Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/6097557d-a97d-3f96-8552-0105c952318d.roa
File:                     6097557d-a97d-3f96-8552-0105c952318d.roa (raw, json)
Hash identifier:          64/v3PkDej1LtslVMmnmTZaFNjIjXa9/g9SlCLFuavE=
Subject key identifier:   F5:01:09:CA:F4:52:15:10:E3:55:6E:28:61:FE:5F:7C:41:4B:E4:E3
Certificate issuer:       /CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
Certificate serial:       010D0C9F4328583D4FA98DFFF4F11CD8B40F6BE0
Authority key identifier: 77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/6097557d-a97d-3f96-8552-0105c952318d.roa
Signing time:             Mon 21 Mar 2022 04:00:00 +0000
ROA not before:           Mon 21 Mar 2022 04:00:00 +0000
ROA not after:            Mon 13 Mar 2028 04:00:00 +0000
asID:                     7029
IP address blocks:        207.95.176.0/20 maxlen: 20
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:3d:4f:a9:8d:ff:f4:f1:1c:d8:b4:0f:6b:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
        Validity
            Not Before: Mar 21 04:00:00 2022 GMT
            Not After : Mar 13 04:00:00 2028 GMT
        Subject: CN=7ab37297-259d-47d1-b7d4-6c73ec923495
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:5d:e0:a6:b9:46:62:ae:ff:b7:03:a9:5c:41:
                    e3:54:d9:df:0a:fd:95:9a:be:77:b2:09:23:17:1a:
                    3a:17:c2:18:86:7f:5e:aa:8d:9f:98:32:d3:49:a0:
                    38:7d:3b:d3:e9:aa:12:ae:83:8a:d8:7a:6e:ab:d9:
                    30:5f:b2:dc:3a:7e:1c:db:ae:ce:f4:3d:e6:b4:06:
                    46:9a:48:ed:ca:70:6e:9f:e4:09:2b:19:03:85:7f:
                    bd:a0:b0:d4:81:78:a5:98:e1:84:1a:cb:a5:c5:71:
                    66:0f:06:66:36:62:ff:75:71:9f:46:1f:cd:bf:10:
                    39:f9:3d:6b:82:38:ca:a2:c7:c2:ba:52:17:20:ef:
                    bd:64:35:89:ef:43:cf:fe:4a:37:a8:5a:21:f1:e8:
                    8a:30:14:a0:b3:3b:e5:96:2b:a1:ad:08:3b:fc:21:
                    ca:d8:a7:bc:bb:f2:9f:53:15:23:e5:87:89:0f:6b:
                    f0:4b:07:f8:92:ff:27:32:fd:37:ce:ec:29:f0:e5:
                    34:fd:3f:e9:c8:cf:9e:34:a8:31:9d:00:62:12:9e:
                    67:e1:a3:27:1c:00:99:e6:6c:da:57:79:8d:63:bf:
                    12:06:fa:6e:76:9d:dd:06:e9:03:9f:4f:32:e4:86:
                    0c:1a:4a:75:6b:13:20:dd:6a:dd:d0:29:a2:a2:a3:
                    8d:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:01:09:CA:F4:52:15:10:E3:55:6E:28:61:FE:5F:7C:41:4B:E4:E3
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/6097557d-a97d-3f96-8552-0105c952318d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/49bd506e-447c-48e7-9d44-4b373b35b2d3.crl

            X509v3 Authority Key Identifier:
                keyid:77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  207.95.176.0/20

