Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/1ddd1857-f822-34d5-bfab-bc96b7df92b2.roa
File:                     1ddd1857-f822-34d5-bfab-bc96b7df92b2.roa (raw, json)
Hash identifier:          81iibI0Rg5MBf39kqM4tHNo+Ib+qrqyXXi7uxfnJXOY=
Subject key identifier:   6C:22:66:A4:27:BA:FF:0E:FE:34:51:B2:9A:91:CA:52:B6:80:FC:AE
Certificate issuer:       /CN=18800324-5150-4981-a144-bdb80e6bcb7c
Certificate serial:       010D0C9F432858452110515D59394D4C85304A80
Authority key identifier: 11:6B:47:33:36:D9:E8:9D:B5:96:1B:5E:EF:A3:40:22:AE:DE:69:B6
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/1ddd1857-f822-34d5-bfab-bc96b7df92b2.roa
Signing time:             Thu 07 Mar 2024 14:00:32 +0000
ROA not before:           Thu 07 Mar 2024 14:00:32 +0000
ROA not after:            Wed 05 Jun 2024 13:00:32 +0000
asID:                     136787
IP address blocks:        166.88.197.0/24 maxlen: 24
                          166.88.182.0/24 maxlen: 24
                          166.88.185.0/24 maxlen: 24
                          166.88.186.0/24 maxlen: 24
                          166.88.194.0/24 maxlen: 24
                          166.88.170.0/24 maxlen: 24
                          166.88.171.0/24 maxlen: 24
                          166.88.178.0/24 maxlen: 24
                          166.88.180.0/24 maxlen: 24
                          136.0.215.0/24 maxlen: 24
                          136.0.194.0/24 maxlen: 24
                          136.0.242.0/24 maxlen: 24
                          136.0.208.0/24 maxlen: 24
                          136.0.243.0/24 maxlen: 24
                          136.0.124.0/24 maxlen: 24
                          136.0.137.0/24 maxlen: 24
                          136.0.91.0/24 maxlen: 24
                          136.0.122.0/24 maxlen: 24
                          136.0.82.0/24 maxlen: 24
                          136.0.86.0/24 maxlen: 24
                          45.39.160.0/24 maxlen: 24
                          45.38.214.0/24 maxlen: 24
                          45.39.115.0/24 maxlen: 24
                          23.230.219.0/24 maxlen: 24
                          45.38.172.0/24 maxlen: 24
                          23.230.136.0/24 maxlen: 24
                          136.0.80.0/24 maxlen: 24
                          136.0.70.0/24 maxlen: 24
                          136.0.75.0/24 maxlen: 24
                          136.0.59.0/24 maxlen: 24
                          136.0.63.0/24 maxlen: 24
                          136.0.49.0/24 maxlen: 24
                          136.0.52.0/24 maxlen: 24
                          45.39.200.0/24 maxlen: 24
                          50.118.137.0/24 maxlen: 24
                          45.39.179.0/24 maxlen: 24
                          136.0.234.0/24 maxlen: 24
                          136.0.236.0/24 maxlen: 24
                          136.0.238.0/24 maxlen: 24
                          136.0.217.0/24 maxlen: 24
                          136.0.222.0/24 maxlen: 24
                          136.0.225.0/24 maxlen: 24
                          136.0.227.0/24 maxlen: 24
                          23.27.199.0/24 maxlen: 24
                          23.230.132.0/24 maxlen: 24
                          23.27.169.0/24 maxlen: 24
                          23.27.172.0/24 maxlen: 24
                          45.38.146.0/24 maxlen: 24
                          23.230.41.0/24 maxlen: 24
