Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/5f157526-8edf-31e8-9afc-bde9b35d6953.roa
File:                     5f157526-8edf-31e8-9afc-bde9b35d6953.roa (raw, json)
Hash identifier:          213S2WLSyRMFUD4mt58G3ola6igO8cqClCaeoboT4jY=
Subject key identifier:   D8:7B:84:30:E0:1D:DF:43:7B:90:07:48:A1:C3:7F:BF:1B:E7:1E:8E
Certificate issuer:       /CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
Certificate serial:       010D0C9F4328584711E085087F0DD1E2FBA4F860
Authority key identifier: 77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/5f157526-8edf-31e8-9afc-bde9b35d6953.roa
Signing time:             Sun 01 Sep 2024 13:00:41 +0000
ROA not before:           Sun 01 Sep 2024 13:00:41 +0000
ROA not after:            Sat 30 Nov 2024 14:00:41 +0000
asID:                     7029
IP address blocks:        209.177.0.0/20 maxlen: 20
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:47:11:e0:85:08:7f:0d:d1:e2:fb:a4:f8:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
        Validity
            Not Before: Sep  1 13:00:41 2024 GMT
            Not After : Nov 30 14:00:41 2024 GMT
        Subject: CN=20bd29a2-56b5-4997-97c9-5504b225c23a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:a9:ee:b0:a9:7e:3f:68:d2:cc:7b:78:9c:0b:
                    81:9f:4b:1e:66:ea:fb:10:6e:61:21:1e:2c:09:45:
                    73:81:3a:6d:67:8b:67:70:d6:b7:08:54:01:bd:1a:
                    b5:7b:74:a2:f9:f2:8e:8d:d0:b6:e3:1c:37:48:af:
                    ea:09:7c:c2:e9:91:54:4a:04:4c:ee:4d:9c:e8:0b:
                    8a:f5:f3:81:a1:fc:51:24:70:9a:1c:5c:8c:2b:15:
                    ad:c9:04:bd:a5:54:21:7a:ef:8e:b9:85:ad:a1:a9:
                    7c:dd:16:44:8b:47:9b:90:6c:aa:09:82:a6:ea:ee:
                    28:e3:ea:69:7d:1c:28:2e:a0:0d:14:fb:fe:ac:5d:
                    2d:05:70:83:d6:45:ba:02:24:b1:89:a4:ef:0c:24:
                    78:3c:fd:1f:23:d6:06:a8:4e:8b:69:9f:e3:2d:1c:
                    d7:b6:17:7a:a8:8d:6c:da:18:e4:4c:71:55:ea:a5:
                    6a:91:83:37:f1:39:fc:53:3d:5e:f4:3c:55:b9:d8:
                    c4:10:ae:00:ea:0a:c2:f2:04:0d:f1:f8:33:5a:6a:
                    a8:3f:2f:87:31:05:04:30:86:ee:a8:aa:6b:1e:eb:
                    d0:d8:78:fa:d2:ba:f0:21:41:05:2f:65:9f:1d:43:
                    43:5e:7f:9a:59:89:5b:fe:1f:73:f6:db:4d:9d:69:
                    0a:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:7B:84:30:E0:1D:DF:43:7B:90:07:48:A1:C3:7F:BF:1B:E7:1E:8E
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/5f157526-8edf-31e8-9afc-bde9b35d6953.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/49bd506e-447c-48e7-9d44-4b373b35b2d3.crl

            X509v3 Authority Key Identifier:
                keyid:77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  209.177.0.0/20

