Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/9ed5ce80-224e-46ab-94f1-1afce8ccf13f/0424bae5-3442-3ee6-9435-2f097c8f6d17.roa
File:                     0424bae5-3442-3ee6-9435-2f097c8f6d17.roa (raw, json)
Hash identifier:          Rn6RtQJwOdGb3ZqnhaqjrNP/FZ+D0jtrduNa7N8g4Ms=
Subject key identifier:   19:88:B2:D7:55:DA:FA:D2:F4:38:5E:4D:7C:95:06:2D:7B:E8:34:EF
Certificate issuer:       /CN=9ed5ce80-224e-46ab-94f1-1afce8ccf13f
Certificate serial:       010D0C9F4328583A0D0DEA2C767DFDEBF1CE47B9
Authority key identifier: 38:1D:9F:A6:BA:7C:C1:A8:44:AE:09:FE:5A:00:96:9D:3B:FC:E1:0F
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/9ed5ce80-224e-46ab-94f1-1afce8ccf13f.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/9ed5ce80-224e-46ab-94f1-1afce8ccf13f/0424bae5-3442-3ee6-9435-2f097c8f6d17.roa
Signing time:             Tue 30 Jul 2019 04:00:00 +0000
ROA not before:           Tue 30 Jul 2019 04:00:00 +0000
ROA not after:            Mon 30 Jul 2029 04:00:00 +0000
asID:                     29486
IP address blocks:        132.148.0.0/16 maxlen: 24
                          68.178.128.0/17 maxlen: 24
                          23.229.128.0/17 maxlen: 24
                          45.40.128.0/18 maxlen: 24
                          50.62.0.0/15 maxlen: 24
                          72.167.0.0/16 maxlen: 24
                          97.74.0.0/16 maxlen: 24
                          104.238.64.0/18 maxlen: 24
                          148.72.0.0/16 maxlen: 24
                          160.153.0.0/16 maxlen: 24
                          166.62.0.0/17 maxlen: 24
                          173.201.0.0/16 maxlen: 24
                          184.168.0.0/16 maxlen: 24
                          192.169.128.0/17 maxlen: 24
                          192.186.192.0/18 maxlen: 24
                          198.12.128.0/17 maxlen: 24
                          198.71.128.0/17 maxlen: 24
                          208.109.0.0/16 maxlen: 24
                          216.69.128.0/18 maxlen: 24
                          2607:f208:d000::/43 maxlen: 43
                          2607:f208:df00::/48 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:3a:0d:0d:ea:2c:76:7d:fd:eb:f1:ce:47:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9ed5ce80-224e-46ab-94f1-1afce8ccf13f
        Validity
            Not Before: Jul 30 04:00:00 2019 GMT
            Not After : Jul 30 04:00:00 2029 GMT
        Subject: CN=c4de2377-8339-4abc-ab93-e094d7fa8c5d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:c9:1d:53:d7:57:3d:50:59:04:ca:90:70:91:
                    76:dd:b4:df:ee:fc:db:9e:cc:b6:15:1b:a7:9c:fc:
                    fb:fa:a9:eb:b8:a5:df:28:12:d5:b3:f7:3b:eb:8a:
