Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/6876d5a8-5dd6-440a-97e2-5e20b9e00f5c/52c45f5f-8e55-3d63-abc8-dac0dc763548.roa
File:                     52c45f5f-8e55-3d63-abc8-dac0dc763548.roa (raw, json)
Hash identifier:          j+Pel4oKZGxW4o1sIBh/35McXzTZEIN/vMWJAN3LDvU=
Subject key identifier:   40:4B:F0:5C:32:6D:D1:3C:9C:DE:FA:C8:CC:E6:78:D8:EC:91:EF:F1
Certificate issuer:       /CN=6876d5a8-5dd6-440a-97e2-5e20b9e00f5c
Certificate serial:       010D0C9F432858484C103824ABCAA7A397E5B880
Authority key identifier: A1:27:6E:C4:CF:90:E9:A7:8A:38:DD:8C:B9:B8:D1:1C:F0:17:9A:B3
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/6876d5a8-5dd6-440a-97e2-5e20b9e00f5c.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/6876d5a8-5dd6-440a-97e2-5e20b9e00f5c/52c45f5f-8e55-3d63-abc8-dac0dc763548.roa
Signing time:             Mon 23 Dec 2024 02:00:40 +0000
ROA not before:           Mon 23 Dec 2024 02:00:40 +0000
ROA not after:            Sun 23 Mar 2025 01:00:40 +0000
asID:                     18779
IP address blocks:        167.160.165.0/24 maxlen: 24
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:48:4c:10:38:24:ab:ca:a7:a3:97:e5:b8:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6876d5a8-5dd6-440a-97e2-5e20b9e00f5c
        Validity
            Not Before: Dec 23 02:00:40 2024 GMT
            Not After : Mar 23 01:00:40 2025 GMT
        Subject: CN=0e6126ff-c23a-4f7b-b11a-de1f4d0a9768
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:3d:91:4d:69:e2:c4:dc:75:1a:21:58:1c:12:
                    86:17:2a:c7:ad:2e:f9:7e:ad:2e:34:80:9a:04:f5:
                    1e:a5:b5:4b:2e:41:d9:dc:e1:4f:20:fd:89:7b:a6:
                    fb:bd:55:91:ad:56:39:5f:ce:1c:c6:81:cf:09:3d:
                    9b:e6:81:91:6c:97:5c:84:8a:85:62:f7:52:06:8f:
                    89:7b:f8:2a:45:eb:3d:db:c5:3e:0e:ea:1d:a1:cf:
                    46:96:d8:10:b9:1c:45:ee:29:56:cb:b0:18:5b:e5:
                    ae:e9:27:66:0a:0d:87:6c:e9:38:db:75:65:c1:8d:
                    cd:9c:8a:bf:21:58:77:21:fb:29:da:bb:f3:5b:af:
                    51:6f:ed:1e:13:e5:cf:81:58:28:22:57:12:bd:73:
                    d4:91:4f:8f:11:95:44:2a:2b:44:53:c9:45:a0:e2:
                    39:c3:bc:05:17:f2:91:13:8e:bc:e4:69:ee:ce:45:
                    1e:80:5d:c4:cf:3b:f7:4d:17:51:27:39:2e:4f:3a:
                    70:b1:09:0f:85:84:c4:f7:ca:78:e0:23:f2:97:40:
                    14:67:20:9b:3f:4e:e8:ce:f3:ff:7e:83:c3:df:c7:
                    d2:88:a5:e9:3a:01:a2:d7:63:6b:08:b5:26:b7:c1:
                    2b:73:77:e7:a2:5b:cd:c9:f3:38:74:24:6f:77:4d:
                    4d:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:4B:F0:5C:32:6D:D1:3C:9C:DE:FA:C8:CC:E6:78:D8:EC:91:EF:F1
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/6876d5a8-5dd6-440a-97e2-5e20b9e00f5c/52c45f5f-8e55-3d63-abc8-dac0dc763548.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/6876d5a8-5dd6-440a-97e2-5e20b9e00f5c/6876d5a8-5dd6-440a-97e2-5e20b9e00f5c.crl

            X509v3 Authority Key Identifier:
