Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/9ed5ce80-224e-46ab-94f1-1afce8ccf13f/0b1625fd-be62-3786-8867-79202f064c37.roa
File:                     0b1625fd-be62-3786-8867-79202f064c37.roa (raw, json)
Hash identifier:          Ayk3YP7OlsjVrz6n9vmxXSqQtjrS30LRSyv/W5mylrc=
Subject key identifier:   17:D5:96:1B:C8:BE:2F:F9:D6:62:B3:63:0E:F2:39:C6:5B:60:49:04
Certificate issuer:       /CN=9ed5ce80-224e-46ab-94f1-1afce8ccf13f
Certificate serial:       010D0C9F4328583A0D0D59166A56831F93D26E20
Authority key identifier: 38:1D:9F:A6:BA:7C:C1:A8:44:AE:09:FE:5A:00:96:9D:3B:FC:E1:0F
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/9ed5ce80-224e-46ab-94f1-1afce8ccf13f.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/9ed5ce80-224e-46ab-94f1-1afce8ccf13f/0b1625fd-be62-3786-8867-79202f064c37.roa
Signing time:             Tue 30 Jul 2019 04:00:00 +0000
ROA not before:           Tue 30 Jul 2019 04:00:00 +0000
ROA not after:            Mon 30 Jul 2029 04:00:00 +0000
asID:                     26496
IP address blocks:        132.148.0.0/16 maxlen: 24
                          68.178.128.0/17 maxlen: 24
                          23.229.128.0/17 maxlen: 24
                          45.40.128.0/18 maxlen: 24
                          50.62.0.0/15 maxlen: 24
                          72.167.0.0/16 maxlen: 24
                          97.74.0.0/16 maxlen: 24
                          104.238.64.0/18 maxlen: 24
                          148.72.0.0/16 maxlen: 24
                          160.153.0.0/16 maxlen: 24
                          166.62.0.0/17 maxlen: 24
                          173.201.0.0/16 maxlen: 24
                          184.168.0.0/16 maxlen: 24
                          192.169.128.0/17 maxlen: 24
                          192.186.192.0/18 maxlen: 24
                          198.12.128.0/17 maxlen: 24
                          198.71.128.0/17 maxlen: 24
                          208.109.0.0/16 maxlen: 24
                          216.69.128.0/18 maxlen: 24
                          2607:f208:d000::/43 maxlen: 43
                          2607:f208:df00::/48 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:3a:0d:0d:59:16:6a:56:83:1f:93:d2:6e:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9ed5ce80-224e-46ab-94f1-1afce8ccf13f
        Validity
            Not Before: Jul 30 04:00:00 2019 GMT
            Not After : Jul 30 04:00:00 2029 GMT
        Subject: CN=e7fc27cf-3a7c-4260-8eb5-5739635c4bb3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:ab:db:c5:cb:f6:c1:6c:da:1f:12:37:af:4d:
                    82:31:d9:6f:5a:3d:55:1e:b0:01:7e:67:b9:33:a7:
                    00:eb:09:b9:95:73:37:c5:20:48:21:48:44:7c:96:
                    3d:e4:27:68:92:c3:ed:4a:c8:90:d0:0d:06:c1:ea:
                    8b:94:61:4c:88:80:1e:19:62:18:49:49:2c:b0:d2:
                    05:dd:8d:3f:3d:3a:f3:79:62:89:ca:64:09:f9:00:
                    71:5d:77:53:3f:76:42:56:69:59:84:b1:83:4b:46:
                    67:8f:ea:4e:e2:90:70:f7:74:61:5c:cc:ab:8c:02:
                    56:1e:d2:be:b5:8c:d3:a4:6a:6a:c7:3e:54:7f:d2:
                    9e:08:f0:22:71:97:42:ec:6d:66:e7:37:09:43:0a:
                    ea:08:b3:f0:3f:de:c9:a3:b7:bb:de:34:84:47:b3:
                    94:03:ff:1a:dc:bf:7c:f3:4e:3c:8c:2f:36:2c:2c:
                    4d:e4:40:b4:63:2e:24:d9:ca:fc:11:cd:de:ae:c2:
                    5e:ec:08:1f:a9:f5:8b:68:bc:7f:bb:0a:48:09:7a:
                    a2:01:20:df:22:47:30:5e:c8:cc:d8:73:95:c6:2a:
                    6d:cf:4f:96:03:b8:10:a8:62:ac:a9:fb:9b:8b:2d:
                    7b:26:cb:d4:3a:85:65:db:6e:1f:60:30:47:05:0d:
                    74:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:D5:96:1B:C8:BE:2F:F9:D6:62:B3:63:0E:F2:39:C6:5B:60:49:04
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/9ed5ce80-224e-46ab-94f1-1afce8ccf13f/0b1625fd-be62-3786-8867-79202f064c37.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/9ed5ce80-224e-46ab-94f1-1afce8ccf13f/9ed5ce80-224e-46ab-94f1-1afce8ccf13f.crl

            X509v3 Authority Key Identifier:
                keyid:38:1D:9F:A6:BA:7C:C1:A8:44:AE:09:FE:5A:00:96:9D:3B:FC:E1:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/9ed5ce80-224e-46ab-94f1-1afce8ccf13f.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.229.128.0/17
                  45.40.128.0/18
                  50.62.0.0/15
                  68.178.128.0/17
                  72.167.0.0/16
                  97.74.0.0/16
                  104.238.64.0/18
                  132.148.0.0/16
                  148.72.0.0/16
                  160.153.0.0/16
                  166.62.0.0/17
                  173.201.0.0/16
                  184.168.0.0/16
                  192.169.128.0/17
                  192.186.192.0/18
                  198.12.128.0/17
                  198.71.128.0/17
                  208.109.0.0/16
                  216.69.128.0/18
                IPv6:
                  2607:f208:d000::/43
                  2607:f208:df00::/48

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         45:7b:38:3d:70:db:4b:c6:74:24:a1:32:b3:ed:e6:12:5c:07:
         13:49:ed:c9:ce:6b:33:50:2a:93:f8:bd:b4:f7:6c:07:b8:55:
         8c:8d:5b:c3:b5:45:f7:c7:7e:df:a7:c1:34:42:70:7b:78:1d:
         97:25:28:30:0f:22:fa:f8:4c:b4:f4:3c:aa:13:89:44:1c:00:
         0d:80:d2:4c:89:8f:1b:ce:f0:8f:29:48:1a:34:d1:63:b5:e8:
         cc:ef:e4:5f:1e:75:38:0e:42:39:08:a6:1e:01:2d:ad:78:74:
         84:02:c3:81:25:1b:6b:fe:e6:37:5c:37:6a:8f:29:f8:b1:c0:
         2b:84:21:2a:1b:2c:9f:cf:8f:50:18:64:fa:2d:e7:2d:f0:51:
         a4:c8:fc:33:3c:bd:1d:51:71:05:75:52:4c:ce:b1:52:39:85:
         e1:ea:26:43:4c:73:2a:9d:23:75:1d:27:a4:62:65:fa:2e:35:
         34:8e:3b:f3:36:fb:b5:16:3b:a0:c3:10:d6:47:7c:0f:db:a9:
         cb:5f:1c:40:0e:52:91:bf:7a:1f:15:c1:2d:4c:21:f1:95:32:
         88:79:7a:b4:6f:70:49:12:b6:ca:1a:6d:53:ee:46:90:f6:ab:
         c4:ee:1b:18:df:b7:19:51:be:27:d1:95:c8:db:90:c0:6d:2a:
         20:c7:e4:e5
-----BEGIN CERTIFICATE-----
MIIGwzCCBaugAwIBAgIUAQ0Mn0MoWDoNDVkWalaDH5PSbiAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkOWVkNWNlODAtMjI0ZS00NmFiLTk0ZjEtMWFmY2U4Y2Nm
MTNmMB4XDTE5MDczMDA0MDAwMFoXDTI5MDczMDA0MDAwMFowLzEtMCsGA1UEAxMk
ZTdmYzI3Y2YtM2E3Yy00MjYwLThlYjUtNTczOTYzNWM0YmIzMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi6vbxcv2wWzaHxI3r02CMdlvWj1VHrABfme5
M6cA6wm5lXM3xSBIIUhEfJY95CdoksPtSsiQ0A0GweqLlGFMiIAeGWIYSUkssNIF
3Y0/PTrzeWKJymQJ+QBxXXdTP3ZCVmlZhLGDS0Znj+pO4pBw93RhXMyrjAJWHtK+
tYzTpGpqxz5Uf9KeCPAicZdC7G1m5zcJQwrqCLPwP97Jo7e73jSER7OUA/8a3L98
8048jC82LCxN5EC0Yy4k2cr8Ec3ersJe7AgfqfWLaLx/uwpICXqiASDfIkcwXsjM
2HOVxiptz0+WA7gQqGKsqfubiy17JsvUOoVl224fYDBHBQ105QIDAQABo4ID1TCC
A9EwHQYDVR0OBBYEFBfVlhvIvi/51mKzYw7yOcZbYEkEMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi85ZWQ1
Y2U4MC0yMjRlLTQ2YWItOTRmMS0xYWZjZThjY2YxM2YvMGIxNjI1ZmQtYmU2Mi0z
Nzg2LTg4NjctNzkyMDJmMDY0YzM3LnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy8yYTI0Njk0Ny0y
ZDYyLTRhNmMtYmEwNS04NzE4N2YwMDk5YjIvOWVkNWNlODAtMjI0ZS00NmFiLTk0
ZjEtMWFmY2U4Y2NmMTNmLzllZDVjZTgwLTIyNGUtNDZhYi05NGYxLTFhZmNlOGNj
ZjEzZi5jcmwwHwYDVR0jBBgwFoAUOB2fprp8wahErgn+WgCWnTv84Q8wDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzJhMjQ2OTQ3LTJkNjItNGE2
Yy1iYTA1LTg3MTg3ZjAwOTliMi85ZWQ1Y2U4MC0yMjRlLTQ2YWItOTRmMS0xYWZj
ZThjY2YxM2YuY2VyMIGeBggrBgEFBQcBBwEB/wSBjjCBizBvBAIAATBpAwQHF+WA
AwQGLSiAAwMBMj4DBAdEsoADAwBIpwMDAGFKAwQGaO5AAwMAhJQDAwCUSAMDAKCZ
AwQHpj4AAwMArckDAwC4qAMEB8CpgAMEBsC6wAMEB8YMgAMEB8ZHgAMDANBtAwQG
2EWAMBgEAgACMBIDBwUmB/II0AADBwAmB/II3wAwVAYDVR0gAQH/BEowSDBGBggr
BgEFBQcOAjA6MDgGCCsGAQUFBwIBFixodHRwczovL3d3dy5hcmluLm5ldC9yZXNv
dXJjZXMvcnBraS9jcHMuaHRtbDANBgkqhkiG9w0BAQsFAAOCAQEARXs4PXDbS8Z0
JKEys+3mElwHE0ntyc5rM1Aqk/i9tPdsB7hVjI1bw7VF98d+36fBNEJwe3gdlyUo
MA8i+vhMtPQ8qhOJRBwADYDSTImPG87wjylIGjTRY7XozO/kXx51OA5COQimHgEt
rXh0hALDgSUba/7mN1w3ao8p+LHAK4QhKhssn8+PUBhk+i3nLfBRpMj8Mzy9HVFx
BXVSTM6xUjmF4eomQ0xzKp0jdR0npGJl+i41NI478zb7tRY7oMMQ1kd8D9upy18c
QA5Skb96HxXBLUwh8ZUyiHl6tG9wSRK2yhptU+5GkParxO4bGN+3GVG+J9GVyNuQ
wG0qIMfk5Q==
-----END CERTIFICATE-----
Generated at Mon Oct 21 16:36:33 2024 by rpki-client on console-ams.rpki-client.org