Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/b564ecb6-af3b-3a15-9c30-1542ca1ae2ee.roa
File:                     b564ecb6-af3b-3a15-9c30-1542ca1ae2ee.roa (raw, json)
Hash identifier:          h6+OkvKpXiztSgBFTjdXpaxM5lmK0XyBPR4KtSwHALQ=
Subject key identifier:   72:D9:50:05:A7:A2:06:28:BE:6C:EB:EA:7B:13:51:47:14:71:3F:5A
Certificate issuer:       /CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
Certificate serial:       010D0C9F4328584711E0704DDC12815CEBED3AF0
Authority key identifier: 77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/b564ecb6-af3b-3a15-9c30-1542ca1ae2ee.roa
Signing time:             Sun 01 Sep 2024 13:00:41 +0000
ROA not before:           Sun 01 Sep 2024 13:00:41 +0000
ROA not after:            Sat 30 Nov 2024 14:00:41 +0000
asID:                     7029
IP address blocks:        64.52.144.0/20 maxlen: 20
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:47:11:e0:70:4d:dc:12:81:5c:eb:ed:3a:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
        Validity
            Not Before: Sep  1 13:00:41 2024 GMT
            Not After : Nov 30 14:00:41 2024 GMT
        Subject: CN=8090cb92-b0d1-492b-b8db-c498f0c99040
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:d9:47:50:f0:c3:41:94:42:04:26:b6:12:99:
                    e8:36:b8:25:6e:f8:e6:41:52:9a:f6:87:22:da:6e:
                    4b:35:2e:2d:75:08:ea:17:f6:7d:33:e4:07:b5:3b:
                    56:7c:1f:64:29:5a:b2:9e:9d:88:4d:7f:b7:70:df:
                    a6:bf:9d:a5:25:0a:22:b2:51:e7:fc:d4:4c:70:b2:
                    20:f4:60:fc:1e:54:c9:84:ca:4d:28:10:06:7a:5f:
                    e7:bc:7b:84:69:1c:27:b2:89:6c:cf:47:d4:73:4e:
                    ab:dd:56:1b:18:6e:e9:58:16:89:a7:3c:57:f2:d5:
                    c5:9d:d3:58:bc:42:e4:24:18:f3:06:ec:8d:4e:00:
                    c3:22:49:f9:d4:f9:e0:b8:88:2f:66:dc:21:62:7a:
                    90:df:b9:4d:53:08:ae:b5:4a:3e:84:96:e9:18:9a:
                    97:7b:2f:f9:b9:4d:ca:05:d6:a1:b0:16:c6:5c:b4:
                    c6:3d:8d:45:10:2a:b4:a9:97:78:dd:e5:54:23:d0:
                    86:86:eb:bd:b2:0e:61:d6:31:e6:2a:eb:18:54:22:
                    e4:88:20:04:27:ea:f9:33:1a:27:37:9b:eb:c3:c9:
                    e3:d0:9c:71:9d:b5:5e:33:32:ae:d9:41:51:07:b8:
                    de:0c:e9:e7:68:09:6f:ad:23:db:3b:45:ed:e0:54:
                    e7:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:D9:50:05:A7:A2:06:28:BE:6C:EB:EA:7B:13:51:47:14:71:3F:5A
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/b564ecb6-af3b-3a15-9c30-1542ca1ae2ee.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/49bd506e-447c-48e7-9d44-4b373b35b2d3.crl

            X509v3 Authority Key Identifier:
                keyid:77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.52.144.0/20

