Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/b7e16c33-7116-3de1-93a9-e72625b2650f.roa
File:                     b7e16c33-7116-3de1-93a9-e72625b2650f.roa (raw, json)
Hash identifier:          vSVsNT7wux5XcZAVUqd9VhKhziTxgpDJbZgq2NTMIyc=
Subject key identifier:   28:00:51:DB:B1:31:37:97:41:4F:81:26:1E:B0:AC:9F:6E:AD:C5:E8
Certificate issuer:       /CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
Certificate serial:       010D0C9F43285847F154F3E81AD3334349CCEA00
Authority key identifier: 77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/b7e16c33-7116-3de1-93a9-e72625b2650f.roa
Signing time:             Wed 20 Nov 2024 14:00:52 +0000
ROA not before:           Wed 20 Nov 2024 14:00:52 +0000
ROA not after:            Tue 18 Feb 2025 14:00:52 +0000
asID:                     209
IP address blocks:        71.16.35.0/24 maxlen: 24
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:47:f1:54:f3:e8:1a:d3:33:43:49:cc:ea:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
        Validity
            Not Before: Nov 20 14:00:52 2024 GMT
            Not After : Feb 18 14:00:52 2025 GMT
        Subject: CN=95fab92c-6a2b-4e55-b958-1f6892e14fa0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:ab:77:b3:df:7f:93:6a:11:a7:2d:56:ac:a5:
                    9f:f8:09:8b:e7:dc:b9:bc:d2:3f:9c:81:4f:ab:4a:
                    4a:2a:4f:e6:8f:cd:ab:6a:1e:87:c1:8f:61:27:21:
                    6a:30:8a:77:5b:76:ba:ab:81:41:5f:4b:df:36:33:
                    0a:58:c9:1b:91:a8:56:e2:bb:c3:e9:14:c1:42:11:
                    4a:86:f1:15:c7:48:dd:02:b4:fa:de:36:3f:d4:05:
                    3d:ae:b4:03:80:97:ad:2d:e4:1c:7e:b9:75:60:0b:
                    1a:c3:93:ba:3f:ef:44:ef:7c:41:74:4e:cc:d7:a2:
                    c2:69:7a:63:2e:5e:51:7f:2c:c2:92:0b:68:cf:23:
                    cb:5a:6b:e3:bb:af:1d:80:97:ce:69:83:ce:47:96:
                    89:43:b7:41:de:d7:0e:36:ab:3a:7f:22:a9:25:e1:
                    9e:56:12:a9:74:91:a6:a4:74:78:0c:52:07:c8:f7:
                    37:20:13:00:60:55:dc:83:5e:54:5d:38:7d:04:cb:
                    5e:63:04:33:77:8d:7e:02:bd:19:72:cc:b2:00:ac:
                    ac:b9:ae:42:34:78:e1:08:db:9a:8b:94:ce:80:c4:
                    9a:38:fb:5c:59:cc:cd:0c:fa:0e:92:c2:3f:f5:d2:
                    bb:02:ea:6c:4a:63:03:5b:59:4d:95:d9:9c:c0:c1:
                    7f:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:00:51:DB:B1:31:37:97:41:4F:81:26:1E:B0:AC:9F:6E:AD:C5:E8
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/b7e16c33-7116-3de1-93a9-e72625b2650f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/49bd506e-447c-48e7-9d44-4b373b35b2d3.crl

            X509v3 Authority Key Identifier:
                keyid:77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  71.16.35.0/24

