Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/e85fa662-3681-354d-8c06-cfa90400f3ec.roa
File:                     e85fa662-3681-354d-8c06-cfa90400f3ec.roa (raw, json)
Hash identifier:          1YijjkJBPZLDJiXgIGlqSbzG5Ru8iN6xExjslWR0oP8=
Subject key identifier:   48:87:23:95:41:EC:0C:8D:BE:02:FC:6C:FE:91:B1:E9:4B:5B:58:78
Certificate issuer:       /CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
Certificate serial:       010D0C9F4328584553332509CE81DE39AC05E400
Authority key identifier: 77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/e85fa662-3681-354d-8c06-cfa90400f3ec.roa
Signing time:             Mon 25 Mar 2024 13:00:33 +0000
ROA not before:           Mon 25 Mar 2024 13:00:33 +0000
ROA not after:            Sun 23 Jun 2024 13:00:33 +0000
asID:                     7029
IP address blocks:        209.109.192.0/19 maxlen: 19
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:45:53:33:25:09:ce:81:de:39:ac:05:e4:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
        Validity
            Not Before: Mar 25 13:00:33 2024 GMT
            Not After : Jun 23 13:00:33 2024 GMT
        Subject: CN=10926740-6198-4022-9886-c77d140ad7ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:1c:c2:17:cd:dd:0a:d2:57:08:aa:59:2f:96:
                    90:fc:25:d8:3e:16:32:f3:1c:bb:16:d3:d8:a5:56:
                    7f:2e:ac:d3:d9:f9:d1:e5:ed:a2:0a:29:73:d3:fb:
                    79:8c:a5:32:ec:0c:dc:20:7b:39:85:d6:9d:e4:c5:
                    d7:74:0f:a5:41:fd:9b:c3:18:35:52:61:e4:e4:e4:
                    02:80:69:f0:fd:68:2d:d3:df:0e:46:b9:75:05:9b:
                    de:e7:02:42:d5:09:ec:40:86:df:fd:9a:bd:b8:3b:
                    ac:1a:6b:32:8a:40:ac:48:ba:54:ed:65:2e:f7:5e:
                    4b:46:83:dc:88:be:d7:3c:eb:b7:02:87:2a:ed:e3:
                    71:70:e2:18:ed:41:8e:01:d8:10:51:eb:54:6d:65:
                    b0:6c:fd:ab:99:ed:d7:60:aa:ab:82:cf:61:b9:b4:
                    90:39:c7:9e:33:80:49:79:38:c1:43:6c:f3:fb:22:
                    9b:97:d2:50:a9:42:57:41:8a:dd:dc:0c:8c:7e:66:
                    f9:66:8d:3b:52:5c:d4:6c:c7:6d:1f:68:f9:61:63:
                    e5:bf:73:e4:2a:8f:d1:82:c4:b5:b6:aa:86:e9:8b:
                    ca:3a:93:7b:b0:1e:59:d7:3b:6b:56:53:b4:37:be:
                    20:27:96:b5:90:16:8f:b1:ad:c9:b4:07:62:79:43:
                    b2:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:87:23:95:41:EC:0C:8D:BE:02:FC:6C:FE:91:B1:E9:4B:5B:58:78
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/e85fa662-3681-354d-8c06-cfa90400f3ec.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/49bd506e-447c-48e7-9d44-4b373b35b2d3.crl

            X509v3 Authority Key Identifier:
                keyid:77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  209.109.192.0/19

