Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/a73420cb-b3cc-4b03-bda7-1be204933ae5/8583e379-1578-4044-8426-ddcb4a4a8192/158b4213-fd10-3fe4-85f4-cd4d8fdd41f9.roa
File:                     158b4213-fd10-3fe4-85f4-cd4d8fdd41f9.roa (raw, json)
Hash identifier:          yfhQ00Y2VgYZrn7lxZiT2fMurL/Iqn2HwsUazcjhkFE=
Subject key identifier:   CF:A2:9D:18:FD:40:39:A9:45:BC:93:A4:C9:0A:FC:EF:CE:32:EE:74
Certificate issuer:       /CN=8583e379-1578-4044-8426-ddcb4a4a8192
Certificate serial:       010D0C9F43285847AA068E57EDA465D1D34ACD00
Authority key identifier: 89:C7:5F:3F:CE:A7:5D:0D:C3:10:F9:23:2C:65:92:27:0C:63:1D:62
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/a73420cb-b3cc-4b03-bda7-1be204933ae5/8583e379-1578-4044-8426-ddcb4a4a8192.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/a73420cb-b3cc-4b03-bda7-1be204933ae5/8583e379-1578-4044-8426-ddcb4a4a8192/158b4213-fd10-3fe4-85f4-cd4d8fdd41f9.roa
Signing time:             Sat 26 Oct 2024 01:00:31 +0000
ROA not before:           Sat 26 Oct 2024 01:00:31 +0000
ROA not after:            Fri 24 Jan 2025 02:00:31 +0000
asID:                     397423
IP address blocks:        192.154.250.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:47:aa:06:8e:57:ed:a4:65:d1:d3:4a:cd:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8583e379-1578-4044-8426-ddcb4a4a8192
        Validity
            Not Before: Oct 26 01:00:31 2024 GMT
            Not After : Jan 24 02:00:31 2025 GMT
        Subject: CN=5345b8a5-ef42-4141-bd7d-f29ca24df593
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:95:ae:e1:ae:21:15:4b:ff:e2:ee:87:5d:7a:
                    5f:38:70:fb:5b:4a:7b:3b:d7:5a:0b:bc:9e:a8:69:
                    4d:4b:54:55:82:0a:8d:2e:d4:4f:47:26:a0:35:0f:
                    c8:36:f7:96:88:64:5b:50:c0:a1:b2:b1:af:8c:cf:
                    6f:d9:18:d1:97:d0:43:93:94:ba:7b:20:de:20:bb:
                    3b:fb:5c:ec:37:2a:2a:3f:0b:7c:77:75:14:3a:56:
                    5c:e8:be:ac:3d:db:2b:fb:45:9f:73:47:17:67:a0:
                    0c:5f:a8:08:26:db:fc:64:ca:16:ca:e3:ff:14:f8:
                    87:7c:7f:0c:14:c5:c9:d6:09:1f:da:9d:f0:6e:c9:
                    27:05:45:03:e7:ab:27:d3:14:e6:51:d5:63:d9:2c:
                    e5:14:b5:50:37:28:81:4b:b6:cc:e8:0d:5f:ae:cd:
                    fa:36:69:44:99:6e:ba:82:95:7b:2f:54:c8:8e:a5:
                    f4:63:d0:15:6e:a1:40:37:1c:15:1c:80:d2:40:fc:
                    b3:cd:16:55:d1:39:8c:6b:f6:23:91:c6:fd:df:3a:
                    c0:3a:ce:49:49:b0:ae:7a:37:ba:fb:ad:ae:f2:03:
                    1d:5d:72:02:f9:cc:6a:b0:e6:17:4f:00:b5:88:26:
                    9c:31:4a:25:89:39:fb:ad:87:d8:e7:fd:5c:1f:b4:
                    b4:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:A2:9D:18:FD:40:39:A9:45:BC:93:A4:C9:0A:FC:EF:CE:32:EE:74
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/a73420cb-b3cc-4b03-bda7-1be204933ae5/8583e379-1578-4044-8426-ddcb4a4a8192/158b4213-fd10-3fe4-85f4-cd4d8fdd41f9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/a73420cb-b3cc-4b03-bda7-1be204933ae5/8583e379-1578-4044-8426-ddcb4a4a8192/8583e379-1578-4044-8426-ddcb4a4a8192.crl

