Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5cc93615-875a-45cb-97fe-7435008eb088.roa
File:                     5cc93615-875a-45cb-97fe-7435008eb088.roa (raw, json)
Hash identifier:          kIKC/gttmG8SNPmowHS5g0p5NxCDO37bs6gWwMRp4Bk=
Subject key identifier:   5A:20:7D:E7:22:C3:11:1C:74:3A:6C:3A:8F:01:1B:51:65:68:E8:5F
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0EF5CB71E86C871FF7196D1157771C9EB11A696B
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5cc93615-875a-45cb-97fe-7435008eb088.roa
Signing time:             Thu 02 Jan 2025 00:00:00 +0000
ROA not before:           Thu 02 Jan 2025 00:00:00 +0000
ROA not after:            Thu 06 Feb 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        24.110.64.0/18 maxlen: 24
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0e:f5:cb:71:e8:6c:87:1f:f7:19:6d:11:57:77:1c:9e:b1:1a:69:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  2 00:00:00 2025 GMT
            Not After : Feb  6 23:59:59 2025 GMT
        Subject: serialNumber=e1a741690da37c177d0057c58b5fb9777d35755f1a79d6f05d9937eef1d9d651, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:4a:4f:e7:e8:a0:1f:bc:d2:aa:63:9b:95:9b:
                    8d:9d:24:b7:86:2f:7d:8f:69:ea:92:70:ea:c5:33:
                    f6:d8:ec:72:e1:6f:aa:19:96:ab:ea:01:9d:ac:2c:
                    44:42:24:7b:2b:2c:6e:37:20:02:1a:18:de:11:f0:
                    aa:3e:96:39:d5:36:b7:98:a9:20:3e:7f:57:a1:5e:
                    f8:c3:5b:1a:51:24:b0:6e:33:bd:e1:ae:21:27:10:
                    c1:a7:b3:d4:53:3e:26:63:33:ba:cf:78:01:0a:a8:
                    90:74:11:ad:a9:2c:26:0b:68:05:94:67:14:5d:7d:
                    4d:e5:24:6a:4f:86:c4:7d:c0:86:76:dd:7d:3c:f7:
                    5f:39:85:fb:17:50:c4:d2:78:f9:57:18:56:24:25:
                    b2:ed:1b:a8:40:4a:c3:44:19:f5:b0:ce:f3:58:21:
                    a6:4a:d7:da:ee:cc:27:78:ec:9e:cd:f9:0c:56:5e:
                    32:35:86:a3:c6:3e:e5:e5:9c:ae:05:c2:07:27:e9:
                    51:21:03:54:12:bf:13:37:2e:a7:4a:fb:6b:d4:75:
                    be:74:29:2c:78:d4:5b:f7:ce:db:ca:17:92:76:fd:
                    9a:98:99:9c:c4:e5:d3:e6:e1:16:18:f3:e9:37:c1:
                    4a:94:64:c5:93:4a:f7:fe:fc:8d:f0:94:7a:67:3c:
                    fd:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:20:7D:E7:22:C3:11:1C:74:3A:6C:3A:8F:01:1B:51:65:68:E8:5F
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5cc93615-875a-45cb-97fe-7435008eb088.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  24.110.64.0/18

    Signature Algorithm: sha256WithRSAEncryption
         70:c2:d0:30:7f:78:ff:7a:bb:39:2d:20:53:d6:96:99:e5:9e:
         85:19:bd:d5:d0:97:54:2a:f5:be:1e:f3:03:3a:da:ce:d9:94:
         d5:de:f1:4e:b1:38:d7:63:9f:fb:6b:14:4c:86:06:37:01:fe:
         4c:1d:b3:d0:83:bf:ee:18:7a:87:47:7d:a9:f5:ce:bd:87:0b:
         bc:29:ec:58:c5:33:ed:23:46:b8:23:cd:5f:a8:75:e9:d8:0b:
         3b:06:13:f3:f3:1e:b5:eb:42:f0:89:f6:93:c2:d8:89:e5:3c:
         c8:c4:43:97:ce:5e:42:e8:1b:06:57:05:40:5d:94:9a:46:56:
         e5:24:c5:03:66:a7:72:75:22:d5:71:9e:e4:fb:a0:ca:8e:fd:
         6b:74:bb:59:7c:b9:ef:4c:ec:39:4c:97:87:85:d5:6b:da:d9:
         7b:92:ca:b9:08:a4:ec:1c:c4:39:67:f8:ae:03:96:a7:36:34:
         3a:17:5a:e2:d4:7d:2c:5f:8f:fc:50:07:c4:85:72:59:c3:90:
         c6:61:b8:93:71:f8:8c:c6:45:34:eb:64:53:9e:4f:a0:7c:05:
         3e:d5:d5:53:e4:e1:66:9d:de:f8:63:b5:00:6a:eb:3e:2c:ce:
         0a:6a:cf:5a:d7:10:74:eb:ff:c1:02:3c:9d:4e:de:1f:19:00:
         d2:1a:4c:ea
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUDvXLcehshx/3GW0RV3ccnrEaaWswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTAyMDAwMDAwWhcNMjUwMjA2MjM1OTU5
WjB6MUkwRwYDVQQFE0BlMWE3NDE2OTBkYTM3YzE3N2QwMDU3YzU4YjVmYjk3Nzdk
MzU3NTVmMWE3OWQ2ZjA1ZDk5MzdlZWYxZDlkNjUxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDRSk/n6KAfvNKqY5uVm42dJLeGL32PaeqScOrFM/bY7HLh
b6oZlqvqAZ2sLERCJHsrLG43IAIaGN4R8Ko+ljnVNreYqSA+f1ehXvjDWxpRJLBu
M73hriEnEMGns9RTPiZjM7rPeAEKqJB0Ea2pLCYLaAWUZxRdfU3lJGpPhsR9wIZ2
3X089185hfsXUMTSePlXGFYkJbLtG6hASsNEGfWwzvNYIaZK19ruzCd47J7N+QxW
XjI1hqPGPuXlnK4Fwgcn6VEhA1QSvxM3LqdK+2vUdb50KSx41Fv3ztvKF5J2/ZqY
mZzE5dPm4RYY8+k3wUqUZMWTSvf+/I3wlHpnPP37AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUWiB95yLDERx0Omw6jwEbUWVo6F8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzVjYzkzNjE1LTg3NWEtNDVjYi05N2ZlLTc0MzUwMDhlYjA4OC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAYYbkAwDQYJKoZIhvcNAQELBQADggEBAHDC0DB/eP96uzktIFPWlpnlnoUZ
vdXQl1Qq9b4e8wM62s7ZlNXe8U6xONdjn/trFEyGBjcB/kwds9CDv+4YeodHfan1
zr2HC7wp7FjFM+0jRrgjzV+odenYCzsGE/PzHrXrQvCJ9pPC2InlPMjEQ5fOXkLo
GwZXBUBdlJpGVuUkxQNmp3J1ItVxnuT7oMqO/Wt0u1l8ue9M7DlMl4eF1Wva2XuS
yrkIpOwcxDln+K4Dlqc2NDoXWuLUfSxfj/xQB8SFclnDkMZhuJNx+IzGRTTrZFOe
T6B8BT7V1VPk4Wad3vhjtQBq6z4szgpqz1rXEHTr/8ECPJ1O3h8ZANIaTOo=
-----END CERTIFICATE-----