                keyid:A1:27:6E:C4:CF:90:E9:A7:8A:38:DD:8C:B9:B8:D1:1C:F0:17:9A:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/6876d5a8-5dd6-440a-97e2-5e20b9e00f5c.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  167.160.165.0/24

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         0b:bd:6b:94:ac:8a:5b:cf:d5:3d:3e:b0:be:16:b3:00:71:55:
         5e:f1:7a:23:40:28:a1:5e:96:43:11:fa:24:41:7c:74:2e:18:
         94:f5:7d:99:2f:12:1a:4c:47:d2:3b:8e:2d:e2:f0:2f:65:fd:
         5d:c0:07:17:5d:b1:d3:6a:69:68:48:75:f1:4d:5c:10:41:ce:
         6c:70:dc:1d:d5:4c:50:f9:ed:16:c4:b6:0b:c2:bc:22:06:67:
         39:be:f7:be:6c:c6:4a:05:95:bc:10:81:8b:e3:ac:92:b5:cc:
         0a:1e:bf:d4:54:22:a4:43:c6:e5:15:62:0c:9f:ec:ed:69:f7:
         dd:79:17:bd:48:4a:0e:00:50:f2:25:1e:3d:a8:1c:88:77:ce:
         5a:71:1f:12:11:f4:21:28:9a:9b:a0:13:4d:46:44:7e:c8:b4:
         71:b2:e2:78:2a:3c:3d:0e:93:9e:5c:28:2f:a5:82:30:ec:16:
         d3:73:32:db:0d:ee:1e:ff:50:e1:e3:0c:e0:e9:b2:7e:ec:48:
         40:b8:84:a4:86:9e:39:2b:e3:8e:3b:a3:bf:09:91:a6:6a:48:
         5e:05:e3:aa:af:60:29:c9:d3:de:a4:26:7b:df:72:46:27:70:
         62:b6:b9:14:9b:28:a4:5f:42:18:3b:1a:1d:9a:84:f1:7d:32:
         1f:63:28:24
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWEhMEDgkq8qno5fluIAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkNjg3NmQ1YTgtNWRkNi00NDBhLTk3ZTItNWUyMGI5ZTAw
ZjVjMB4XDTI0MTIyMzAyMDA0MFoXDTI1MDMyMzAxMDA0MFowLzEtMCsGA1UEAxMk
MGU2MTI2ZmYtYzIzYS00ZjdiLWIxMWEtZGUxZjRkMGE5NzY4MIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlz2RTWnixNx1GiFYHBKGFyrHrS75fq0uNICa
BPUepbVLLkHZ3OFPIP2Je6b7vVWRrVY5X84cxoHPCT2b5oGRbJdchIqFYvdSBo+J
e/gqRes928U+Duodoc9GltgQuRxF7ilWy7AYW+Wu6SdmCg2HbOk423VlwY3NnIq/
IVh3Ifsp2rvzW69Rb+0eE+XPgVgoIlcSvXPUkU+PEZVEKitEU8lFoOI5w7wFF/KR
E4685GnuzkUegF3Ezzv3TRdRJzkuTzpwsQkPhYTE98p44CPyl0AUZyCbP07ozvP/
foPD38fSiKXpOgGi12NrCLUmt8Erc3fnolvNyfM4dCRvd01N7QIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFEBL8FwybdE8nN76yMzmeNjske/xMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzc2ZmUxMWQ0LWQzNTItNDk5NC04ZjZjLWQ2YzkxYjBiODQxNS82ODc2
ZDVhOC01ZGQ2LTQ0MGEtOTdlMi01ZTIwYjllMDBmNWMvNTJjNDVmNWYtOGU1NS0z
ZDYzLWFiYzgtZGFjMGRjNzYzNTQ4LnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy83NmZlMTFkNC1k
MzUyLTQ5OTQtOGY2Yy1kNmM5MWIwYjg0MTUvNjg3NmQ1YTgtNWRkNi00NDBhLTk3
ZTItNWUyMGI5ZTAwZjVjLzY4NzZkNWE4LTVkZDYtNDQwYS05N2UyLTVlMjBiOWUw
MGY1Yy5jcmwwHwYDVR0jBBgwFoAUoSduxM+Q6aeKON2MubjRHPAXmrMwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzc2ZmUxMWQ0LWQzNTItNDk5
NC04ZjZjLWQ2YzkxYjBiODQxNS82ODc2ZDVhOC01ZGQ2LTQ0MGEtOTdlMi01ZTIw
YjllMDBmNWMuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAp6ClMFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBAAu9a5SsilvP1T0+sL4WswBxVV7xeiNAKKFelkMR+iRBfHQuGJT1fZkv
EhpMR9I7ji3i8C9l/V3ABxddsdNqaWhIdfFNXBBBzmxw3B3VTFD57RbEtgvCvCIG
Zzm+975sxkoFlbwQgYvjrJK1zAoev9RUIqRDxuUVYgyf7O1p9915F71ISg4AUPIl
Hj2oHIh3zlpxHxIR9CEompugE01GRH7ItHGy4ngqPD0Ok55cKC+lgjDsFtNzMtsN
7h7/UOHjDODpsn7sSEC4hKSGnjkr4447o78JkaZqSF4F46qvYCnJ096kJnvfckYn
cGK2uRSbKKRfQhg7Gh2ahPF9Mh9jKCQ=
-----END CERTIFICATE-----