Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/53ee2d2b-5a77-4db4-8fbd-85e75401cae6/9e3d798c-e543-358c-9ca7-9fb48e1f9230.roa
File:                     9e3d798c-e543-358c-9ca7-9fb48e1f9230.roa (raw, json)
Hash identifier:          8oYAQRaYcla1whjMq4Z8fKhuh95lUbcyPNcuYiWW5f0=
Subject key identifier:   71:24:24:61:F0:AD:D4:E3:3E:7C:55:96:C8:F3:20:E9:21:35:B7:B8
Certificate issuer:       /CN=53ee2d2b-5a77-4db4-8fbd-85e75401cae6
Certificate serial:       010D0C9F43285838AEC37F1BC5DC4C6FB937E700
Authority key identifier: 31:57:93:9D:40:13:B3:6B:9F:E6:FB:23:B2:E3:4A:75:C5:F3:7C:6F
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/53ee2d2b-5a77-4db4-8fbd-85e75401cae6.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/53ee2d2b-5a77-4db4-8fbd-85e75401cae6/9e3d798c-e543-358c-9ca7-9fb48e1f9230.roa
Signing time:             Fri 15 May 2020 04:00:00 +0000
ROA not before:           Fri 15 May 2020 04:00:00 +0000
ROA not after:            Tue 25 Apr 2023 04:00:00 +0000
asID:                     395662
IP address blocks:        167.224.128.0/17 maxlen: 24
                          170.10.176.0/20 maxlen: 24
                          170.199.160.0/19 maxlen: 24
                          2603:a000::/24 maxlen: 32
                          2607:cb80::/32 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:38:ae:c3:7f:1b:c5:dc:4c:6f:b9:37:e7:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=53ee2d2b-5a77-4db4-8fbd-85e75401cae6
        Validity
            Not Before: May 15 04:00:00 2020 GMT
            Not After : Apr 25 04:00:00 2023 GMT
        Subject: CN=c7c4d0f2-ff2c-44b6-a4db-ccf4a9b99cb6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:5b:bf:bf:6c:33:a1:4a:3e:d1:ce:98:15:40:
                    47:39:dc:89:35:bc:0a:29:e3:98:17:aa:25:ba:47:
                    c3:91:c8:60:a2:9f:09:5c:ca:a9:2e:5b:ad:54:8d:
                    5e:54:ad:0d:4b:07:0c:0f:62:ef:c5:af:84:eb:ee:
                    32:24:5f:a4:18:1e:f7:7a:40:e9:b5:c1:43:33:33:
                    a2:c0:1d:7b:06:54:50:17:7a:a9:39:98:cd:cf:e8:
                    8a:fa:52:2c:e3:59:a3:ae:b2:27:03:be:56:9d:c0:
                    a9:56:39:7e:32:df:7d:9d:7b:52:4f:cc:51:a8:d5:
                    7c:4e:b5:84:7c:13:cb:83:74:45:94:62:e1:8f:ed:
                    ec:f2:d4:12:02:96:5f:27:2e:f1:bc:b5:bc:ab:4c:
                    a6:b1:0e:60:9c:72:f3:39:8d:19:87:5c:83:fa:57:
                    a0:b2:88:a5:97:00:a9:65:bb:ff:b7:00:0f:d0:28:
                    7a:de:f7:83:ef:da:c7:ec:d8:db:16:be:6d:d6:17:
                    9d:11:3f:4f:c0:ca:a0:65:ed:d2:2b:a8:b5:4b:1f:
                    ee:40:d5:89:3e:ca:e4:73:13:7b:bd:66:68:be:0d:
                    24:a2:fc:67:e1:bb:84:65:93:77:39:70:af:01:b2:
                    d5:63:bf:8e:80:2f:03:3a:02:ce:0f:1c:1c:21:4c:
                    b1:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:24:24:61:F0:AD:D4:E3:3E:7C:55:96:C8:F3:20:E9:21:35:B7:B8
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/53ee2d2b-5a77-4db4-8fbd-85e75401cae6/9e3d798c-e543-358c-9ca7-9fb48e1f9230.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/53ee2d2b-5a77-4db4-8fbd-85e75401cae6/53ee2d2b-5a77-4db4-8fbd-85e75401cae6.crl

            X509v3 Authority Key Identifier:
                keyid:31:57:93:9D:40:13:B3:6B:9F:E6:FB:23:B2:E3:4A:75:C5:F3:7C:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/53ee2d2b-5a77-4db4-8fbd-85e75401cae6.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  167.224.128.0/17
