Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/ef9ac143-3f26-4b9b-8997-3d3fbd310f8f/f4e6da1e-6cfe-372a-a133-3f23a400c758.roa
File:                     f4e6da1e-6cfe-372a-a133-3f23a400c758.roa (raw, json)
Hash identifier:          VxK695QBBZXqfT+QkvaQHier6h9BU9lOT1M82Muomv0=
Subject key identifier:   2F:03:AE:72:1A:6F:18:C1:30:EA:39:FE:25:6F:0D:B8:9F:3F:48:8A
Certificate issuer:       /CN=ef9ac143-3f26-4b9b-8997-3d3fbd310f8f
Certificate serial:       010D0C9F432858433E45C91A2DD5FB7EB2A033A0
Authority key identifier: 09:6A:67:2E:DB:60:79:88:AA:30:A8:4E:AC:8E:B8:A2:3D:59:18:96
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/ef9ac143-3f26-4b9b-8997-3d3fbd310f8f.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/ef9ac143-3f26-4b9b-8997-3d3fbd310f8f/f4e6da1e-6cfe-372a-a133-3f23a400c758.roa
Signing time:             Sat 16 Sep 2023 15:32:56 +0000
ROA not before:           Sat 16 Sep 2023 15:32:56 +0000
ROA not after:            Fri 15 Dec 2023 16:32:56 +0000
asID:                     13911
IP address blocks:        66.51.96.0/20 maxlen: 20
                          198.161.206.0/24 maxlen: 24
                          216.194.64.0/20 maxlen: 20
                          216.234.160.0/20 maxlen: 21
                          216.234.184.0/21 maxlen: 21
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:43:3e:45:c9:1a:2d:d5:fb:7e:b2:a0:33:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ef9ac143-3f26-4b9b-8997-3d3fbd310f8f
        Validity
            Not Before: Sep 16 15:32:56 2023 GMT
            Not After : Dec 15 16:32:56 2023 GMT
        Subject: CN=e2d68bb8-d0db-4274-b104-00824443fd21
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:1a:8a:39:5c:99:72:1f:ce:f3:e1:32:df:69:
                    58:58:e0:b5:65:99:2d:44:74:a4:2f:f2:3a:6a:30:
                    a8:5e:ae:52:17:8b:f7:3e:7c:d5:f4:05:1d:24:64:
                    24:73:10:74:6c:e3:31:8e:e3:d3:13:28:f2:82:33:
                    06:a1:76:34:f8:e0:80:2b:60:da:1b:51:ce:40:ee:
                    99:45:0b:b3:0e:7c:77:37:30:0d:44:2d:5b:fb:a0:
                    73:2f:de:b9:fa:20:66:6c:1f:de:1a:2e:ec:ad:92:
                    46:25:0a:6e:88:a7:12:59:4f:79:5d:a5:6c:37:c9:
                    bd:b1:96:c7:fd:60:4e:cd:a9:f5:ed:6b:b1:a1:46:
                    3c:3d:6e:bc:1c:db:4d:64:dc:9c:49:84:62:97:a3:
                    85:67:ad:3d:d4:b3:9d:21:30:ef:97:5b:56:8a:66:
                    5d:fa:7d:39:06:4d:12:c0:a6:8f:d7:16:58:03:48:
                    81:44:2f:93:d1:6e:bf:e6:2b:ab:9d:44:32:48:44:
                    d3:f7:0e:67:60:6e:44:e1:b2:90:fb:e9:44:43:30:
                    9e:86:c8:c0:a7:a1:c5:4e:fe:3e:5e:a6:87:9a:60:
                    6d:77:33:ed:9c:08:10:1b:66:38:f2:2a:4f:b7:87:
                    db:59:5f:70:04:bc:d2:94:9d:9a:84:e0:2a:f8:3e:
                    c1:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:03:AE:72:1A:6F:18:C1:30:EA:39:FE:25:6F:0D:B8:9F:3F:48:8A
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/ef9ac143-3f26-4b9b-8997-3d3fbd310f8f/f4e6da1e-6cfe-372a-a133-3f23a400c758.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/ef9ac143-3f26-4b9b-8997-3d3fbd310f8f/ef9ac143-3f26-4b9b-8997-3d3fbd310f8f.crl

            X509v3 Authority Key Identifier:
