Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/e3c6e007-ea76-33db-97fa-df51034f3b18.roa
File:                     e3c6e007-ea76-33db-97fa-df51034f3b18.roa (raw, json)
Hash identifier:          ZSTgU9CKYD2ccjdpDXtpVdPmA10Bu6izcCRP2Z7GId8=
Subject key identifier:   5C:14:75:C7:CD:56:98:43:10:A9:F5:3A:73:32:5B:02:6E:91:30:40
Certificate issuer:       /CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
Certificate serial:       010D0C9F43285845533321DF65765ECC78D22880
Authority key identifier: 77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/e3c6e007-ea76-33db-97fa-df51034f3b18.roa
Signing time:             Mon 25 Mar 2024 13:00:33 +0000
ROA not before:           Mon 25 Mar 2024 13:00:33 +0000
ROA not after:            Sun 23 Jun 2024 13:00:33 +0000
asID:                     7029
IP address blocks:        209.91.0.0/18 maxlen: 18
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:45:53:33:21:df:65:76:5e:cc:78:d2:28:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
        Validity
            Not Before: Mar 25 13:00:33 2024 GMT
            Not After : Jun 23 13:00:33 2024 GMT
        Subject: CN=b3a3b0b4-60b3-4f2d-a748-ff55690e702f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:94:74:21:66:69:e8:c1:32:e8:39:1e:76:74:
                    a4:13:9e:42:a6:3f:5d:4a:02:65:e4:6d:e7:c0:6e:
                    54:9e:00:37:c5:f2:61:c1:27:cc:91:4e:c1:0f:41:
                    2f:be:44:92:ff:5e:be:5a:f9:5b:e5:a2:dd:00:82:
                    57:a3:9b:0b:ec:f8:04:f0:60:08:40:2f:03:e0:f0:
                    93:1c:dd:e2:22:f8:d1:72:5f:06:19:80:d6:44:d2:
                    7a:e3:8f:7c:eb:0b:b6:a2:a0:23:5d:34:67:16:be:
                    5e:3f:74:35:95:42:6d:50:5d:cc:21:82:00:01:c2:
                    05:e0:4d:77:fc:b0:ac:fd:c6:ab:11:03:1e:b2:1d:
                    50:b1:c5:aa:95:ec:95:c1:88:de:73:51:10:35:e3:
                    7d:2b:d9:69:a5:3f:1c:27:b2:40:8b:5c:52:72:f3:
                    8e:2c:47:8c:6f:a2:9c:dc:43:14:f2:d2:e3:0e:ef:
                    23:03:49:85:dd:b5:15:f4:c3:a9:c1:cf:fc:6e:a6:
                    b5:9b:d3:57:7e:82:f3:3e:90:da:28:76:13:62:d5:
                    0a:63:d1:46:69:41:ba:08:bd:52:a9:da:1a:f4:d6:
                    6f:6f:dc:af:34:74:c9:32:0d:a3:fa:59:8c:07:4b:
                    57:9b:4a:b5:92:e3:88:2c:61:ba:4f:80:4e:61:5f:
                    7b:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:14:75:C7:CD:56:98:43:10:A9:F5:3A:73:32:5B:02:6E:91:30:40
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/e3c6e007-ea76-33db-97fa-df51034f3b18.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/49bd506e-447c-48e7-9d44-4b373b35b2d3.crl

            X509v3 Authority Key Identifier:
                keyid:77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  209.91.0.0/18

