Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/257223d4-a1c2-37ac-9cf1-0e999265efcc.roa
File:                     257223d4-a1c2-37ac-9cf1-0e999265efcc.roa (raw, json)
Hash identifier:          6GtK/LTR8d6Kal0Z1Nw78Ms6d1lI/IEjM0e86/bVBdA=
Subject key identifier:   94:4A:97:56:25:18:2C:45:0E:3E:B9:D8:66:73:15:2D:EE:15:A2:1D
Certificate issuer:       /CN=18800324-5150-4981-a144-bdb80e6bcb7c
Certificate serial:       010D0C9F43285844D2E530DD8A0DBDC10EF40F00
Authority key identifier: 11:6B:47:33:36:D9:E8:9D:B5:96:1B:5E:EF:A3:40:22:AE:DE:69:B6
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/257223d4-a1c2-37ac-9cf1-0e999265efcc.roa
Signing time:             Thu 08 Feb 2024 14:00:33 +0000
ROA not before:           Thu 08 Feb 2024 14:00:33 +0000
ROA not after:            Wed 08 May 2024 13:00:33 +0000
asID:                     149440
IP address blocks:        166.88.134.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:44:d2:e5:30:dd:8a:0d:bd:c1:0e:f4:0f:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18800324-5150-4981-a144-bdb80e6bcb7c
        Validity
            Not Before: Feb  8 14:00:33 2024 GMT
            Not After : May  8 13:00:33 2024 GMT
        Subject: CN=a4902e8b-9bdd-4ba0-a679-59fe7b59522f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:e7:85:bf:8e:f2:75:25:c9:4c:24:f1:3b:81:
                    6f:91:15:c6:09:90:76:cc:da:3a:29:ab:9e:77:50:
                    3f:5c:ef:03:88:a6:3b:58:0a:65:13:9b:07:70:c8:
                    05:79:af:f2:f8:83:6e:98:da:25:97:a6:be:63:4c:
                    b5:f1:ca:6b:93:32:6e:7b:2e:c8:74:2b:e9:2b:91:
                    e0:f1:b9:86:97:7a:5b:10:28:0a:00:ac:b6:49:ec:
                    10:7e:3c:67:e0:4e:d5:97:ca:64:d4:52:a3:de:53:
                    00:7b:09:88:36:a7:08:66:f7:99:28:a6:ef:a5:da:
                    a3:39:f2:45:c5:a0:83:d6:ec:c2:3b:29:3b:ed:d3:
                    22:4d:74:fc:80:d6:97:4f:ed:8d:3e:e9:07:fd:c3:
                    3b:42:e7:53:ad:d1:43:e6:07:8a:17:ca:08:40:09:
                    12:71:58:25:de:39:b0:bc:8a:fa:f8:54:7a:d3:1c:
                    6a:9a:55:c8:7b:0e:e3:e7:56:91:60:47:6d:56:a8:
                    95:e2:10:66:7a:ee:f5:43:eb:51:4a:3c:27:d2:21:
                    e6:3d:05:32:28:39:7e:01:2e:9c:b1:b2:18:01:0d:
                    96:f0:7c:51:be:be:12:41:f1:25:f9:ce:b0:4c:62:
                    30:68:1a:a7:2c:92:2e:52:a9:66:52:7e:2c:dc:8e:
                    84:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:4A:97:56:25:18:2C:45:0E:3E:B9:D8:66:73:15:2D:EE:15:A2:1D
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/257223d4-a1c2-37ac-9cf1-0e999265efcc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/18800324-5150-4981-a144-bdb80e6bcb7c.crl

            X509v3 Authority Key Identifier:
                keyid:11:6B:47:33:36:D9:E8:9D:B5:96:1B:5E:EF:A3:40:22:AE:DE:69:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  166.88.134.0/24