                          136.0.36.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:45:21:10:51:5d:59:39:4d:4c:85:30:4a:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18800324-5150-4981-a144-bdb80e6bcb7c
        Validity
            Not Before: Mar  7 14:00:32 2024 GMT
            Not After : Jun  5 13:00:32 2024 GMT
        Subject: CN=eb4fef36-bcee-4143-8c74-055391a2366e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:1b:ec:5a:76:8f:a9:b3:6e:8e:34:3a:4a:2f:
                    10:19:44:de:a9:f1:49:94:36:64:be:83:ea:51:8e:
                    fe:2a:73:35:39:83:66:97:71:d0:2a:a7:9b:8d:2c:
                    4f:71:46:a6:6d:09:7d:cd:06:54:d7:2c:19:b8:be:
                    8b:95:ea:4b:c3:23:6f:95:49:84:4b:ba:ff:17:9d:
                    ff:c2:85:16:7d:79:0b:b3:dc:5e:1e:73:c2:01:80:
                    44:46:0e:41:9b:28:12:25:b0:dd:46:11:5d:df:b7:
                    7d:a9:d4:04:73:0d:5a:cb:61:b5:bb:50:e7:7c:82:
                    1d:56:ab:2e:8c:59:50:0e:ce:98:94:2b:31:b0:4d:
                    86:57:30:09:f1:a6:e7:f4:9a:61:d3:3b:c8:41:3a:
                    d4:b0:90:03:bc:d1:0e:63:d2:dd:0f:58:9b:a7:01:
                    9e:90:4a:1b:75:bf:0d:2e:c5:e2:91:f2:75:b1:dd:
                    56:35:89:56:68:67:09:f0:26:e7:f0:24:e7:93:31:
                    1c:1b:60:c8:2c:db:0f:9d:55:c4:e9:0c:20:ff:c1:
                    d5:38:2a:44:76:7c:52:1c:82:90:8a:32:33:a0:ba:
                    4c:15:28:92:19:d9:58:6b:bb:9d:26:17:de:81:5d:
                    60:79:de:ab:ee:59:b9:1d:24:9b:53:1c:29:56:02:
                    31:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:22:66:A4:27:BA:FF:0E:FE:34:51:B2:9A:91:CA:52:B6:80:FC:AE
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/1ddd1857-f822-34d5-bfab-bc96b7df92b2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/18800324-5150-4981-a144-bdb80e6bcb7c.crl

            X509v3 Authority Key Identifier:
                keyid:11:6B:47:33:36:D9:E8:9D:B5:96:1B:5E:EF:A3:40:22:AE:DE:69:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.27.169.0/24
                  23.27.172.0/24
                  23.27.199.0/24
                  23.230.41.0/24
                  23.230.132.0/24
                  23.230.136.0/24
                  23.230.219.0/24
                  45.38.146.0/24
                  45.38.172.0/24
                  45.38.214.0/24
                  45.39.115.0/24
                  45.39.160.0/24
                  45.39.179.0/24
                  45.39.200.0/24
                  50.118.137.0/24
                  136.0.36.0/24
                  136.0.49.0/24
                  136.0.52.0/24
                  136.0.59.0/24
                  136.0.63.0/24
                  136.0.70.0/24
                  136.0.75.0/24
                  136.0.80.0/24
                  136.0.82.0/24
                  136.0.86.0/24
                  136.0.91.0/24
                  136.0.122.0/24
                  136.0.124.0/24
                  136.0.137.0/24
                  136.0.194.0/24
                  136.0.208.0/24
                  136.0.215.0/24
                  136.0.217.0/24
                  136.0.222.0/24
                  136.0.225.0/24
                  136.0.227.0/24
                  136.0.234.0/24
                  136.0.236.0/24
                  136.0.238.0/24
                  136.0.242.0/23
                  166.88.170.0/23
                  166.88.178.0/24
                  166.88.180.0/24
                  166.88.182.0/24
                  166.88.185.0-166.88.186.255
