Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/1097ee4d-76da-3a03-8044-a90c184f2946.roa
File:                     1097ee4d-76da-3a03-8044-a90c184f2946.roa (raw, json)
Hash identifier:          uHwKZ3Utj8NBT+XT93yS9TfhXOkW9z6/9T90lgULsKk=
Subject key identifier:   68:A8:11:9C:A7:32:99:25:EC:F8:9B:D1:0C:0C:25:1D:B1:E8:55:01
Certificate issuer:       /CN=18800324-5150-4981-a144-bdb80e6bcb7c
Certificate serial:       010D0C9F4328583729B84819D484B81726A8B240
Authority key identifier: 11:6B:47:33:36:D9:E8:9D:B5:96:1B:5E:EF:A3:40:22:AE:DE:69:B6
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/1097ee4d-76da-3a03-8044-a90c184f2946.roa
Signing time:             Tue 01 Sep 2020 04:00:00 +0000
ROA not before:           Tue 01 Sep 2020 04:00:00 +0000
ROA not after:            Thu 15 Sep 2022 04:00:00 +0000
asID:                     212762
IP address blocks:        104.253.96.0/24 maxlen: 24
                          173.245.84.0/24 maxlen: 24
                          209.73.136.0/24 maxlen: 24
                          104.165.109.0/24 maxlen: 24
                          104.165.107.0/24 maxlen: 24
                          104.165.83.0/24 maxlen: 24
                          104.165.78.0/24 maxlen: 24
                          104.165.29.0/24 maxlen: 24
                          23.230.67.0/24 maxlen: 24
                          23.27.248.0/24 maxlen: 24
                          23.27.127.0/24 maxlen: 24
                          23.27.14.0/24 maxlen: 24
                          23.27.23.0/24 maxlen: 24
                          23.27.243.0/24 maxlen: 24
                          23.230.29.0/24 maxlen: 24
                          50.117.45.0/24 maxlen: 24
                          50.117.96.0/24 maxlen: 24
                          50.118.248.0/24 maxlen: 24
                          50.118.255.0/24 maxlen: 24
                          104.164.180.0/24 maxlen: 24
                          104.165.73.0/24 maxlen: 24
                          104.165.81.0/24 maxlen: 24
                          104.165.91.0/24 maxlen: 24
                          104.165.114.0/24 maxlen: 24
                          104.165.120.0/24 maxlen: 24
                          104.165.134.0/24 maxlen: 24
                          104.253.11.0/24 maxlen: 24
                          104.253.12.0/24 maxlen: 24
                          104.253.29.0/24 maxlen: 24
                          104.253.57.0/24 maxlen: 24
                          104.253.63.0/24 maxlen: 24
                          104.253.106.0/24 maxlen: 24
                          104.253.132.0/24 maxlen: 24
                          104.253.139.0/24 maxlen: 24
                          104.253.141.0/24 maxlen: 24
                          104.253.143.0/24 maxlen: 24
                          104.253.144.0/24 maxlen: 24
                          104.253.146.0/24 maxlen: 24
                          104.253.150.0/24 maxlen: 24
