Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/627b2848-e797-371f-912c-6e4348e9501a.roa
File:                     627b2848-e797-371f-912c-6e4348e9501a.roa (raw, json)
Hash identifier:          TXihlnVWugjhCfpCP1CSWEPdrULHWv3QgfDt8w+FKRw=
Subject key identifier:   C9:DC:D4:90:BD:9F:C8:96:E4:1E:AE:6D:21:59:43:8A:03:EA:F6:AD
Certificate issuer:       /CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
Certificate serial:       010D0C9F4328584711E085160EC68CD88DBCD0C0
Authority key identifier: 77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/627b2848-e797-371f-912c-6e4348e9501a.roa
Signing time:             Sun 01 Sep 2024 13:00:41 +0000
ROA not before:           Sun 01 Sep 2024 13:00:41 +0000
ROA not after:            Sat 30 Nov 2024 14:00:41 +0000
asID:                     7029
IP address blocks:        209.177.24.0/21 maxlen: 21
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:47:11:e0:85:16:0e:c6:8c:d8:8d:bc:d0:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
        Validity
            Not Before: Sep  1 13:00:41 2024 GMT
            Not After : Nov 30 14:00:41 2024 GMT
        Subject: CN=934d6675-8646-4bf3-b57c-70e1a5f7a7a2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:6c:05:67:df:7e:78:04:04:25:1a:4b:cd:4b:
                    8a:36:5e:e8:ab:ab:a5:5a:dc:71:70:75:48:a1:bf:
                    92:0e:21:7e:e1:5b:ee:a3:fb:5a:e2:92:72:be:75:
                    d2:38:89:d0:9b:35:a2:4b:62:3c:f3:1f:c8:27:33:
                    c6:46:73:3a:96:a6:d5:9d:a3:e6:89:d4:8d:62:ec:
                    cc:3b:2a:a9:a1:be:23:b8:e8:0c:bc:2d:c3:96:bc:
                    72:72:25:3e:b5:db:e9:8f:b0:6c:b5:c3:34:58:43:
                    11:76:e5:e6:2b:93:86:73:3b:58:b1:94:13:ac:bd:
                    71:bd:70:89:97:de:c2:ae:3c:07:a5:3d:9e:18:b2:
                    4f:5b:30:ff:b1:7f:00:56:a8:85:f7:b2:5c:bf:97:
                    70:a8:3f:13:c9:41:bb:6f:03:d5:dd:a8:ee:84:61:
                    ba:52:b8:d3:5c:82:1a:be:b1:72:21:a8:e3:51:e5:
                    f2:70:15:8d:d8:5a:67:dc:03:d2:a2:f5:eb:92:a6:
                    f1:be:1c:46:0e:00:5e:62:3a:be:60:b3:fd:d4:7e:
                    2b:72:b4:c2:65:43:4b:28:42:a5:c6:b8:d6:05:40:
                    46:0b:d1:06:6a:6b:1d:ab:5c:04:17:02:3e:65:24:
                    c3:12:aa:e0:85:e0:94:e3:8c:c8:24:b3:8d:bb:e4:
                    bf:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:DC:D4:90:BD:9F:C8:96:E4:1E:AE:6D:21:59:43:8A:03:EA:F6:AD
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/627b2848-e797-371f-912c-6e4348e9501a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/49bd506e-447c-48e7-9d44-4b373b35b2d3.crl

            X509v3 Authority Key Identifier:
                keyid:77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  209.177.24.0/21

