Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/8231077d-0559-4e7a-9cdf-fe00a512ab5c/f1fd885d-51d5-3550-bb28-48093efaa132.roa
File:                     f1fd885d-51d5-3550-bb28-48093efaa132.roa (raw, json)
Hash identifier:          L7ZWzaXbQp7VmZFd4vvCELFx7wmIiDZpLquJ++JCSvE=
Subject key identifier:   75:EC:9B:F8:EF:6E:DC:06:53:98:F3:5B:08:95:4E:09:4F:17:04:56
Certificate issuer:       /CN=8231077d-0559-4e7a-9cdf-fe00a512ab5c
Certificate serial:       010D0C9F43285843157F42F8B1B5430ECFBFCC00
Authority key identifier: 27:57:42:AE:CA:A8:23:ED:C1:20:5C:9F:F0:23:65:5D:05:65:FB:76
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/8231077d-0559-4e7a-9cdf-fe00a512ab5c.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/8231077d-0559-4e7a-9cdf-fe00a512ab5c/f1fd885d-51d5-3550-bb28-48093efaa132.roa
Signing time:             Sat 02 Sep 2023 01:00:27 +0000
ROA not before:           Sat 02 Sep 2023 01:00:27 +0000
ROA not after:            Fri 01 Dec 2023 02:00:27 +0000
asID:                     198949
IP address blocks:        199.64.75.0/24 maxlen: 24
                          199.64.78.0/23 maxlen: 23
                          199.64.221.0/24 maxlen: 24
                          199.64.222.0/24 maxlen: 24
                          199.64.124.0/24 maxlen: 24
                          199.64.99.0/24 maxlen: 24
                          199.62.28.0/23 maxlen: 23
                          199.62.32.0/21 maxlen: 21
                          199.62.24.0/22 maxlen: 22
                          199.64.7.0/24 maxlen: 24
                          199.64.0.0/24 maxlen: 24
                          199.61.16.0/20 maxlen: 20
                          199.63.142.0/24 maxlen: 24
                          199.62.60.0/22 maxlen: 22
                          199.64.73.0/24 maxlen: 24
                          199.64.74.0/24 maxlen: 24
                          199.64.13.0/24 maxlen: 24
                          199.64.6.0/24 maxlen: 24
                          199.64.72.0/24 maxlen: 24
                          199.64.40.0/24 maxlen: 24
                          199.64.220.0/24 maxlen: 24
                          199.64.172.0/22 maxlen: 22
                          199.64.176.0/22 maxlen: 22
                          199.64.196.0/22 maxlen: 22
                          199.64.219.0/24 maxlen: 24
                          199.62.111.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:43:15:7f:42:f8:b1:b5:43:0e:cf:bf:cc:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8231077d-0559-4e7a-9cdf-fe00a512ab5c
        Validity
            Not Before: Sep  2 01:00:27 2023 GMT
            Not After : Dec  1 02:00:27 2023 GMT
        Subject: CN=6a5c83fb-bff6-426b-b1a7-79368abee194
