Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/cbd38e35-b6a6-3a95-975c-470f93993705.roa
File:                     cbd38e35-b6a6-3a95-975c-470f93993705.roa (raw, json)
Hash identifier:          QnFhZtimKH1B0O291gKDwB2TxSoD4ei3qznMc5dyczo=
Subject key identifier:   25:6E:2F:DD:EC:66:92:4A:31:ED:9F:6F:45:85:E0:4A:1F:B1:56:38
Certificate issuer:       /CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
Certificate serial:       010D0C9F4328583D3F5FD8188888B6CA73819180
Authority key identifier: 77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/cbd38e35-b6a6-3a95-975c-470f93993705.roa
Signing time:             Tue 15 Mar 2022 04:00:00 +0000
ROA not before:           Tue 15 Mar 2022 04:00:00 +0000
ROA not after:            Tue 07 Mar 2028 05:00:00 +0000
asID:                     7029
IP address blocks:        204.32.128.0/20 maxlen: 20
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:3d:3f:5f:d8:18:88:88:b6:ca:73:81:91:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
        Validity
            Not Before: Mar 15 04:00:00 2022 GMT
            Not After : Mar  7 05:00:00 2028 GMT
        Subject: CN=0047a828-1d71-401a-a05a-3e5548beb34d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:04:49:ec:5d:ac:91:76:88:55:90:f6:6e:06:
                    40:aa:a5:4c:7b:3f:68:5d:60:64:fb:4c:d6:05:cc:
                    8c:3e:27:6c:4b:61:d5:b2:11:f0:57:65:5b:17:79:
                    99:f7:ee:e9:fc:4b:d8:7a:7c:98:e9:64:41:ab:05:
                    02:c9:9b:5c:74:ec:5c:ca:cd:fb:fc:70:f7:80:a2:
                    bd:21:11:03:24:ec:ca:e4:11:2d:28:a3:ab:24:b0:
                    09:85:a1:8b:3e:5c:2f:c1:ed:ef:8d:85:46:61:c6:
                    2c:db:8f:fa:d7:c5:73:d8:bb:3e:9a:a6:39:6f:2d:
                    a5:20:57:9d:14:05:50:05:fb:c9:14:b8:e9:a7:20:
                    5a:68:07:da:b5:02:3f:bc:a0:00:e3:44:bb:af:ec:
                    2b:e0:a1:e7:c1:f4:52:64:e9:06:20:f8:b2:f7:52:
                    85:18:59:ec:a7:0f:6a:98:30:e0:87:76:49:c6:70:
                    34:b6:7c:cf:e0:15:41:f1:1c:14:72:48:97:65:9d:
                    da:d7:7b:3a:e5:c9:44:d6:49:91:37:42:40:39:2b:
                    5f:f3:09:86:2a:25:d8:98:b4:5d:27:79:28:28:b7:
                    81:29:b1:4c:04:52:a1:7a:d8:e6:23:f6:29:b2:71:
                    c3:53:fe:3d:cb:d2:96:4d:ce:94:08:45:0c:aa:5f:
                    eb:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:6E:2F:DD:EC:66:92:4A:31:ED:9F:6F:45:85:E0:4A:1F:B1:56:38
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/cbd38e35-b6a6-3a95-975c-470f93993705.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/49bd506e-447c-48e7-9d44-4b373b35b2d3.crl

            X509v3 Authority Key Identifier:
                keyid:77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  204.32.128.0/20