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         16:72:cc:35:2f:03:89:7b:f0:ec:3e:db:22:e9:70:5a:4b:c6:
         2f:1b:ee:de:a7:56:f0:ca:ae:7f:43:db:da:00:03:71:41:75:
         70:80:07:a6:ab:69:d4:90:7c:cb:38:ad:f9:a4:fe:83:60:0d:
         17:8d:51:2a:b4:dc:f7:86:2b:90:8b:52:fa:ca:c0:7e:a1:7d:
         6d:6b:18:0a:90:38:47:10:10:58:b6:b1:3f:d6:c3:6f:69:05:
         aa:0b:ff:fd:e2:ce:6f:11:d7:5b:ae:e1:e5:ac:0a:ed:46:18:
         ad:e6:f5:6a:b8:0a:9e:f3:b6:55:89:1b:ce:38:a8:8d:c5:b7:
         54:cb:ad:a9:fa:a2:fe:4c:00:47:36:a6:1f:a6:1e:c3:6e:be:
         39:72:11:d3:5e:13:64:24:0a:3c:39:38:e5:3f:a5:d4:e0:03:
         c1:5f:35:fd:ce:ab:37:db:9e:be:ff:be:b5:9a:b1:e7:d8:d9:
         3e:95:f6:c3:a6:02:e9:ad:3b:74:c2:c6:06:e0:63:89:52:cc:
         5c:bc:2f:cd:e0:ed:96:ca:c0:c8:04:55:c1:39:83:89:d7:99:
         86:e2:c5:15:f3:71:02:fd:5a:69:e2:af:ce:cf:d4:5e:5b:81:
         04:87:f0:6a:20:cc:02:05:8f:69:00:fe:e3:24:61:61:ba:e1:
         30:10:ae:6a
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWD1PqY3/9PEc2LQPa+AwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkNDliZDUwNmUtNDQ3Yy00OGU3LTlkNDQtNGIzNzNiMzVi
MmQzMB4XDTIyMDMyMTA0MDAwMFoXDTI4MDMxMzA0MDAwMFowLzEtMCsGA1UEAxMk
N2FiMzcyOTctMjU5ZC00N2QxLWI3ZDQtNmM3M2VjOTIzNDk1MIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjV3gprlGYq7/twOpXEHjVNnfCv2Vmr53sgkj
Fxo6F8IYhn9eqo2fmDLTSaA4fTvT6aoSroOK2Hpuq9kwX7LcOn4c267O9D3mtAZG
mkjtynBun+QJKxkDhX+9oLDUgXilmOGEGsulxXFmDwZmNmL/dXGfRh/NvxA5+T1r
gjjKosfCulIXIO+9ZDWJ70PP/ko3qFoh8eiKMBSgszvlliuhrQg7/CHK2Ke8u/Kf
UxUj5YeJD2vwSwf4kv8nMv03zuwp8OU0/T/pyM+eNKgxnQBiEp5n4aMnHACZ5mza
V3mNY78SBvpudp3dBukDn08y5IYMGkp1axMg3Wrd0CmioqONjwIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFPUBCcr0UhUQ41VuKGH+X3xBS+TjMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy80OWJk
NTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3M2IzNWIyZDMvNjA5NzU1N2QtYTk3ZC0z
Zjk2LTg1NTItMDEwNWM5NTIzMThkLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy81MjFlYjMzZi05
NjcyLTRjZDktYWNjZS0xMzcyMjdlOTcxYWMvNDliZDUwNmUtNDQ3Yy00OGU3LTlk
NDQtNGIzNzNiMzViMmQzLzQ5YmQ1MDZlLTQ0N2MtNDhlNy05ZDQ0LTRiMzczYjM1
YjJkMy5jcmwwHwYDVR0jBBgwFoAUdwOJO4YyY/94LoeEDRI/xecTaOQwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzUyMWViMzNmLTk2NzItNGNk
OS1hY2NlLTEzNzIyN2U5NzFhYy80OWJkNTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3
M2IzNWIyZDMuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEz1+wMFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBABZyzDUvA4l78Ow+2yLpcFpLxi8b7t6nVvDKrn9D29oAA3FBdXCAB6ar
adSQfMs4rfmk/oNgDReNUSq03PeGK5CLUvrKwH6hfW1rGAqQOEcQEFi2sT/Ww29p
BaoL//3izm8R11uu4eWsCu1GGK3m9Wq4Cp7ztlWJG844qI3Ft1TLran6ov5MAEc2
ph+mHsNuvjlyEdNeE2QkCjw5OOU/pdTgA8FfNf3Oqzfbnr7/vrWasefY2T6V9sOm
AumtO3TCxgbgY4lSzFy8L83g7ZbKwMgEVcE5g4nXmYbixRXzcQL9Wmnir87P1F5b
gQSH8GogzAIFj2kA/uMkYWG64TAQrmo=
-----END CERTIFICATE-----
Generated at Fri Apr 11 22:52:13 2025 by rpki-client