Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/d185582d-acb3-36ac-8e44-7859686b1c6a.roa
File:                     d185582d-acb3-36ac-8e44-7859686b1c6a.roa (raw, json)
Hash identifier:          wXX3LmFBck0kWHS2bqF6tkAzHrf/FdfHrv82Ar3Iris=
Subject key identifier:   F4:D8:49:7F:8E:2E:F4:1A:1C:07:64:0C:85:92:A5:66:92:2B:B8:75
Certificate issuer:       /CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
Certificate serial:       010D0C9F43285847F15519C34387135C935DE100
Authority key identifier: 77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/d185582d-acb3-36ac-8e44-7859686b1c6a.roa
Signing time:             Wed 20 Nov 2024 14:00:52 +0000
ROA not before:           Wed 20 Nov 2024 14:00:52 +0000
ROA not after:            Tue 18 Feb 2025 14:00:52 +0000
asID:                     397889
IP address blocks:        199.72.56.0/23 maxlen: 24
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:47:f1:55:19:c3:43:87:13:5c:93:5d:e1:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
        Validity
            Not Before: Nov 20 14:00:52 2024 GMT
            Not After : Feb 18 14:00:52 2025 GMT
        Subject: CN=86227e13-8552-48ea-81a8-91f8d48de575
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:fd:1a:81:fc:1a:c3:38:17:e2:71:66:43:29:
                    2b:cd:ca:62:44:97:2d:4e:62:2a:a9:fd:9f:57:c3:
                    0f:eb:0a:52:41:f5:4d:9a:cc:96:62:50:62:37:33:
                    27:98:1f:7c:98:e3:25:dd:62:61:5c:c2:97:e4:bb:
                    9e:66:e4:fa:3b:38:da:a2:48:19:a5:bc:50:83:af:
                    48:33:4c:c6:4a:b9:8a:bb:ea:f1:be:16:ab:5d:19:
                    f6:db:ee:c5:7b:26:88:bc:01:fb:47:33:5f:5a:76:
                    d5:19:59:94:d7:63:1a:97:6c:4c:94:2d:1c:07:00:
                    7d:34:60:d5:02:a3:1f:32:cc:a3:fd:b5:a3:e9:71:
                    96:53:c1:42:92:cd:9f:00:b3:81:0d:92:3c:fe:2f:
                    1b:3c:67:41:1e:2d:e2:74:ed:73:b4:ad:34:06:c4:
                    14:98:74:8b:54:76:f6:ef:09:74:c2:55:ea:1b:6b:
                    78:00:23:d8:b0:24:77:8e:ed:f5:a2:70:2e:e5:f9:
                    66:80:04:43:a8:ec:fd:8b:e2:99:bd:db:ab:50:09:
                    b5:16:b0:32:f4:ff:ba:89:c3:12:61:31:7d:70:b4:
                    30:19:10:b2:fe:e5:e3:a0:9a:93:3c:a8:84:1a:0e:
                    61:00:11:86:52:11:60:59:80:9a:c9:89:42:06:70:
                    d2:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:D8:49:7F:8E:2E:F4:1A:1C:07:64:0C:85:92:A5:66:92:2B:B8:75
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/d185582d-acb3-36ac-8e44-7859686b1c6a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/49bd506e-447c-48e7-9d44-4b373b35b2d3.crl

            X509v3 Authority Key Identifier:
                keyid:77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.72.56.0/23

