Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/a73420cb-b3cc-4b03-bda7-1be204933ae5/aae465c0-2a10-495a-b7d2-2aa048b286a0/1c9db97b-9f75-38ef-95f9-c38c18052c01.roa
File:                     1c9db97b-9f75-38ef-95f9-c38c18052c01.roa (raw, json)
Hash identifier:          b2qDTY3hZ3i61qhHiHGmVq2MfQC9A5ljdkVNiq3KrNY=
Subject key identifier:   C3:5C:29:0C:71:35:77:EE:9C:12:6C:B9:C4:F0:77:17:4C:4C:0F:F5
Certificate issuer:       /CN=aae465c0-2a10-495a-b7d2-2aa048b286a0
Certificate serial:       010D0C9F432858481C9A93232E764F67F42A3180
Authority key identifier: AA:F1:A5:1A:EB:A8:A8:DC:25:2D:5B:78:B4:E1:9A:18:D9:8A:8F:24
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/a73420cb-b3cc-4b03-bda7-1be204933ae5/aae465c0-2a10-495a-b7d2-2aa048b286a0.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/a73420cb-b3cc-4b03-bda7-1be204933ae5/aae465c0-2a10-495a-b7d2-2aa048b286a0/1c9db97b-9f75-38ef-95f9-c38c18052c01.roa
Signing time:             Fri 06 Dec 2024 02:00:39 +0000
ROA not before:           Fri 06 Dec 2024 02:00:39 +0000
ROA not after:            Thu 06 Mar 2025 02:00:39 +0000
asID:                     19905
IP address blocks:        69.25.152.0/24 maxlen: 24
                          74.201.141.0/24 maxlen: 24
                          74.201.251.0/24 maxlen: 24
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:48:1c:9a:93:23:2e:76:4f:67:f4:2a:31:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aae465c0-2a10-495a-b7d2-2aa048b286a0
        Validity
            Not Before: Dec  6 02:00:39 2024 GMT
            Not After : Mar  6 02:00:39 2025 GMT
        Subject: CN=7983e8c0-294b-4459-865b-d452fb04ad31
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:60:d1:36:a2:ae:83:c8:9f:47:52:84:ed:e6:
                    6d:de:ad:05:c2:a8:4b:7c:c5:00:55:80:cb:21:dd:
                    f4:fc:1b:ed:1d:0a:2c:31:9b:1f:41:98:8d:95:f7:
                    bb:39:a9:75:25:0a:07:32:3d:65:ef:1f:8f:8f:cd:
                    24:4e:73:01:74:50:4d:ef:c9:ac:2c:28:f7:da:a6:
                    51:ae:e7:80:0f:77:1b:6f:ec:82:66:ab:cd:6b:bb:
                    bd:1a:99:7b:fb:5d:3e:2e:dc:5b:a5:2a:fa:4d:29:
                    35:ef:ce:ae:a2:12:b6:9d:14:06:97:96:b1:8e:96:
                    44:43:05:20:f9:c5:45:3b:ed:4a:51:27:e6:8f:06:
                    52:e9:92:e1:75:50:2f:5c:81:a8:06:08:76:a9:39:
                    35:55:32:8f:1c:cd:fe:ad:0a:55:53:05:97:96:bf:
                    ba:d8:a2:ac:e0:40:a9:e6:8b:d8:1b:6a:c4:5d:f8:
                    a7:2d:aa:20:ed:03:46:fe:d9:19:fd:aa:d2:5e:b4:
                    08:8e:36:2c:02:12:bb:e3:de:ac:6f:38:28:50:c9:
                    6d:55:b9:83:92:8a:29:44:29:c8:fa:b6:fa:6c:6f:
                    bf:f0:39:8b:c2:71:e1:5e:26:30:24:ea:29:7e:ec:
                    a1:5a:c4:d7:6f:0c:e7:b3:e0:f5:31:be:e5:30:7c:
                    33:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:5C:29:0C:71:35:77:EE:9C:12:6C:B9:C4:F0:77:17:4C:4C:0F:F5
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/a73420cb-b3cc-4b03-bda7-1be204933ae5/aae465c0-2a10-495a-b7d2-2aa048b286a0/1c9db97b-9f75-38ef-95f9-c38c18052c01.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/a73420cb-b3cc-4b03-bda7-1be204933ae5/aae465c0-2a10-495a-b7d2-2aa048b286a0/aae465c0-2a10-495a-b7d2-2aa048b286a0.crl

            X509v3 Authority Key Identifier:
                keyid:AA:F1:A5:1A:EB:A8:A8:DC:25:2D:5B:78:B4:E1:9A:18:D9:8A:8F:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/a73420cb-b3cc-4b03-bda7-1be204933ae5/aae465c0-2a10-495a-b7d2-2aa048b286a0.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  69.25.152.0/24
                  74.201.141.0/24
                  74.201.251.0/24

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         41:4f:5d:55:b5:1b:31:a9:5a:4f:ae:5f:4b:09:16:fa:be:61:
         26:73:d6:9b:8b:fc:93:5a:29:4a:74:ea:94:ac:99:09:65:13:
         ba:dd:cf:7d:88:7b:40:96:c7:f3:10:c2:d8:78:32:55:68:41:
         5b:62:2a:80:9c:be:a8:c3:53:96:39:c3:fd:97:97:1f:4e:4d:
         78:c3:04:14:52:97:a4:5d:f7:df:cc:8d:dc:5d:3e:47:9a:9f:
         e8:2a:7d:1f:6f:9d:bb:67:87:5e:67:ef:48:32:c3:76:01:9c:
         ee:8d:9f:43:8e:bc:84:34:d2:73:6c:6d:58:8b:57:f2:3f:18:
         fc:68:e0:89:a8:f2:b8:cb:12:e2:b3:e6:b8:ed:c0:ce:10:94:
         52:46:61:f9:b1:33:06:b4:01:f8:ab:32:1e:ad:a2:ab:36:f6:
         3a:d8:3b:5e:91:d8:54:79:1a:b2:61:f7:8f:9e:75:35:40:71:
         6b:54:08:67:b7:79:e3:9c:78:34:12:71:a0:d0:29:b9:4e:74:
         de:85:ef:f1:ab:5d:ff:73:c8:bc:a0:be:05:71:3c:39:8d:61:
         93:51:3d:96:30:51:34:52:d5:fc:78:00:91:8b:c6:88:e3:ef:
         83:5a:17:4a:10:08:e6:71:06:6b:d9:a0:a0:e9:ec:59:28:b5:
         84:6d:27:ce
-----BEGIN CERTIFICATE-----
MIIGTzCCBTegAwIBAgIUAQ0Mn0MoWEgcmpMjLnZPZ/QqMYAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkYWFlNDY1YzAtMmExMC00OTVhLWI3ZDItMmFhMDQ4YjI4
NmEwMB4XDTI0MTIwNjAyMDAzOVoXDTI1MDMwNjAyMDAzOVowLzEtMCsGA1UEAxMk
Nzk4M2U4YzAtMjk0Yi00NDU5LTg2NWItZDQ1MmZiMDRhZDMxMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5mDRNqKug8ifR1KE7eZt3q0FwqhLfMUAVYDL
Id30/BvtHQosMZsfQZiNlfe7Oal1JQoHMj1l7x+Pj80kTnMBdFBN78msLCj32qZR
rueAD3cbb+yCZqvNa7u9Gpl7+10+LtxbpSr6TSk1786uohK2nRQGl5axjpZEQwUg
+cVFO+1KUSfmjwZS6ZLhdVAvXIGoBgh2qTk1VTKPHM3+rQpVUwWXlr+62KKs4ECp
5ovYG2rEXfinLaog7QNG/tkZ/arSXrQIjjYsAhK7496sbzgoUMltVbmDkoopRCnI
+rb6bG+/8DmLwnHhXiYwJOopfuyhWsTXbwzns+D1Mb7lMHwzcQIDAQABo4IDYTCC
A10wHQYDVR0OBBYEFMNcKQxxNXfunBJsucTwdxdMTA/1MIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzL2E3MzQyMGNiLWIzY2MtNGIwMy1iZGE3LTFiZTIwNDkzM2FlNS9hYWU0
NjVjMC0yYTEwLTQ5NWEtYjdkMi0yYWEwNDhiMjg2YTAvMWM5ZGI5N2ItOWY3NS0z
OGVmLTk1ZjktYzM4YzE4MDUyYzAxLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy9hNzM0MjBjYi1i
M2NjLTRiMDMtYmRhNy0xYmUyMDQ5MzNhZTUvYWFlNDY1YzAtMmExMC00OTVhLWI3
ZDItMmFhMDQ4YjI4NmEwL2FhZTQ2NWMwLTJhMTAtNDk1YS1iN2QyLTJhYTA0OGIy
ODZhMC5jcmwwHwYDVR0jBBgwFoAUqvGlGuuoqNwlLVt4tOGaGNmKjyQwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzL2E3MzQyMGNiLWIzY2MtNGIw
My1iZGE3LTFiZTIwNDkzM2FlNS9hYWU0NjVjMC0yYTEwLTQ5NWEtYjdkMi0yYWEw
NDhiMjg2YTAuY2VyMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQARRmYAwQA
SsmNAwQASsn7MFQGA1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcC
ARYsaHR0cHM6Ly93d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWww
DQYJKoZIhvcNAQELBQADggEBAEFPXVW1GzGpWk+uX0sJFvq+YSZz1puL/JNaKUp0
6pSsmQllE7rdz32Ie0CWx/MQwth4MlVoQVtiKoCcvqjDU5Y5w/2Xlx9OTXjDBBRS
l6Rd99/MjdxdPkean+gqfR9vnbtnh15n70gyw3YBnO6Nn0OOvIQ00nNsbViLV/I/
GPxo4Imo8rjLEuKz5rjtwM4QlFJGYfmxMwa0AfirMh6toqs29jrYO16R2FR5GrJh
94+edTVAcWtUCGe3eeOceDQScaDQKblOdN6F7/GrXf9zyLygvgVxPDmNYZNRPZYw
UTRS1fx4AJGLxojj74NaF0oQCOZxBmvZoKDp7FkotYRtJ84=
-----END CERTIFICATE-----