Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/af8a6846-920c-376c-9a20-e878ddd18e04.roa
File:                     af8a6846-920c-376c-9a20-e878ddd18e04.roa (raw, json)
Hash identifier:          FhgjEUef6teWxkBMB3213RfzP36qvWMtWCzLlsLPD5g=
Subject key identifier:   52:BF:39:3F:C5:5C:A2:4D:FC:03:3D:BD:4A:ED:E4:07:E8:BD:AF:3B
Certificate issuer:       /CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
Certificate serial:       010D0C9F43285847F1553BBA0310AAC3E62DE080
Authority key identifier: 77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/af8a6846-920c-376c-9a20-e878ddd18e04.roa
Signing time:             Wed 20 Nov 2024 14:00:52 +0000
ROA not before:           Wed 20 Nov 2024 14:00:52 +0000
ROA not after:            Tue 18 Feb 2025 14:00:52 +0000
asID:                     7029
IP address blocks:        209.152.192.0/19 maxlen: 19
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:47:f1:55:3b:ba:03:10:aa:c3:e6:2d:e0:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
        Validity
            Not Before: Nov 20 14:00:52 2024 GMT
            Not After : Feb 18 14:00:52 2025 GMT
        Subject: CN=406a9441-cc07-4320-8ef2-65dcf40ef6d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:9a:e0:b6:9a:46:a0:b1:bd:05:12:b6:3e:d2:
                    95:bf:76:0e:ac:51:8c:42:ce:d1:ee:70:d2:43:b6:
                    2b:1b:4c:0d:32:8c:a5:91:87:6b:1f:cd:8c:eb:f3:
                    f6:fb:87:71:c0:20:15:ba:ea:e3:6a:13:ef:1f:79:
                    5a:a3:2b:0a:f5:61:73:00:6b:c3:01:a0:8a:7b:a2:
                    99:83:14:ad:f0:c5:bf:6c:32:6b:2d:b9:69:64:07:
                    27:ba:52:65:56:53:12:bc:0e:96:15:6a:09:4c:12:
                    1b:3b:3b:cc:4d:6e:ea:cf:e4:cc:81:a8:19:f6:d6:
                    84:e8:40:5b:b9:cd:03:5a:6d:2e:9f:e5:c7:9f:42:
                    8d:65:48:78:bf:90:b1:97:66:56:d1:8a:15:53:6a:
                    3a:f5:65:57:e4:ba:d0:5b:de:bb:92:98:46:45:c2:
                    59:1a:98:3c:c5:84:48:75:99:32:d0:1f:bb:18:df:
                    12:0d:06:14:c9:95:e9:3a:ef:9f:dd:8f:78:05:55:
                    8d:66:9a:9b:bd:c0:e4:15:15:2e:12:9e:ef:6d:6f:
                    9e:a4:32:c0:99:96:d7:31:8d:68:93:2b:95:00:14:
                    2f:21:53:fc:8d:0f:4e:fb:87:bd:31:10:a5:08:d7:
                    ec:90:3b:e8:0e:4c:cb:c9:93:5c:a7:71:c6:9d:31:
                    14:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:BF:39:3F:C5:5C:A2:4D:FC:03:3D:BD:4A:ED:E4:07:E8:BD:AF:3B
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/af8a6846-920c-376c-9a20-e878ddd18e04.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/49bd506e-447c-48e7-9d44-4b373b35b2d3.crl

            X509v3 Authority Key Identifier:
                keyid:77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  209.152.192.0/19