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         27:c7:12:39:c2:fa:b6:7b:c8:83:27:43:ea:ac:bd:cf:be:98:
         a3:9f:b6:7b:37:80:2e:b1:5f:36:99:7d:13:f1:4b:d8:75:8c:
         a2:d2:5e:72:2f:9f:e6:a5:49:f8:d4:b4:8e:d6:4f:e8:e3:be:
         0a:0b:23:81:09:fd:09:d2:99:25:27:df:30:da:da:55:1e:21:
         a6:3f:14:11:b9:65:b2:d3:69:8a:a5:26:4b:a4:45:5a:c9:c5:
         4b:ca:ac:c4:ba:8a:b9:32:af:11:75:5a:96:4f:5c:65:cf:04:
         d6:25:60:db:b3:9d:03:51:d7:7f:35:9c:af:58:f1:52:54:fe:
         fc:e5:39:b2:99:68:46:b7:a5:3b:25:61:ff:50:c9:86:8d:ff:
         f3:16:3a:c6:6f:b0:26:d5:02:b3:18:e5:bb:06:ba:e4:09:ba:
         7b:16:5e:64:ac:f4:fb:07:68:20:5a:81:1f:27:d2:76:82:7d:
         c7:48:3c:51:45:4f:13:ec:9f:08:ea:4f:d1:66:d1:fc:6b:11:
         4b:40:2d:2f:92:36:9a:4c:e0:8d:a5:57:d7:47:7a:07:01:53:
         29:e5:9b:3a:aa:e4:3e:b5:5b:8b:2c:6b:f9:68:ab:0d:19:f8:
         33:22:53:ad:aa:92:62:5a:95:3f:4f:c1:db:31:9f:4c:f5:89:
         b6:18:35:50
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWEVTMyHfZXZezHjSKIAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkNDliZDUwNmUtNDQ3Yy00OGU3LTlkNDQtNGIzNzNiMzVi
MmQzMB4XDTI0MDMyNTEzMDAzM1oXDTI0MDYyMzEzMDAzM1owLzEtMCsGA1UEAxMk
YjNhM2IwYjQtNjBiMy00ZjJkLWE3NDgtZmY1NTY5MGU3MDJmMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEA15R0IWZp6MEy6DkednSkE55Cpj9dSgJl5G3n
wG5UngA3xfJhwSfMkU7BD0EvvkSS/16+Wvlb5aLdAIJXo5sL7PgE8GAIQC8D4PCT
HN3iIvjRcl8GGYDWRNJ644986wu2oqAjXTRnFr5eP3Q1lUJtUF3MIYIAAcIF4E13
/LCs/carEQMesh1QscWqleyVwYjec1EQNeN9K9lppT8cJ7JAi1xScvOOLEeMb6Kc
3EMU8tLjDu8jA0mF3bUV9MOpwc/8bqa1m9NXfoLzPpDaKHYTYtUKY9FGaUG6CL1S
qdoa9NZvb9yvNHTJMg2j+lmMB0tXm0q1kuOILGG6T4BOYV97twIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFFwUdcfNVphDEKn1OnMyWwJukTBAMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy80OWJk
NTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3M2IzNWIyZDMvZTNjNmUwMDctZWE3Ni0z
M2RiLTk3ZmEtZGY1MTAzNGYzYjE4LnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy81MjFlYjMzZi05
NjcyLTRjZDktYWNjZS0xMzcyMjdlOTcxYWMvNDliZDUwNmUtNDQ3Yy00OGU3LTlk
NDQtNGIzNzNiMzViMmQzLzQ5YmQ1MDZlLTQ0N2MtNDhlNy05ZDQ0LTRiMzczYjM1
YjJkMy5jcmwwHwYDVR0jBBgwFoAUdwOJO4YyY/94LoeEDRI/xecTaOQwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzUyMWViMzNmLTk2NzItNGNk
OS1hY2NlLTEzNzIyN2U5NzFhYy80OWJkNTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3
M2IzNWIyZDMuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQG0VsAMFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBACfHEjnC+rZ7yIMnQ+qsvc++mKOftns3gC6xXzaZfRPxS9h1jKLSXnIv
n+alSfjUtI7WT+jjvgoLI4EJ/QnSmSUn3zDa2lUeIaY/FBG5ZbLTaYqlJkukRVrJ
xUvKrMS6irkyrxF1WpZPXGXPBNYlYNuznQNR1381nK9Y8VJU/vzlObKZaEa3pTsl
Yf9QyYaN//MWOsZvsCbVArMY5bsGuuQJunsWXmSs9PsHaCBagR8n0naCfcdIPFFF
TxPsnwjqT9Fm0fxrEUtALS+SNppM4I2lV9dHegcBUynlmzqq5D61W4ssa/loqw0Z
+DMiU62qkmJalT9Pwdsxn0z1ibYYNVA=
-----END CERTIFICATE-----
Generated at Tue Apr 15 11:15:14 2025 by rpki-client