Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/233a3ace-ff77-3dc2-8d8a-324905523f70.roa
File:                     233a3ace-ff77-3dc2-8d8a-324905523f70.roa (raw, json)
Hash identifier:          oR2Cg35tJYFNgxNeLeOGxXgtMbwc3Xk/ldJRIupwExI=
Subject key identifier:   25:6B:9C:F9:07:A6:E7:D8:12:44:82:E5:46:81:50:8D:80:1E:68:9D
Certificate issuer:       /CN=18800324-5150-4981-a144-bdb80e6bcb7c
Certificate serial:       010D0C9F432858453707FC90F4E30DE3F6E03A80
Authority key identifier: 11:6B:47:33:36:D9:E8:9D:B5:96:1B:5E:EF:A3:40:22:AE:DE:69:B6
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/233a3ace-ff77-3dc2-8d8a-324905523f70.roa
Signing time:             Fri 15 Mar 2024 10:51:38 +0000
ROA not before:           Fri 15 Mar 2024 10:51:38 +0000
ROA not after:            Thu 13 Jun 2024 10:51:38 +0000
asID:                     149440
IP address blocks:        23.27.244.0/24 maxlen: 24
                          23.230.71.0/24 maxlen: 24
                          23.230.92.0/24 maxlen: 24
                          23.230.108.0/24 maxlen: 24
                          23.230.197.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:45:37:07:fc:90:f4:e3:0d:e3:f6:e0:3a:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18800324-5150-4981-a144-bdb80e6bcb7c
        Validity
            Not Before: Mar 15 10:51:38 2024 GMT
            Not After : Jun 13 10:51:38 2024 GMT
        Subject: CN=422fcbd3-18d6-49ff-ac67-841457001d65
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:aa:4b:e0:d3:d5:c8:be:4c:b4:5a:df:2b:07:
                    d6:cc:6a:9c:0e:1f:8a:31:f1:47:49:b7:e5:e2:ab:
                    dc:f7:d2:02:ee:2b:b9:90:a5:68:91:7c:c1:61:46:
                    0a:7f:33:e0:f4:a0:41:00:2a:fd:6c:fa:23:c9:38:
                    3e:55:f4:aa:b4:18:1f:0e:09:c2:96:f8:4f:2c:c2:
                    00:6c:96:c8:b2:a4:d1:1a:d0:1e:7d:97:b4:f9:11:
                    da:dd:4c:83:1d:b0:0c:1a:58:a2:3b:a8:02:27:6b:
                    d4:0a:14:4b:a9:19:f2:28:54:18:a2:ae:e1:54:49:
                    8d:df:ea:b6:c2:94:f4:4a:f8:39:f8:84:33:9a:29:
                    e0:f1:2d:20:c1:98:ba:e8:8e:8a:f1:e1:50:9a:63:
                    63:c2:5e:3a:87:c7:5f:b2:90:5a:0d:2d:4f:fe:fd:
                    42:38:69:1a:2f:4c:64:7e:54:eb:c8:20:f1:74:62:
                    b2:15:15:68:b8:a3:d2:e0:37:14:0f:79:aa:f8:58:
                    34:2f:0f:bd:c4:b6:f2:0a:32:1f:61:98:dc:5e:1b:
                    89:fb:07:38:38:31:b3:80:db:6c:9b:5c:5d:01:0f:
                    c2:f6:cb:f6:67:8c:69:7b:7d:84:0d:2e:85:71:97:
                    b0:55:cd:e0:99:ef:cd:22:dd:2f:7c:76:e7:07:30:
                    12:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:6B:9C:F9:07:A6:E7:D8:12:44:82:E5:46:81:50:8D:80:1E:68:9D
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/233a3ace-ff77-3dc2-8d8a-324905523f70.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/18800324-5150-4981-a144-bdb80e6bcb7c.crl

            X509v3 Authority Key Identifier:
                keyid:11:6B:47:33:36:D9:E8:9D:B5:96:1B:5E:EF:A3:40:22:AE:DE:69:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.27.244.0/24
                  23.230.71.0/24
                  23.230.92.0/24
