Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/9658499f-013c-3493-b151-d60949a6f1a2.roa
File:                     9658499f-013c-3493-b151-d60949a6f1a2.roa (raw, json)
Hash identifier:          BPgH7phNXj27LDzq02iim0V/cFc3fs90oHhYLluXDA4=
Subject key identifier:   F2:24:A6:0F:FC:F0:EE:4B:11:EC:42:4E:ED:29:C3:49:27:F7:70:B3
Certificate issuer:       /CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
Certificate serial:       010D0C9F43285845533318646751991360CC9AC0
Authority key identifier: 77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/9658499f-013c-3493-b151-d60949a6f1a2.roa
Signing time:             Mon 25 Mar 2024 13:00:33 +0000
ROA not before:           Mon 25 Mar 2024 13:00:33 +0000
ROA not after:            Sun 23 Jun 2024 13:00:33 +0000
asID:                     7029
IP address blocks:        205.147.192.0/21 maxlen: 21
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:45:53:33:18:64:67:51:99:13:60:cc:9a:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
        Validity
            Not Before: Mar 25 13:00:33 2024 GMT
            Not After : Jun 23 13:00:33 2024 GMT
        Subject: CN=da9bc605-10bb-4603-9c20-31b548d0031c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:85:16:5b:6e:36:2b:5e:c5:70:a1:14:05:d3:
                    4d:21:fe:8a:db:46:e7:01:e3:94:cc:97:22:8c:5d:
                    23:f7:cd:3b:4b:8c:99:01:18:0d:82:ad:29:36:61:
                    7b:63:6b:87:fa:e3:c7:cd:35:df:33:3e:48:17:5d:
                    11:66:08:0a:03:8d:93:5c:fd:c9:77:c3:d1:ac:7b:
                    66:75:ea:93:29:2b:8d:70:d8:c4:c7:86:62:32:33:
                    40:b3:f0:f4:38:75:b2:93:22:0d:7a:23:e0:5d:4d:
                    72:9b:bc:c9:91:1c:f3:b7:ac:1a:d6:8a:61:59:d1:
                    0b:5e:68:cc:c3:27:89:06:60:61:1b:04:44:af:0b:
                    e3:df:3e:06:b9:52:32:ba:b4:d3:5c:29:3b:84:77:
                    d5:09:b5:04:25:b6:1e:86:c3:7c:d5:b6:ca:fc:00:
                    32:e7:07:23:dc:28:e3:d9:1b:60:87:43:46:57:4f:
                    d7:ae:18:8d:b3:5b:16:8b:25:46:59:c5:26:18:d3:
                    ce:2e:02:5b:5d:69:60:3f:47:f2:a4:2c:a9:87:d9:
                    ff:c8:2f:cf:55:53:18:76:43:a0:22:98:48:fd:7f:
                    15:d6:d3:7b:06:29:d3:12:34:e9:91:82:f5:1d:e3:
                    c7:dd:df:74:86:f8:71:9c:0a:4d:79:ca:8d:97:19:
                    f6:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:24:A6:0F:FC:F0:EE:4B:11:EC:42:4E:ED:29:C3:49:27:F7:70:B3
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/9658499f-013c-3493-b151-d60949a6f1a2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/49bd506e-447c-48e7-9d44-4b373b35b2d3.crl

            X509v3 Authority Key Identifier:
                keyid:77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  205.147.192.0/21

