Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/60fbd3cd-9798-3dfc-9f85-ffd6cf33d4b3.roa
File:                     60fbd3cd-9798-3dfc-9f85-ffd6cf33d4b3.roa (raw, json)
Hash identifier:          vTfozQYRkmSVlCfzb9UaICJpP+8Ii37vAf2s5itXCa0=
Subject key identifier:   A1:EC:DD:79:B0:C4:BA:35:79:38:6B:D9:7D:8C:31:F2:BD:64:F6:A3
Certificate issuer:       /CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
Certificate serial:       010D0C9F4328584553332686E7569FAD1A52A150
Authority key identifier: 77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/60fbd3cd-9798-3dfc-9f85-ffd6cf33d4b3.roa
Signing time:             Mon 25 Mar 2024 13:00:33 +0000
ROA not before:           Mon 25 Mar 2024 13:00:33 +0000
ROA not after:            Sun 23 Jun 2024 13:00:33 +0000
asID:                     7029
IP address blocks:        209.173.64.0/18 maxlen: 18
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:45:53:33:26:86:e7:56:9f:ad:1a:52:a1:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
        Validity
            Not Before: Mar 25 13:00:33 2024 GMT
            Not After : Jun 23 13:00:33 2024 GMT
        Subject: CN=541c76be-6ec9-4ee2-936d-ccbcfc90b04d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:bb:96:9a:9b:9d:c2:c3:2f:e3:2a:69:24:26:
                    63:50:2e:94:f9:5d:41:4c:a4:0a:75:db:2f:a0:d4:
                    51:a4:d7:e4:9a:df:de:4d:76:c1:55:9f:3d:d0:1e:
                    57:11:7d:66:f3:0e:64:7b:83:44:13:1a:b0:81:ad:
                    2c:94:2b:d3:6c:00:01:c7:90:1d:1d:7f:da:d9:71:
                    43:4b:14:6f:b7:71:ab:32:cc:f9:ad:8e:ea:72:da:
                    c0:bd:ef:cf:b7:ec:07:e7:67:1b:f5:b3:1f:db:0c:
                    9f:d9:4a:ab:8a:be:73:24:8a:66:98:55:95:a4:6a:
                    d0:d2:c8:a4:64:62:69:42:cc:e1:99:1e:d7:3a:7b:
                    72:35:be:e4:24:8c:b2:e4:c6:19:59:ef:f6:06:bd:
                    10:ff:58:27:af:ad:34:3c:e4:92:72:9d:8e:f3:40:
                    95:1f:a9:8d:09:42:a1:ba:3a:92:b9:76:14:9e:4b:
                    63:17:a5:23:06:0a:75:08:06:e3:3f:af:64:58:4f:
                    50:4d:bc:46:73:30:e0:7d:ce:72:96:a5:75:5c:a0:
                    9c:99:79:91:6f:c7:00:d1:75:23:65:4c:cc:4e:45:
                    80:f5:e8:70:82:19:a5:5a:e9:a1:16:b8:20:86:e2:
                    89:41:94:3b:96:a8:4d:34:44:64:47:02:31:3d:aa:
                    85:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:EC:DD:79:B0:C4:BA:35:79:38:6B:D9:7D:8C:31:F2:BD:64:F6:A3
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/60fbd3cd-9798-3dfc-9f85-ffd6cf33d4b3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/49bd506e-447c-48e7-9d44-4b373b35b2d3.crl

            X509v3 Authority Key Identifier:
                keyid:77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  209.173.64.0/18