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         5d:d3:ba:5a:48:92:27:9b:cb:c7:f4:5a:9f:ed:2d:1e:b4:bf:
         8f:c7:ab:ab:53:60:5a:f5:4a:50:76:8c:99:d4:fc:3a:98:de:
         df:d7:6a:7b:8a:08:fd:c4:60:8c:51:10:81:6f:68:b3:11:4b:
         69:7f:aa:f7:c0:bf:da:dc:23:3e:76:05:9e:38:8e:a6:05:18:
         55:76:fa:f5:7f:44:2b:6f:c1:13:05:9b:64:54:88:97:09:c1:
         3c:2a:9b:59:9e:4c:21:e0:b3:09:81:92:74:d5:d7:32:74:02:
         1c:a8:f3:36:48:2e:a7:88:86:c7:c1:bf:bc:f1:b0:9b:db:96:
         47:26:ef:b0:02:24:52:f3:ab:84:ef:2b:c7:7d:bb:9e:9f:8e:
         ce:59:e0:2e:85:a4:a1:db:29:19:cf:07:04:d7:84:0f:4f:c8:
         fa:b6:bc:29:e8:b4:43:56:68:1a:8f:27:43:d0:cd:55:26:e0:
         51:61:30:60:f7:de:d9:41:0b:0e:b9:55:c2:0b:57:1f:12:3e:
         e2:85:0f:69:03:e7:71:ae:e3:54:13:24:8e:93:2d:2d:f3:54:
         32:bd:d5:c0:34:ac:b8:03:58:6d:2a:82:1b:b4:6a:3d:5a:58:
         fe:0d:fa:e1:e4:4e:fd:e2:97:13:76:fb:e2:43:44:1e:9d:9f:
         aa:c3:f3:e4
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWETS5TDdig29wQ70DwAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkMTg4MDAzMjQtNTE1MC00OTgxLWExNDQtYmRiODBlNmJj
YjdjMB4XDTI0MDIwODE0MDAzM1oXDTI0MDUwODEzMDAzM1owLzEtMCsGA1UEAxMk
YTQ5MDJlOGItOWJkZC00YmEwLWE2NzktNTlmZTdiNTk1MjJmMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAleeFv47ydSXJTCTxO4FvkRXGCZB2zNo6Kaue
d1A/XO8DiKY7WAplE5sHcMgFea/y+INumNoll6a+Y0y18cprkzJuey7IdCvpK5Hg
8bmGl3pbECgKAKy2SewQfjxn4E7Vl8pk1FKj3lMAewmINqcIZveZKKbvpdqjOfJF
xaCD1uzCOyk77dMiTXT8gNaXT+2NPukH/cM7QudTrdFD5geKF8oIQAkScVgl3jmw
vIr6+FR60xxqmlXIew7j51aRYEdtVqiV4hBmeu71Q+tRSjwn0iHmPQUyKDl+AS6c
sbIYAQ2W8HxRvr4SQfEl+c6wTGIwaBqnLJIuUqlmUn4s3I6EzQIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFJRKl1YlGCxFDj652GZzFS3uFaIdMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzc0NmUwMTExLWZhZmItNDMwZi1iNzc4LWQyMDRjZmNkOTlhOC8xODgw
MDMyNC01MTUwLTQ5ODEtYTE0NC1iZGI4MGU2YmNiN2MvMjU3MjIzZDQtYTFjMi0z
N2FjLTljZjEtMGU5OTkyNjVlZmNjLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy83NDZlMDExMS1m
YWZiLTQzMGYtYjc3OC1kMjA0Y2ZjZDk5YTgvMTg4MDAzMjQtNTE1MC00OTgxLWEx
NDQtYmRiODBlNmJjYjdjLzE4ODAwMzI0LTUxNTAtNDk4MS1hMTQ0LWJkYjgwZTZi
Y2I3Yy5jcmwwHwYDVR0jBBgwFoAUEWtHMzbZ6J21lhte76NAIq7eabYwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzc0NmUwMTExLWZhZmItNDMw
Zi1iNzc4LWQyMDRjZmNkOTlhOC8xODgwMDMyNC01MTUwLTQ5ODEtYTE0NC1iZGI4
MGU2YmNiN2MuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQApliGMFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBAF3TulpIkieby8f0Wp/tLR60v4/Hq6tTYFr1SlB2jJnU/DqY3t/XanuK
CP3EYIxREIFvaLMRS2l/qvfAv9rcIz52BZ44jqYFGFV2+vV/RCtvwRMFm2RUiJcJ
wTwqm1meTCHgswmBknTV1zJ0Ahyo8zZILqeIhsfBv7zxsJvblkcm77ACJFLzq4Tv
K8d9u56fjs5Z4C6FpKHbKRnPBwTXhA9PyPq2vCnotENWaBqPJ0PQzVUm4FFhMGD3
3tlBCw65VcILVx8SPuKFD2kD53Gu41QTJI6TLS3zVDK91cA0rLgDWG0qghu0aj1a
WP4N+uHkTv3ilxN2++JDRB6dn6rD8+Q=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:10:19 2024 by rpki-client on console-fra.rpki-client.org