Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/3933e3a3-2bce-3a61-bed7-3b276b29139e.roa
File:                     3933e3a3-2bce-3a61-bed7-3b276b29139e.roa (raw, json)
Hash identifier:          poQTVTfXbqrgoQ7OSEjy6hoL/+QfuTQ61D44QydrkbY=
Subject key identifier:   9E:71:C9:DB:9C:93:C4:58:96:2C:4B:E2:47:1F:9C:85:4E:D7:1E:30
Certificate issuer:       /CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
Certificate serial:       010D0C9F4328584553331856DE4E7523B88FB580
Authority key identifier: 77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/3933e3a3-2bce-3a61-bed7-3b276b29139e.roa
Signing time:             Mon 25 Mar 2024 13:00:33 +0000
ROA not before:           Mon 25 Mar 2024 13:00:33 +0000
ROA not after:            Sun 23 Jun 2024 13:00:33 +0000
asID:                     7029
IP address blocks:        204.194.168.0/21 maxlen: 21
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:45:53:33:18:56:de:4e:75:23:b8:8f:b5:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
        Validity
            Not Before: Mar 25 13:00:33 2024 GMT
            Not After : Jun 23 13:00:33 2024 GMT
        Subject: CN=21d5de8c-e5c7-4e7f-abfd-e7403d1f00ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:ee:27:e2:cd:ff:c9:ce:36:f0:4a:b6:5f:53:
                    ed:ab:c9:1d:0a:7d:f7:85:36:54:88:38:46:7c:8a:
                    3b:02:ab:d5:d3:38:be:c6:af:c2:56:92:31:97:79:
                    d8:84:f7:06:83:72:75:c0:fc:78:1f:60:50:d4:72:
                    7b:e8:a8:fb:68:e4:6a:1b:64:ae:52:f8:6c:3f:77:
                    5e:a2:ae:68:2a:f8:bd:fa:ac:fa:6d:54:09:47:22:
                    25:05:ff:c4:97:d5:26:f3:be:c4:bd:f8:3c:50:b7:
                    8a:0d:1f:6e:fe:43:0b:30:99:3f:04:d2:92:9c:30:
                    46:b2:86:1d:32:9c:b6:37:35:e1:13:3a:67:45:6b:
                    6f:a4:44:53:68:a5:92:a0:da:18:d6:76:e1:89:3a:
                    7f:23:84:9b:09:ce:21:87:95:85:6f:83:0a:42:ed:
                    2b:d4:cd:a2:65:8d:13:50:d6:bf:30:9d:d2:14:a3:
                    40:c5:b0:f6:05:f5:4e:9f:1c:93:1d:03:9a:c2:91:
                    e4:38:de:94:a6:11:54:27:35:35:24:75:25:1b:b5:
                    a6:5c:fa:dc:6f:67:cb:3b:de:88:61:ae:ef:08:f2:
                    92:8c:f0:ff:e7:55:78:55:0c:3e:f3:c6:d0:84:05:
                    36:17:30:64:fd:d5:30:17:bd:85:14:bc:b9:9d:19:
                    78:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:71:C9:DB:9C:93:C4:58:96:2C:4B:E2:47:1F:9C:85:4E:D7:1E:30
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/3933e3a3-2bce-3a61-bed7-3b276b29139e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/49bd506e-447c-48e7-9d44-4b373b35b2d3.crl

            X509v3 Authority Key Identifier:
                keyid:77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  204.194.168.0/21

