Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/33d7defd-86e9-3b56-9f98-2ed202829a4e.roa
File:                     33d7defd-86e9-3b56-9f98-2ed202829a4e.roa (raw, json)
Hash identifier:          QhukSNvStD0z24RJfvkV330xqzG1vuDTUJrwqoOZrLs=
Subject key identifier:   74:A0:C7:16:7E:F2:24:22:49:16:F4:8D:5A:7C:DC:0E:F2:E9:7C:8B
Certificate issuer:       /CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
Certificate serial:       010D0C9F4328583D4FABF8498D45E8ACC74BB480
Authority key identifier: 77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/33d7defd-86e9-3b56-9f98-2ed202829a4e.roa
Signing time:             Mon 21 Mar 2022 04:00:00 +0000
ROA not before:           Mon 21 Mar 2022 04:00:00 +0000
ROA not after:            Mon 13 Mar 2028 04:00:00 +0000
asID:                     7029
IP address blocks:        207.223.224.0/20 maxlen: 20
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:3d:4f:ab:f8:49:8d:45:e8:ac:c7:4b:b4:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
        Validity
            Not Before: Mar 21 04:00:00 2022 GMT
            Not After : Mar 13 04:00:00 2028 GMT
        Subject: CN=0d8e4bf8-57c2-42ae-b356-275bdaa8c2b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:a0:66:7b:eb:04:ce:5c:71:36:cd:a6:d0:9c:
                    80:1a:b1:9f:48:d5:77:23:bd:16:d4:2d:1f:80:84:
                    f6:78:6e:20:be:b9:ec:56:48:ac:8b:9e:9e:84:82:
                    04:5e:9d:3d:72:3f:ee:ea:c0:85:56:66:47:b8:56:
                    78:fe:d4:d7:6f:98:b7:3e:47:e6:2d:dd:c9:bd:4c:
                    16:e6:97:d1:6a:ee:d1:b9:4e:4c:b0:67:d5:b4:db:
                    e8:4b:b5:66:e3:c6:6a:3d:10:68:d2:91:57:3e:09:
                    f4:a1:55:d1:f6:a3:58:f2:0e:8f:0a:66:41:c1:39:
                    88:75:03:90:e5:65:a9:fd:ce:7a:e8:df:2a:fc:c9:
                    72:f7:87:4d:67:f5:22:59:c1:f7:bf:5e:e0:ba:89:
                    9b:59:d3:43:71:b2:8d:92:66:61:82:a2:46:78:ac:
                    8e:56:4d:ec:34:2b:29:2e:54:4c:41:03:60:b1:ae:
                    3c:dc:3f:4e:bd:48:10:23:8b:73:a2:47:1e:19:9b:
                    3d:04:98:65:56:ab:9d:4d:b6:cc:9c:da:d8:c6:fc:
                    48:ba:8a:26:9c:99:5d:1f:af:94:70:1f:a2:c1:d6:
                    62:62:f9:ac:d8:53:c1:06:34:52:d6:88:d6:4d:34:
                    f4:c7:cd:94:67:1e:0a:d6:06:ec:19:7f:c5:ab:a9:
                    7e:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:A0:C7:16:7E:F2:24:22:49:16:F4:8D:5A:7C:DC:0E:F2:E9:7C:8B
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/33d7defd-86e9-3b56-9f98-2ed202829a4e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/49bd506e-447c-48e7-9d44-4b373b35b2d3.crl

            X509v3 Authority Key Identifier:
                keyid:77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  207.223.224.0/20

