTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3
M2IzNWIyZDMuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQHQFIAMFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBAEI6XJCjI+zv7QLTVwPlXQmCRrHeDdVCcMBVAOivi/4aQX99IfYz3YW2
jX3Deg6oI1y0bfIHbjQjJZo5HNuM3wRyz5vjDcwgoPbCx85wPqFvUK1+dMLr1Sc8
tsm/gZQ0ts9823ZfFVnDohlTIgdfmb/N5pPDrXA6RVDRcjnMEmqA0mbSjta1bu5H
aiOJSShQobkJ6VyF7lHXV8ijz3c3VWU+9uY3whKiyuJ5WDVtwU+RJnOjHhGeW3uW
8GIOz9LdYYHqhaq7jGb4HcDQIRhAi6R1vG8Ug5qF+dh9c80PJ+EzoAGvcuitNyzJ
GT5Mu6pLC6UzYzej8turlTHXGEHnApE=
-----END CERTIFICATE-----
Generated at Fri Apr 11 23:40:55 2025 by rpki-client