Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/32c4c708-4ec0-3104-8aab-22c7f28cd930.roa
File:                     32c4c708-4ec0-3104-8aab-22c7f28cd930.roa (raw, json)
Hash identifier:          xyY7HF8KEBVg8Ry98zSIYKSAeq5ny+idrsyG7ufuBQE=
Subject key identifier:   AC:25:AB:56:BD:E6:CE:95:94:94:5F:DA:64:D5:CB:A3:1D:E1:FD:D8
Certificate issuer:       /CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
Certificate serial:       010D0C9F4328583D3F3759C4010EC4622A410280
Authority key identifier: 77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/32c4c708-4ec0-3104-8aab-22c7f28cd930.roa
Signing time:             Tue 15 Mar 2022 04:00:00 +0000
ROA not before:           Tue 15 Mar 2022 04:00:00 +0000
ROA not after:            Tue 07 Mar 2028 05:00:00 +0000
asID:                     7029
IP address blocks:        66.36.0.0/20 maxlen: 20
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:3d:3f:37:59:c4:01:0e:c4:62:2a:41:02:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
        Validity
            Not Before: Mar 15 04:00:00 2022 GMT
            Not After : Mar  7 05:00:00 2028 GMT
        Subject: CN=6a105819-f3c8-4f9b-aa37-ef9f85c9e396
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:dc:9b:f3:80:97:3c:08:42:de:5d:de:59:da:
                    7e:ea:98:e6:76:51:3f:98:dd:1b:6c:1e:9f:4a:0e:
                    30:ce:3a:fa:d6:d8:be:e9:86:cd:a1:a4:99:47:73:
                    84:93:b4:11:3d:bf:3a:14:9b:3b:17:88:cc:de:39:
                    e5:53:2c:9f:30:64:5a:ce:7c:2d:d9:63:84:f5:93:
                    64:4d:d3:85:45:13:2a:42:0b:b6:da:4d:53:31:b8:
                    44:b5:b7:f4:9c:21:41:3e:40:a7:1e:57:71:5b:e6:
                    c7:29:01:95:d3:30:93:58:b6:c3:a8:44:20:b4:d1:
                    cd:4a:db:df:de:db:f6:cb:2e:70:fe:15:44:22:2c:
                    3b:ad:0b:ef:30:89:fc:42:3e:c5:2a:00:a8:0e:70:
                    c9:d6:a6:e0:fc:c4:4f:aa:f9:d4:3b:09:2b:6b:de:
                    6a:a1:9b:77:a3:21:31:00:6f:97:4a:ca:e9:25:f7:
                    e0:f2:48:38:9e:ca:4b:40:ae:b3:d8:ff:5b:ee:d5:
                    3c:f6:15:79:5d:0f:d0:2a:2a:12:b6:64:a8:db:45:
                    b4:bc:64:ae:6c:6d:e4:39:2f:99:9f:1a:87:a8:d3:
                    d1:7b:2c:81:05:15:ce:4a:e0:8e:31:ff:e1:28:a3:
                    fd:9b:63:f0:81:22:5e:87:c9:6a:d7:fa:96:ac:aa:
                    f4:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:25:AB:56:BD:E6:CE:95:94:94:5F:DA:64:D5:CB:A3:1D:E1:FD:D8
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/32c4c708-4ec0-3104-8aab-22c7f28cd930.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/49bd506e-447c-48e7-9d44-4b373b35b2d3.crl

            X509v3 Authority Key Identifier:
                keyid:77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  66.36.0.0/20