                  166.88.194.0/24
                  166.88.197.0/24

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         6a:2d:91:7c:ff:c2:b0:18:cf:16:41:21:04:ce:1b:5a:74:f1:
         f6:c2:a3:e7:b4:4b:ea:43:f5:30:42:c4:59:6f:ce:fd:fa:13:
         63:50:8d:05:2a:c5:d8:18:e3:86:86:8d:a4:12:b4:1d:79:f1:
         c6:ae:0a:8d:7b:ba:c0:00:79:04:1e:f7:6b:f9:34:22:32:7c:
         d5:7c:41:5a:53:b4:0c:82:d8:44:15:0f:f6:71:1f:bd:b0:db:
         58:ca:aa:56:ed:11:c2:41:d8:ca:a2:74:93:00:f4:80:ac:af:
         a9:9c:a3:50:bb:e0:60:a9:a3:21:73:5f:c2:19:6b:3e:74:ee:
         c1:1d:b6:92:87:66:48:3d:73:4b:07:42:9d:57:df:bf:78:8e:
         49:f3:13:a2:a6:2e:8e:e1:a5:72:ce:76:48:d0:10:32:31:0a:
         dd:f1:f5:87:41:61:0b:ff:89:e4:c3:d4:87:0b:fd:f5:d0:6b:
         7b:d1:04:e2:7f:12:72:2e:1c:f7:62:ed:91:fe:53:49:87:c1:
         9d:55:5e:dc:cb:7c:be:ec:a7:56:b0:98:44:8c:61:ba:ec:aa:
         a5:73:a1:ac:5b:8f:39:fd:0b:e9:f4:d2:0b:17:8f:b4:ab:7b:
         be:01:62:55:68:82:28:f5:fa:66:76:70:21:08:f9:59:82:88:
         70:13:7c:15
-----BEGIN CERTIFICATE-----
MIIHaTCCBlGgAwIBAgIUAQ0Mn0MoWEUhEFFdWTlNTIUwSoAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkMTg4MDAzMjQtNTE1MC00OTgxLWExNDQtYmRiODBlNmJj
YjdjMB4XDTI0MDMwNzE0MDAzMloXDTI0MDYwNTEzMDAzMlowLzEtMCsGA1UEAxMk
ZWI0ZmVmMzYtYmNlZS00MTQzLThjNzQtMDU1MzkxYTIzNjZlMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnxvsWnaPqbNujjQ6Si8QGUTeqfFJlDZkvoPq
UY7+KnM1OYNml3HQKqebjSxPcUambQl9zQZU1ywZuL6LlepLwyNvlUmES7r/F53/
woUWfXkLs9xeHnPCAYBERg5BmygSJbDdRhFd37d9qdQEcw1ay2G1u1DnfIIdVqsu
jFlQDs6YlCsxsE2GVzAJ8abn9Jph0zvIQTrUsJADvNEOY9LdD1ibpwGekEobdb8N
LsXikfJ1sd1WNYlWaGcJ8Cbn8CTnkzEcG2DILNsPnVXE6Qwg/8HVOCpEdnxSHIKQ
ijIzoLpMFSiSGdlYa7udJhfegV1ged6r7lm5HSSbUxwpVgIxYQIDAQABo4IEezCC
BHcwHQYDVR0OBBYEFGwiZqQnuv8O/jRRspqRylK2gPyuMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzc0NmUwMTExLWZhZmItNDMwZi1iNzc4LWQyMDRjZmNkOTlhOC8xODgw
MDMyNC01MTUwLTQ5ODEtYTE0NC1iZGI4MGU2YmNiN2MvMWRkZDE4NTctZjgyMi0z
NGQ1LWJmYWItYmM5NmI3ZGY5MmIyLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy83NDZlMDExMS1m
YWZiLTQzMGYtYjc3OC1kMjA0Y2ZjZDk5YTgvMTg4MDAzMjQtNTE1MC00OTgxLWEx
NDQtYmRiODBlNmJjYjdjLzE4ODAwMzI0LTUxNTAtNDk4MS1hMTQ0LWJkYjgwZTZi
Y2I3Yy5jcmwwHwYDVR0jBBgwFoAUEWtHMzbZ6J21lhte76NAIq7eabYwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzc0NmUwMTExLWZhZmItNDMw
Zi1iNzc4LWQyMDRjZmNkOTlhOC8xODgwMDMyNC01MTUwLTQ5ODEtYTE0NC1iZGI4
MGU2YmNiN2MuY2VyMIIBQwYIKwYBBQUHAQcBAf8EggEyMIIBLjCCASoEAgABMIIB
IgMEABcbqQMEABcbrAMEABcbxwMEABfmKQMEABfmhAMEABfmiAMEABfm2wMEAC0m
kgMEAC0mrAMEAC0m1gMEAC0ncwMEAC0noAMEAC0nswMEAC0nyAMEADJ2iQMEAIgA
JAMEAIgAMQMEAIgANAMEAIgAOwMEAIgAPwMEAIgARgMEAIgASwMEAIgAUAMEAIgA
UgMEAIgAVgMEAIgAWwMEAIgAegMEAIgAfAMEAIgAiQMEAIgAwgMEAIgA0AMEAIgA
1wMEAIgA2QMEAIgA3gMEAIgA4QMEAIgA4wMEAIgA6gMEAIgA7AMEAIgA7gMEAYgA
8gMEAaZYqgMEAKZYsgMEAKZYtAMEAKZYtjAMAwQApli5AwQApli6AwQApljCAwQA
pljFMFQGA1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0
cHM6Ly93d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZI
hvcNAQELBQADggEBAGotkXz/wrAYzxZBIQTOG1p08fbCo+e0S+pD9TBCxFlvzv36
E2NQjQUqxdgY44aGjaQStB158cauCo17usAAeQQe92v5NCIyfNV8QVpTtAyC2EQV
D/ZxH72w21jKqlbtEcJB2MqidJMA9ICsr6mco1C74GCpoyFzX8IZaz507sEdtpKH
Zkg9c0sHQp1X3794jknzE6KmLo7hpXLOdkjQEDIxCt3x9YdBYQv/ieTD1IcL/fXQ
a3vRBOJ/EnIuHPdi7ZH+U0mHwZ1VXtzLfL7sp1awmESMYbrsqqVzoaxbjzn9C+n0
0gsXj7Sre74BYlVogij1+mZ2cCEI+VmCiHATfBU=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:10:19 2024 by rpki-client on console-fra.rpki-client.org