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         7d:b8:eb:86:3b:de:73:54:66:33:3f:d4:f4:74:5d:44:aa:31:
         30:bf:3b:b6:b8:56:32:69:88:3b:ca:fe:ed:18:ad:16:e9:38:
         e3:e8:69:e8:14:5f:09:28:8f:0a:f9:a3:a8:44:94:12:2c:1c:
         18:45:6f:07:56:dd:e0:7f:e6:a5:a9:eb:8c:57:8a:0f:d2:c6:
         8f:62:55:5f:66:02:b2:07:57:c3:90:cb:28:35:c2:49:eb:bb:
         5b:85:5a:4e:b2:47:02:b2:b8:ca:15:80:a9:ba:76:24:81:a4:
         da:f2:09:f2:68:86:eb:49:07:78:92:7b:09:fa:21:29:13:96:
         b6:9b:db:fa:62:93:10:6b:0a:fa:76:c0:6f:02:9c:55:8a:d2:
         d3:27:b1:04:b9:9a:a5:7c:8d:0c:46:e9:46:c0:42:99:4c:83:
         29:c0:6e:af:b0:9b:bd:9f:16:f8:91:bb:db:0a:96:63:93:71:
         21:f9:af:42:43:1d:22:68:d3:de:1f:37:fb:b6:cb:12:da:2c:
         f2:8d:a2:37:e0:bb:58:fd:fe:ff:bb:78:16:0a:de:b7:3b:d7:
         96:b8:49:3a:b1:b5:2e:76:b8:fe:db:c9:31:0a:f4:36:a2:04:
         c5:15:a3:be:fe:98:bb:57:29:35:b7:01:0d:bd:4c:33:bb:86:
         d3:0c:9f:3e
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWEVTMyaG51afrRpSoVAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkNDliZDUwNmUtNDQ3Yy00OGU3LTlkNDQtNGIzNzNiMzVi
MmQzMB4XDTI0MDMyNTEzMDAzM1oXDTI0MDYyMzEzMDAzM1owLzEtMCsGA1UEAxMk
NTQxYzc2YmUtNmVjOS00ZWUyLTkzNmQtY2NiY2ZjOTBiMDRkMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg7uWmpudwsMv4yppJCZjUC6U+V1BTKQKddsv
oNRRpNfkmt/eTXbBVZ890B5XEX1m8w5ke4NEExqwga0slCvTbAABx5AdHX/a2XFD
SxRvt3GrMsz5rY7qctrAve/Pt+wH52cb9bMf2wyf2Uqrir5zJIpmmFWVpGrQ0sik
ZGJpQszhmR7XOntyNb7kJIyy5MYZWe/2Br0Q/1gnr600POSScp2O80CVH6mNCUKh
ujqSuXYUnktjF6UjBgp1CAbjP69kWE9QTbxGczDgfc5ylqV1XKCcmXmRb8cA0XUj
ZUzMTkWA9ehwghmlWumhFrgghuKJQZQ7lqhNNERkRwIxPaqFqwIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFKHs3XmwxLo1eThr2X2MMfK9ZPajMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy80OWJk
NTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3M2IzNWIyZDMvNjBmYmQzY2QtOTc5OC0z
ZGZjLTlmODUtZmZkNmNmMzNkNGIzLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy81MjFlYjMzZi05
NjcyLTRjZDktYWNjZS0xMzcyMjdlOTcxYWMvNDliZDUwNmUtNDQ3Yy00OGU3LTlk
NDQtNGIzNzNiMzViMmQzLzQ5YmQ1MDZlLTQ0N2MtNDhlNy05ZDQ0LTRiMzczYjM1
YjJkMy5jcmwwHwYDVR0jBBgwFoAUdwOJO4YyY/94LoeEDRI/xecTaOQwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzUyMWViMzNmLTk2NzItNGNk
OS1hY2NlLTEzNzIyN2U5NzFhYy80OWJkNTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3
M2IzNWIyZDMuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQG0a1AMFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBAH2464Y73nNUZjM/1PR0XUSqMTC/O7a4VjJpiDvK/u0YrRbpOOPoaegU
Xwkojwr5o6hElBIsHBhFbwdW3eB/5qWp64xXig/Sxo9iVV9mArIHV8OQyyg1wknr
u1uFWk6yRwKyuMoVgKm6diSBpNryCfJohutJB3iSewn6ISkTlrab2/pikxBrCvp2
wG8CnFWK0tMnsQS5mqV8jQxG6UbAQplMgynAbq+wm72fFviRu9sKlmOTcSH5r0JD
HSJo094fN/u2yxLaLPKNojfgu1j9/v+7eBYK3rc715a4STqxtS52uP7byTEK9Dai
BMUVo77+mLtXKTW3AQ29TDO7htMMnz4=
-----END CERTIFICATE-----
Generated at Fri Apr 11 23:47:28 2025 by rpki-client