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         41:84:f8:06:37:50:3d:ab:75:aa:9a:88:e5:2c:85:14:01:53:
         86:b3:6f:fb:11:23:35:ae:b3:cd:a4:48:4f:9f:68:44:93:0d:
         1e:3d:2b:96:58:20:e7:6b:55:33:8f:bc:81:c5:03:da:99:9a:
         4b:cd:24:41:8d:37:f6:77:f1:28:56:4e:a7:43:0a:70:1d:2c:
         b5:d8:a2:41:0c:8c:42:c5:d0:6b:f3:30:e3:f4:c6:2a:57:56:
         47:39:f2:58:f9:d0:75:8d:a7:94:7d:fc:f8:db:60:b1:31:50:
         a8:59:13:d0:99:45:18:2d:67:2c:23:d5:cf:19:5e:28:72:e2:
         65:c2:c4:08:76:a0:48:7c:02:ff:f0:af:2b:85:a9:6f:4f:16:
         2e:ad:ec:0d:17:c1:68:66:fd:e1:dd:29:24:a4:5d:c9:92:53:
         be:53:3e:8f:ab:03:49:9a:0b:d1:35:3e:9f:73:27:86:5e:60:
         f4:20:78:bf:4a:0a:09:ca:30:32:f4:c4:8e:91:68:d9:76:19:
         b2:45:92:0c:24:3f:80:11:c5:e5:3f:b4:79:a8:10:16:2b:de:
         64:c0:18:56:d9:0b:35:dd:34:11:88:4c:71:f4:12:34:89:7b:
         96:a2:ab:0f:06:a6:b3:b0:0b:1b:b3:0d:29:eb:7c:14:13:3d:
         9f:4c:81:67
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWD0/N1nEAQ7EYipBAoAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkNDliZDUwNmUtNDQ3Yy00OGU3LTlkNDQtNGIzNzNiMzVi
MmQzMB4XDTIyMDMxNTA0MDAwMFoXDTI4MDMwNzA1MDAwMFowLzEtMCsGA1UEAxMk
NmExMDU4MTktZjNjOC00ZjliLWFhMzctZWY5Zjg1YzllMzk2MIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhNyb84CXPAhC3l3eWdp+6pjmdlE/mN0bbB6f
Sg4wzjr61ti+6YbNoaSZR3OEk7QRPb86FJs7F4jM3jnlUyyfMGRaznwt2WOE9ZNk
TdOFRRMqQgu22k1TMbhEtbf0nCFBPkCnHldxW+bHKQGV0zCTWLbDqEQgtNHNStvf
3tv2yy5w/hVEIiw7rQvvMIn8Qj7FKgCoDnDJ1qbg/MRPqvnUOwkra95qoZt3oyEx
AG+XSsrpJffg8kg4nspLQK6z2P9b7tU89hV5XQ/QKioStmSo20W0vGSubG3kOS+Z
nxqHqNPReyyBBRXOSuCOMf/hKKP9m2PwgSJeh8lq1/qWrKr0qwIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFKwlq1a95s6VlJRf2mTVy6Md4f3YMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy80OWJk
NTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3M2IzNWIyZDMvMzJjNGM3MDgtNGVjMC0z
MTA0LThhYWItMjJjN2YyOGNkOTMwLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy81MjFlYjMzZi05
NjcyLTRjZDktYWNjZS0xMzcyMjdlOTcxYWMvNDliZDUwNmUtNDQ3Yy00OGU3LTlk
NDQtNGIzNzNiMzViMmQzLzQ5YmQ1MDZlLTQ0N2MtNDhlNy05ZDQ0LTRiMzczYjM1
YjJkMy5jcmwwHwYDVR0jBBgwFoAUdwOJO4YyY/94LoeEDRI/xecTaOQwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzUyMWViMzNmLTk2NzItNGNk
OS1hY2NlLTEzNzIyN2U5NzFhYy80OWJkNTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3
M2IzNWIyZDMuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEQiQAMFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBAEGE+AY3UD2rdaqaiOUshRQBU4azb/sRIzWus82kSE+faESTDR49K5ZY
IOdrVTOPvIHFA9qZmkvNJEGNN/Z38ShWTqdDCnAdLLXYokEMjELF0GvzMOP0xipX
Vkc58lj50HWNp5R9/PjbYLExUKhZE9CZRRgtZywj1c8ZXihy4mXCxAh2oEh8Av/w
ryuFqW9PFi6t7A0XwWhm/eHdKSSkXcmSU75TPo+rA0maC9E1Pp9zJ4ZeYPQgeL9K
CgnKMDL0xI6RaNl2GbJFkgwkP4ARxeU/tHmoEBYr3mTAGFbZCzXdNBGITHH0EjSJ
e5aiqw8GprOwCxuzDSnrfBQTPZ9MgWc=
-----END CERTIFICATE-----
Generated at Fri Apr 11 23:15:12 2025 by rpki-client