Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/a73420cb-b3cc-4b03-bda7-1be204933ae5/b0d6fd50-b543-4e97-a7f3-0d6a5908ca38/fc3ac5d9-3066-3415-b2b2-68d80b2e60ab.roa
File:                     fc3ac5d9-3066-3415-b2b2-68d80b2e60ab.roa (raw, json)
Hash identifier:          9r5qpZSjqZIM3WMTWXDe8AJ3flS+yCeMrsN+NEggjA4=
Subject key identifier:   52:FA:E2:C2:9D:80:40:12:C6:81:7A:D9:00:AE:AE:43:54:E3:D0:19
Certificate issuer:       /CN=b0d6fd50-b543-4e97-a7f3-0d6a5908ca38
Certificate serial:       010D0C9F432858477EC10470E229E9ACE7031300
Authority key identifier: B8:2D:73:8E:4B:5A:99:ED:25:54:55:58:EF:D1:33:51:15:68:F4:FF
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/a73420cb-b3cc-4b03-bda7-1be204933ae5/b0d6fd50-b543-4e97-a7f3-0d6a5908ca38.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/a73420cb-b3cc-4b03-bda7-1be204933ae5/b0d6fd50-b543-4e97-a7f3-0d6a5908ca38/fc3ac5d9-3066-3415-b2b2-68d80b2e60ab.roa
Signing time:             Thu 10 Oct 2024 13:00:41 +0000
ROA not before:           Thu 10 Oct 2024 13:00:41 +0000
ROA not after:            Wed 08 Jan 2025 14:00:41 +0000
asID:                     270158
IP address blocks:        64.130.32.0/21 maxlen: 24
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:47:7e:c1:04:70:e2:29:e9:ac:e7:03:13:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b0d6fd50-b543-4e97-a7f3-0d6a5908ca38
        Validity
            Not Before: Oct 10 13:00:41 2024 GMT
            Not After : Jan  8 14:00:41 2025 GMT
        Subject: CN=d353ada7-f1d7-4f07-9800-d4b88e42ee41
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:88:9a:5f:a9:de:c2:b5:f3:92:b8:2e:3e:85:
                    9d:b7:00:c9:4a:bc:6d:a5:3d:10:ad:06:6c:30:2f:
                    bc:41:b9:76:76:ca:ba:25:58:85:2f:cf:42:6d:45:
                    28:fc:d2:d1:90:66:1e:33:9b:91:41:32:93:0c:04:
                    08:5a:39:0b:d6:a8:e0:f8:e5:b4:4c:0f:66:54:4c:
                    c7:4b:8d:34:fe:84:73:09:23:51:07:23:8e:5c:61:
                    38:11:ab:fd:89:d1:eb:8a:72:19:6a:9e:dc:c5:d1:
                    55:e1:74:58:24:89:df:64:f6:aa:7d:a1:03:31:1e:
                    e4:33:56:73:db:4d:c7:50:1c:2f:97:15:14:b2:e5:
                    06:53:64:cc:d5:23:19:85:28:74:d3:39:55:fc:72:
                    17:e0:22:e3:92:d4:92:35:d5:02:71:b1:f6:87:c0:
                    65:83:a5:a5:1f:1b:27:df:0b:e3:08:5e:ef:ac:95:
                    39:5b:e3:4b:f1:fe:e4:46:cd:59:71:04:10:5b:ff:
                    d3:e3:34:c3:85:73:10:40:42:a2:1c:4c:b8:ad:26:
                    c9:66:a0:b8:df:e3:8d:2b:a8:f1:89:a2:92:63:5c:
                    71:42:a3:86:be:66:61:10:71:6f:c9:8c:b8:7f:d1:
                    42:45:5a:0a:9f:73:8c:df:57:ab:8e:b3:73:9c:9c:
                    a9:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:FA:E2:C2:9D:80:40:12:C6:81:7A:D9:00:AE:AE:43:54:E3:D0:19
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/a73420cb-b3cc-4b03-bda7-1be204933ae5/b0d6fd50-b543-4e97-a7f3-0d6a5908ca38/fc3ac5d9-3066-3415-b2b2-68d80b2e60ab.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/a73420cb-b3cc-4b03-bda7-1be204933ae5/b0d6fd50-b543-4e97-a7f3-0d6a5908ca38/b0d6fd50-b543-4e97-a7f3-0d6a5908ca38.crl