            X509v3 Authority Key Identifier:
                keyid:89:C7:5F:3F:CE:A7:5D:0D:C3:10:F9:23:2C:65:92:27:0C:63:1D:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/a73420cb-b3cc-4b03-bda7-1be204933ae5/8583e379-1578-4044-8426-ddcb4a4a8192.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.154.250.0/24

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         18:23:2d:1b:2a:7f:dc:b7:25:74:92:38:8f:b9:b4:5f:60:d6:
         91:19:13:56:87:b3:f9:7f:1e:b7:72:32:03:e6:f8:24:9a:0e:
         61:8e:da:31:4b:db:90:ee:23:14:17:2c:b5:0f:38:f3:92:84:
         4c:3b:7b:75:6f:0b:10:14:59:c8:9a:93:54:ff:9f:9f:eb:9b:
         c1:59:8f:09:60:f6:fe:c6:f8:4c:4f:68:94:b1:1f:4c:55:e5:
         ef:47:8d:1f:34:c4:13:35:01:d2:4f:a1:ec:83:f6:6c:f0:0b:
         80:6a:43:a9:e0:1a:aa:b2:94:ee:13:72:3c:7e:73:90:90:e2:
         e9:e9:2a:fa:b9:ac:f7:df:6e:13:77:97:d2:cb:dd:c2:e9:76:
         01:e5:f7:89:a5:61:8a:a0:b7:32:2e:54:52:ae:21:56:e8:b1:
         c5:8d:41:4c:06:14:a7:eb:7c:50:72:d7:f7:16:86:42:a4:6b:
         de:0d:7c:c4:d8:5e:10:e4:8f:3b:77:c7:14:4b:9c:ae:7a:14:
         22:ad:7e:8c:2f:56:ec:dc:6d:2e:b1:8b:b4:f5:8a:87:6d:75:
         0f:b5:50:f9:a9:0f:26:3d:32:31:db:df:de:b5:09:3a:85:27:
         27:db:d6:f4:5c:e8:b2:e7:26:9d:4f:a5:7a:0a:3c:df:4f:c8:
         db:a6:ea:87
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWEeqBo5X7aRl0dNKzQAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkODU4M2UzNzktMTU3OC00MDQ0LTg0MjYtZGRjYjRhNGE4
MTkyMB4XDTI0MTAyNjAxMDAzMVoXDTI1MDEyNDAyMDAzMVowLzEtMCsGA1UEAxMk
NTM0NWI4YTUtZWY0Mi00MTQxLWJkN2QtZjI5Y2EyNGRmNTkzMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr5Wu4a4hFUv/4u6HXXpfOHD7W0p7O9daC7ye
qGlNS1RVggqNLtRPRyagNQ/INveWiGRbUMChsrGvjM9v2RjRl9BDk5S6eyDeILs7
+1zsNyoqPwt8d3UUOlZc6L6sPdsr+0Wfc0cXZ6AMX6gIJtv8ZMoWyuP/FPiHfH8M
FMXJ1gkf2p3wbsknBUUD56sn0xTmUdVj2SzlFLVQNyiBS7bM6A1frs36NmlEmW66
gpV7L1TIjqX0Y9AVbqFANxwVHIDSQPyzzRZV0TmMa/Yjkcb93zrAOs5JSbCueje6
+62u8gMdXXIC+cxqsOYXTwC1iCacMUoliTn7rYfY5/1cH7S0KwIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFM+inRj9QDmpRbyTpMkK/O/OMu50MIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzL2E3MzQyMGNiLWIzY2MtNGIwMy1iZGE3LTFiZTIwNDkzM2FlNS84NTgz
ZTM3OS0xNTc4LTQwNDQtODQyNi1kZGNiNGE0YTgxOTIvMTU4YjQyMTMtZmQxMC0z
ZmU0LTg1ZjQtY2Q0ZDhmZGQ0MWY5LnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy9hNzM0MjBjYi1i
M2NjLTRiMDMtYmRhNy0xYmUyMDQ5MzNhZTUvODU4M2UzNzktMTU3OC00MDQ0LTg0
MjYtZGRjYjRhNGE4MTkyLzg1ODNlMzc5LTE1NzgtNDA0NC04NDI2LWRkY2I0YTRh
ODE5Mi5jcmwwHwYDVR0jBBgwFoAUicdfP86nXQ3DEPkjLGWSJwxjHWIwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzL2E3MzQyMGNiLWIzY2MtNGIw
My1iZGE3LTFiZTIwNDkzM2FlNS84NTgzZTM3OS0xNTc4LTQwNDQtODQyNi1kZGNi
NGE0YTgxOTIuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwJr6MFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBABgjLRsqf9y3JXSSOI+5tF9g1pEZE1aHs/l/HrdyMgPm+CSaDmGO2jFL
25DuIxQXLLUPOPOShEw7e3VvCxAUWciak1T/n5/rm8FZjwlg9v7G+ExPaJSxH0xV
5e9HjR80xBM1AdJPoeyD9mzwC4BqQ6ngGqqylO4Tcjx+c5CQ4unpKvq5rPffbhN3
l9LL3cLpdgHl94mlYYqgtzIuVFKuIVboscWNQUwGFKfrfFBy1/cWhkKka94NfMTY
XhDkjzt3xxRLnK56FCKtfowvVuzcbS6xi7T1iodtdQ+1UPmpDyY9MjHb3961CTqF
Jyfb1vRc6LLnJp1PpXoKPN9PyNum6oc=
-----END CERTIFICATE-----