Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/a73420cb-b3cc-4b03-bda7-1be204933ae5/aae465c0-2a10-495a-b7d2-2aa048b286a0/87496b62-6264-39bb-b910-5126571772a7.roa
File:                     87496b62-6264-39bb-b910-5126571772a7.roa (raw, json)
Hash identifier:          VgrweqEzL3XHl74tGuURATpZFS/2KHSajBZCvXuOXmU=
Subject key identifier:   4B:16:28:B7:4A:07:C2:B8:7E:FF:D6:F9:E4:68:0B:30:9E:D1:39:D0
Certificate issuer:       /CN=aae465c0-2a10-495a-b7d2-2aa048b286a0
Certificate serial:       010D0C9F432858481C9A9311CFF4830693D2C8F0
Authority key identifier: AA:F1:A5:1A:EB:A8:A8:DC:25:2D:5B:78:B4:E1:9A:18:D9:8A:8F:24
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/a73420cb-b3cc-4b03-bda7-1be204933ae5/aae465c0-2a10-495a-b7d2-2aa048b286a0.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/a73420cb-b3cc-4b03-bda7-1be204933ae5/aae465c0-2a10-495a-b7d2-2aa048b286a0/87496b62-6264-39bb-b910-5126571772a7.roa
Signing time:             Fri 06 Dec 2024 02:00:39 +0000
ROA not before:           Fri 06 Dec 2024 02:00:39 +0000
ROA not after:            Thu 06 Mar 2025 02:00:39 +0000
asID:                     21734
IP address blocks:        69.25.152.0/24 maxlen: 24
                          74.201.141.0/24 maxlen: 24
                          74.201.251.0/24 maxlen: 25
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:48:1c:9a:93:11:cf:f4:83:06:93:d2:c8:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aae465c0-2a10-495a-b7d2-2aa048b286a0
        Validity
            Not Before: Dec  6 02:00:39 2024 GMT
            Not After : Mar  6 02:00:39 2025 GMT
        Subject: CN=1aa96460-6cc4-4da1-8699-db5f8f53ae2f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:52:7e:b7:57:ab:df:00:fd:32:a2:8e:d5:f7:
                    28:fb:02:6e:3e:d3:46:f4:15:95:1a:4c:fc:a9:5a:
                    55:c5:80:89:64:98:3b:41:40:c4:17:96:12:00:1c:
                    d7:be:75:37:d4:35:7f:25:1b:db:21:23:f0:10:46:
                    3f:df:8b:51:b2:7d:45:7d:ca:c5:d6:dd:93:9b:1d:
                    9e:d6:dd:95:b9:0f:87:a7:7f:69:d6:c9:d1:f8:59:
                    d8:7f:ca:dc:6c:9d:50:64:4f:5a:ed:7c:11:ed:1e:
                    d8:b8:02:52:2e:8e:da:e4:69:d2:a5:90:1b:bb:31:
                    b1:0f:f1:64:a3:6d:6d:3d:a9:b0:f0:f1:b5:e0:da:
                    9b:f3:68:e1:66:99:3b:79:38:de:6f:cc:c7:cd:db:
                    11:2a:70:a5:a5:c7:c5:d1:fe:1b:0e:70:ce:d2:bf:
                    a7:c5:58:c0:26:4b:2f:62:8c:c6:ae:68:8a:ba:42:
                    6d:4d:bb:2c:38:0f:b0:42:2b:ad:79:00:9c:6a:15:
                    6c:5d:0b:50:9f:ca:f7:b5:02:f7:4b:fb:ff:e8:87:
                    34:1c:05:85:51:fc:5b:e6:a3:71:1a:79:27:1c:ce:
                    94:db:ca:66:e4:11:d6:e6:90:12:8c:04:54:c5:c4:
                    ce:99:04:ec:5b:3c:c5:1a:4b:ca:03:7a:dd:27:5a:
                    1a:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:16:28:B7:4A:07:C2:B8:7E:FF:D6:F9:E4:68:0B:30:9E:D1:39:D0
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/a73420cb-b3cc-4b03-bda7-1be204933ae5/aae465c0-2a10-495a-b7d2-2aa048b286a0/87496b62-6264-39bb-b910-5126571772a7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/a73420cb-b3cc-4b03-bda7-1be204933ae5/aae465c0-2a10-495a-b7d2-2aa048b286a0/aae465c0-2a10-495a-b7d2-2aa048b286a0.crl

            X509v3 Authority Key Identifier:
                keyid:AA:F1:A5:1A:EB:A8:A8:DC:25:2D:5B:78:B4:E1:9A:18:D9:8A:8F:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/a73420cb-b3cc-4b03-bda7-1be204933ae5/aae465c0-2a10-495a-b7d2-2aa048b286a0.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  69.25.152.0/24
                  74.201.141.0/24
                  74.201.251.0/24

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         29:40:f8:63:d5:b1:05:3f:6d:85:f0:6e:8b:47:f6:18:9d:b6:
         d4:03:f5:61:46:d1:42:89:db:80:ec:43:ae:fc:4d:b8:23:1e:
         4d:0c:54:6f:1f:20:20:a4:63:c4:26:d4:8c:ae:54:9b:a3:35:
         41:93:29:a5:2c:8d:2b:f7:7c:d9:76:6a:f9:f8:1c:82:39:c8:
         fa:5e:f9:ae:88:31:de:23:d5:89:24:d1:c3:03:c6:c7:53:1d:
         e2:2e:af:5e:ba:1c:d7:75:ff:00:6e:31:22:a5:7b:4d:39:c0:
         79:49:40:33:25:d2:44:fc:fc:24:eb:9a:43:6d:c4:9c:5e:33:
         cd:a1:e2:da:5f:13:76:b9:36:46:e5:3e:32:c2:17:da:61:6a:
         9d:00:c2:70:0b:31:80:3f:07:bd:e8:8d:4c:b5:a6:76:74:2e:
         8a:f5:29:2c:91:e2:60:77:75:57:70:70:1c:1e:b3:15:ae:4a:
         93:6a:ac:a7:13:5e:58:2b:04:be:18:ad:ba:cb:88:62:c4:c1:
         34:90:9a:1f:ba:63:2a:47:00:85:56:fc:24:ac:e0:ef:54:d3:
         84:76:34:bc:4f:b6:b9:49:bb:2a:4b:f1:98:43:f9:63:fb:d5:
         2e:ba:7e:57:ff:e3:c2:fa:bf:9e:19:c3:1d:a1:6c:2e:00:5b:
         35:10:24:e5
-----BEGIN CERTIFICATE-----
MIIGTzCCBTegAwIBAgIUAQ0Mn0MoWEgcmpMRz/SDBpPSyPAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkYWFlNDY1YzAtMmExMC00OTVhLWI3ZDItMmFhMDQ4YjI4
NmEwMB4XDTI0MTIwNjAyMDAzOVoXDTI1MDMwNjAyMDAzOVowLzEtMCsGA1UEAxMk
MWFhOTY0NjAtNmNjNC00ZGExLTg2OTktZGI1ZjhmNTNhZTJmMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkVJ+t1er3wD9MqKO1fco+wJuPtNG9BWVGkz8
qVpVxYCJZJg7QUDEF5YSABzXvnU31DV/JRvbISPwEEY/34tRsn1FfcrF1t2Tmx2e
1t2VuQ+Hp39p1snR+FnYf8rcbJ1QZE9a7XwR7R7YuAJSLo7a5GnSpZAbuzGxD/Fk
o21tPamw8PG14Nqb82jhZpk7eTjeb8zHzdsRKnClpcfF0f4bDnDO0r+nxVjAJksv
YozGrmiKukJtTbssOA+wQiuteQCcahVsXQtQn8r3tQL3S/v/6Ic0HAWFUfxb5qNx
GnknHM6U28pm5BHW5pASjARUxcTOmQTsWzzFGkvKA3rdJ1oaHQIDAQABo4IDYTCC
A10wHQYDVR0OBBYEFEsWKLdKB8K4fv/W+eRoCzCe0TnQMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzL2E3MzQyMGNiLWIzY2MtNGIwMy1iZGE3LTFiZTIwNDkzM2FlNS9hYWU0
NjVjMC0yYTEwLTQ5NWEtYjdkMi0yYWEwNDhiMjg2YTAvODc0OTZiNjItNjI2NC0z
OWJiLWI5MTAtNTEyNjU3MTc3MmE3LnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy9hNzM0MjBjYi1i
M2NjLTRiMDMtYmRhNy0xYmUyMDQ5MzNhZTUvYWFlNDY1YzAtMmExMC00OTVhLWI3
ZDItMmFhMDQ4YjI4NmEwL2FhZTQ2NWMwLTJhMTAtNDk1YS1iN2QyLTJhYTA0OGIy
ODZhMC5jcmwwHwYDVR0jBBgwFoAUqvGlGuuoqNwlLVt4tOGaGNmKjyQwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzL2E3MzQyMGNiLWIzY2MtNGIw
My1iZGE3LTFiZTIwNDkzM2FlNS9hYWU0NjVjMC0yYTEwLTQ5NWEtYjdkMi0yYWEw
NDhiMjg2YTAuY2VyMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQARRmYAwQA
SsmNAwQASsn7MFQGA1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcC
ARYsaHR0cHM6Ly93d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWww
DQYJKoZIhvcNAQELBQADggEBAClA+GPVsQU/bYXwbotH9hidttQD9WFG0UKJ24Ds
Q678TbgjHk0MVG8fICCkY8Qm1IyuVJujNUGTKaUsjSv3fNl2avn4HII5yPpe+a6I
Md4j1Ykk0cMDxsdTHeIur166HNd1/wBuMSKle005wHlJQDMl0kT8/CTrmkNtxJxe
M82h4tpfE3a5NkblPjLCF9phap0AwnALMYA/B73ojUy1pnZ0Lor1KSyR4mB3dVdw
cBwesxWuSpNqrKcTXlgrBL4YrbrLiGLEwTSQmh+6YypHAIVW/CSs4O9U04R2NLxP
trlJuypL8ZhD+WP71S66flf/48L6v54Zwx2hbC4AWzUQJOU=
-----END CERTIFICATE-----