Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/8c5fc3da-e033-3b6c-8589-3d57aafe93f0.roa
File:                     8c5fc3da-e033-3b6c-8589-3d57aafe93f0.roa (raw, json)
Hash identifier:          YpRNeLeFjWvIwSFNH18iE2CU2Imec7g9SDsKa66Wm9I=
Subject key identifier:   41:D1:B3:5E:E4:84:08:ED:E6:11:16:C2:64:0A:2A:93:60:D7:96:F0
Certificate issuer:       /CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
Certificate serial:       010D0C9F4328584711E0B9BA2D4897333C4C2C80
Authority key identifier: 77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/8c5fc3da-e033-3b6c-8589-3d57aafe93f0.roa
Signing time:             Sun 01 Sep 2024 13:00:41 +0000
ROA not before:           Sun 01 Sep 2024 13:00:41 +0000
ROA not after:            Sat 30 Nov 2024 14:00:41 +0000
asID:                     62583
IP address blocks:        207.8.217.0/24 maxlen: 24
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:47:11:e0:b9:ba:2d:48:97:33:3c:4c:2c:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
        Validity
            Not Before: Sep  1 13:00:41 2024 GMT
            Not After : Nov 30 14:00:41 2024 GMT
        Subject: CN=e080b8a4-946e-4f63-8609-ecc11087d775
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:74:aa:a8:ec:61:1a:82:d4:83:9c:e2:8a:77:
                    de:7b:54:fa:b1:84:65:47:f2:53:9c:30:d2:66:a3:
                    41:d3:a5:e6:11:8a:b5:03:9c:d7:d1:12:7c:69:a7:
                    fc:01:a6:f5:9b:e2:f6:42:ad:8d:4b:f8:23:de:92:
                    b9:bd:66:da:9c:5f:1b:32:88:cf:26:27:94:13:72:
                    68:b9:08:3c:90:8d:f5:cc:73:8c:b1:6f:0b:2e:5f:
                    89:90:5f:d5:72:19:45:98:6a:ef:2f:08:54:41:21:
                    e0:bd:20:51:72:cc:58:71:30:63:cc:69:f8:59:c9:
                    79:e8:b4:8a:39:13:2a:c6:a6:84:7d:c7:f2:43:78:
                    89:6b:be:fc:58:b7:a0:75:2b:e0:d8:54:c9:19:6d:
                    e5:e6:22:db:49:01:3b:b1:d0:5b:77:d0:d4:3c:28:
                    0d:44:8e:06:a3:43:11:e6:fb:11:04:d2:09:65:6c:
                    50:8d:30:53:e5:9f:fe:f2:23:94:0c:b6:6b:cd:f5:
                    ba:f5:ba:1c:f9:68:0b:78:46:ca:a8:7c:91:e1:40:
                    d1:b9:91:46:27:30:6a:6e:df:79:55:11:d8:40:97:
                    9c:d8:01:f2:9a:bc:c4:30:09:0c:74:e8:fe:91:0e:
                    0e:17:3c:7e:b0:77:5b:9f:43:80:bd:d7:6e:77:1d:
                    19:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:D1:B3:5E:E4:84:08:ED:E6:11:16:C2:64:0A:2A:93:60:D7:96:F0
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/8c5fc3da-e033-3b6c-8589-3d57aafe93f0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/49bd506e-447c-48e7-9d44-4b373b35b2d3.crl

            X509v3 Authority Key Identifier:
                keyid:77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  207.8.217.0/24

