Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/bc61dec2-0d95-35a7-85cf-a3e33c3617aa.roa
File:                     bc61dec2-0d95-35a7-85cf-a3e33c3617aa.roa (raw, json)
Hash identifier:          Q9Fqd05cfFAAyy9wir3N0QZvA7slkqLhZgnidb0G1PI=
Subject key identifier:   47:3D:35:48:16:1C:49:CB:91:64:B9:08:D6:37:5B:F0:C3:75:16:C2
Certificate issuer:       /CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
Certificate serial:       010D0C9F4328583D4FA967C5F5469446640331C0
Authority key identifier: 77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/bc61dec2-0d95-35a7-85cf-a3e33c3617aa.roa
Signing time:             Mon 21 Mar 2022 04:00:00 +0000
ROA not before:           Mon 21 Mar 2022 04:00:00 +0000
ROA not after:            Mon 13 Mar 2028 04:00:00 +0000
asID:                     7029
IP address blocks:        207.93.112.0/20 maxlen: 20
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:3d:4f:a9:67:c5:f5:46:94:46:64:03:31:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
        Validity
            Not Before: Mar 21 04:00:00 2022 GMT
            Not After : Mar 13 04:00:00 2028 GMT
        Subject: CN=1da42cc8-718d-4197-94be-48448874b42f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:93:3f:3d:16:38:90:62:a5:6f:c4:d7:93:f5:
                    f7:a8:8b:83:71:46:26:45:8d:22:a2:e4:30:4f:e8:
                    a0:f1:cb:96:2d:79:96:21:6f:5e:29:8d:5f:fa:16:
                    de:4a:4f:fe:49:60:46:b2:2c:74:22:7d:dc:71:92:
                    dd:ff:bd:67:33:4c:a4:f5:ce:7a:f5:b7:21:30:9b:
                    52:33:76:bf:ad:94:16:cf:be:40:2f:e7:d1:fe:3c:
                    c6:74:b0:c2:2c:ce:5e:ba:93:0f:7a:09:b1:34:84:
                    0e:89:56:b4:8d:f6:d0:73:7a:f1:a6:bb:ed:c6:f2:
                    54:4b:30:b0:79:b7:41:64:78:6e:16:9b:8d:d8:d8:
                    66:72:48:d4:37:fb:30:02:8e:30:9c:d8:20:0b:3e:
                    31:fc:e4:0f:cd:34:36:4c:94:10:0f:6d:21:21:62:
                    33:6d:0a:86:a1:b4:de:ce:04:6f:34:e7:59:61:a1:
                    1c:97:2e:05:1d:19:cf:3a:51:7e:25:f6:96:0f:5c:
                    b9:0b:cb:c4:e7:21:2c:e7:38:a5:95:48:9e:c0:8e:
                    91:59:02:f8:61:61:ef:59:66:27:1d:a2:32:d1:45:
                    fa:09:37:5d:a7:de:19:17:f5:ca:d3:b8:8b:d7:1a:
                    70:d7:d2:3e:52:2e:dc:3e:ce:36:ec:41:90:fd:c7:
                    7d:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:3D:35:48:16:1C:49:CB:91:64:B9:08:D6:37:5B:F0:C3:75:16:C2
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/bc61dec2-0d95-35a7-85cf-a3e33c3617aa.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/49bd506e-447c-48e7-9d44-4b373b35b2d3.crl

            X509v3 Authority Key Identifier:
                keyid:77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  207.93.112.0/20