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         69:a8:d6:e4:a3:69:46:93:bf:57:04:2a:7d:dd:36:e5:33:7f:
         c1:2e:16:c2:3d:b1:d0:8d:11:1d:ff:ae:89:07:d4:34:47:6e:
         e6:1f:84:f8:1d:32:f5:3f:d6:fc:f2:7e:8c:bc:7e:25:bf:bf:
         0c:a0:b8:f8:98:55:2c:c7:61:87:34:a1:b8:6b:6b:cd:a6:90:
         1e:55:f3:6a:93:12:77:4d:b4:de:40:7d:ea:b1:d6:ae:1d:8b:
         c8:bd:0a:c6:72:75:44:5f:f1:bd:7b:7a:f0:86:5a:4c:86:9b:
         5b:48:2a:d9:5d:e3:c2:e9:f5:c0:fc:3b:b6:fc:76:32:18:4d:
         da:d9:81:61:67:cd:1b:2f:72:c1:5c:00:4f:d9:68:e5:b3:d4:
         22:99:74:b7:a4:89:a7:f2:11:46:ba:5a:b5:aa:d7:a8:b6:72:
         18:d7:ac:8f:bb:88:73:11:3a:a9:1d:d1:9c:ea:d2:af:97:11:
         b0:5c:2c:d5:0d:8b:8c:83:8a:ba:b7:e3:20:e3:6b:d4:3e:35:
         37:17:00:d7:96:52:ca:75:3d:e3:b7:42:6b:4c:a3:cb:97:5a:
         12:92:58:ff:b8:78:a8:fd:93:0e:32:16:b0:b9:e7:70:7b:c8:
         16:62:27:21:f3:a6:d6:59:3a:53:5b:e5:db:4e:95:cd:71:c8:
         8a:9a:53:8d
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWEVTMxhW3k51I7iPtYAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkNDliZDUwNmUtNDQ3Yy00OGU3LTlkNDQtNGIzNzNiMzVi
MmQzMB4XDTI0MDMyNTEzMDAzM1oXDTI0MDYyMzEzMDAzM1owLzEtMCsGA1UEAxMk
MjFkNWRlOGMtZTVjNy00ZTdmLWFiZmQtZTc0MDNkMWYwMGNhMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0e4n4s3/yc428Eq2X1Ptq8kdCn33hTZUiDhG
fIo7AqvV0zi+xq/CVpIxl3nYhPcGg3J1wPx4H2BQ1HJ76Kj7aORqG2SuUvhsP3de
oq5oKvi9+qz6bVQJRyIlBf/El9Um877Evfg8ULeKDR9u/kMLMJk/BNKSnDBGsoYd
Mpy2NzXhEzpnRWtvpERTaKWSoNoY1nbhiTp/I4SbCc4hh5WFb4MKQu0r1M2iZY0T
UNa/MJ3SFKNAxbD2BfVOnxyTHQOawpHkON6UphFUJzU1JHUlG7WmXPrcb2fLO96I
Ya7vCPKSjPD/51V4VQw+88bQhAU2FzBk/dUwF72FFLy5nRl4oQIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFJ5xyduck8RYlixL4kcfnIVO1x4wMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy80OWJk
NTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3M2IzNWIyZDMvMzkzM2UzYTMtMmJjZS0z
YTYxLWJlZDctM2IyNzZiMjkxMzllLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy81MjFlYjMzZi05
NjcyLTRjZDktYWNjZS0xMzcyMjdlOTcxYWMvNDliZDUwNmUtNDQ3Yy00OGU3LTlk
NDQtNGIzNzNiMzViMmQzLzQ5YmQ1MDZlLTQ0N2MtNDhlNy05ZDQ0LTRiMzczYjM1
YjJkMy5jcmwwHwYDVR0jBBgwFoAUdwOJO4YyY/94LoeEDRI/xecTaOQwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzUyMWViMzNmLTk2NzItNGNk
OS1hY2NlLTEzNzIyN2U5NzFhYy80OWJkNTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3
M2IzNWIyZDMuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDzMKoMFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBAGmo1uSjaUaTv1cEKn3dNuUzf8EuFsI9sdCNER3/rokH1DRHbuYfhPgd
MvU/1vzyfoy8fiW/vwyguPiYVSzHYYc0obhra82mkB5V82qTEndNtN5Afeqx1q4d
i8i9CsZydURf8b17evCGWkyGm1tIKtld48Lp9cD8O7b8djIYTdrZgWFnzRsvcsFc
AE/ZaOWz1CKZdLekiafyEUa6WrWq16i2chjXrI+7iHMROqkd0Zzq0q+XEbBcLNUN
i4yDirq34yDja9Q+NTcXANeWUsp1PeO3QmtMo8uXWhKSWP+4eKj9kw4yFrC553B7
yBZiJyHzptZZOlNb5dtOlc1xyIqaU40=
-----END CERTIFICATE-----
Generated at Fri Apr 11 22:30:39 2025 by rpki-client