                keyid:09:6A:67:2E:DB:60:79:88:AA:30:A8:4E:AC:8E:B8:A2:3D:59:18:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/ef9ac143-3f26-4b9b-8997-3d3fbd310f8f.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  66.51.96.0/20
                  198.161.206.0/24
                  216.194.64.0/20
                  216.234.160.0/20
                  216.234.184.0/21

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         1d:a7:91:39:f2:44:db:07:78:a3:99:60:a0:74:05:20:8f:a2:
         09:5c:9a:c5:ad:e6:f6:45:0c:66:90:c5:40:09:3a:61:ea:ad:
         be:fd:30:3d:d3:0e:27:c2:b7:d7:cc:e6:ab:c3:e3:30:a4:3c:
         8c:7d:16:d0:34:8c:99:c5:25:16:8f:33:c9:a9:11:75:c6:ac:
         88:60:38:8d:1a:6d:8d:1f:3f:ee:92:52:df:1b:fb:46:36:5a:
         02:22:59:aa:dd:ff:90:d5:22:9d:8c:99:4c:e1:37:08:48:c9:
         49:ef:5d:b2:60:72:7a:9d:e8:9e:cf:55:ac:81:e1:11:33:65:
         26:51:b8:c7:f6:0c:b6:63:62:60:67:68:3e:d3:79:57:0d:9a:
         61:13:99:35:3c:da:6b:18:d4:17:87:8c:05:92:e4:9d:2b:14:
         b4:f5:47:51:82:aa:dc:6e:5a:26:89:cf:10:6c:c8:4c:a1:66:
         7a:88:e4:91:5d:2d:4d:9f:2c:c3:51:a3:36:a2:a0:bf:57:23:
         ad:ba:af:64:9f:43:cc:19:e8:f2:7e:45:d4:21:63:9b:67:c9:
         5f:4c:db:d5:6b:f5:84:b5:3b:e7:38:4f:e6:5b:c0:78:63:f8:
         58:08:7e:f2:7e:3a:c3:85:aa:b2:db:6a:38:1d:9d:4a:c8:5b:
         7e:b7:c3:88
-----BEGIN CERTIFICATE-----
MIIGWzCCBUOgAwIBAgIUAQ0Mn0MoWEM+RckaLdX7frKgM6AwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkZWY5YWMxNDMtM2YyNi00YjliLTg5OTctM2QzZmJkMzEw
ZjhmMB4XDTIzMDkxNjE1MzI1NloXDTIzMTIxNTE2MzI1NlowLzEtMCsGA1UEAxMk
ZTJkNjhiYjgtZDBkYi00Mjc0LWIxMDQtMDA4MjQ0NDNmZDIxMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlxqKOVyZch/O8+Ey32lYWOC1ZZktRHSkL/I6
ajCoXq5SF4v3PnzV9AUdJGQkcxB0bOMxjuPTEyjygjMGoXY0+OCAK2DaG1HOQO6Z
RQuzDnx3NzANRC1b+6BzL965+iBmbB/eGi7srZJGJQpuiKcSWU95XaVsN8m9sZbH
/WBOzan17WuxoUY8PW68HNtNZNycSYRil6OFZ6091LOdITDvl1tWimZd+n05Bk0S
wKaP1xZYA0iBRC+T0W6/5iurnUQySETT9w5nYG5E4bKQ++lEQzCehsjAp6HFTv4+
XqaHmmBtdzPtnAgQG2Y48ipPt4fbWV9wBLzSlJ2ahOAq+D7BpQIDAQABo4IDbTCC
A2kwHQYDVR0OBBYEFC8DrnIabxjBMOo5/iVvDbifP0iKMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzL2Y2MGM5ZjMyLWE4N2MtNDMzOS1hMmYzLTYyOTlhM2IwMmUyOS9lZjlh
YzE0My0zZjI2LTRiOWItODk5Ny0zZDNmYmQzMTBmOGYvZjRlNmRhMWUtNmNmZS0z
NzJhLWExMzMtM2YyM2E0MDBjNzU4LnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy9mNjBjOWYzMi1h
ODdjLTQzMzktYTJmMy02Mjk5YTNiMDJlMjkvZWY5YWMxNDMtM2YyNi00YjliLTg5
OTctM2QzZmJkMzEwZjhmL2VmOWFjMTQzLTNmMjYtNGI5Yi04OTk3LTNkM2ZiZDMx
MGY4Zi5jcmwwHwYDVR0jBBgwFoAUCWpnLttgeYiqMKhOrI64oj1ZGJYwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzL2Y2MGM5ZjMyLWE4N2MtNDMz
OS1hMmYzLTYyOTlhM2IwMmUyOS9lZjlhYzE0My0zZjI2LTRiOWItODk5Ny0zZDNm
YmQzMTBmOGYuY2VyMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQEQjNgAwQA
xqHOAwQE2MJAAwQE2OqgAwQD2Oq4MFQGA1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIw
OjA4BggrBgEFBQcCARYsaHR0cHM6Ly93d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jw
a2kvY3BzLmh0bWwwDQYJKoZIhvcNAQELBQADggEBAB2nkTnyRNsHeKOZYKB0BSCP
oglcmsWt5vZFDGaQxUAJOmHqrb79MD3TDifCt9fM5qvD4zCkPIx9FtA0jJnFJRaP
M8mpEXXGrIhgOI0abY0fP+6SUt8b+0Y2WgIiWard/5DVIp2MmUzhNwhIyUnvXbJg
cnqd6J7PVayB4REzZSZRuMf2DLZjYmBnaD7TeVcNmmETmTU82msY1BeHjAWS5J0r
FLT1R1GCqtxuWiaJzxBsyEyhZnqI5JFdLU2fLMNRozaioL9XI626r2SfQ8wZ6PJ+
RdQhY5tnyV9M29Vr9YS1O+c4T+ZbwHhj+FgIfvJ+OsOFqrLbajgdnUrIW363w4g=
-----END CERTIFICATE-----