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         92:6c:b9:9d:a3:91:ad:50:99:08:30:72:74:21:f8:32:49:1c:
         76:0d:7a:4b:76:60:24:f2:44:cd:d9:20:33:bc:98:db:6a:71:
         8f:e6:d4:b4:50:e8:61:dd:d7:9b:c5:c8:90:a2:c8:fe:f4:6b:
         ed:4f:2f:85:15:a0:4e:e8:cd:22:55:31:af:6f:85:af:e9:08:
         f0:51:41:15:02:96:71:42:81:19:11:45:6c:b2:21:58:c0:b9:
         d5:a7:36:6d:20:48:12:03:09:2c:b5:85:3d:14:a9:84:91:bb:
         4b:5b:42:9c:34:e3:2f:e4:be:bb:d8:9c:be:79:df:1f:b3:98:
         f5:0d:62:7f:5e:87:0c:0a:27:45:83:7f:73:07:8e:b8:85:96:
         0d:fa:ff:dc:29:7f:6a:2e:aa:bb:68:ab:de:13:74:db:dd:1a:
         d7:8a:9c:da:d9:d0:6c:80:a3:7c:ec:f2:16:35:46:7c:12:a2:
         c8:12:e3:70:9c:d9:8a:9e:a4:b2:a5:95:df:cd:29:1f:39:46:
         17:76:b0:ef:0f:02:ed:1f:df:e1:d9:af:d9:fa:7c:ec:ab:da:
         c0:cb:76:c2:07:e4:0d:8c:fd:19:89:00:cb:cf:c5:d7:a6:e8:
         84:eb:f6:7d:68:49:9c:ef:5c:5c:a1:b2:c0:52:57:47:95:14:
         c0:ab:70:fd
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWEVTMyUJzoHeOawF5AAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkNDliZDUwNmUtNDQ3Yy00OGU3LTlkNDQtNGIzNzNiMzVi
MmQzMB4XDTI0MDMyNTEzMDAzM1oXDTI0MDYyMzEzMDAzM1owLzEtMCsGA1UEAxMk
MTA5MjY3NDAtNjE5OC00MDIyLTk4ODYtYzc3ZDE0MGFkN2ZmMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2xzCF83dCtJXCKpZL5aQ/CXYPhYy8xy7FtPY
pVZ/LqzT2fnR5e2iCilz0/t5jKUy7AzcIHs5hdad5MXXdA+lQf2bwxg1UmHk5OQC
gGnw/Wgt098ORrl1BZve5wJC1QnsQIbf/Zq9uDusGmsyikCsSLpU7WUu915LRoPc
iL7XPOu3Aocq7eNxcOIY7UGOAdgQUetUbWWwbP2rme3XYKqrgs9hubSQOceeM4BJ
eTjBQ2zz+yKbl9JQqUJXQYrd3AyMfmb5Zo07UlzUbMdtH2j5YWPlv3PkKo/RgsS1
tqqG6YvKOpN7sB5Z1ztrVlO0N74gJ5a1kBaPsa3JtAdieUOy0QIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFEiHI5VB7AyNvgL8bP6RselLW1h4MIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy80OWJk
NTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3M2IzNWIyZDMvZTg1ZmE2NjItMzY4MS0z
NTRkLThjMDYtY2ZhOTA0MDBmM2VjLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy81MjFlYjMzZi05
NjcyLTRjZDktYWNjZS0xMzcyMjdlOTcxYWMvNDliZDUwNmUtNDQ3Yy00OGU3LTlk
NDQtNGIzNzNiMzViMmQzLzQ5YmQ1MDZlLTQ0N2MtNDhlNy05ZDQ0LTRiMzczYjM1
YjJkMy5jcmwwHwYDVR0jBBgwFoAUdwOJO4YyY/94LoeEDRI/xecTaOQwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzUyMWViMzNmLTk2NzItNGNk
OS1hY2NlLTEzNzIyN2U5NzFhYy80OWJkNTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3
M2IzNWIyZDMuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQF0W3AMFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBAJJsuZ2jka1QmQgwcnQh+DJJHHYNekt2YCTyRM3ZIDO8mNtqcY/m1LRQ
6GHd15vFyJCiyP70a+1PL4UVoE7ozSJVMa9vha/pCPBRQRUClnFCgRkRRWyyIVjA
udWnNm0gSBIDCSy1hT0UqYSRu0tbQpw04y/kvrvYnL553x+zmPUNYn9ehwwKJ0WD
f3MHjriFlg36/9wpf2ouqrtoq94TdNvdGteKnNrZ0GyAo3zs8hY1RnwSosgS43Cc
2YqepLKlld/NKR85Rhd2sO8PAu0f3+HZr9n6fOyr2sDLdsIH5A2M/RmJAMvPxdem
6ITr9n1oSZzvXFyhssBSV0eVFMCrcP0=
-----END CERTIFICATE-----
Generated at Sat Apr 12 00:02:46 2025 by rpki-client