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         68:2e:29:35:85:8e:6d:c3:7b:65:0b:f9:a8:3e:9f:0e:14:a6:
         f4:b3:28:83:e9:eb:ac:24:1a:3e:a2:5e:63:20:4b:09:54:6f:
         b8:1f:33:43:b2:39:aa:c1:1b:b3:88:f5:8b:98:cc:9b:7c:e7:
         e9:ce:4d:ce:c0:c7:1d:cd:6f:0a:75:f9:6c:b0:6f:51:49:3c:
         6c:39:d4:b2:cc:65:d3:0d:7d:73:3b:fc:0e:a0:27:1f:e7:b3:
         1d:09:27:57:47:81:e6:be:86:f2:21:16:5f:1e:d8:6e:70:b5:
         fd:72:c4:d3:e9:62:bf:d4:4d:98:e6:f3:6d:1a:3d:bf:ba:2d:
         ad:d9:f7:e6:f2:62:25:2f:51:71:49:49:09:c7:d4:21:b8:64:
         5e:c9:9b:d4:05:26:c0:f7:a9:43:ba:84:97:4e:56:a8:52:98:
         16:dc:d1:b0:e6:0a:f9:0f:9b:40:32:ed:f6:87:0b:d5:6f:bc:
         18:47:82:a5:7d:8f:c7:00:f5:32:86:62:86:8f:73:35:e9:2f:
         16:40:e7:bc:81:17:2b:43:d1:8f:cb:e3:8a:d3:78:86:b2:ab:
         bd:de:23:fb:31:f2:4a:34:35:d9:c7:fe:98:cc:f0:04:ad:30:
         14:b5:d4:fa:34:fd:ec:6a:10:24:2a:d0:58:59:6d:c8:e9:58:
         1d:22:c0:ee
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWEcR4Lm6LUiXMzxMLIAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkNDliZDUwNmUtNDQ3Yy00OGU3LTlkNDQtNGIzNzNiMzVi
MmQzMB4XDTI0MDkwMTEzMDA0MVoXDTI0MTEzMDE0MDA0MVowLzEtMCsGA1UEAxMk
ZTA4MGI4YTQtOTQ2ZS00ZjYzLTg2MDktZWNjMTEwODdkNzc1MIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgnSqqOxhGoLUg5ziinfee1T6sYRlR/JTnDDS
ZqNB06XmEYq1A5zX0RJ8aaf8Aab1m+L2Qq2NS/gj3pK5vWbanF8bMojPJieUE3Jo
uQg8kI31zHOMsW8LLl+JkF/VchlFmGrvLwhUQSHgvSBRcsxYcTBjzGn4Wcl56LSK
ORMqxqaEfcfyQ3iJa778WLegdSvg2FTJGW3l5iLbSQE7sdBbd9DUPCgNRI4Go0MR
5vsRBNIJZWxQjTBT5Z/+8iOUDLZrzfW69boc+WgLeEbKqHyR4UDRuZFGJzBqbt95
VRHYQJec2AHymrzEMAkMdOj+kQ4OFzx+sHdbn0OAvddudx0ZcwIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFEHRs17khAjt5hEWwmQKKpNg15bwMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy80OWJk
NTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3M2IzNWIyZDMvOGM1ZmMzZGEtZTAzMy0z
YjZjLTg1ODktM2Q1N2FhZmU5M2YwLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy81MjFlYjMzZi05
NjcyLTRjZDktYWNjZS0xMzcyMjdlOTcxYWMvNDliZDUwNmUtNDQ3Yy00OGU3LTlk
NDQtNGIzNzNiMzViMmQzLzQ5YmQ1MDZlLTQ0N2MtNDhlNy05ZDQ0LTRiMzczYjM1
YjJkMy5jcmwwHwYDVR0jBBgwFoAUdwOJO4YyY/94LoeEDRI/xecTaOQwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzUyMWViMzNmLTk2NzItNGNk
OS1hY2NlLTEzNzIyN2U5NzFhYy80OWJkNTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3
M2IzNWIyZDMuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAzwjZMFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBAGguKTWFjm3De2UL+ag+nw4UpvSzKIPp66wkGj6iXmMgSwlUb7gfM0Oy
OarBG7OI9YuYzJt85+nOTc7Axx3Nbwp1+Wywb1FJPGw51LLMZdMNfXM7/A6gJx/n
sx0JJ1dHgea+hvIhFl8e2G5wtf1yxNPpYr/UTZjm820aPb+6La3Z9+byYiUvUXFJ
SQnH1CG4ZF7Jm9QFJsD3qUO6hJdOVqhSmBbc0bDmCvkPm0Ay7faHC9VvvBhHgqV9
j8cA9TKGYoaPczXpLxZA57yBFytD0Y/L44rTeIayq73eI/sx8ko0NdnH/pjM8ASt
MBS11Po0/exqECQq0FhZbcjpWB0iwO4=
-----END CERTIFICATE-----
Generated at Fri Apr 11 23:48:30 2025 by rpki-client