                    dd:e2:d1:b4:36:c6:6b:13:01:99:70:e3:3a:aa:35:
                    57:66:7d:39:2b:a1:b5:14:6a:7e:bf:e8:a8:c8:0b:
                    a3:e1:4d:98:0f:68:7b:80:57:61:0a:fe:9c:4f:1d:
                    e8:66:5f:a3:8e:9d:8e:37:0e:5f:25:a3:b2:a3:47:
                    22:4d:3e:2c:ec:cb:a2:81:d3:50:d6:54:b9:f7:e8:
                    64:78:44:dd:3b:a9:07:88:16:8e:88:6e:42:65:8c:
                    22:25:b3:9c:20:b2:dc:71:50:f0:5a:7a:31:8c:ec:
                    65:d7:bf:46:ba:f4:76:77:71:66:2b:1e:f7:b2:1f:
                    cd:22:9f:4d:0d:00:d4:be:10:a7:c4:6a:41:40:89:
                    81:a2:58:4d:84:d4:8d:ba:6e:91:82:8a:ce:bc:ee:
                    5d:ad:b4:47:a9:13:f6:13:58:ec:b9:11:66:23:0f:
                    53:c5:1a:1b:99:85:94:40:30:c4:54:d9:9e:72:3f:
                    f9:bb:dd:f5:68:8f:0b:d5:e4:45:53:41:7c:76:95:
                    8c:29:e6:41:b8:c2:f7:59:fe:5b:ea:29:5e:23:38:
                    5f:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:88:B2:D7:55:DA:FA:D2:F4:38:5E:4D:7C:95:06:2D:7B:E8:34:EF
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/9ed5ce80-224e-46ab-94f1-1afce8ccf13f/0424bae5-3442-3ee6-9435-2f097c8f6d17.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/9ed5ce80-224e-46ab-94f1-1afce8ccf13f/9ed5ce80-224e-46ab-94f1-1afce8ccf13f.crl

            X509v3 Authority Key Identifier:
                keyid:38:1D:9F:A6:BA:7C:C1:A8:44:AE:09:FE:5A:00:96:9D:3B:FC:E1:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/9ed5ce80-224e-46ab-94f1-1afce8ccf13f.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.229.128.0/17
                  45.40.128.0/18
                  50.62.0.0/15
                  68.178.128.0/17
                  72.167.0.0/16
                  97.74.0.0/16
                  104.238.64.0/18
                  132.148.0.0/16
                  148.72.0.0/16
                  160.153.0.0/16
                  166.62.0.0/17
                  173.201.0.0/16
                  184.168.0.0/16
                  192.169.128.0/17
                  192.186.192.0/18
                  198.12.128.0/17
                  198.71.128.0/17
                  208.109.0.0/16
                  216.69.128.0/18
                IPv6:
                  2607:f208:d000::/43
                  2607:f208:df00::/48

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         41:ef:20:2c:2f:0e:56:72:08:41:ba:7c:e5:6e:67:e5:0e:02:
         61:32:c9:f3:cb:12:b1:ea:d8:77:b8:82:47:6c:ed:c7:cf:c5:
         af:d1:5e:af:20:e4:8e:08:79:1d:46:4e:8d:cd:6a:ed:37:45:
         b2:c0:bf:1a:41:c4:ee:0b:4e:5f:bc:57:7a:77:46:88:56:13:
         27:4f:0a:28:3c:ce:4a:8a:33:13:50:b7:fa:36:ff:0b:c4:a5:
         0b:3c:99:ee:72:99:9b:b7:ad:7a:9a:3c:44:9c:06:40:c2:7c:
         46:bf:4b:2b:4d:03:13:d7:b4:f0:e3:3a:e6:ea:d0:e6:e8:04:
         2a:9b:cc:85:4f:1d:71:81:b9:70:17:0e:91:af:a8:77:48:7a:
         2b:a3:63:31:0e:8c:ef:64:04:16:74:8f:94:76:19:eb:fc:ee:
         16:5a:24:88:33:42:98:f3:e6:f8:05:24:99:9d:e1:63:89:12:
         51:a9:73:4f:ba:76:8e:f8:4a:6a:ac:85:66:1c:08:a3:b5:15:
         e6:8e:72:ca:e8:1c:43:33:72:f1:5c:8e:e3:23:bd:93:af:34:
         48:13:16:2e:f3:d4:de:f8:63:93:0b:b4:d3:24:a6:00:4b:23:
         79:41:07:60:4f:01:98:ca:28:92:39:73:83:e8:3e:8a:ce:0c:
         c1:60:7d:68
-----BEGIN CERTIFICATE-----
MIIGwzCCBaugAwIBAgIUAQ0Mn0MoWDoNDeosdn396/HOR7kwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkOWVkNWNlODAtMjI0ZS00NmFiLTk0ZjEtMWFmY2U4Y2Nm
MTNmMB4XDTE5MDczMDA0MDAwMFoXDTI5MDczMDA0MDAwMFowLzEtMCsGA1UEAxMk
YzRkZTIzNzctODMzOS00YWJjLWFiOTMtZTA5NGQ3ZmE4YzVkMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEA08kdU9dXPVBZBMqQcJF23bTf7vzbnsy2FRun
nPz7+qnruKXfKBLVs/c764rd4tG0NsZrEwGZcOM6qjVXZn05K6G1FGp+v+ioyAuj
4U2YD2h7gFdhCv6cTx3oZl+jjp2ONw5fJaOyo0ciTT4s7MuigdNQ1lS59+hkeETd
O6kHiBaOiG5CZYwiJbOcILLccVDwWnoxjOxl179GuvR2d3FmKx73sh/NIp9NDQDU
vhCnxGpBQImBolhNhNSNum6RgorOvO5drbRHqRP2E1jsuRFmIw9TxRobmYWUQDDE
VNmecj/5u931aI8L1eRFU0F8dpWMKeZBuML3Wf5b6ileIzhfcQIDAQABo4ID1TCC
A9EwHQYDVR0OBBYEFBmIstdV2vrS9DheTXyVBi176DTvMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi85ZWQ1
Y2U4MC0yMjRlLTQ2YWItOTRmMS0xYWZjZThjY2YxM2YvMDQyNGJhZTUtMzQ0Mi0z
ZWU2LTk0MzUtMmYwOTdjOGY2ZDE3LnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy8yYTI0Njk0Ny0y
ZDYyLTRhNmMtYmEwNS04NzE4N2YwMDk5YjIvOWVkNWNlODAtMjI0ZS00NmFiLTk0
ZjEtMWFmY2U4Y2NmMTNmLzllZDVjZTgwLTIyNGUtNDZhYi05NGYxLTFhZmNlOGNj
ZjEzZi5jcmwwHwYDVR0jBBgwFoAUOB2fprp8wahErgn+WgCWnTv84Q8wDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzJhMjQ2OTQ3LTJkNjItNGE2
Yy1iYTA1LTg3MTg3ZjAwOTliMi85ZWQ1Y2U4MC0yMjRlLTQ2YWItOTRmMS0xYWZj
ZThjY2YxM2YuY2VyMIGeBggrBgEFBQcBBwEB/wSBjjCBizBvBAIAATBpAwQHF+WA
AwQGLSiAAwMBMj4DBAdEsoADAwBIpwMDAGFKAwQGaO5AAwMAhJQDAwCUSAMDAKCZ
AwQHpj4AAwMArckDAwC4qAMEB8CpgAMEBsC6wAMEB8YMgAMEB8ZHgAMDANBtAwQG
2EWAMBgEAgACMBIDBwUmB/II0AADBwAmB/II3wAwVAYDVR0gAQH/BEowSDBGBggr
BgEFBQcOAjA6MDgGCCsGAQUFBwIBFixodHRwczovL3d3dy5hcmluLm5ldC9yZXNv
dXJjZXMvcnBraS9jcHMuaHRtbDANBgkqhkiG9w0BAQsFAAOCAQEAQe8gLC8OVnII
Qbp85W5n5Q4CYTLJ88sSserYd7iCR2ztx8/Fr9FeryDkjgh5HUZOjc1q7TdFssC/
GkHE7gtOX7xXendGiFYTJ08KKDzOSoozE1C3+jb/C8SlCzyZ7nKZm7etepo8RJwG
QMJ8Rr9LK00DE9e08OM65urQ5ugEKpvMhU8dcYG5cBcOka+od0h6K6NjMQ6M72QE
FnSPlHYZ6/zuFlokiDNCmPPm+AUkmZ3hY4kSUalzT7p2jvhKaqyFZhwIo7UV5o5y
yugcQzNy8VyO4yO9k680SBMWLvPU3vhjkwu00ySmAEsjeUEHYE8BmMookjlzg+g+
is4MwWB9aA==
-----END CERTIFICATE-----
Generated at Mon Oct 21 16:36:33 2024 by rpki-client on console-ams.rpki-client.org