Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/f80f9298-8029-4285-89d7-27308341b2e0/ed08e1e9-4b0b-3057-934a-b18e5d474afb.roa
File:                     ed08e1e9-4b0b-3057-934a-b18e5d474afb.roa (raw, json)
Hash identifier:          k08mt311FaPDfaLLHtdetJ/ZPjbg8hShKKp72lqFnj0=
Subject key identifier:   48:0F:96:FB:71:1D:E7:C4:C1:AE:8F:94:E7:E1:5A:F2:8E:6E:D4:88
Certificate issuer:       /CN=f80f9298-8029-4285-89d7-27308341b2e0
Certificate serial:       010D0C9F43285847362B4BF06689904CD406C580
Authority key identifier: 67:6F:DF:98:DD:C5:B2:D6:A7:9F:9F:CF:0E:49:5C:38:64:D1:44:E7
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/f80f9298-8029-4285-89d7-27308341b2e0.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/f80f9298-8029-4285-89d7-27308341b2e0/ed08e1e9-4b0b-3057-934a-b18e5d474afb.roa
Signing time:             Sat 14 Sep 2024 13:00:41 +0000
ROA not before:           Sat 14 Sep 2024 13:00:41 +0000
ROA not after:            Fri 13 Dec 2024 14:00:41 +0000
asID:                     2639
IP address blocks:        160.32.128.0/18 maxlen: 24
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:47:36:2b:4b:f0:66:89:90:4c:d4:06:c5:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f80f9298-8029-4285-89d7-27308341b2e0
        Validity
            Not Before: Sep 14 13:00:41 2024 GMT
            Not After : Dec 13 14:00:41 2024 GMT
        Subject: CN=173ef3a8-eb25-4338-9f41-a6e460696cbd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:81:44:8b:84:69:18:95:97:d3:10:50:b9:96:
                    d4:6f:a5:41:9a:f4:e6:62:76:d7:19:e0:9c:74:d7:
                    b1:2b:01:46:b0:b7:ff:6a:dc:b8:bf:1b:fc:6b:55:
                    c0:de:b0:17:f8:64:6a:e4:83:21:f6:6d:7c:2c:8a:
                    df:d9:d2:ab:e3:fc:93:c1:29:87:db:62:b4:0a:b2:
                    84:bb:ca:e3:a4:f2:f7:ee:ad:8d:6d:27:22:5d:0b:
                    03:13:a4:47:28:ce:1e:76:98:76:3e:d3:a1:eb:db:
                    23:67:00:ae:c2:31:20:52:06:98:f3:3d:87:29:d4:
                    ec:8f:3b:91:23:9f:e5:c0:4d:12:86:72:e1:ff:c9:
                    10:55:c4:b4:e1:3e:9d:dd:db:2f:81:68:8b:30:6a:
                    ab:f3:39:1f:2f:71:f2:95:bb:6d:7c:56:d8:e4:42:
                    b9:6a:de:d2:1f:e4:cb:82:9e:35:2e:24:d8:35:ad:
                    a5:51:ab:5b:34:a0:46:f0:a7:f4:24:f8:7a:61:57:
                    3d:c6:e4:11:58:bf:0e:47:98:14:32:c5:af:87:46:
                    6e:11:1e:14:80:08:4c:0e:f8:d7:03:d0:08:ed:05:
                    af:dc:de:e9:50:f9:92:96:33:90:ab:9e:8e:fb:ca:
                    00:98:e7:6c:c5:e2:54:32:49:f4:11:28:8a:54:47:
                    67:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:0F:96:FB:71:1D:E7:C4:C1:AE:8F:94:E7:E1:5A:F2:8E:6E:D4:88
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/f80f9298-8029-4285-89d7-27308341b2e0/ed08e1e9-4b0b-3057-934a-b18e5d474afb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/f80f9298-8029-4285-89d7-27308341b2e0/f80f9298-8029-4285-89d7-27308341b2e0.crl

            X509v3 Authority Key Identifier:
                keyid:67:6F:DF:98:DD:C5:B2:D6:A7:9F:9F:CF:0E:49:5C:38:64:D1:44:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/f80f9298-8029-4285-89d7-27308341b2e0.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.32.128.0/18

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         11:d0:5a:43:fe:25:83:97:3e:66:7b:77:82:94:a4:16:de:ba:
         79:d0:32:88:b1:0d:23:1c:2a:03:b4:52:61:9d:49:30:cf:f4:
         e4:2e:3d:f4:4b:71:85:b1:c9:40:36:58:21:3e:b5:e8:dd:5e:
         0b:8e:df:01:52:d8:a4:4a:0f:34:5d:de:c8:1b:ab:60:a2:d2:
         fb:38:9c:9d:f7:9f:5f:80:c8:9c:f9:b4:30:4a:f7:57:2b:a7:
         04:d8:12:16:ef:cc:41:28:70:9e:8f:1e:b9:d9:ee:4b:d1:31:
         2f:90:a7:4e:43:6d:ae:a0:b3:3b:27:48:1b:68:d2:62:fd:a6:
         2c:4e:2b:41:8f:67:08:54:78:5a:a2:44:9c:8e:a5:a1:bf:74:
         22:50:cc:d6:81:d4:53:2a:54:15:6b:19:71:cb:96:66:33:d4:
         19:5a:66:21:e6:4b:dc:be:3c:60:83:c1:b0:2b:6b:86:79:b6:
         31:89:88:2a:5a:ba:47:02:a0:ab:e2:42:28:27:70:b3:18:33:
         bb:e6:aa:b9:a2:cb:20:d6:7e:38:76:18:bd:9e:e9:b7:cb:2a:
         c4:b5:a7:fd:1b:2c:51:81:26:34:e9:d1:b2:73:2a:38:f7:08:
         27:17:08:fe:8c:9c:88:8c:b9:13:a4:0c:93:d4:de:ad:a0:9e:
         1b:e5:16:03
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWEc2K0vwZomQTNQGxYAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkZjgwZjkyOTgtODAyOS00Mjg1LTg5ZDctMjczMDgzNDFi
MmUwMB4XDTI0MDkxNDEzMDA0MVoXDTI0MTIxMzE0MDA0MVowLzEtMCsGA1UEAxMk
MTczZWYzYTgtZWIyNS00MzM4LTlmNDEtYTZlNDYwNjk2Y2JkMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxIFEi4RpGJWX0xBQuZbUb6VBmvTmYnbXGeCc
dNexKwFGsLf/aty4vxv8a1XA3rAX+GRq5IMh9m18LIrf2dKr4/yTwSmH22K0CrKE
u8rjpPL37q2NbSciXQsDE6RHKM4edph2PtOh69sjZwCuwjEgUgaY8z2HKdTsjzuR
I5/lwE0ShnLh/8kQVcS04T6d3dsvgWiLMGqr8zkfL3HylbttfFbY5EK5at7SH+TL
gp41LiTYNa2lUatbNKBG8Kf0JPh6YVc9xuQRWL8OR5gUMsWvh0ZuER4UgAhMDvjX
A9AI7QWv3N7pUPmSljOQq56O+8oAmOdsxeJUMkn0ESiKVEdneQIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFEgPlvtxHefEwa6PlOfhWvKObtSIMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzc0NmUwMTExLWZhZmItNDMwZi1iNzc4LWQyMDRjZmNkOTlhOC9mODBm
OTI5OC04MDI5LTQyODUtODlkNy0yNzMwODM0MWIyZTAvZWQwOGUxZTktNGIwYi0z
MDU3LTkzNGEtYjE4ZTVkNDc0YWZiLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy83NDZlMDExMS1m
YWZiLTQzMGYtYjc3OC1kMjA0Y2ZjZDk5YTgvZjgwZjkyOTgtODAyOS00Mjg1LTg5
ZDctMjczMDgzNDFiMmUwL2Y4MGY5Mjk4LTgwMjktNDI4NS04OWQ3LTI3MzA4MzQx
YjJlMC5jcmwwHwYDVR0jBBgwFoAUZ2/fmN3Fstann5/PDklcOGTRROcwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzc0NmUwMTExLWZhZmItNDMw
Zi1iNzc4LWQyMDRjZmNkOTlhOC9mODBmOTI5OC04MDI5LTQyODUtODlkNy0yNzMw
ODM0MWIyZTAuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQGoCCAMFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBABHQWkP+JYOXPmZ7d4KUpBbeunnQMoixDSMcKgO0UmGdSTDP9OQuPfRL
cYWxyUA2WCE+tejdXguO3wFS2KRKDzRd3sgbq2Ci0vs4nJ33n1+AyJz5tDBK91cr
pwTYEhbvzEEocJ6PHrnZ7kvRMS+Qp05Dba6gszsnSBto0mL9pixOK0GPZwhUeFqi
RJyOpaG/dCJQzNaB1FMqVBVrGXHLlmYz1BlaZiHmS9y+PGCDwbAra4Z5tjGJiCpa
ukcCoKviQigncLMYM7vmqrmiyyDWfjh2GL2e6bfLKsS1p/0bLFGBJjTp0bJzKjj3
CCcXCP6MnIiMuROkDJPU3q2gnhvlFgM=
-----END CERTIFICATE-----