Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/9ed5ce80-224e-46ab-94f1-1afce8ccf13f/da7c64cf-41fa-38dd-a581-d818f0c680d4.roa
File:                     da7c64cf-41fa-38dd-a581-d818f0c680d4.roa (raw, json)
Hash identifier:          jMSokRPFNrw/6Ub69FCHjkamZLqyKvkhoOSAtC67r98=
Subject key identifier:   1D:37:71:A4:C7:9B:39:1E:27:9B:A4:72:5D:AD:85:6B:C4:B1:DD:D4
Certificate issuer:       /CN=9ed5ce80-224e-46ab-94f1-1afce8ccf13f
Certificate serial:       010D0C9F4328583A0D0E23767A2801DB44CFB3A0
Authority key identifier: 38:1D:9F:A6:BA:7C:C1:A8:44:AE:09:FE:5A:00:96:9D:3B:FC:E1:0F
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/9ed5ce80-224e-46ab-94f1-1afce8ccf13f.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/9ed5ce80-224e-46ab-94f1-1afce8ccf13f/da7c64cf-41fa-38dd-a581-d818f0c680d4.roa
Signing time:             Tue 30 Jul 2019 04:00:00 +0000
ROA not before:           Tue 30 Jul 2019 04:00:00 +0000
ROA not after:            Mon 30 Jul 2029 04:00:00 +0000
asID:                     35329
IP address blocks:        132.148.0.0/16 maxlen: 24
                          68.178.128.0/17 maxlen: 24
                          23.229.128.0/17 maxlen: 24
                          45.40.128.0/18 maxlen: 24
                          50.62.0.0/15 maxlen: 24
                          72.167.0.0/16 maxlen: 24
                          97.74.0.0/16 maxlen: 24
                          104.238.64.0/18 maxlen: 24
                          148.72.0.0/16 maxlen: 24
                          160.153.0.0/16 maxlen: 24
                          166.62.0.0/17 maxlen: 24
                          173.201.0.0/16 maxlen: 24
                          184.168.0.0/16 maxlen: 24
                          192.169.128.0/17 maxlen: 24
                          192.186.192.0/18 maxlen: 24
                          198.12.128.0/17 maxlen: 24
                          198.71.128.0/17 maxlen: 24
                          208.109.0.0/16 maxlen: 24
                          216.69.128.0/18 maxlen: 24
                          2607:f208:d000::/43 maxlen: 43
                          2607:f208:df00::/48 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:3a:0d:0e:23:76:7a:28:01:db:44:cf:b3:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9ed5ce80-224e-46ab-94f1-1afce8ccf13f
        Validity
            Not Before: Jul 30 04:00:00 2019 GMT
            Not After : Jul 30 04:00:00 2029 GMT
        Subject: CN=2bffe5d3-6bf4-49ef-bf96-85394d54ecd6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:4a:b9:8b:19:dc:68:38:2d:0e:95:fd:93:6f:
                    70:03:35:d1:4b:c3:f0:97:8f:c7:57:6c:6b:f6:64:
                    86:12:1b:2d:bf:63:bd:b0:0f:e6:b3:e8:ca:ec:3d:
                    c1:52:9d:c2:d8:0b:dc:5a:6a:87:bc:82:6d:fb:2d:
                    8c:e4:dd:77:5f:bf:64:0f:d0:b3:38:a8:9a:19:9e:
                    d6:cd:21:a6:3a:a8:92:39:8a:0c:2b:ad:c5:18:d9:
                    16:44:0b:f4:9f:1e:70:cc:84:3d:e0:a2:58:7a:8a:
                    b8:82:d0:b5:6c:a7:c3:06:e5:3a:12:9b:0e:eb:d4:
                    93:e4:e6:6a:db:fa:4a:7e:28:f0:05:d7:41:fb:d6:
                    7f:45:a7:b3:93:42:07:45:40:86:ad:ab:dc:79:23:
                    bb:46:de:fa:94:f3:4f:f4:d9:7b:8e:a2:a2:ad:b0:
                    88:4d:33:9a:c1:5a:54:6d:eb:15:7f:32:d1:30:21:
                    fc:85:1e:fc:f4:6e:c2:4a:8b:04:7b:0c:23:8d:b4:
                    d8:48:3d:ac:5f:82:82:7f:44:e8:a8:7b:da:fb:67:
                    81:75:4e:2b:00:41:8b:09:3e:a8:bd:b7:9f:e1:87:
                    30:8e:36:14:14:00:5e:da:55:90:52:59:3c:c9:85:
                    ee:5d:6d:f4:01:58:91:99:dc:fd:3c:03:ca:29:80:
                    23:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:37:71:A4:C7:9B:39:1E:27:9B:A4:72:5D:AD:85:6B:C4:B1:DD:D4
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/9ed5ce80-224e-46ab-94f1-1afce8ccf13f/da7c64cf-41fa-38dd-a581-d818f0c680d4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/9ed5ce80-224e-46ab-94f1-1afce8ccf13f/9ed5ce80-224e-46ab-94f1-1afce8ccf13f.crl

            X509v3 Authority Key Identifier:
                keyid:38:1D:9F:A6:BA:7C:C1:A8:44:AE:09:FE:5A:00:96:9D:3B:FC:E1:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/9ed5ce80-224e-46ab-94f1-1afce8ccf13f.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.229.128.0/17
                  45.40.128.0/18
                  50.62.0.0/15
                  68.178.128.0/17
                  72.167.0.0/16
                  97.74.0.0/16
                  104.238.64.0/18
                  132.148.0.0/16
                  148.72.0.0/16
                  160.153.0.0/16
                  166.62.0.0/17
                  173.201.0.0/16
                  184.168.0.0/16
                  192.169.128.0/17
                  192.186.192.0/18
                  198.12.128.0/17
                  198.71.128.0/17
                  208.109.0.0/16
                  216.69.128.0/18
                IPv6:
                  2607:f208:d000::/43
                  2607:f208:df00::/48

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         47:b9:99:d6:cc:e1:fa:4c:55:13:93:b4:65:8c:cb:9c:8e:19:
         25:50:96:94:70:94:32:6d:52:4a:57:5c:84:42:e2:85:6c:c2:
         7c:eb:55:94:9d:a4:b6:04:96:2e:f6:90:15:dc:71:fb:07:49:
         9b:be:b4:dc:34:70:cc:c7:a7:6a:46:1c:a3:47:28:9d:aa:51:
         19:20:b4:d4:84:ad:0f:fc:fc:ac:51:04:d7:57:59:3b:4f:80:
         15:0e:ed:89:60:d7:42:1b:71:f4:ce:ef:15:9c:f6:ad:20:76:
         5c:ff:17:6a:0c:64:d1:5f:7f:67:86:5d:c0:5c:08:42:53:98:
         56:81:79:6c:f2:29:cc:0d:74:57:8e:9b:65:88:01:ef:5c:ec:
         4c:91:47:ff:43:c7:d9:91:dc:93:2d:36:ac:34:49:37:8e:c8:
         58:28:37:50:84:69:79:a7:46:79:13:38:1b:1f:cc:a8:19:76:
         3c:f1:62:cf:ff:bf:b6:53:1f:f7:69:b9:55:b6:13:e5:b1:e3:
         53:cc:8d:c7:08:0c:60:9a:a5:da:21:02:fe:01:31:20:1d:3b:
         c7:3e:d2:d2:9f:3f:72:19:3e:b1:9c:e5:3e:d1:db:3d:1b:64:
         2e:ec:e7:be:2d:96:4d:99:6b:e2:5a:43:f3:4a:8a:91:e5:77:
         2e:a2:51:a6
-----BEGIN CERTIFICATE-----
MIIGwzCCBaugAwIBAgIUAQ0Mn0MoWDoNDiN2eigB20TPs6AwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkOWVkNWNlODAtMjI0ZS00NmFiLTk0ZjEtMWFmY2U4Y2Nm
MTNmMB4XDTE5MDczMDA0MDAwMFoXDTI5MDczMDA0MDAwMFowLzEtMCsGA1UEAxMk
MmJmZmU1ZDMtNmJmNC00OWVmLWJmOTYtODUzOTRkNTRlY2Q2MIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnEq5ixncaDgtDpX9k29wAzXRS8Pwl4/HV2xr
9mSGEhstv2O9sA/ms+jK7D3BUp3C2AvcWmqHvIJt+y2M5N13X79kD9CzOKiaGZ7W
zSGmOqiSOYoMK63FGNkWRAv0nx5wzIQ94KJYeoq4gtC1bKfDBuU6EpsO69ST5OZq
2/pKfijwBddB+9Z/Raezk0IHRUCGravceSO7Rt76lPNP9Nl7jqKirbCITTOawVpU
besVfzLRMCH8hR789G7CSosEewwjjbTYSD2sX4KCf0ToqHva+2eBdU4rAEGLCT6o
vbef4YcwjjYUFABe2lWQUlk8yYXuXW30AViRmdz9PAPKKYAjxQIDAQABo4ID1TCC
A9EwHQYDVR0OBBYEFB03caTHmzkeJ5ukcl2thWvEsd3UMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi85ZWQ1
Y2U4MC0yMjRlLTQ2YWItOTRmMS0xYWZjZThjY2YxM2YvZGE3YzY0Y2YtNDFmYS0z
OGRkLWE1ODEtZDgxOGYwYzY4MGQ0LnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy8yYTI0Njk0Ny0y
ZDYyLTRhNmMtYmEwNS04NzE4N2YwMDk5YjIvOWVkNWNlODAtMjI0ZS00NmFiLTk0
ZjEtMWFmY2U4Y2NmMTNmLzllZDVjZTgwLTIyNGUtNDZhYi05NGYxLTFhZmNlOGNj
ZjEzZi5jcmwwHwYDVR0jBBgwFoAUOB2fprp8wahErgn+WgCWnTv84Q8wDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzJhMjQ2OTQ3LTJkNjItNGE2
Yy1iYTA1LTg3MTg3ZjAwOTliMi85ZWQ1Y2U4MC0yMjRlLTQ2YWItOTRmMS0xYWZj
ZThjY2YxM2YuY2VyMIGeBggrBgEFBQcBBwEB/wSBjjCBizBvBAIAATBpAwQHF+WA
AwQGLSiAAwMBMj4DBAdEsoADAwBIpwMDAGFKAwQGaO5AAwMAhJQDAwCUSAMDAKCZ
AwQHpj4AAwMArckDAwC4qAMEB8CpgAMEBsC6wAMEB8YMgAMEB8ZHgAMDANBtAwQG
2EWAMBgEAgACMBIDBwUmB/II0AADBwAmB/II3wAwVAYDVR0gAQH/BEowSDBGBggr
BgEFBQcOAjA6MDgGCCsGAQUFBwIBFixodHRwczovL3d3dy5hcmluLm5ldC9yZXNv
dXJjZXMvcnBraS9jcHMuaHRtbDANBgkqhkiG9w0BAQsFAAOCAQEAR7mZ1szh+kxV
E5O0ZYzLnI4ZJVCWlHCUMm1SSldchELihWzCfOtVlJ2ktgSWLvaQFdxx+wdJm760
3DRwzMenakYco0conapRGSC01IStD/z8rFEE11dZO0+AFQ7tiWDXQhtx9M7vFZz2
rSB2XP8Xagxk0V9/Z4ZdwFwIQlOYVoF5bPIpzA10V46bZYgB71zsTJFH/0PH2ZHc
ky02rDRJN47IWCg3UIRpeadGeRM4Gx/MqBl2PPFiz/+/tlMf92m5VbYT5bHjU8yN
xwgMYJql2iEC/gExIB07xz7S0p8/chk+sZzlPtHbPRtkLuznvi2WTZlr4lpD80qK
keV3LqJRpg==
-----END CERTIFICATE-----
Generated at Mon Oct 21 16:36:33 2024 by rpki-client on console-ams.rpki-client.org