                  170.10.176.0/20
                  170.199.160.0/19
                IPv6:
                  2603:a000::/24
                  2607:cb80::/32

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         97:aa:9f:c5:70:61:d4:29:0a:ad:36:a9:47:71:f7:8b:37:83:
         b2:ee:19:f5:57:9d:50:63:ea:67:88:55:da:14:07:de:3a:c4:
         d0:9b:ee:f5:2b:e5:23:78:b8:4b:3b:1d:0c:c5:d9:c5:63:ab:
         79:e8:60:52:01:3a:9e:59:29:ce:e1:44:57:e2:9c:eb:89:22:
         32:38:4f:af:51:82:31:5e:06:98:ad:f6:ac:58:22:ba:9e:ca:
         0b:f3:02:2a:bd:f7:ef:05:37:f5:95:46:50:16:14:b5:e6:17:
         c5:ad:37:f6:8d:29:3a:70:98:ba:a9:63:07:59:8e:93:66:28:
         87:60:52:a3:8c:92:44:34:76:d0:ce:65:4c:3b:3a:f2:eb:0c:
         0f:08:99:c1:3a:84:cd:67:86:80:6d:24:b0:e3:7b:82:ce:66:
         99:6e:89:0d:bc:ac:61:c4:3b:a4:51:61:fb:de:f0:f1:2d:94:
         0a:97:4e:01:43:30:45:52:64:cf:7f:d3:56:0b:ba:f2:14:eb:
         a9:da:e0:0d:06:b3:bd:53:bb:08:eb:ce:ea:78:29:9b:3f:b8:
         ff:e5:c8:e4:f5:06:e3:6d:94:08:bb:9c:58:e7:6e:9d:e9:9b:
         e5:0d:60:19:6c:55:6c:22:59:6b:10:3d:47:6a:85:49:6c:38:
         88:58:7b:df
-----BEGIN CERTIFICATE-----
MIIGZDCCBUygAwIBAgIUAQ0Mn0MoWDiuw38bxdxMb7k35wAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkNTNlZTJkMmItNWE3Ny00ZGI0LThmYmQtODVlNzU0MDFj
YWU2MB4XDTIwMDUxNTA0MDAwMFoXDTIzMDQyNTA0MDAwMFowLzEtMCsGA1UEAxMk
YzdjNGQwZjItZmYyYy00NGI2LWE0ZGItY2NmNGE5Yjk5Y2I2MIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmVu/v2wzoUo+0c6YFUBHOdyJNbwKKeOYF6ol
ukfDkchgop8JXMqpLlutVI1eVK0NSwcMD2Lvxa+E6+4yJF+kGB73ekDptcFDMzOi
wB17BlRQF3qpOZjNz+iK+lIs41mjrrInA75WncCpVjl+Mt99nXtST8xRqNV8TrWE
fBPLg3RFlGLhj+3s8tQSApZfJy7xvLW8q0ymsQ5gnHLzOY0Zh1yD+legsoillwCp
Zbv/twAP0Ch63veD79rH7NjbFr5t1hedET9PwMqgZe3SK6i1Sx/uQNWJPsrkcxN7
vWZovg0kovxn4buEZZN3OXCvAbLVY7+OgC8DOgLODxwcIUyxBwIDAQABo4IDdjCC
A3IwHQYDVR0OBBYEFHEkJGHwrdTjPnxVlsjzIOkhNbe4MIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzc0NmUwMTExLWZhZmItNDMwZi1iNzc4LWQyMDRjZmNkOTlhOC81M2Vl
MmQyYi01YTc3LTRkYjQtOGZiZC04NWU3NTQwMWNhZTYvOWUzZDc5OGMtZTU0My0z
NThjLTljYTctOWZiNDhlMWY5MjMwLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy83NDZlMDExMS1m
YWZiLTQzMGYtYjc3OC1kMjA0Y2ZjZDk5YTgvNTNlZTJkMmItNWE3Ny00ZGI0LThm
YmQtODVlNzU0MDFjYWU2LzUzZWUyZDJiLTVhNzctNGRiNC04ZmJkLTg1ZTc1NDAx
Y2FlNi5jcmwwHwYDVR0jBBgwFoAUMVeTnUATs2uf5vsjsuNKdcXzfG8wDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzc0NmUwMTExLWZhZmItNDMw
Zi1iNzc4LWQyMDRjZmNkOTlhOC81M2VlMmQyYi01YTc3LTRkYjQtOGZiZC04NWU3
NTQwMWNhZTYuY2VyMEAGCCsGAQUFBwEHAQH/BDEwLzAYBAIAATASAwQHp+CAAwQE
qgqwAwQFqsegMBMEAgACMA0DBAAmA6ADBQAmB8uAMFQGA1UdIAEB/wRKMEgwRgYI
KwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93d3cuYXJpbi5uZXQvcmVz
b3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQELBQADggEBAJeqn8VwYdQp
Cq02qUdx94s3g7LuGfVXnVBj6meIVdoUB946xNCb7vUr5SN4uEs7HQzF2cVjq3no
YFIBOp5ZKc7hRFfinOuJIjI4T69RgjFeBpit9qxYIrqeygvzAiq99+8FN/WVRlAW
FLXmF8WtN/aNKTpwmLqpYwdZjpNmKIdgUqOMkkQ0dtDOZUw7OvLrDA8ImcE6hM1n
hoBtJLDje4LOZpluiQ28rGHEO6RRYfve8PEtlAqXTgFDMEVSZM9/01YLuvIU66na
4A0Gs71Tuwjrzup4KZs/uP/lyOT1BuNtlAi7nFjnbp3pm+UNYBlsVWwiWWsQPUdq
hUlsOIhYe98=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:42:28 2024 by rpki-client on console-ams.rpki-client.org