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         4d:99:db:1a:60:2e:83:3c:fa:0c:93:4f:14:8b:38:93:58:9b:
         19:28:ba:e8:10:80:89:e4:fb:4e:27:55:23:09:50:4f:e3:dd:
         f3:a7:8f:cc:42:48:42:10:e7:23:c4:db:4f:ef:39:2b:f7:b9:
         1d:e0:dd:dd:b3:55:48:e2:da:d8:58:18:25:98:e5:a4:4d:e5:
         66:16:a7:b3:a3:61:a8:8e:7d:ff:78:4c:d1:d5:bb:1f:17:b7:
         4a:a1:33:cc:45:9c:36:56:55:86:9d:92:44:27:dd:17:ea:71:
         73:f7:74:48:da:25:ee:11:88:3b:30:79:0a:91:b8:59:f5:b7:
         20:b7:ce:5b:0a:5f:5b:0c:b6:31:c1:33:b7:6d:dc:c8:68:6c:
         b8:dc:ce:6b:fd:93:d4:a4:af:49:9a:1e:2d:39:af:60:85:f8:
         28:7c:6a:a4:f1:4b:45:d1:25:ba:da:7a:c3:7d:3c:ad:9d:53:
         75:93:5c:d9:69:fa:d2:33:a2:b4:75:a8:ee:b7:ba:1f:d3:f8:
         c2:49:7e:90:b4:b3:2f:66:07:77:09:ea:c2:52:ce:3b:1a:8d:
         91:f5:ba:aa:29:8f:be:9f:65:9e:bb:13:4f:4a:83:eb:ae:5d:
         d1:8b:95:ee:f5:b3:56:1b:65:82:79:6a:d2:5d:34:a8:ae:84:
         06:02:4f:97
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWEVTMxhkZ1GZE2DMmsAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkNDliZDUwNmUtNDQ3Yy00OGU3LTlkNDQtNGIzNzNiMzVi
MmQzMB4XDTI0MDMyNTEzMDAzM1oXDTI0MDYyMzEzMDAzM1owLzEtMCsGA1UEAxMk
ZGE5YmM2MDUtMTBiYi00NjAzLTljMjAtMzFiNTQ4ZDAwMzFjMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo4UWW242K17FcKEUBdNNIf6K20bnAeOUzJci
jF0j9807S4yZARgNgq0pNmF7Y2uH+uPHzTXfMz5IF10RZggKA42TXP3Jd8PRrHtm
deqTKSuNcNjEx4ZiMjNAs/D0OHWykyINeiPgXU1ym7zJkRzzt6wa1ophWdELXmjM
wyeJBmBhGwRErwvj3z4GuVIyurTTXCk7hHfVCbUEJbYehsN81bbK/AAy5wcj3Cjj
2Rtgh0NGV0/XrhiNs1sWiyVGWcUmGNPOLgJbXWlgP0fypCyph9n/yC/PVVMYdkOg
IphI/X8V1tN7BinTEjTpkYL1HePH3d90hvhxnApNecqNlxn2GwIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFPIkpg/88O5LEexCTu0pw0kn93CzMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy80OWJk
NTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3M2IzNWIyZDMvOTY1ODQ5OWYtMDEzYy0z
NDkzLWIxNTEtZDYwOTQ5YTZmMWEyLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy81MjFlYjMzZi05
NjcyLTRjZDktYWNjZS0xMzcyMjdlOTcxYWMvNDliZDUwNmUtNDQ3Yy00OGU3LTlk
NDQtNGIzNzNiMzViMmQzLzQ5YmQ1MDZlLTQ0N2MtNDhlNy05ZDQ0LTRiMzczYjM1
YjJkMy5jcmwwHwYDVR0jBBgwFoAUdwOJO4YyY/94LoeEDRI/xecTaOQwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzUyMWViMzNmLTk2NzItNGNk
OS1hY2NlLTEzNzIyN2U5NzFhYy80OWJkNTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3
M2IzNWIyZDMuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDzZPAMFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBAE2Z2xpgLoM8+gyTTxSLOJNYmxkouugQgInk+04nVSMJUE/j3fOnj8xC
SEIQ5yPE20/vOSv3uR3g3d2zVUji2thYGCWY5aRN5WYWp7OjYaiOff94TNHVux8X
t0qhM8xFnDZWVYadkkQn3RfqcXP3dEjaJe4RiDsweQqRuFn1tyC3zlsKX1sMtjHB
M7dt3MhobLjczmv9k9Skr0maHi05r2CF+Ch8aqTxS0XRJbraesN9PK2dU3WTXNlp
+tIzorR1qO63uh/T+MJJfpC0sy9mB3cJ6sJSzjsajZH1uqopj76fZZ67E09Kg+uu
XdGLle71s1YbZYJ5atJdNKiuhAYCT5c=
-----END CERTIFICATE-----
Generated at Fri Apr 11 22:27:01 2025 by rpki-client