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         54:f9:55:42:42:e9:91:47:20:e7:c2:9f:70:d6:c6:a0:b1:33:
         bc:92:af:07:dd:77:1e:cd:9a:56:14:d8:5b:34:99:09:7d:56:
         df:43:96:40:b5:18:bb:8f:80:b8:44:96:b5:db:48:da:30:e8:
         2e:c0:d7:4a:9c:7f:b8:f4:bc:78:85:4e:52:72:b6:ab:db:8f:
         52:a8:84:ed:4b:41:0f:56:c0:5a:66:25:51:84:a8:aa:50:0e:
         ac:3c:fc:76:52:3b:b4:18:19:c4:3b:ed:0f:dd:85:43:f7:87:
         10:0e:32:50:76:6f:56:eb:72:c7:df:c3:b3:86:73:b6:ed:f3:
         a3:71:fd:10:a2:92:5d:98:f4:e9:01:36:75:07:0f:c7:cf:c3:
         bc:f5:69:a4:28:7f:57:0b:6b:94:27:ba:97:d8:57:7a:54:40:
         f7:a5:9a:c1:3b:64:9e:38:a5:1e:f0:c3:02:7a:0b:1e:ab:58:
         a0:c0:0d:c5:f2:bb:71:2c:b1:c0:c6:d7:e4:73:c0:1c:c9:96:
         de:1a:01:89:6a:be:0f:e1:a8:2d:d7:76:c0:3e:e4:95:d0:cf:
         91:66:9d:14:ad:71:22:b9:64:94:67:cb:e0:fc:df:11:2c:84:
         3c:a8:a5:85:59:43:12:e1:f6:7e:e9:36:58:c9:a2:fa:eb:d4:
         bd:73:12:a1
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWEfxVRnDQ4cTXJNd4QAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkNDliZDUwNmUtNDQ3Yy00OGU3LTlkNDQtNGIzNzNiMzVi
MmQzMB4XDTI0MTEyMDE0MDA1MloXDTI1MDIxODE0MDA1MlowLzEtMCsGA1UEAxMk
ODYyMjdlMTMtODU1Mi00OGVhLTgxYTgtOTFmOGQ0OGRlNTc1MIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnf0agfwawzgX4nFmQykrzcpiRJctTmIqqf2f
V8MP6wpSQfVNmsyWYlBiNzMnmB98mOMl3WJhXMKX5LueZuT6OzjaokgZpbxQg69I
M0zGSrmKu+rxvharXRn22+7FeyaIvAH7RzNfWnbVGVmU12Mal2xMlC0cBwB9NGDV
AqMfMsyj/bWj6XGWU8FCks2fALOBDZI8/i8bPGdBHi3idO1ztK00BsQUmHSLVHb2
7wl0wlXqG2t4ACPYsCR3ju31onAu5flmgARDqOz9i+KZvdurUAm1FrAy9P+6icMS
YTF9cLQwGRCy/uXjoJqTPKiEGg5hABGGUhFgWYCayYlCBnDSKQIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFPTYSX+OLvQaHAdkDIWSpWaSK7h1MIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy80OWJk
NTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3M2IzNWIyZDMvZDE4NTU4MmQtYWNiMy0z
NmFjLThlNDQtNzg1OTY4NmIxYzZhLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy81MjFlYjMzZi05
NjcyLTRjZDktYWNjZS0xMzcyMjdlOTcxYWMvNDliZDUwNmUtNDQ3Yy00OGU3LTlk
NDQtNGIzNzNiMzViMmQzLzQ5YmQ1MDZlLTQ0N2MtNDhlNy05ZDQ0LTRiMzczYjM1
YjJkMy5jcmwwHwYDVR0jBBgwFoAUdwOJO4YyY/94LoeEDRI/xecTaOQwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzUyMWViMzNmLTk2NzItNGNk
OS1hY2NlLTEzNzIyN2U5NzFhYy80OWJkNTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3
M2IzNWIyZDMuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBx0g4MFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBAFT5VUJC6ZFHIOfCn3DWxqCxM7ySrwfddx7NmlYU2Fs0mQl9Vt9DlkC1
GLuPgLhElrXbSNow6C7A10qcf7j0vHiFTlJytqvbj1KohO1LQQ9WwFpmJVGEqKpQ
Dqw8/HZSO7QYGcQ77Q/dhUP3hxAOMlB2b1brcsffw7OGc7bt86Nx/RCikl2Y9OkB
NnUHD8fPw7z1aaQof1cLa5QnupfYV3pUQPelmsE7ZJ44pR7wwwJ6Cx6rWKDADcXy
u3EsscDG1+RzwBzJlt4aAYlqvg/hqC3XdsA+5JXQz5FmnRStcSK5ZJRny+D83xEs
hDyopYVZQxLh9n7pNljJovrr1L1zEqE=
-----END CERTIFICATE-----
Generated at Sun Feb 16 20:17:57 2025 by rpki-client