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         17:56:b7:be:2f:da:ed:4b:85:02:03:91:16:98:0a:43:49:a8:
         e6:96:56:c0:3b:5c:dd:97:52:7b:cc:64:e5:bd:82:48:42:90:
         86:43:63:2b:e9:a0:e9:e0:23:2b:90:54:56:f4:4e:5e:b2:df:
         80:c9:b6:03:f0:88:df:dc:89:b2:ae:94:35:5b:34:ff:65:02:
         e7:76:74:25:07:9d:fe:9b:2e:ae:0e:0d:e9:0a:8b:98:d8:4f:
         5c:c5:8a:c6:97:82:a6:6c:74:8d:31:d4:5e:36:07:28:37:d7:
         8a:72:5f:d5:82:2a:3f:39:1c:d9:34:d6:53:0e:1a:3f:93:c7:
         30:0a:dc:c1:bf:66:26:64:af:7e:f9:85:1a:96:64:b0:c0:7d:
         aa:5a:aa:6e:35:bb:e5:70:df:c5:8b:e8:8b:49:18:5c:25:b6:
         92:19:7d:65:da:96:7b:27:a9:f3:cd:6b:e5:c6:46:0a:51:33:
         9b:55:18:67:4f:22:2a:75:b4:98:8f:4e:89:d0:1e:e3:9b:dd:
         6c:27:f0:c4:78:f8:78:5d:c1:d9:fb:ae:4c:a2:ee:20:c7:8c:
         b6:7f:d9:2e:cc:db:1c:ef:7d:02:21:74:f5:e2:b0:42:fe:30:
         21:a1:b9:99:c6:81:69:46:c4:6c:cb:93:45:66:d2:94:2f:64:
         a9:8b:e9:fd
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWEcR4HBN3BKBXOvtOvAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkNDliZDUwNmUtNDQ3Yy00OGU3LTlkNDQtNGIzNzNiMzVi
MmQzMB4XDTI0MDkwMTEzMDA0MVoXDTI0MTEzMDE0MDA0MVowLzEtMCsGA1UEAxMk
ODA5MGNiOTItYjBkMS00OTJiLWI4ZGItYzQ5OGYwYzk5MDQwMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo9lHUPDDQZRCBCa2EpnoNrglbvjmQVKa9oci
2m5LNS4tdQjqF/Z9M+QHtTtWfB9kKVqynp2ITX+3cN+mv52lJQoislHn/NRMcLIg
9GD8HlTJhMpNKBAGel/nvHuEaRwnsolsz0fUc06r3VYbGG7pWBaJpzxX8tXFndNY
vELkJBjzBuyNTgDDIkn51PnguIgvZtwhYnqQ37lNUwiutUo+hJbpGJqXey/5uU3K
BdahsBbGXLTGPY1FECq0qZd43eVUI9CGhuu9sg5h1jHmKusYVCLkiCAEJ+r5Mxon
N5vrw8nj0JxxnbVeMzKu2UFRB7jeDOnnaAlvrSPbO0Xt4FTn/QIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFHLZUAWnogYovmzr6nsTUUcUcT9aMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy80OWJk
NTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3M2IzNWIyZDMvYjU2NGVjYjYtYWYzYi0z
YTE1LTljMzAtMTU0MmNhMWFlMmVlLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy81MjFlYjMzZi05
NjcyLTRjZDktYWNjZS0xMzcyMjdlOTcxYWMvNDliZDUwNmUtNDQ3Yy00OGU3LTlk
NDQtNGIzNzNiMzViMmQzLzQ5YmQ1MDZlLTQ0N2MtNDhlNy05ZDQ0LTRiMzczYjM1
YjJkMy5jcmwwHwYDVR0jBBgwFoAUdwOJO4YyY/94LoeEDRI/xecTaOQwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzUyMWViMzNmLTk2NzItNGNk
OS1hY2NlLTEzNzIyN2U5NzFhYy80OWJkNTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3
M2IzNWIyZDMuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEQDSQMFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBABdWt74v2u1LhQIDkRaYCkNJqOaWVsA7XN2XUnvMZOW9gkhCkIZDYyvp
oOngIyuQVFb0Tl6y34DJtgPwiN/cibKulDVbNP9lAud2dCUHnf6bLq4ODekKi5jY
T1zFisaXgqZsdI0x1F42Byg314pyX9WCKj85HNk01lMOGj+TxzAK3MG/ZiZkr375
hRqWZLDAfapaqm41u+Vw38WL6ItJGFwltpIZfWXalnsnqfPNa+XGRgpRM5tVGGdP
Iip1tJiPTonQHuOb3Wwn8MR4+Hhdwdn7rkyi7iDHjLZ/2S7M2xzvfQIhdPXisEL+
MCGhuZnGgWlGxGzLk0Vm0pQvZKmL6f0=
-----END CERTIFICATE-----
Generated at Fri Apr 11 23:48:54 2025 by rpki-client