Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/f639f2ac-d645-4aae-9b08-738d5297eda9/04a9cc2f-7e9c-3963-adff-24e9eba44e63.roa
File:                     04a9cc2f-7e9c-3963-adff-24e9eba44e63.roa (raw, json)
Hash identifier:          65CZdTpJJF3Ajs7nYt9tC+kQfr5h1Ab2h8kLw9/p/jU=
Subject key identifier:   DD:73:18:89:68:98:AB:B2:D4:46:0C:65:A2:54:C4:CA:EA:CE:94:D9
Certificate issuer:       /CN=f639f2ac-d645-4aae-9b08-738d5297eda9
Certificate serial:       010D0C9F43285846C68008BD1B705D2439C98580
Authority key identifier: 90:4E:88:BE:74:FA:85:78:7D:63:5D:8E:74:62:79:C1:32:38:B2:7C
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/f639f2ac-d645-4aae-9b08-738d5297eda9.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/f639f2ac-d645-4aae-9b08-738d5297eda9/04a9cc2f-7e9c-3963-adff-24e9eba44e63.roa
Signing time:             Mon 05 Aug 2024 13:00:39 +0000
ROA not before:           Mon 05 Aug 2024 13:00:39 +0000
ROA not after:            Sun 03 Nov 2024 14:00:39 +0000
asID:                     393949
IP address blocks:        192.67.222.0/24 maxlen: 24
                          192.195.251.0/24 maxlen: 24
                          2620:98:4000::/44 maxlen: 48
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:46:c6:80:08:bd:1b:70:5d:24:39:c9:85:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f639f2ac-d645-4aae-9b08-738d5297eda9
        Validity
            Not Before: Aug  5 13:00:39 2024 GMT
            Not After : Nov  3 14:00:39 2024 GMT
        Subject: CN=9f0f5057-a2c3-42f1-8641-e2c37ed83ee5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:5d:df:5c:0c:37:45:18:01:08:3a:d1:95:36:
                    3d:04:b8:3f:96:c3:7b:0b:75:f8:a7:73:fc:39:f7:
                    de:5f:47:2f:96:57:02:be:e4:c4:92:dd:23:8b:67:
                    80:95:38:f4:06:46:f1:35:a9:51:0f:d3:e8:fc:89:
                    00:2f:5b:9d:8c:21:e7:54:e3:bc:98:1d:92:50:50:
                    cd:98:75:17:86:98:a6:bf:f2:cd:0f:ec:8b:6c:1c:
                    a4:f6:5b:da:7b:2b:fd:72:2a:e5:e9:0f:35:b9:20:
                    99:27:e1:37:f4:cb:6e:00:8b:d0:93:b7:d7:67:ae:
                    6b:ce:ee:03:19:39:54:dc:85:ae:1d:d7:63:f9:7b:
                    2a:d1:7c:39:77:ba:01:d3:dc:c2:ba:bb:cf:7d:27:
                    1f:03:1e:c7:43:4d:5b:1a:2e:c7:78:c2:f6:5a:16:
                    03:4c:5f:51:f5:79:fb:fd:08:23:b9:a4:4c:b4:44:
                    47:40:09:42:d3:d9:65:f2:cd:ad:51:af:61:44:60:
                    85:de:e4:9e:a9:c0:8a:33:c7:c4:fa:63:31:ab:09:
                    eb:ea:31:8e:84:1c:d3:4c:e5:ae:b0:bc:26:ef:3d:
                    a7:0e:c3:7a:50:11:26:b7:bc:67:27:2a:61:3a:ff:
                    0a:55:2a:57:d5:86:88:84:b1:52:25:a3:da:c9:7c:
                    13:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:73:18:89:68:98:AB:B2:D4:46:0C:65:A2:54:C4:CA:EA:CE:94:D9
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/f639f2ac-d645-4aae-9b08-738d5297eda9/04a9cc2f-7e9c-3963-adff-24e9eba44e63.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/f639f2ac-d645-4aae-9b08-738d5297eda9/f639f2ac-d645-4aae-9b08-738d5297eda9.crl

            X509v3 Authority Key Identifier:
                keyid:90:4E:88:BE:74:FA:85:78:7D:63:5D:8E:74:62:79:C1:32:38:B2:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/f639f2ac-d645-4aae-9b08-738d5297eda9.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.67.222.0/24
                  192.195.251.0/24
                IPv6:
                  2620:98:4000::/44

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         74:a4:75:92:ef:c6:2c:03:ac:4f:6b:90:4f:ac:c1:04:c2:52:
         df:a1:dc:30:a2:10:d9:6f:78:84:bd:81:23:80:6a:e3:89:79:
         40:73:cc:32:49:6c:3d:9e:4c:4c:68:37:c6:57:5b:a6:05:82:
         67:21:65:23:d6:7d:6f:a6:71:4b:01:54:e7:45:52:8a:48:52:
         64:fb:d4:60:9c:4e:36:cc:6d:0b:97:39:62:b5:50:4c:2f:b4:
         20:f8:3c:63:1a:79:23:f7:31:2c:c4:60:02:b4:d1:45:7c:da:
         30:6f:ac:e0:0e:b9:a4:d0:96:b6:3a:fe:26:77:a5:09:ac:69:
         e7:f3:9c:db:9b:4e:38:be:25:ae:17:3c:42:1a:77:16:e8:ad:
         4c:73:fa:ca:6a:cc:1f:1f:8e:1e:cc:1f:69:9b:5b:6e:f5:86:
         a2:ca:e8:ff:ae:b9:7a:c5:71:bd:44:bf:41:46:1d:78:60:c4:
         02:77:02:ca:28:10:22:78:79:61:1f:e2:dc:d8:ca:e8:fe:f7:
         38:55:37:d1:86:d3:18:fb:d1:dd:37:70:31:c4:4e:02:5f:03:
         93:a5:e6:16:95:a0:6b:85:af:dd:ed:14:0c:cf:e3:0f:56:5c:
         07:82:ce:d2:a3:65:90:22:e7:90:b3:9b:11:0c:0a:33:8f:72:
         67:c2:5c:b1
-----BEGIN CERTIFICATE-----
MIIGWjCCBUKgAwIBAgIUAQ0Mn0MoWEbGgAi9G3BdJDnJhYAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkZjYzOWYyYWMtZDY0NS00YWFlLTliMDgtNzM4ZDUyOTdl
ZGE5MB4XDTI0MDgwNTEzMDAzOVoXDTI0MTEwMzE0MDAzOVowLzEtMCsGA1UEAxMk
OWYwZjUwNTctYTJjMy00MmYxLTg2NDEtZTJjMzdlZDgzZWU1MIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAml3fXAw3RRgBCDrRlTY9BLg/lsN7C3X4p3P8
OffeX0cvllcCvuTEkt0ji2eAlTj0BkbxNalRD9Po/IkAL1udjCHnVOO8mB2SUFDN
mHUXhpimv/LND+yLbByk9lvaeyv9cirl6Q81uSCZJ+E39MtuAIvQk7fXZ65rzu4D
GTlU3IWuHddj+Xsq0Xw5d7oB09zCurvPfScfAx7HQ01bGi7HeML2WhYDTF9R9Xn7
/QgjuaRMtERHQAlC09ll8s2tUa9hRGCF3uSeqcCKM8fE+mMxqwnr6jGOhBzTTOWu
sLwm7z2nDsN6UBEmt7xnJyphOv8KVSpX1YaIhLFSJaPayXwTCQIDAQABo4IDbDCC
A2gwHQYDVR0OBBYEFN1zGIlomKuy1EYMZaJUxMrqzpTZMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzc0NmUwMTExLWZhZmItNDMwZi1iNzc4LWQyMDRjZmNkOTlhOC9mNjM5
ZjJhYy1kNjQ1LTRhYWUtOWIwOC03MzhkNTI5N2VkYTkvMDRhOWNjMmYtN2U5Yy0z
OTYzLWFkZmYtMjRlOWViYTQ0ZTYzLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy83NDZlMDExMS1m
YWZiLTQzMGYtYjc3OC1kMjA0Y2ZjZDk5YTgvZjYzOWYyYWMtZDY0NS00YWFlLTli
MDgtNzM4ZDUyOTdlZGE5L2Y2MzlmMmFjLWQ2NDUtNGFhZS05YjA4LTczOGQ1Mjk3
ZWRhOS5jcmwwHwYDVR0jBBgwFoAUkE6IvnT6hXh9Y12OdGJ5wTI4snwwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzc0NmUwMTExLWZhZmItNDMw
Zi1iNzc4LWQyMDRjZmNkOTlhOC9mNjM5ZjJhYy1kNjQ1LTRhYWUtOWIwOC03Mzhk
NTI5N2VkYTkuY2VyMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQAwEPeAwQA
wMP7MA8EAgACMAkDBwQmIACYQAAwVAYDVR0gAQH/BEowSDBGBggrBgEFBQcOAjA6
MDgGCCsGAQUFBwIBFixodHRwczovL3d3dy5hcmluLm5ldC9yZXNvdXJjZXMvcnBr
aS9jcHMuaHRtbDANBgkqhkiG9w0BAQsFAAOCAQEAdKR1ku/GLAOsT2uQT6zBBMJS
36HcMKIQ2W94hL2BI4Bq44l5QHPMMklsPZ5MTGg3xldbpgWCZyFlI9Z9b6ZxSwFU
50VSikhSZPvUYJxONsxtC5c5YrVQTC+0IPg8Yxp5I/cxLMRgArTRRXzaMG+s4A65
pNCWtjr+JnelCaxp5/Oc25tOOL4lrhc8Qhp3FuitTHP6ymrMHx+OHswfaZtbbvWG
osro/665esVxvUS/QUYdeGDEAncCyigQInh5YR/i3NjK6P73OFU30YbTGPvR3Tdw
McROAl8Dk6XmFpWga4Wv3e0UDM/jD1ZcB4LO0qNlkCLnkLObEQwKM49yZ8JcsQ==
-----END CERTIFICATE-----