Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/b8868cc4-389e-3c5d-a9be-b426435c47ab.roa
File:                     b8868cc4-389e-3c5d-a9be-b426435c47ab.roa (raw, json)
Hash identifier:          pvWlwFo2XxkuGwBCHYWwOJnNIf4mt5kVEVDlemo+vGQ=
Subject key identifier:   E6:9F:31:44:2C:B9:FF:A9:31:04:39:9A:BC:43:3D:24:FE:D1:6F:52
Certificate issuer:       /CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
Certificate serial:       010D0C9F4328583D57E4292F8280EB4282A6B300
Authority key identifier: 77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/b8868cc4-389e-3c5d-a9be-b426435c47ab.roa
Signing time:             Thu 24 Mar 2022 04:00:00 +0000
ROA not before:           Thu 24 Mar 2022 04:00:00 +0000
ROA not after:            Thu 16 Mar 2028 04:00:00 +0000
asID:                     27338
IP address blocks:        209.168.156.0/24 maxlen: 24
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:3d:57:e4:29:2f:82:80:eb:42:82:a6:b3:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
        Validity
            Not Before: Mar 24 04:00:00 2022 GMT
            Not After : Mar 16 04:00:00 2028 GMT
        Subject: CN=eb57a3a6-6dcd-4701-91ed-0a7625e7e522
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:59:bb:25:d7:68:bb:86:ef:c5:b6:17:ec:14:
                    98:8a:41:93:eb:7c:75:02:64:23:9c:ff:43:dc:f8:
                    7f:9d:1e:90:0e:33:61:5d:68:82:2f:a4:4f:ac:a3:
                    e9:ef:c7:cf:b2:78:ee:7d:6e:39:77:b2:17:82:46:
                    3e:99:fb:78:ad:dc:3a:50:53:0f:5e:d0:f0:dd:ef:
                    1f:49:02:2b:81:a6:ac:5b:24:22:4b:57:cf:8f:2c:
                    4b:88:53:3c:58:c3:19:4e:c8:ba:e2:13:79:05:1c:
                    49:60:4b:8f:22:0b:8a:78:00:05:0a:f6:0f:ba:b2:
                    df:b1:53:da:cb:a9:fe:f5:2f:30:b7:e6:2f:01:73:
                    af:7e:a8:03:2f:f5:1f:78:37:27:a0:3e:a6:95:25:
                    49:36:2c:7a:ad:2b:1d:a5:7c:4e:d8:b7:cb:33:0b:
                    8c:c4:79:29:d8:62:83:e3:d6:0b:48:30:9a:59:25:
                    6a:cf:b2:81:8f:15:71:01:3e:d0:59:7c:fd:de:dc:
                    9b:dc:5e:c4:8d:f2:f6:66:8f:20:c2:dd:36:2e:f3:
                    ed:71:cc:5f:27:33:11:35:69:f5:3b:40:94:17:29:
                    f2:d6:bc:1b:b9:03:34:20:e5:2b:ee:67:7a:4c:ad:
                    98:c1:5c:df:29:ac:87:81:80:e8:f4:00:ff:5e:3b:
                    0c:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:9F:31:44:2C:B9:FF:A9:31:04:39:9A:BC:43:3D:24:FE:D1:6F:52
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/b8868cc4-389e-3c5d-a9be-b426435c47ab.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/49bd506e-447c-48e7-9d44-4b373b35b2d3.crl

            X509v3 Authority Key Identifier:
                keyid:77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  209.168.156.0/24