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:1e:39:56:be:59:ba:96:63:6f:a7:de:5d:32:
                    6e:f8:6a:92:db:cc:94:03:b5:74:7f:44:c3:0f:a6:
                    31:6f:c7:54:9e:40:d1:98:80:eb:c1:c6:74:5b:cf:
                    d0:dd:d1:2d:2b:09:78:74:50:0e:3e:56:04:de:03:
                    89:b6:6b:73:49:b4:43:4a:24:29:be:7b:dc:a0:ff:
                    6f:52:de:1a:59:60:2d:07:87:c9:dc:36:51:c6:16:
                    87:cd:84:3a:86:51:8b:95:0f:c0:5d:2d:cb:10:02:
                    e3:5e:2a:99:82:0b:e6:63:37:44:70:04:d3:70:52:
                    41:46:4f:f2:4a:74:0c:91:a1:31:92:fd:4f:fd:86:
                    97:82:c3:81:26:3e:fa:a2:ab:ed:f3:06:f4:89:1a:
                    d5:f2:d4:10:8b:25:10:50:ad:a4:34:41:96:dd:29:
                    4e:8c:10:02:5f:70:1b:b6:dd:6a:4e:3e:9a:8e:18:
                    76:5f:a4:a5:3b:f2:cb:bd:d0:c3:b0:6d:1a:0a:2e:
                    68:ae:72:3f:3f:3b:aa:c6:db:ba:4b:b1:91:67:62:
                    b9:b8:79:76:ee:c1:ef:43:19:18:94:d6:10:3d:e3:
                    bb:b4:21:23:4d:ee:eb:03:82:25:49:75:aa:d8:b2:
                    d4:8e:2a:f7:1d:f6:a0:d9:3c:98:58:1c:41:4b:a3:
                    b1:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:EC:9B:F8:EF:6E:DC:06:53:98:F3:5B:08:95:4E:09:4F:17:04:56
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/8231077d-0559-4e7a-9cdf-fe00a512ab5c/f1fd885d-51d5-3550-bb28-48093efaa132.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/8231077d-0559-4e7a-9cdf-fe00a512ab5c/8231077d-0559-4e7a-9cdf-fe00a512ab5c.crl

            X509v3 Authority Key Identifier:
                keyid:27:57:42:AE:CA:A8:23:ED:C1:20:5C:9F:F0:23:65:5D:05:65:FB:76

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/8231077d-0559-4e7a-9cdf-fe00a512ab5c.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.61.16.0/20
                  199.62.24.0-199.62.29.255
                  199.62.32.0/21
                  199.62.60.0/22
                  199.62.111.0/24
                  199.63.142.0/24
                  199.64.0.0/24
                  199.64.6.0/23
                  199.64.13.0/24
                  199.64.40.0/24
                  199.64.72.0/22
                  199.64.78.0/23
                  199.64.99.0/24
                  199.64.124.0/24
                  199.64.172.0-199.64.179.255
                  199.64.196.0/22
                  199.64.219.0-199.64.222.255

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         a0:4b:b9:0f:06:09:96:ff:c4:c7:fa:45:6d:dc:b1:a4:f5:28:
         d4:c6:6c:cc:69:f3:a2:97:79:bb:02:c3:21:0b:7e:d1:d8:ae:
         eb:cf:6d:35:12:4f:6c:1e:30:31:c8:ad:76:1d:a3:b3:20:96:
         a7:54:3d:4e:80:9d:fc:c8:94:78:2e:4c:80:2e:e3:ec:a9:75:
         8d:ca:a1:30:d6:02:cf:f3:ff:45:37:77:dd:03:95:e8:16:9e:
         db:8c:33:e4:1a:2c:2b:96:20:3a:58:e3:2b:5c:c1:04:fb:a0:
         fb:e5:72:47:0b:f4:0d:27:e9:e1:70:b7:89:c0:a3:f4:98:ef:
         b4:ee:4b:62:69:14:e8:5d:94:a7:69:3b:2a:17:c0:3e:d3:5f:
         cd:b8:c0:53:8d:6d:25:80:bf:ac:5f:26:71:28:75:6c:a1:ce:
         5a:0d:e8:b4:ae:b8:9f:6d:05:c4:c4:19:1a:cc:fb:5e:c0:79:
         5e:d8:2a:81:2b:35:6b:0a:0d:a1:e2:37:72:36:ab:ac:4c:55:
         b8:85:25:aa:ac:80:dc:68:b4:67:96:5c:e5:5c:48:d0:a0:6a:
         9c:2f:d3:58:cc:32:29:86:1a:22:7f:41:3d:8c:76:3c:51:f8:
         aa:c9:08:22:ef:bc:4e:38:18:22:87:47:86:c4:1f:2b:6a:30:
         29:8d:6a:cd
-----BEGIN CERTIFICATE-----
MIIGvzCCBaegAwIBAgIUAQ0Mn0MoWEMVf0L4sbVDDs+/zAAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkODIzMTA3N2QtMDU1OS00ZTdhLTljZGYtZmUwMGE1MTJh
YjVjMB4XDTIzMDkwMjAxMDAyN1oXDTIzMTIwMTAyMDAyN1owLzEtMCsGA1UEAxMk
NmE1YzgzZmItYmZmNi00MjZiLWIxYTctNzkzNjhhYmVlMTk0MIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEArh45Vr5ZupZjb6feXTJu+GqS28yUA7V0f0TD
D6Yxb8dUnkDRmIDrwcZ0W8/Q3dEtKwl4dFAOPlYE3gOJtmtzSbRDSiQpvnvcoP9v
Ut4aWWAtB4fJ3DZRxhaHzYQ6hlGLlQ/AXS3LEALjXiqZggvmYzdEcATTcFJBRk/y
SnQMkaExkv1P/YaXgsOBJj76oqvt8wb0iRrV8tQQiyUQUK2kNEGW3SlOjBACX3Ab
tt1qTj6ajhh2X6SlO/LLvdDDsG0aCi5ornI/Pzuqxtu6S7GRZ2K5uHl27sHvQxkY
lNYQPeO7tCEjTe7rA4IlSXWq2LLUjir3Hfag2TyYWBxBS6OxpwIDAQABo4ID0TCC
A80wHQYDVR0OBBYEFHXsm/jvbtwGU5jzWwiVTglPFwRWMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy84MjMx
MDc3ZC0wNTU5LTRlN2EtOWNkZi1mZTAwYTUxMmFiNWMvZjFmZDg4NWQtNTFkNS0z
NTUwLWJiMjgtNDgwOTNlZmFhMTMyLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy81MjFlYjMzZi05
NjcyLTRjZDktYWNjZS0xMzcyMjdlOTcxYWMvODIzMTA3N2QtMDU1OS00ZTdhLTlj
ZGYtZmUwMGE1MTJhYjVjLzgyMzEwNzdkLTA1NTktNGU3YS05Y2RmLWZlMDBhNTEy
YWI1Yy5jcmwwHwYDVR0jBBgwFoAUJ1dCrsqoI+3BIFyf8CNlXQVl+3YwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzUyMWViMzNmLTk2NzItNGNk
OS1hY2NlLTEzNzIyN2U5NzFhYy84MjMxMDc3ZC0wNTU5LTRlN2EtOWNkZi1mZTAw
YTUxMmFiNWMuY2VyMIGaBggrBgEFBQcBBwEB/wSBijCBhzCBhAQCAAEwfgMEBMc9
EDAMAwQDxz4YAwQBxz4cAwQDxz4gAwQCxz48AwQAxz5vAwQAxz+OAwQAx0AAAwQB
x0AGAwQAx0ANAwQAx0AoAwQCx0BIAwQBx0BOAwQAx0BjAwQAx0B8MAwDBALHQKwD
BALHQLADBALHQMQwDAMEAMdA2wMEAMdA3jBUBgNVHSABAf8ESjBIMEYGCCsGAQUF
Bw4CMDowOAYIKwYBBQUHAgEWLGh0dHBzOi8vd3d3LmFyaW4ubmV0L3Jlc291cmNl
cy9ycGtpL2Nwcy5odG1sMA0GCSqGSIb3DQEBCwUAA4IBAQCgS7kPBgmW/8TH+kVt
3LGk9SjUxmzMafOil3m7AsMhC37R2K7rz201Ek9sHjAxyK12HaOzIJanVD1OgJ38
yJR4LkyALuPsqXWNyqEw1gLP8/9FN3fdA5XoFp7bjDPkGiwrliA6WOMrXMEE+6D7
5XJHC/QNJ+nhcLeJwKP0mO+07ktiaRToXZSnaTsqF8A+01/NuMBTjW0lgL+sXyZx
KHVsoc5aDei0rrifbQXExBkazPtewHle2CqBKzVrCg2h4jdyNqusTFW4hSWqrIDc
aLRnllzlXEjQoGqcL9NYzDIphhoif0E9jHY8UfiqyQgi77xOOBgih0eGxB8rajAp
jWrN
-----END CERTIFICATE-----
Generated at Fri Sep 29 20:01:51 2023 by rpki-client on console-fra.rpki-client.org