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         32:31:2a:cb:51:53:23:99:5c:b0:ea:ed:da:fb:e1:b5:af:10:
         33:b0:28:77:f9:43:45:f3:51:09:52:25:ee:83:0f:5d:c8:60:
         b6:47:df:c2:05:9b:0b:2f:b4:a6:d4:f3:20:09:15:89:87:de:
         0a:a0:26:f7:04:83:a3:64:ae:e6:b4:c9:f3:55:3f:4f:18:6a:
         d2:00:e2:43:5b:84:af:d8:09:1b:ca:6f:d5:9a:8d:f4:8f:81:
         a9:b1:e4:c8:95:41:da:0b:e1:79:64:a4:43:c4:4d:3b:62:37:
         2d:f8:8d:7b:eb:50:51:3d:35:fd:4e:96:7b:a1:da:1e:02:7a:
         94:20:0b:fe:04:74:c4:79:27:c7:14:0e:5f:e9:43:f2:84:2b:
         86:40:0d:1a:94:08:a6:40:fd:03:87:da:58:3d:f3:68:2d:8c:
         71:14:d6:33:9f:0b:fc:27:3d:fe:dc:67:6a:33:ff:26:f9:e9:
         38:4a:6f:bb:92:75:9d:02:b0:fa:74:48:91:9e:39:ec:2e:1e:
         1c:bc:ff:3d:ef:a6:fe:de:f4:25:ab:6a:13:fc:72:91:02:be:
         bd:c6:26:60:8c:65:06:48:67:87:20:31:c5:84:19:df:cd:ed:
         3f:59:11:86:89:57:bf:41:23:5f:4c:f3:a6:97:7f:93:81:92:
         d0:69:11:6b
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWEfxVTu6AxCqw+Yt4IAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkNDliZDUwNmUtNDQ3Yy00OGU3LTlkNDQtNGIzNzNiMzVi
MmQzMB4XDTI0MTEyMDE0MDA1MloXDTI1MDIxODE0MDA1MlowLzEtMCsGA1UEAxMk
NDA2YTk0NDEtY2MwNy00MzIwLThlZjItNjVkY2Y0MGVmNmQxMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkJrgtppGoLG9BRK2PtKVv3YOrFGMQs7R7nDS
Q7YrG0wNMoylkYdrH82M6/P2+4dxwCAVuurjahPvH3laoysK9WFzAGvDAaCKe6KZ
gxSt8MW/bDJrLblpZAcnulJlVlMSvA6WFWoJTBIbOzvMTW7qz+TMgagZ9taE6EBb
uc0DWm0un+XHn0KNZUh4v5Cxl2ZW0YoVU2o69WVX5LrQW967kphGRcJZGpg8xYRI
dZky0B+7GN8SDQYUyZXpOu+f3Y94BVWNZpqbvcDkFRUuEp7vbW+epDLAmZbXMY1o
kyuVABQvIVP8jQ9O+4e9MRClCNfskDvoDkzLyZNcp3HGnTEUAwIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFFK/OT/FXKJN/AM9vUrt5Afova87MIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy80OWJk
NTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3M2IzNWIyZDMvYWY4YTY4NDYtOTIwYy0z
NzZjLTlhMjAtZTg3OGRkZDE4ZTA0LnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy81MjFlYjMzZi05
NjcyLTRjZDktYWNjZS0xMzcyMjdlOTcxYWMvNDliZDUwNmUtNDQ3Yy00OGU3LTlk
NDQtNGIzNzNiMzViMmQzLzQ5YmQ1MDZlLTQ0N2MtNDhlNy05ZDQ0LTRiMzczYjM1
YjJkMy5jcmwwHwYDVR0jBBgwFoAUdwOJO4YyY/94LoeEDRI/xecTaOQwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzUyMWViMzNmLTk2NzItNGNk
OS1hY2NlLTEzNzIyN2U5NzFhYy80OWJkNTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3
M2IzNWIyZDMuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQF0ZjAMFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBADIxKstRUyOZXLDq7dr74bWvEDOwKHf5Q0XzUQlSJe6DD13IYLZH38IF
mwsvtKbU8yAJFYmH3gqgJvcEg6Nkrua0yfNVP08YatIA4kNbhK/YCRvKb9WajfSP
gamx5MiVQdoL4XlkpEPETTtiNy34jXvrUFE9Nf1Olnuh2h4CepQgC/4EdMR5J8cU
Dl/pQ/KEK4ZADRqUCKZA/QOH2lg982gtjHEU1jOfC/wnPf7cZ2oz/yb56ThKb7uS
dZ0CsPp0SJGeOewuHhy8/z3vpv7e9CWrahP8cpECvr3GJmCMZQZIZ4cgMcWEGd/N
7T9ZEYaJV79BI19M86aXf5OBktBpEWs=
-----END CERTIFICATE-----