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         43:8d:97:0e:85:40:0a:eb:1f:c3:18:58:77:67:8b:cc:83:6b:
         9e:30:90:23:e8:b9:46:46:ba:d1:48:07:d3:11:22:76:86:d9:
         1a:7e:9e:93:91:c0:3b:de:63:2d:f4:c8:10:e2:19:37:b1:09:
         a4:9c:0c:67:1b:f4:df:7a:2b:2b:97:b6:f3:6c:b4:5a:3c:04:
         4d:7c:c2:63:75:a4:37:b3:db:e6:33:4d:29:de:1a:89:33:60:
         4e:6c:a2:b4:ce:89:95:f7:1d:c6:ac:c9:2f:da:af:07:87:02:
         9e:2a:8a:65:2f:66:d2:3e:21:e1:b9:bd:50:6e:b8:a6:a4:39:
         89:2c:47:89:b4:7e:72:df:a3:bc:6e:12:01:91:ee:29:c2:15:
         01:80:d4:38:05:f1:1d:17:76:ae:a7:58:31:cd:72:00:58:36:
         5f:40:49:93:5c:83:26:7b:60:35:12:8b:ae:a8:64:c6:a2:b8:
         7e:25:ca:ad:2c:5b:5d:bf:5a:7e:46:cc:63:ea:c7:27:4a:e2:
         b6:93:96:62:8b:7d:45:e1:15:e4:12:72:a7:73:92:80:30:6b:
         e7:93:c5:e9:a8:19:51:eb:37:cc:88:48:7b:07:91:5a:d3:1e:
         fc:ef:ac:59:95:54:c5:fd:eb:a8:43:63:ab:98:b5:a0:ef:b1:
         ce:55:d1:fc
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWEfxVPPoGtMzQ0nM6gAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkNDliZDUwNmUtNDQ3Yy00OGU3LTlkNDQtNGIzNzNiMzVi
MmQzMB4XDTI0MTEyMDE0MDA1MloXDTI1MDIxODE0MDA1MlowLzEtMCsGA1UEAxMk
OTVmYWI5MmMtNmEyYi00ZTU1LWI5NTgtMWY2ODkyZTE0ZmEwMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtKt3s99/k2oRpy1WrKWf+AmL59y5vNI/nIFP
q0pKKk/mj82rah6HwY9hJyFqMIp3W3a6q4FBX0vfNjMKWMkbkahW4rvD6RTBQhFK
hvEVx0jdArT63jY/1AU9rrQDgJetLeQcfrl1YAsaw5O6P+9E73xBdE7M16LCaXpj
Ll5RfyzCkgtozyPLWmvju68dgJfOaYPOR5aJQ7dB3tcONqs6fyKpJeGeVhKpdJGm
pHR4DFIHyPc3IBMAYFXcg15UXTh9BMteYwQzd41+Ar0ZcsyyAKysua5CNHjhCNua
i5TOgMSaOPtcWczNDPoOksI/9dK7AupsSmMDW1lNldmcwMF/mQIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFCgAUduxMTeXQU+BJh6wrJ9urcXoMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy80OWJk
NTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3M2IzNWIyZDMvYjdlMTZjMzMtNzExNi0z
ZGUxLTkzYTktZTcyNjI1YjI2NTBmLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy81MjFlYjMzZi05
NjcyLTRjZDktYWNjZS0xMzcyMjdlOTcxYWMvNDliZDUwNmUtNDQ3Yy00OGU3LTlk
NDQtNGIzNzNiMzViMmQzLzQ5YmQ1MDZlLTQ0N2MtNDhlNy05ZDQ0LTRiMzczYjM1
YjJkMy5jcmwwHwYDVR0jBBgwFoAUdwOJO4YyY/94LoeEDRI/xecTaOQwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzUyMWViMzNmLTk2NzItNGNk
OS1hY2NlLTEzNzIyN2U5NzFhYy80OWJkNTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3
M2IzNWIyZDMuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQARxAjMFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBAEONlw6FQArrH8MYWHdni8yDa54wkCPouUZGutFIB9MRInaG2Rp+npOR
wDveYy30yBDiGTexCaScDGcb9N96KyuXtvNstFo8BE18wmN1pDez2+YzTSneGokz
YE5sorTOiZX3HcasyS/arweHAp4qimUvZtI+IeG5vVBuuKakOYksR4m0fnLfo7xu
EgGR7inCFQGA1DgF8R0Xdq6nWDHNcgBYNl9ASZNcgyZ7YDUSi66oZMaiuH4lyq0s
W12/Wn5GzGPqxydK4raTlmKLfUXhFeQScqdzkoAwa+eTxemoGVHrN8yISHsHkVrT
HvzvrFmVVMX966hDY6uYtaDvsc5V0fw=
-----END CERTIFICATE-----
Generated at Fri Apr 11 23:54:34 2025 by rpki-client