Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/35cdfd2b-4d35-39a7-9bbb-979acbac335b.roa
File:                     35cdfd2b-4d35-39a7-9bbb-979acbac335b.roa (raw, json)
Hash identifier:          GIfN2jLRX0D//NbkhlW0b/2meOyoypl8YN4CnVMDCjE=
Subject key identifier:   21:EF:C2:6B:D3:56:8F:46:DB:79:76:56:C8:B3:77:05:53:D5:09:B8
Certificate issuer:       /CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
Certificate serial:       010D0C9F4328584711E09800A1A3E48D5E57C760
Authority key identifier: 77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/35cdfd2b-4d35-39a7-9bbb-979acbac335b.roa
Signing time:             Sun 01 Sep 2024 13:00:41 +0000
ROA not before:           Sun 01 Sep 2024 13:00:41 +0000
ROA not after:            Sat 30 Nov 2024 14:00:41 +0000
asID:                     7029
IP address blocks:        64.233.0.0/17 maxlen: 17
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:47:11:e0:98:00:a1:a3:e4:8d:5e:57:c7:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
        Validity
            Not Before: Sep  1 13:00:41 2024 GMT
            Not After : Nov 30 14:00:41 2024 GMT
        Subject: CN=db0986a3-56bc-410a-b75a-9ae72f1989a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:21:c7:d0:0a:9b:57:83:87:6c:7e:d5:38:f0:
                    46:6d:26:b9:40:2d:46:c1:b4:0a:9b:6b:98:e1:e7:
                    73:3e:e8:9a:e8:b3:55:c3:00:18:f5:34:b6:bc:71:
                    32:1f:f2:a0:5e:aa:e7:cd:c6:95:a3:ec:ab:b4:83:
                    20:50:7d:25:bc:b2:15:c6:f4:83:57:0a:fa:d7:78:
                    04:5d:37:8b:91:90:43:dd:27:5a:68:fb:3b:5b:87:
                    32:5d:c1:7e:95:af:00:d6:2f:d3:6b:80:65:5e:98:
                    b3:4f:08:88:f3:22:02:a5:eb:20:e2:b5:c3:b7:53:
                    24:02:83:3b:6b:2f:ec:6e:b5:1c:b5:22:bd:5c:af:
                    2f:51:fa:d1:4b:6d:9b:89:e3:64:20:21:ea:4f:08:
                    b4:7e:05:4e:10:d4:bf:82:8c:61:ba:a5:94:b4:45:
                    83:90:24:73:7c:8a:46:5b:7f:70:2b:04:d9:71:f6:
                    32:dc:7f:fd:75:7d:04:a2:5f:bf:55:cc:b1:be:2e:
                    4e:66:6e:41:bb:70:2c:27:16:2a:b7:5f:05:3b:ed:
                    94:58:03:79:6e:f7:5d:16:dd:2f:42:1b:22:1b:45:
                    83:c4:7d:1f:e9:62:a1:1f:ed:d4:49:81:32:57:88:
                    6c:34:82:d2:18:69:fc:15:e2:0b:e8:5e:1d:16:fb:
                    9c:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:EF:C2:6B:D3:56:8F:46:DB:79:76:56:C8:B3:77:05:53:D5:09:B8
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/35cdfd2b-4d35-39a7-9bbb-979acbac335b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/49bd506e-447c-48e7-9d44-4b373b35b2d3.crl

            X509v3 Authority Key Identifier:
                keyid:77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.233.0.0/17

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         7a:89:03:b2:64:cd:ca:55:e6:0c:86:9d:aa:62:88:02:d2:cb:
         4d:df:3f:8a:04:50:84:d8:44:59:3f:55:4d:89:d3:9f:f7:b5:
         4f:2d:bf:bd:d3:27:57:4f:83:fb:6a:fd:f8:71:aa:5b:79:af:
         86:92:fe:3d:da:df:25:2c:be:11:05:d3:d3:66:91:95:b6:31:
         b7:9e:26:af:c2:6b:7b:70:de:83:01:4c:e1:84:a3:c0:3f:a9:
         2d:5c:74:08:49:5d:f5:ec:4d:df:8d:c2:35:1d:88:45:34:3f:
         62:b4:89:15:99:25:46:b4:6d:a7:d9:ce:cc:98:2b:11:39:06:
         39:db:4e:37:5e:8e:f5:69:00:79:94:4b:4a:26:49:0a:66:2c:
         f1:7e:de:37:63:bc:1c:40:4a:82:25:fc:10:eb:03:f0:06:fe:
         d3:05:a4:4b:e8:77:c4:ed:3a:41:50:01:70:eb:ec:63:60:bd:
         ba:79:be:23:a3:02:2a:63:2a:b5:f8:9d:91:79:be:e6:51:55:
         ed:12:ec:07:d7:74:26:c9:2d:dd:11:85:01:39:8f:57:a3:4d:
         10:b2:0f:fc:f2:58:cf:73:20:61:12:8d:84:d5:da:b3:61:a5:
         d3:94:8d:ac:8d:df:2b:69:f8:d2:49:45:36:00:1c:55:1e:f8:
         2d:3d:a2:6c
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWEcR4JgAoaPkjV5Xx2AwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkNDliZDUwNmUtNDQ3Yy00OGU3LTlkNDQtNGIzNzNiMzVi
MmQzMB4XDTI0MDkwMTEzMDA0MVoXDTI0MTEzMDE0MDA0MVowLzEtMCsGA1UEAxMk
ZGIwOTg2YTMtNTZiYy00MTBhLWI3NWEtOWFlNzJmMTk4OWE0MIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqCHH0AqbV4OHbH7VOPBGbSa5QC1GwbQKm2uY
4edzPuia6LNVwwAY9TS2vHEyH/KgXqrnzcaVo+yrtIMgUH0lvLIVxvSDVwr613gE
XTeLkZBD3SdaaPs7W4cyXcF+la8A1i/Ta4BlXpizTwiI8yICpesg4rXDt1MkAoM7
ay/sbrUctSK9XK8vUfrRS22bieNkICHqTwi0fgVOENS/goxhuqWUtEWDkCRzfIpG
W39wKwTZcfYy3H/9dX0Eol+/Vcyxvi5OZm5Bu3AsJxYqt18FO+2UWAN5bvddFt0v
QhsiG0WDxH0f6WKhH+3USYEyV4hsNILSGGn8FeIL6F4dFvucvwIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFCHvwmvTVo9G23l2VsizdwVT1Qm4MIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy80OWJk
NTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3M2IzNWIyZDMvMzVjZGZkMmItNGQzNS0z
OWE3LTliYmItOTc5YWNiYWMzMzViLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy81MjFlYjMzZi05
NjcyLTRjZDktYWNjZS0xMzcyMjdlOTcxYWMvNDliZDUwNmUtNDQ3Yy00OGU3LTlk
NDQtNGIzNzNiMzViMmQzLzQ5YmQ1MDZlLTQ0N2MtNDhlNy05ZDQ0LTRiMzczYjM1
YjJkMy5jcmwwHwYDVR0jBBgwFoAUdwOJO4YyY/94LoeEDRI/xecTaOQwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzUyMWViMzNmLTk2NzItNGNk
OS1hY2NlLTEzNzIyN2U5NzFhYy80OWJkNTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3
M2IzNWIyZDMuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQHQOkAMFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBAHqJA7JkzcpV5gyGnapiiALSy03fP4oEUITYRFk/VU2J05/3tU8tv73T
J1dPg/tq/fhxqlt5r4aS/j3a3yUsvhEF09NmkZW2MbeeJq/Ca3tw3oMBTOGEo8A/
qS1cdAhJXfXsTd+NwjUdiEU0P2K0iRWZJUa0bafZzsyYKxE5BjnbTjdejvVpAHmU
S0omSQpmLPF+3jdjvBxASoIl/BDrA/AG/tMFpEvod8TtOkFQAXDr7GNgvbp5viOj
AipjKrX4nZF5vuZRVe0S7AfXdCbJLd0RhQE5j1ejTRCyD/zyWM9zIGESjYTV2rNh
pdOUjayN3ytp+NJJRTYAHFUe+C09omw=
-----END CERTIFICATE-----
Generated at Fri Apr 11 22:45:37 2025 by rpki-client