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         3d:ce:59:0a:e6:0d:12:a6:8d:66:04:4e:0b:5d:a4:c4:9d:41:
         e6:d7:66:43:df:8b:b2:b3:92:78:5d:74:73:72:3f:88:f6:16:
         fa:8a:7b:22:85:fc:47:4a:ca:c5:50:79:58:11:c0:bd:ee:93:
         e5:8f:18:2e:3b:0f:25:5c:75:dd:ce:3f:e1:e7:a3:c6:20:f4:
         27:4f:b9:39:92:f8:a3:d3:e5:33:4a:43:7c:bc:59:fc:e9:35:
         d0:45:89:eb:71:b7:7d:63:3b:c6:55:b6:22:d2:be:9d:12:22:
         02:6e:03:5a:c3:7a:c5:c9:fc:0e:67:91:5c:a4:2e:12:c3:fd:
         88:64:a4:e3:ae:ac:b3:f4:7d:dd:15:f1:0f:97:56:56:af:c5:
         de:a5:7d:b1:b0:ea:2d:4e:9a:99:e5:a5:19:de:32:bf:87:19:
         30:82:e9:c2:85:2f:0c:6c:89:3c:47:59:55:da:d0:b4:70:60:
         5b:6a:c8:48:ae:56:eb:8f:c7:66:7a:83:41:67:2d:9c:12:ee:
         80:4e:71:06:1f:b2:36:50:43:6f:81:2f:3d:d7:c2:bd:de:d9:
         ee:de:82:e6:6a:ba:d2:d9:62:59:3f:e6:af:c1:33:58:e0:e7:
         58:d5:10:6a:c1:05:0a:34:82:c5:b0:67:a1:20:12:f8:85:fa:
         13:13:4c:dd
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWEcR4IUWDsaM2I280MAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkNDliZDUwNmUtNDQ3Yy00OGU3LTlkNDQtNGIzNzNiMzVi
MmQzMB4XDTI0MDkwMTEzMDA0MVoXDTI0MTEzMDE0MDA0MVowLzEtMCsGA1UEAxMk
OTM0ZDY2NzUtODY0Ni00YmYzLWI1N2MtNzBlMWE1ZjdhN2EyMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEApmwFZ99+eAQEJRpLzUuKNl7oq6ulWtxxcHVI
ob+SDiF+4Vvuo/ta4pJyvnXSOInQmzWiS2I88x/IJzPGRnM6lqbVnaPmidSNYuzM
Oyqpob4juOgMvC3DlrxyciU+tdvpj7BstcM0WEMRduXmK5OGcztYsZQTrL1xvXCJ
l97CrjwHpT2eGLJPWzD/sX8AVqiF97Jcv5dwqD8TyUG7bwPV3ajuhGG6UrjTXIIa
vrFyIajjUeXycBWN2Fpn3APSovXrkqbxvhxGDgBeYjq+YLP91H4rcrTCZUNLKEKl
xrjWBUBGC9EGamsdq1wEFwI+ZSTDEqrgheCU44zIJLONu+S/tQIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFMnc1JC9n8iW5B6ubSFZQ4oD6vatMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy80OWJk
NTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3M2IzNWIyZDMvNjI3YjI4NDgtZTc5Ny0z
NzFmLTkxMmMtNmU0MzQ4ZTk1MDFhLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy81MjFlYjMzZi05
NjcyLTRjZDktYWNjZS0xMzcyMjdlOTcxYWMvNDliZDUwNmUtNDQ3Yy00OGU3LTlk
NDQtNGIzNzNiMzViMmQzLzQ5YmQ1MDZlLTQ0N2MtNDhlNy05ZDQ0LTRiMzczYjM1
YjJkMy5jcmwwHwYDVR0jBBgwFoAUdwOJO4YyY/94LoeEDRI/xecTaOQwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzUyMWViMzNmLTk2NzItNGNk
OS1hY2NlLTEzNzIyN2U5NzFhYy80OWJkNTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3
M2IzNWIyZDMuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQD0bEYMFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBAD3OWQrmDRKmjWYETgtdpMSdQebXZkPfi7KzknhddHNyP4j2FvqKeyKF
/EdKysVQeVgRwL3uk+WPGC47DyVcdd3OP+Hno8Yg9CdPuTmS+KPT5TNKQ3y8Wfzp
NdBFietxt31jO8ZVtiLSvp0SIgJuA1rDesXJ/A5nkVykLhLD/YhkpOOurLP0fd0V
8Q+XVlavxd6lfbGw6i1OmpnlpRneMr+HGTCC6cKFLwxsiTxHWVXa0LRwYFtqyEiu
VuuPx2Z6g0FnLZwS7oBOcQYfsjZQQ2+BLz3Xwr3e2e7eguZqutLZYlk/5q/BM1jg
51jVEGrBBQo0gsWwZ6EgEviF+hMTTN0=
-----END CERTIFICATE-----
Generated at Fri Apr 11 22:42:41 2025 by rpki-client