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         40:7c:b6:36:c6:39:07:2f:0d:97:44:08:b2:46:93:03:7c:91:
         09:e4:a6:f9:ba:53:a3:26:e7:eb:31:8a:3b:c0:64:85:88:b1:
         47:46:87:42:01:f4:46:c6:71:aa:e2:ee:9d:a5:d9:57:ba:47:
         8f:4d:99:c6:f6:0b:c2:08:0a:41:50:1c:99:f9:4e:5e:cf:90:
         e9:2b:16:97:84:f3:ce:78:66:b1:eb:be:c1:25:41:b2:a5:98:
         eb:ed:94:6f:90:09:96:56:02:a5:79:20:e0:e0:16:7e:1c:c8:
         7f:cd:d1:9b:b7:2f:df:52:54:3d:39:b0:1c:77:7a:5b:a5:9c:
         0a:28:1f:bf:b3:cd:de:fb:e0:17:73:22:00:bd:3d:64:cf:79:
         4d:2c:c7:a1:24:bc:db:d1:84:e0:6f:ab:fb:4c:a0:41:a5:d5:
         ea:99:60:d7:d3:f1:42:7a:4a:3c:86:8f:31:4a:8d:77:ef:d3:
         51:47:45:0c:8f:5a:4a:9a:6b:38:c5:52:c5:de:23:5e:6c:74:
         c4:fa:4c:a0:38:a3:ac:99:41:08:d9:86:64:ec:7a:02:ae:3f:
         d7:64:3b:0f:35:08:92:e5:2d:3e:3b:d9:46:56:62:7b:52:c1:
         a2:97:55:74:ca:4f:bc:22:11:f6:64:1d:8a:08:b0:f8:72:28:
         e0:74:1c:17
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWD1X5CkvgoDrQoKmswAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkNDliZDUwNmUtNDQ3Yy00OGU3LTlkNDQtNGIzNzNiMzVi
MmQzMB4XDTIyMDMyNDA0MDAwMFoXDTI4MDMxNjA0MDAwMFowLzEtMCsGA1UEAxMk
ZWI1N2EzYTYtNmRjZC00NzAxLTkxZWQtMGE3NjI1ZTdlNTIyMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Vm7Jddou4bvxbYX7BSYikGT63x1AmQjnP9D
3Ph/nR6QDjNhXWiCL6RPrKPp78fPsnjufW45d7IXgkY+mft4rdw6UFMPXtDw3e8f
SQIrgaasWyQiS1fPjyxLiFM8WMMZTsi64hN5BRxJYEuPIguKeAAFCvYPurLfsVPa
y6n+9S8wt+YvAXOvfqgDL/UfeDcnoD6mlSVJNix6rSsdpXxO2LfLMwuMxHkp2GKD
49YLSDCaWSVqz7KBjxVxAT7QWXz93tyb3F7EjfL2Zo8gwt02LvPtccxfJzMRNWn1
O0CUFyny1rwbuQM0IOUr7md6TK2YwVzfKayHgYDo9AD/XjsMlwIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFOafMUQsuf+pMQQ5mrxDPST+0W9SMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy80OWJk
NTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3M2IzNWIyZDMvYjg4NjhjYzQtMzg5ZS0z
YzVkLWE5YmUtYjQyNjQzNWM0N2FiLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy81MjFlYjMzZi05
NjcyLTRjZDktYWNjZS0xMzcyMjdlOTcxYWMvNDliZDUwNmUtNDQ3Yy00OGU3LTlk
NDQtNGIzNzNiMzViMmQzLzQ5YmQ1MDZlLTQ0N2MtNDhlNy05ZDQ0LTRiMzczYjM1
YjJkMy5jcmwwHwYDVR0jBBgwFoAUdwOJO4YyY/94LoeEDRI/xecTaOQwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzUyMWViMzNmLTk2NzItNGNk
OS1hY2NlLTEzNzIyN2U5NzFhYy80OWJkNTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3
M2IzNWIyZDMuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA0aicMFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBAEB8tjbGOQcvDZdECLJGkwN8kQnkpvm6U6Mm5+sxijvAZIWIsUdGh0IB
9EbGcari7p2l2Ve6R49Nmcb2C8IICkFQHJn5Tl7PkOkrFpeE8854ZrHrvsElQbKl
mOvtlG+QCZZWAqV5IODgFn4cyH/N0Zu3L99SVD05sBx3elulnAooH7+zzd774Bdz
IgC9PWTPeU0sx6EkvNvRhOBvq/tMoEGl1eqZYNfT8UJ6SjyGjzFKjXfv01FHRQyP
WkqaazjFUsXeI15sdMT6TKA4o6yZQQjZhmTsegKuP9dkOw81CJLlLT472UZWYntS
waKXVXTKT7wiEfZkHYoIsPhyKOB0HBc=
-----END CERTIFICATE-----
Generated at Fri Apr 11 23:43:46 2025 by rpki-client