                          107.164.85.0/24 maxlen: 24
                          107.164.199.0/24 maxlen: 24
                          107.164.145.0/24 maxlen: 24
                          107.164.200.0/24 maxlen: 24
                          107.165.138.0/24 maxlen: 24
                          107.165.161.0/24 maxlen: 24
                          216.172.138.0/24 maxlen: 24
                          216.172.135.0/24 maxlen: 24
                          209.73.132.0/24 maxlen: 24
                          209.73.137.0/24 maxlen: 24
                          205.164.9.0/24 maxlen: 24
                          205.164.32.0/24 maxlen: 24
                          205.164.59.0/24 maxlen: 24
                          136.0.47.0/24 maxlen: 24
                          136.0.67.0/24 maxlen: 24
                          136.0.99.0/24 maxlen: 24
                          136.0.226.0/24 maxlen: 24
                          142.111.219.0/24 maxlen: 24
                          142.252.51.0/24 maxlen: 24
                          142.252.52.0/24 maxlen: 24
                          166.88.149.0/24 maxlen: 24
                          172.120.14.0/24 maxlen: 24
                          172.252.215.0/24 maxlen: 24
                          107.186.35.0/24 maxlen: 24
                          107.165.194.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:37:29:b8:48:19:d4:84:b8:17:26:a8:b2:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18800324-5150-4981-a144-bdb80e6bcb7c
        Validity
            Not Before: Sep  1 04:00:00 2020 GMT
            Not After : Sep 15 04:00:00 2022 GMT
        Subject: CN=851cd431-ac6f-4f6b-9ba8-97be558ce484
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:92:71:94:26:db:47:f8:a1:1b:c4:a0:ce:64:
                    2b:40:e6:5e:a2:48:3f:49:dd:31:a1:cd:b8:88:d4:
                    c3:bb:e2:84:9a:0c:d8:35:77:b4:3f:77:e9:6f:a6:
                    7c:70:78:a4:39:6a:2e:27:4b:0d:e1:47:5a:4a:5a:
                    33:e8:b5:fe:e3:2c:a2:e3:38:78:f5:ae:cb:65:6f:
                    bd:8a:10:14:66:70:a3:16:9d:69:13:11:3a:0e:3b:
                    f9:81:f1:40:07:e7:fb:21:5d:44:43:d4:4e:67:fa:
                    69:f9:e0:35:2f:a6:df:46:bd:db:cb:ab:f5:9b:9c:
                    e2:ad:5b:90:bb:a2:4d:55:9a:01:d9:ec:f9:e0:c6:
                    3c:d1:ef:2e:ee:9f:28:a9:7d:35:5d:da:3e:2b:87:
                    cd:2f:9d:c5:8f:9c:83:fb:54:22:30:17:37:bc:42:
                    e9:77:7a:73:64:4b:ba:49:9c:41:b3:65:76:f5:fa:
                    de:e0:b2:7e:b4:7f:a5:af:99:fa:5e:5d:83:f6:b1:
                    f6:ca:8a:7c:1e:70:ec:eb:45:fc:d2:c2:19:1e:ca:
                    a4:d4:3f:ac:c3:73:08:66:f2:bd:70:93:47:07:16:
                    82:50:fe:d0:8b:21:94:76:ad:87:88:d1:7b:5c:84:
                    f7:af:4a:74:a5:6b:0c:6a:0f:cb:7a:41:60:cd:76:
                    8b:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:A8:11:9C:A7:32:99:25:EC:F8:9B:D1:0C:0C:25:1D:B1:E8:55:01