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         27:98:e1:25:5f:47:80:b6:8a:15:bf:ef:af:4d:65:4c:92:f3:
         c7:ec:fc:fe:35:32:de:92:9d:60:f5:e6:33:50:9f:8a:d6:27:
         e7:ea:6c:68:8c:22:cb:6c:5e:8a:f5:5f:42:67:b8:3f:67:d2:
         56:ad:a8:9b:a1:a0:5e:d9:14:0a:cd:81:71:a3:67:29:e8:43:
         1b:b4:47:b2:08:fa:5e:e8:11:f9:a8:66:44:2a:56:a3:75:11:
         70:e4:1b:4c:5c:b3:58:0c:1e:01:06:4e:44:0d:c7:b8:9b:91:
         1d:eb:ae:ec:a0:e0:1b:f6:51:10:9e:50:fd:06:f7:4a:95:38:
         9b:85:cc:b9:d5:60:bb:d4:16:4a:c6:17:01:f8:80:7d:d4:81:
         d2:77:de:75:b7:ba:9e:12:0f:c0:e3:4f:c5:00:79:bd:c8:db:
         17:e4:b8:e9:79:66:9e:97:13:02:25:0e:0b:f5:e1:78:35:31:
         d9:01:af:f3:15:3d:33:50:16:a5:6c:5b:19:28:c9:1a:ad:3e:
         36:4b:48:53:ee:83:33:b0:1b:5b:36:ef:4e:c8:75:42:6f:a9:
         18:d8:a2:8c:68:c1:d5:ed:d1:0e:6c:7f:20:80:b1:12:9a:aa:
         31:32:5a:e8:a0:07:37:1c:4a:36:fc:e7:df:7d:9d:08:75:46:
         7a:a5:af:3e
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWD1PqWfF9UaURmQDMcAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkNDliZDUwNmUtNDQ3Yy00OGU3LTlkNDQtNGIzNzNiMzVi
MmQzMB4XDTIyMDMyMTA0MDAwMFoXDTI4MDMxMzA0MDAwMFowLzEtMCsGA1UEAxMk
MWRhNDJjYzgtNzE4ZC00MTk3LTk0YmUtNDg0NDg4NzRiNDJmMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiZM/PRY4kGKlb8TXk/X3qIuDcUYmRY0iouQw
T+ig8cuWLXmWIW9eKY1f+hbeSk/+SWBGsix0In3ccZLd/71nM0yk9c569bchMJtS
M3a/rZQWz75AL+fR/jzGdLDCLM5eupMPegmxNIQOiVa0jfbQc3rxprvtxvJUSzCw
ebdBZHhuFpuN2NhmckjUN/swAo4wnNggCz4x/OQPzTQ2TJQQD20hIWIzbQqGobTe
zgRvNOdZYaEcly4FHRnPOlF+JfaWD1y5C8vE5yEs5zillUiewI6RWQL4YWHvWWYn
HaIy0UX6CTddp94ZF/XK07iL1xpw19I+Ui7cPs427EGQ/cd9VwIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFEc9NUgWHEnLkWS5CNY3W/DDdRbCMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy80OWJk
NTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3M2IzNWIyZDMvYmM2MWRlYzItMGQ5NS0z
NWE3LTg1Y2YtYTNlMzNjMzYxN2FhLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy81MjFlYjMzZi05
NjcyLTRjZDktYWNjZS0xMzcyMjdlOTcxYWMvNDliZDUwNmUtNDQ3Yy00OGU3LTlk
NDQtNGIzNzNiMzViMmQzLzQ5YmQ1MDZlLTQ0N2MtNDhlNy05ZDQ0LTRiMzczYjM1
YjJkMy5jcmwwHwYDVR0jBBgwFoAUdwOJO4YyY/94LoeEDRI/xecTaOQwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzUyMWViMzNmLTk2NzItNGNk
OS1hY2NlLTEzNzIyN2U5NzFhYy80OWJkNTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3
M2IzNWIyZDMuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEz11wMFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBACeY4SVfR4C2ihW/769NZUyS88fs/P41Mt6SnWD15jNQn4rWJ+fqbGiM
IstsXor1X0JnuD9n0latqJuhoF7ZFArNgXGjZynoQxu0R7II+l7oEfmoZkQqVqN1
EXDkG0xcs1gMHgEGTkQNx7ibkR3rruyg4Bv2URCeUP0G90qVOJuFzLnVYLvUFkrG
FwH4gH3UgdJ33nW3up4SD8DjT8UAeb3I2xfkuOl5Zp6XEwIlDgv14Xg1MdkBr/MV
PTNQFqVsWxkoyRqtPjZLSFPugzOwG1s2707IdUJvqRjYooxowdXt0Q5sfyCAsRKa
qjEyWuigBzccSjb85999nQh1Rnqlrz4=
-----END CERTIFICATE-----
Generated at Fri Apr 11 23:49:31 2025 by rpki-client