Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/3923a777-f0da-4edf-8bcc-42b47f48310a/2bbe49f4-de1f-32e5-90bd-1919572b371d.roa
File:                     2bbe49f4-de1f-32e5-90bd-1919572b371d.roa (raw, json)
Hash identifier:          9LQO9BUoa0++GttVYxcBLxT+bz9nqINs0xpOr9FtrcY=
Subject key identifier:   70:80:F0:93:F6:B4:AB:4F:F0:38:80:3A:B9:A0:C2:1B:DD:F1:42:6B
Certificate issuer:       /CN=3923a777-f0da-4edf-8bcc-42b47f48310a
Certificate serial:       010D0C9F43285848E59BC21360850365A4137680
Authority key identifier: E2:A9:A2:19:1C:00:90:1A:1D:7D:CE:F7:F2:40:2D:3E:67:89:20:D9
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/3923a777-f0da-4edf-8bcc-42b47f48310a.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/3923a777-f0da-4edf-8bcc-42b47f48310a/2bbe49f4-de1f-32e5-90bd-1919572b371d.roa
Signing time:             Sun 16 Feb 2025 02:00:40 +0000
ROA not before:           Sun 16 Feb 2025 02:00:40 +0000
ROA not after:            Sat 17 May 2025 01:00:40 +0000
asID:                     16509
IP address blocks:        64.238.0.0/20 maxlen: 24
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:48:e5:9b:c2:13:60:85:03:65:a4:13:76:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3923a777-f0da-4edf-8bcc-42b47f48310a
        Validity
            Not Before: Feb 16 02:00:40 2025 GMT
            Not After : May 17 01:00:40 2025 GMT
        Subject: CN=3b18e567-4149-4ef2-b77a-ae25cb0bc4b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:fd:eb:63:0c:22:7a:6b:19:e9:db:04:58:ab:
                    86:bc:2e:fa:ac:8e:61:44:a2:0b:96:b2:e2:76:5a:
                    a6:03:68:a2:7b:b5:dc:e6:d7:c4:1a:ff:2b:05:9d:
                    90:26:c9:b9:f7:3b:af:f1:24:0a:91:fd:c8:51:a7:
                    86:9f:64:f0:7b:bb:30:cb:95:6b:b8:1a:c5:bb:70:
                    52:32:2c:7f:88:9e:d0:3a:87:2a:67:8d:6b:0b:b9:
                    ba:62:74:d0:14:1d:08:1e:56:86:78:69:4e:15:f4:
                    fb:99:00:87:85:e0:c9:c9:7f:7f:be:87:64:57:fe:
                    2f:54:90:c9:d5:01:e1:9f:5b:bb:d7:e2:dc:01:10:
                    c6:13:67:a0:b9:5e:41:b4:62:e8:a4:5a:05:02:86:
                    35:48:86:83:4a:28:24:90:8e:89:6b:62:7b:42:f1:
                    9d:8e:a9:fb:7e:5b:dc:e6:fc:79:79:40:05:2d:f9:
                    bf:6e:84:60:eb:a2:4d:9b:01:2a:ff:12:96:c4:d9:
                    f7:9b:8c:0d:e6:d5:9a:dc:da:68:1e:a7:92:67:f6:
                    04:f0:f0:8e:f8:b6:fe:d6:66:fb:1a:39:a3:70:f0:
                    80:ed:17:20:30:d4:65:55:3b:b5:f7:52:f5:92:51:
                    61:1a:4b:57:4b:f2:63:d8:48:2f:ea:45:20:74:1f:
                    1f:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:80:F0:93:F6:B4:AB:4F:F0:38:80:3A:B9:A0:C2:1B:DD:F1:42:6B
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/3923a777-f0da-4edf-8bcc-42b47f48310a/2bbe49f4-de1f-32e5-90bd-1919572b371d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/3923a777-f0da-4edf-8bcc-42b47f48310a/3923a777-f0da-4edf-8bcc-42b47f48310a.crl

            X509v3 Authority Key Identifier:
                keyid:E2:A9:A2:19:1C:00:90:1A:1D:7D:CE:F7:F2:40:2D:3E:67:89:20:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/3923a777-f0da-4edf-8bcc-42b47f48310a.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.238.0.0/20

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         a6:38:e4:43:c7:34:5b:e6:b1:9c:c3:21:c1:13:b3:1a:f1:77:
         e3:40:53:26:34:78:3d:43:2f:d3:b4:ed:6f:32:b5:c3:ff:b0:
         7e:88:fe:83:be:b7:4e:d7:53:5a:12:4d:c8:7f:0a:b2:fb:33:
         f1:14:99:81:f4:b8:46:93:e4:32:d7:6a:75:aa:fb:ad:3e:58:
         75:f4:a3:1b:ec:ba:0d:e9:1f:5d:93:8a:58:73:8c:39:76:49:
         0a:b3:24:73:6d:8f:e4:39:45:7c:76:1f:9b:19:a2:74:16:38:
         12:56:3d:95:d4:29:20:fb:b3:7f:81:a4:bb:b4:31:8a:8e:26:
         f6:9f:3b:a0:48:4c:4c:45:58:dd:81:11:4b:7d:1a:21:39:6b:
         a0:c0:d6:3d:e2:44:a2:62:23:5a:3a:ec:c2:45:fe:32:69:94:
         d2:51:28:c5:a0:12:b9:5f:71:18:15:6d:dd:54:b8:3f:de:bc:
         38:a7:51:5f:e5:6c:97:e1:b4:3d:10:da:08:6d:15:ee:b1:17:
         3a:d5:03:72:1c:59:f7:9a:c5:9c:d4:df:57:7f:65:95:4e:85:
         95:3b:b0:7d:bd:35:7f:67:a6:4d:c3:90:95:c7:b3:64:9f:14:
         71:48:09:e5:79:60:65:22:05:89:88:27:8b:4d:bc:35:2b:6c:
         7a:e1:7f:b9
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWEjlm8ITYIUDZaQTdoAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkMzkyM2E3NzctZjBkYS00ZWRmLThiY2MtNDJiNDdmNDgz
MTBhMB4XDTI1MDIxNjAyMDA0MFoXDTI1MDUxNzAxMDA0MFowLzEtMCsGA1UEAxMk
M2IxOGU1NjctNDE0OS00ZWYyLWI3N2EtYWUyNWNiMGJjNGI0MIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlP3rYwwiemsZ6dsEWKuGvC76rI5hRKILlrLi
dlqmA2iie7Xc5tfEGv8rBZ2QJsm59zuv8SQKkf3IUaeGn2Twe7swy5VruBrFu3BS
Mix/iJ7QOocqZ41rC7m6YnTQFB0IHlaGeGlOFfT7mQCHheDJyX9/vodkV/4vVJDJ
1QHhn1u71+LcARDGE2eguV5BtGLopFoFAoY1SIaDSigkkI6Ja2J7QvGdjqn7flvc
5vx5eUAFLfm/boRg66JNmwEq/xKWxNn3m4wN5tWa3NpoHqeSZ/YE8PCO+Lb+1mb7
GjmjcPCA7RcgMNRlVTu191L1klFhGktXS/Jj2Egv6kUgdB8f+wIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFHCA8JP2tKtP8DiAOrmgwhvd8UJrMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzL2Y2MGM5ZjMyLWE4N2MtNDMzOS1hMmYzLTYyOTlhM2IwMmUyOS8zOTIz
YTc3Ny1mMGRhLTRlZGYtOGJjYy00MmI0N2Y0ODMxMGEvMmJiZTQ5ZjQtZGUxZi0z
MmU1LTkwYmQtMTkxOTU3MmIzNzFkLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy9mNjBjOWYzMi1h
ODdjLTQzMzktYTJmMy02Mjk5YTNiMDJlMjkvMzkyM2E3NzctZjBkYS00ZWRmLThi
Y2MtNDJiNDdmNDgzMTBhLzM5MjNhNzc3LWYwZGEtNGVkZi04YmNjLTQyYjQ3ZjQ4
MzEwYS5jcmwwHwYDVR0jBBgwFoAU4qmiGRwAkBodfc738kAtPmeJINkwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzL2Y2MGM5ZjMyLWE4N2MtNDMz
OS1hMmYzLTYyOTlhM2IwMmUyOS8zOTIzYTc3Ny1mMGRhLTRlZGYtOGJjYy00MmI0
N2Y0ODMxMGEuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEQO4AMFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBAKY45EPHNFvmsZzDIcETsxrxd+NAUyY0eD1DL9O07W8ytcP/sH6I/oO+
t07XU1oSTch/CrL7M/EUmYH0uEaT5DLXanWq+60+WHX0oxvsug3pH12TilhzjDl2
SQqzJHNtj+Q5RXx2H5sZonQWOBJWPZXUKSD7s3+BpLu0MYqOJvafO6BITExFWN2B
EUt9GiE5a6DA1j3iRKJiI1o67MJF/jJplNJRKMWgErlfcRgVbd1UuD/evDinUV/l
bJfhtD0Q2ghtFe6xFzrVA3IcWfeaxZzU31d/ZZVOhZU7sH29NX9npk3DkJXHs2Sf
FHFICeV5YGUiBYmIJ4tNvDUrbHrhf7k=
-----END CERTIFICATE-----
Generated at Fri Apr 11 21:11:08 2025 by rpki-client