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         84:a8:35:6f:37:f4:41:78:ae:2c:a0:97:8b:7e:f8:b3:f8:98:
         0e:16:9c:3c:bc:b0:77:fd:6e:27:07:b9:da:86:5a:15:b0:42:
         d3:d2:19:35:11:41:13:9a:03:48:db:ca:c9:14:30:ee:6e:2a:
         23:6d:c7:7b:7b:78:b6:f1:02:37:ff:2e:42:74:c3:ae:33:34:
         3c:d3:18:82:8a:c7:4b:e0:86:52:5e:40:06:92:8f:3e:d7:f1:
         b6:7d:a7:fc:1c:b9:6a:fd:5f:6d:a4:4e:f1:84:07:f5:c6:c8:
         38:1a:2b:14:6c:ae:ad:dd:23:16:ca:6a:fd:73:e3:b8:5b:4d:
         d7:2b:c0:77:91:0a:b4:3b:c6:0f:a1:ad:9a:c5:fd:03:47:6b:
         d2:73:db:dc:71:01:07:c4:91:8e:d7:47:aa:5b:d5:cc:c9:b8:
         b0:17:14:ea:42:4b:0e:f7:35:58:e7:fe:d7:0a:d6:1d:9c:af:
         11:87:f2:0f:63:71:ab:7a:38:72:68:5c:e5:91:02:c7:19:ae:
         e5:ce:7e:8f:2f:3e:62:5e:e8:7a:26:c2:ba:a0:6c:e3:06:b4:
         81:f5:43:3b:75:71:3d:49:ab:f8:53:cf:9c:39:18:9b:fd:30:
         3c:d9:88:93:db:b2:7b:96:bb:bd:5d:58:30:94:6b:8e:a4:de:
         64:6b:9b:d2
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWD0/X9gYiIi2ynOBkYAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkNDliZDUwNmUtNDQ3Yy00OGU3LTlkNDQtNGIzNzNiMzVi
MmQzMB4XDTIyMDMxNTA0MDAwMFoXDTI4MDMwNzA1MDAwMFowLzEtMCsGA1UEAxMk
MDA0N2E4MjgtMWQ3MS00MDFhLWEwNWEtM2U1NTQ4YmViMzRkMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhgRJ7F2skXaIVZD2bgZAqqVMez9oXWBk+0zW
BcyMPidsS2HVshHwV2VbF3mZ9+7p/EvYenyY6WRBqwUCyZtcdOxcys37/HD3gKK9
IREDJOzK5BEtKKOrJLAJhaGLPlwvwe3vjYVGYcYs24/618Vz2Ls+mqY5by2lIFed
FAVQBfvJFLjppyBaaAfatQI/vKAA40S7r+wr4KHnwfRSZOkGIPiy91KFGFnspw9q
mDDgh3ZJxnA0tnzP4BVB8RwUckiXZZ3a13s65clE1kmRN0JAOStf8wmGKiXYmLRd
J3koKLeBKbFMBFKhetjmI/YpsnHDU/49y9KWTc6UCEUMql/r9QIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFCVuL93sZpJKMe2fb0WF4EofsVY4MIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy80OWJk
NTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3M2IzNWIyZDMvY2JkMzhlMzUtYjZhNi0z
YTk1LTk3NWMtNDcwZjkzOTkzNzA1LnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy81MjFlYjMzZi05
NjcyLTRjZDktYWNjZS0xMzcyMjdlOTcxYWMvNDliZDUwNmUtNDQ3Yy00OGU3LTlk
NDQtNGIzNzNiMzViMmQzLzQ5YmQ1MDZlLTQ0N2MtNDhlNy05ZDQ0LTRiMzczYjM1
YjJkMy5jcmwwHwYDVR0jBBgwFoAUdwOJO4YyY/94LoeEDRI/xecTaOQwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzUyMWViMzNmLTk2NzItNGNk
OS1hY2NlLTEzNzIyN2U5NzFhYy80OWJkNTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3
M2IzNWIyZDMuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEzCCAMFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBAISoNW839EF4riygl4t++LP4mA4WnDy8sHf9bicHudqGWhWwQtPSGTUR
QROaA0jbyskUMO5uKiNtx3t7eLbxAjf/LkJ0w64zNDzTGIKKx0vghlJeQAaSjz7X
8bZ9p/wcuWr9X22kTvGEB/XGyDgaKxRsrq3dIxbKav1z47hbTdcrwHeRCrQ7xg+h
rZrF/QNHa9Jz29xxAQfEkY7XR6pb1czJuLAXFOpCSw73NVjn/tcK1h2crxGH8g9j
cat6OHJoXOWRAscZruXOfo8vPmJe6HomwrqgbOMGtIH1Qzt1cT1Jq/hTz5w5GJv9
MDzZiJPbsnuWu71dWDCUa46k3mRrm9I=
-----END CERTIFICATE-----
Generated at Fri Apr 11 22:27:25 2025 by rpki-client