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         4d:2d:26:4d:dd:c5:1f:82:6b:f1:ae:5f:b2:54:f4:d9:4b:84:
         d4:c0:fc:d7:c6:01:e3:95:4c:f9:7a:3b:f6:f4:38:1c:9d:7d:
         bb:b1:e9:2f:a1:b7:c4:e3:e0:47:6c:33:d8:33:58:76:29:2f:
         2d:24:c0:7d:03:3c:82:0d:d5:f0:92:d7:5c:d7:ac:13:35:20:
         3b:ff:46:be:e4:13:22:71:2d:cd:b4:8b:a9:9c:82:7b:fe:16:
         86:26:97:4b:cf:2d:51:e6:34:b1:6f:33:16:3c:e2:a8:a2:85:
         cd:50:d2:a6:bd:4c:a7:e0:f1:1a:0c:5a:a9:a6:2a:c2:90:a2:
         e5:ae:48:45:60:83:0e:d0:42:96:9a:57:b4:33:fd:eb:35:f0:
         9b:ba:f5:83:93:c0:d3:d9:db:4e:ba:c5:fc:07:88:59:8b:a2:
         6b:b7:a3:62:bb:1b:20:78:45:91:84:9d:ca:51:7c:73:61:6b:
         74:3f:5d:16:1f:b5:2a:23:9e:7f:05:10:b7:42:5e:a0:11:70:
         d8:c2:66:05:b1:95:a8:e0:07:aa:e1:b1:de:51:d1:c0:fe:22:
         ff:99:4f:e6:14:0b:34:bd:ec:30:18:20:b3:57:37:70:8c:af:
         f7:61:f8:4f:fe:6d:4f:8c:f1:ca:3b:ba:df:4b:e3:2a:ea:68:
         1c:29:a7:93
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWEcR4IUIfw3R4vuk+GAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkNDliZDUwNmUtNDQ3Yy00OGU3LTlkNDQtNGIzNzNiMzVi
MmQzMB4XDTI0MDkwMTEzMDA0MVoXDTI0MTEzMDE0MDA0MVowLzEtMCsGA1UEAxMk
MjBiZDI5YTItNTZiNS00OTk3LTk3YzktNTUwNGIyMjVjMjNhMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoKnusKl+P2jSzHt4nAuBn0seZur7EG5hIR4s
CUVzgTptZ4tncNa3CFQBvRq1e3Si+fKOjdC24xw3SK/qCXzC6ZFUSgRM7k2c6AuK
9fOBofxRJHCaHFyMKxWtyQS9pVQheu+OuYWtoal83RZEi0ebkGyqCYKm6u4o4+pp
fRwoLqANFPv+rF0tBXCD1kW6AiSxiaTvDCR4PP0fI9YGqE6LaZ/jLRzXthd6qI1s
2hjkTHFV6qVqkYM38Tn8Uz1e9DxVudjEEK4A6grC8gQN8fgzWmqoPy+HMQUEMIbu
qKprHuvQ2Hj60rrwIUEFL2WfHUNDXn+aWYlb/h9z9ttNnWkKdwIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFNh7hDDgHd9De5AHSKHDf78b5x6OMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy80OWJk
NTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3M2IzNWIyZDMvNWYxNTc1MjYtOGVkZi0z
MWU4LTlhZmMtYmRlOWIzNWQ2OTUzLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy81MjFlYjMzZi05
NjcyLTRjZDktYWNjZS0xMzcyMjdlOTcxYWMvNDliZDUwNmUtNDQ3Yy00OGU3LTlk
NDQtNGIzNzNiMzViMmQzLzQ5YmQ1MDZlLTQ0N2MtNDhlNy05ZDQ0LTRiMzczYjM1
YjJkMy5jcmwwHwYDVR0jBBgwFoAUdwOJO4YyY/94LoeEDRI/xecTaOQwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzUyMWViMzNmLTk2NzItNGNk
OS1hY2NlLTEzNzIyN2U5NzFhYy80OWJkNTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3
M2IzNWIyZDMuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQE0bEAMFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBAE0tJk3dxR+Ca/GuX7JU9NlLhNTA/NfGAeOVTPl6O/b0OBydfbux6S+h
t8Tj4EdsM9gzWHYpLy0kwH0DPIIN1fCS11zXrBM1IDv/Rr7kEyJxLc20i6mcgnv+
FoYml0vPLVHmNLFvMxY84qiihc1Q0qa9TKfg8RoMWqmmKsKQouWuSEVggw7QQpaa
V7Qz/es18Ju69YOTwNPZ2066xfwHiFmLomu3o2K7GyB4RZGEncpRfHNha3Q/XRYf
tSojnn8FELdCXqARcNjCZgWxlajgB6rhsd5R0cD+Iv+ZT+YUCzS97DAYILNXN3CM
r/dh+E/+bU+M8co7ut9L4yrqaBwpp5M=
-----END CERTIFICATE-----
Generated at Fri Apr 11 23:39:47 2025 by rpki-client