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/1097ee4d-76da-3a03-8044-a90c184f2946.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/18800324-5150-4981-a144-bdb80e6bcb7c.crl

            X509v3 Authority Key Identifier:
                keyid:11:6B:47:33:36:D9:E8:9D:B5:96:1B:5E:EF:A3:40:22:AE:DE:69:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.27.14.0/24
                  23.27.23.0/24
                  23.27.127.0/24
                  23.27.243.0/24
                  23.27.248.0/24
                  23.230.29.0/24
                  23.230.67.0/24
                  50.117.45.0/24
                  50.117.96.0/24
                  50.118.248.0/24
                  50.118.255.0/24
                  104.164.180.0/24
                  104.165.29.0/24
                  104.165.73.0/24
                  104.165.78.0/24
                  104.165.81.0/24
                  104.165.83.0/24
                  104.165.91.0/24
                  104.165.107.0/24
                  104.165.109.0/24
                  104.165.114.0/24
                  104.165.120.0/24
                  104.165.134.0/24
                  104.253.11.0-104.253.12.255
                  104.253.29.0/24
                  104.253.57.0/24
                  104.253.63.0/24
                  104.253.96.0/24
                  104.253.106.0/24
                  104.253.132.0/24
                  104.253.139.0/24
                  104.253.141.0/24
                  104.253.143.0-104.253.144.255
                  104.253.146.0/24
                  104.253.150.0/24
                  107.164.85.0/24
                  107.164.145.0/24
                  107.164.199.0-107.164.200.255
                  107.165.138.0/24
                  107.165.161.0/24
                  107.165.194.0/24
                  107.186.35.0/24
                  136.0.47.0/24
                  136.0.67.0/24
                  136.0.99.0/24
                  136.0.226.0/24
                  142.111.219.0/24
                  142.252.51.0-142.252.52.255
                  166.88.149.0/24
                  172.120.14.0/24
                  172.252.215.0/24
                  173.245.84.0/24
                  205.164.9.0/24
                  205.164.32.0/24
                  205.164.59.0/24
                  209.73.132.0/24
                  209.73.136.0/23
                  216.172.135.0/24
                  216.172.138.0/24

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         9b:69:52:43:a9:96:26:0b:45:cb:d0:83:15:72:5d:ca:16:d2:
         b7:4b:e3:1e:66:02:fb:24:36:ac:86:92:bb:72:37:d0:9c:6b:
         ca:e9:61:88:b3:5a:c1:8b:34:bd:3b:93:03:fe:3a:35:1c:78:
         03:d4:2a:9d:a7:c7:5e:1b:25:3a:c5:8d:57:24:5f:c9:1a:06:
         3c:cf:b4:61:d2:dc:73:15:1d:ee:1b:85:db:a8:8c:7a:0e:e0:
         4e:19:22:03:41:36:6d:a9:37:05:6a:5d:5a:75:5e:03:3c:aa:
         69:33:84:65:e5:42:15:1b:11:bc:89:6c:6f:78:d0:db:06:83:
         dd:24:e6:a0:b0:ed:9d:15:c3:0e:d1:3b:31:41:45:82:3e:c0:
         cb:0e:bc:dc:51:98:e0:ba:7d:76:89:9c:3c:14:dd:04:0d:76:
         b1:d1:63:a4:80:57:03:c0:79:5d:28:75:d5:9b:36:28:2d:f9:
         a1:2b:36:d3:10:bc:11:38:b6:45:e1:49:bb:58:b2:5e:25:de:
         7f:25:0b:70:ab:76:e9:91:86:e5:58:af:e4:5f:56:5f:35:95:
         4f:60:9a:11:51:2c:1c:5d:03:d5:af:99:ce:89:22:fb:e5:5b:
         42:f2:25:2b:10:da:64:e8:1c:cf:96:7e:49:a2:d2:fa:69:82:
         6c:b5:5e:e6
-----BEGIN CERTIFICATE-----
MIIHyTCCBrGgAwIBAgIUAQ0Mn0MoWDcpuEgZ1IS4FyaoskAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkMTg4MDAzMjQtNTE1MC00OTgxLWExNDQtYmRiODBlNmJj
YjdjMB4XDTIwMDkwMTA0MDAwMFoXDTIyMDkxNTA0MDAwMFowLzEtMCsGA1UEAxMk
ODUxY2Q0MzEtYWM2Zi00ZjZiLTliYTgtOTdiZTU1OGNlNDg0MIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3pJxlCbbR/ihG8SgzmQrQOZeokg/Sd0xoc24
iNTDu+KEmgzYNXe0P3fpb6Z8cHikOWouJ0sN4UdaSloz6LX+4yyi4zh49a7LZW+9
ihAUZnCjFp1pExE6Djv5gfFAB+f7IV1EQ9ROZ/pp+eA1L6bfRr3by6v1m5zirVuQ
u6JNVZoB2ez54MY80e8u7p8oqX01Xdo+K4fNL53Fj5yD+1QiMBc3vELpd3pzZEu6
SZxBs2V29fre4LJ+tH+lr5n6Xl2D9rH2yop8HnDs60X80sIZHsqk1D+sw3MIZvK9
cJNHBxaCUP7QiyGUdq2HiNF7XIT3r0p0pWsMag/LekFgzXaLvwIDAQABo4IE2zCC
BNcwHQYDVR0OBBYEFGioEZynMpkl7Pib0QwMJR2x6FUBMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzc0NmUwMTExLWZhZmItNDMwZi1iNzc4LWQyMDRjZmNkOTlhOC8xODgw
MDMyNC01MTUwLTQ5ODEtYTE0NC1iZGI4MGU2YmNiN2MvMTA5N2VlNGQtNzZkYS0z
YTAzLTgwNDQtYTkwYzE4NGYyOTQ2LnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy83NDZlMDExMS1m
YWZiLTQzMGYtYjc3OC1kMjA0Y2ZjZDk5YTgvMTg4MDAzMjQtNTE1MC00OTgxLWEx
NDQtYmRiODBlNmJjYjdjLzE4ODAwMzI0LTUxNTAtNDk4MS1hMTQ0LWJkYjgwZTZi
Y2I3Yy5jcmwwHwYDVR0jBBgwFoAUEWtHMzbZ6J21lhte76NAIq7eabYwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzc0NmUwMTExLWZhZmItNDMw
Zi1iNzc4LWQyMDRjZmNkOTlhOC8xODgwMDMyNC01MTUwLTQ5ODEtYTE0NC1iZGI4
MGU2YmNiN2MuY2VyMIIBowYIKwYBBQUHAQcBAf8EggGSMIIBjjCCAYoEAgABMIIB
ggMEABcbDgMEABcbFwMEABcbfwMEABcb8wMEABcb+AMEABfmHQMEABfmQwMEADJ1
LQMEADJ1YAMEADJ2+AMEADJ2/wMEAGiktAMEAGilHQMEAGilSQMEAGilTgMEAGil
UQMEAGilUwMEAGilWwMEAGilawMEAGilbQMEAGilcgMEAGileAMEAGilhjAMAwQA
aP0LAwQAaP0MAwQAaP0dAwQAaP05AwQAaP0/AwQAaP1gAwQAaP1qAwQAaP2EAwQA
aP2LAwQAaP2NMAwDBABo/Y8DBABo/ZADBABo/ZIDBABo/ZYDBABrpFUDBABrpJEw
DAMEAGukxwMEAGukyAMEAGuligMEAGuloQMEAGulwgMEAGu6IwMEAIgALwMEAIgA
QwMEAIgAYwMEAIgA4gMEAI5v2zAMAwQAjvwzAwQAjvw0AwQApliVAwQArHgOAwQA
rPzXAwQArfVUAwQAzaQJAwQAzaQgAwQAzaQ7AwQA0UmEAwQB0UmIAwQA2KyHAwQA
2KyKMFQGA1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0
cHM6Ly93d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZI
hvcNAQELBQADggEBAJtpUkOpliYLRcvQgxVyXcoW0rdL4x5mAvskNqyGkrtyN9Cc
a8rpYYizWsGLNL07kwP+OjUceAPUKp2nx14bJTrFjVckX8kaBjzPtGHS3HMVHe4b
hduojHoO4E4ZIgNBNm2pNwVqXVp1XgM8qmkzhGXlQhUbEbyJbG940NsGg90k5qCw
7Z0Vww7ROzFBRYI+wMsOvNxRmOC6fXaJnDwU3QQNdrHRY6SAVwPAeV0oddWbNigt
+aErNtMQvBE4tkXhSbtYsl4l3n8lC3CrdumRhuVYr+RfVl81lU9gmhFRLBxdA9Wv
mc6JIvvlW0LyJSsQ2mToHM+Wfkmi0vppgmy1XuY=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:10:18 2024 by rpki-client on console-fra.rpki-client.org