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         32:a9:c8:4c:ad:4b:33:0d:71:5d:84:52:05:b9:55:2a:16:49:
         7e:44:37:1f:b4:3d:92:b4:5c:7c:50:09:68:43:5d:0c:73:c7:
         9a:1d:b9:e5:fa:0f:04:20:67:1c:0b:af:a9:56:aa:dd:1c:37:
         0b:ce:79:17:03:9e:14:69:5f:9d:0c:5e:77:8d:5e:c9:4a:99:
         6e:3b:a3:70:7a:38:4c:37:00:83:28:74:9f:53:17:8a:83:b0:
         02:ae:83:43:8a:4c:6c:4a:07:d6:f8:8d:c5:72:44:6f:02:d1:
         ef:8f:ca:a1:84:81:fc:68:8c:c8:35:7f:05:e1:dc:cb:7b:53:
         db:e9:cd:2e:7c:1f:0c:4e:58:d4:c0:fd:29:7e:d6:20:41:36:
         7f:5d:aa:ba:3d:28:d0:e4:4a:83:51:44:ac:2d:dc:79:e2:3a:
         28:d1:36:cb:af:2e:cb:f9:38:f7:01:ff:19:4b:9c:42:de:73:
         0c:fa:8f:b6:b1:cf:c3:68:c1:00:37:af:41:94:c4:cd:72:3f:
         8c:b2:13:42:7a:b7:27:b0:07:4f:cc:f0:3a:15:2d:ff:30:48:
         ec:5b:af:af:be:a3:b9:02:e8:f2:a2:56:51:b0:9d:d7:24:41:
         0a:12:eb:a8:ba:2e:23:1a:2d:fe:4c:1f:86:7b:64:02:e1:c9:
         af:ce:fa:a4
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWD1Pq/hJjUXorMdLtIAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkNDliZDUwNmUtNDQ3Yy00OGU3LTlkNDQtNGIzNzNiMzVi
MmQzMB4XDTIyMDMyMTA0MDAwMFoXDTI4MDMxMzA0MDAwMFowLzEtMCsGA1UEAxMk
MGQ4ZTRiZjgtNTdjMi00MmFlLWIzNTYtMjc1YmRhYThjMmIwMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwaBme+sEzlxxNs2m0JyAGrGfSNV3I70W1C0f
gIT2eG4gvrnsVkisi56ehIIEXp09cj/u6sCFVmZHuFZ4/tTXb5i3PkfmLd3JvUwW
5pfRau7RuU5MsGfVtNvoS7Vm48ZqPRBo0pFXPgn0oVXR9qNY8g6PCmZBwTmIdQOQ
5WWp/c566N8q/Mly94dNZ/UiWcH3v17guombWdNDcbKNkmZhgqJGeKyOVk3sNCsp
LlRMQQNgsa483D9OvUgQI4tzokceGZs9BJhlVqudTbbMnNrYxvxIuoomnJldH6+U
cB+iwdZiYvms2FPBBjRS1ojWTTT0x82UZx4K1gbsGX/Fq6l+nQIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFHSgxxZ+8iQiSRb0jVp83A7y6XyLMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy80OWJk
NTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3M2IzNWIyZDMvMzNkN2RlZmQtODZlOS0z
YjU2LTlmOTgtMmVkMjAyODI5YTRlLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy81MjFlYjMzZi05
NjcyLTRjZDktYWNjZS0xMzcyMjdlOTcxYWMvNDliZDUwNmUtNDQ3Yy00OGU3LTlk
NDQtNGIzNzNiMzViMmQzLzQ5YmQ1MDZlLTQ0N2MtNDhlNy05ZDQ0LTRiMzczYjM1
YjJkMy5jcmwwHwYDVR0jBBgwFoAUdwOJO4YyY/94LoeEDRI/xecTaOQwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzUyMWViMzNmLTk2NzItNGNk
OS1hY2NlLTEzNzIyN2U5NzFhYy80OWJkNTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3
M2IzNWIyZDMuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEz9/gMFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBADKpyEytSzMNcV2EUgW5VSoWSX5ENx+0PZK0XHxQCWhDXQxzx5odueX6
DwQgZxwLr6lWqt0cNwvOeRcDnhRpX50MXneNXslKmW47o3B6OEw3AIModJ9TF4qD
sAKug0OKTGxKB9b4jcVyRG8C0e+PyqGEgfxojMg1fwXh3Mt7U9vpzS58HwxOWNTA
/Sl+1iBBNn9dqro9KNDkSoNRRKwt3HniOijRNsuvLsv5OPcB/xlLnELecwz6j7ax
z8NowQA3r0GUxM1yP4yyE0J6tyewB0/M8DoVLf8wSOxbr6++o7kC6PKiVlGwndck
QQoS66i6LiMaLf5MH4Z7ZALhya/O+qQ=
-----END CERTIFICATE-----
Generated at Fri Apr 11 22:35:13 2025 by rpki-client