                  23.230.108.0/24
                  23.230.197.0/24

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         41:c5:7c:f4:17:4d:0d:20:09:a3:6a:75:45:44:cf:56:4a:89:
         f3:42:b0:50:a2:ac:e1:5f:13:8e:e3:61:55:a8:9a:dc:fb:db:
         02:38:19:dc:56:5f:8f:6a:30:84:3f:13:4d:d9:17:83:26:e4:
         0d:74:d2:c3:7c:d4:4a:75:6f:31:bf:b4:fe:3b:a3:15:fb:95:
         aa:45:82:d4:4e:26:d4:6c:30:54:60:3d:88:2d:58:ad:b5:90:
         dd:ea:42:82:54:f1:6b:78:a1:45:77:ce:6a:f1:a5:9c:58:cc:
         51:72:5d:b5:b4:a1:29:d8:db:55:f4:c4:bb:5b:f8:5e:55:a8:
         a4:3b:fc:d2:47:73:a0:f9:2d:12:c1:48:c3:72:f6:9f:12:51:
         b0:3a:37:a5:e8:ce:14:0d:50:eb:9f:66:6e:e0:1a:5d:f1:c3:
         73:14:91:c7:d6:37:62:f4:90:35:34:3e:66:bc:e6:5a:d7:ea:
         05:62:fa:32:74:7c:6a:cb:68:b1:7a:44:00:69:19:9a:26:b3:
         f9:ef:c3:a0:af:a8:76:2d:8f:a0:4c:15:96:46:90:13:cb:b5:
         55:aa:37:8b:3b:b8:d6:31:96:4b:23:e9:97:30:99:84:1c:c2:
         09:6d:0f:4f:eb:98:57:e0:a8:6a:9a:e5:99:23:06:2a:9e:39:
         3d:2b:98:e5
-----BEGIN CERTIFICATE-----
MIIGWzCCBUOgAwIBAgIUAQ0Mn0MoWEU3B/yQ9OMN4/bgOoAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkMTg4MDAzMjQtNTE1MC00OTgxLWExNDQtYmRiODBlNmJj
YjdjMB4XDTI0MDMxNTEwNTEzOFoXDTI0MDYxMzEwNTEzOFowLzEtMCsGA1UEAxMk
NDIyZmNiZDMtMThkNi00OWZmLWFjNjctODQxNDU3MDAxZDY1MIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzqpL4NPVyL5MtFrfKwfWzGqcDh+KMfFHSbfl
4qvc99IC7iu5kKVokXzBYUYKfzPg9KBBACr9bPojyTg+VfSqtBgfDgnClvhPLMIA
bJbIsqTRGtAefZe0+RHa3UyDHbAMGliiO6gCJ2vUChRLqRnyKFQYoq7hVEmN3+q2
wpT0Svg5+IQzming8S0gwZi66I6K8eFQmmNjwl46h8dfspBaDS1P/v1COGkaL0xk
flTryCDxdGKyFRVouKPS4DcUD3mq+Fg0Lw+9xLbyCjIfYZjcXhuJ+wc4ODGzgNts
m1xdAQ/C9sv2Z4xpe32EDS6FcZewVc3gme/NIt0vfHbnBzASSQIDAQABo4IDbTCC
A2kwHQYDVR0OBBYEFCVrnPkHpufYEkSC5UaBUI2AHmidMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzc0NmUwMTExLWZhZmItNDMwZi1iNzc4LWQyMDRjZmNkOTlhOC8xODgw
MDMyNC01MTUwLTQ5ODEtYTE0NC1iZGI4MGU2YmNiN2MvMjMzYTNhY2UtZmY3Ny0z
ZGMyLThkOGEtMzI0OTA1NTIzZjcwLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy83NDZlMDExMS1m
YWZiLTQzMGYtYjc3OC1kMjA0Y2ZjZDk5YTgvMTg4MDAzMjQtNTE1MC00OTgxLWEx
NDQtYmRiODBlNmJjYjdjLzE4ODAwMzI0LTUxNTAtNDk4MS1hMTQ0LWJkYjgwZTZi
Y2I3Yy5jcmwwHwYDVR0jBBgwFoAUEWtHMzbZ6J21lhte76NAIq7eabYwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzc0NmUwMTExLWZhZmItNDMw
Zi1iNzc4LWQyMDRjZmNkOTlhOC8xODgwMDMyNC01MTUwLTQ5ODEtYTE0NC1iZGI4
MGU2YmNiN2MuY2VyMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQAFxv0AwQA
F+ZHAwQAF+ZcAwQAF+ZsAwQAF+bFMFQGA1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIw
OjA4BggrBgEFBQcCARYsaHR0cHM6Ly93d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jw
a2kvY3BzLmh0bWwwDQYJKoZIhvcNAQELBQADggEBAEHFfPQXTQ0gCaNqdUVEz1ZK
ifNCsFCirOFfE47jYVWomtz72wI4GdxWX49qMIQ/E03ZF4Mm5A100sN81Ep1bzG/
tP47oxX7lapFgtROJtRsMFRgPYgtWK21kN3qQoJU8Wt4oUV3zmrxpZxYzFFyXbW0
oSnY21X0xLtb+F5VqKQ7/NJHc6D5LRLBSMNy9p8SUbA6N6XozhQNUOufZm7gGl3x
w3MUkcfWN2L0kDU0Pma85lrX6gVi+jJ0fGrLaLF6RABpGZoms/nvw6CvqHYtj6BM
FZZGkBPLtVWqN4s7uNYxlksj6ZcwmYQcwgltD0/rmFfgqGqa5ZkjBiqeOT0rmOU=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:42:04 2024 by rpki-client on console-ams.rpki-client.org