            X509v3 Authority Key Identifier:
                keyid:B8:2D:73:8E:4B:5A:99:ED:25:54:55:58:EF:D1:33:51:15:68:F4:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/a73420cb-b3cc-4b03-bda7-1be204933ae5/b0d6fd50-b543-4e97-a7f3-0d6a5908ca38.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.130.32.0/21

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         48:f6:58:f1:b0:12:31:16:bb:08:d5:75:e7:49:a9:5d:95:6c:
         65:e8:22:2b:23:ac:c4:26:6b:69:b7:f5:13:a3:f8:68:2a:15:
         8d:49:78:78:d1:a7:9d:04:57:f6:39:07:34:38:9f:10:3c:c2:
         7c:d0:49:d9:77:a3:58:4a:77:31:82:38:d6:89:a2:f0:e5:b3:
         7e:66:63:90:2c:85:49:49:3c:d8:05:3b:b9:37:b8:fc:f9:e5:
         50:17:ad:5c:33:07:26:10:7b:62:4f:d8:86:ee:74:85:44:99:
         84:17:24:bd:35:c8:c3:b0:a4:2c:f5:af:fc:bf:15:53:e3:57:
         9a:46:ec:fc:b5:32:d9:54:b2:c8:d9:c8:19:a4:d6:98:25:d8:
         22:4f:08:32:f9:94:3a:62:52:d5:cd:da:f1:7e:f2:b5:d5:92:
         01:66:5d:df:6e:dd:5c:76:b4:0f:48:5b:1a:63:fa:c6:1c:4c:
         69:d8:5f:ad:f0:0a:8b:6e:16:77:1a:ef:e1:0d:c2:dd:fc:2a:
         91:3a:b5:12:e3:df:45:f6:38:b2:c1:84:fa:3b:79:e6:62:0c:
         45:14:b5:b8:25:55:9a:9a:d8:20:c9:ef:39:e0:e8:a2:28:2b:
         d5:06:e6:77:d2:5c:95:79:24:76:4a:e5:42:3f:56:0f:2c:c8:
         b5:70:04:4f
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWEd+wQRw4inprOcDEwAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkYjBkNmZkNTAtYjU0My00ZTk3LWE3ZjMtMGQ2YTU5MDhj
YTM4MB4XDTI0MTAxMDEzMDA0MVoXDTI1MDEwODE0MDA0MVowLzEtMCsGA1UEAxMk
ZDM1M2FkYTctZjFkNy00ZjA3LTk4MDAtZDRiODhlNDJlZTQxMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvIiaX6newrXzkrguPoWdtwDJSrxtpT0QrQZs
MC+8Qbl2dsq6JViFL89CbUUo/NLRkGYeM5uRQTKTDAQIWjkL1qjg+OW0TA9mVEzH
S400/oRzCSNRByOOXGE4Eav9idHrinIZap7cxdFV4XRYJInfZPaqfaEDMR7kM1Zz
203HUBwvlxUUsuUGU2TM1SMZhSh00zlV/HIX4CLjktSSNdUCcbH2h8Blg6WlHxsn
3wvjCF7vrJU5W+NL8f7kRs1ZcQQQW//T4zTDhXMQQEKiHEy4rSbJZqC43+ONK6jx
iaKSY1xxQqOGvmZhEHFvyYy4f9FCRVoKn3OM31erjrNznJypxwIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFFL64sKdgEASxoF62QCurkNU49AZMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzL2E3MzQyMGNiLWIzY2MtNGIwMy1iZGE3LTFiZTIwNDkzM2FlNS9iMGQ2
ZmQ1MC1iNTQzLTRlOTctYTdmMy0wZDZhNTkwOGNhMzgvZmMzYWM1ZDktMzA2Ni0z
NDE1LWIyYjItNjhkODBiMmU2MGFiLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy9hNzM0MjBjYi1i
M2NjLTRiMDMtYmRhNy0xYmUyMDQ5MzNhZTUvYjBkNmZkNTAtYjU0My00ZTk3LWE3
ZjMtMGQ2YTU5MDhjYTM4L2IwZDZmZDUwLWI1NDMtNGU5Ny1hN2YzLTBkNmE1OTA4
Y2EzOC5jcmwwHwYDVR0jBBgwFoAUuC1zjktame0lVFVY79EzURVo9P8wDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzL2E3MzQyMGNiLWIzY2MtNGIw
My1iZGE3LTFiZTIwNDkzM2FlNS9iMGQ2ZmQ1MC1iNTQzLTRlOTctYTdmMy0wZDZh
NTkwOGNhMzguY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDQIIgMFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBAEj2WPGwEjEWuwjVdedJqV2VbGXoIisjrMQma2m39ROj+GgqFY1JeHjR
p50EV/Y5BzQ4nxA8wnzQSdl3o1hKdzGCONaJovDls35mY5AshUlJPNgFO7k3uPz5
5VAXrVwzByYQe2JP2IbudIVEmYQXJL01yMOwpCz1r/y/FVPjV5pG7Py1MtlUssjZ
yBmk1pgl2CJPCDL5lDpiUtXN2vF+8rXVkgFmXd9u3Vx2tA9IWxpj+sYcTGnYX63w
CotuFnca7+ENwt38KpE6tRLj30X2OLLBhPo7eeZiDEUUtbglVZqa2CDJ7zng6KIo
K9UG5nfSXJV5JHZK5UI/Vg8syLVwBE8=
-----END CERTIFICATE-----