Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/28164c71-ef11-34d8-b685-5869b6ac85e4.roa
File:                     28164c71-ef11-34d8-b685-5869b6ac85e4.roa (raw, json)
Hash identifier:          vsZKQiKxMtLmAZCfbfuMl3fkNE4jgrUMAMm4yBtuG/U=
Subject key identifier:   49:AE:67:66:09:09:D0:27:E1:19:34:5A:45:50:4C:1E:B6:3B:58:4F
Certificate issuer:       /CN=18800324-5150-4981-a144-bdb80e6bcb7c
Certificate serial:       010D0C9F43285843DF8E748CD6B89704126B2A80
Authority key identifier: 11:6B:47:33:36:D9:E8:9D:B5:96:1B:5E:EF:A3:40:22:AE:DE:69:B6
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/28164c71-ef11-34d8-b685-5869b6ac85e4.roa
Signing time:             Mon 13 Nov 2023 10:04:29 +0000
ROA not before:           Mon 13 Nov 2023 10:04:29 +0000
ROA not after:            Sun 11 Feb 2024 10:04:29 +0000
asID:                     64267
IP address blocks:        50.118.252.0/24 maxlen: 24
                          23.230.217.0/24 maxlen: 24
                          23.230.111.0/24 maxlen: 24
                          23.230.42.0/24 maxlen: 24
                          23.230.39.0/24 maxlen: 24
                          23.230.70.0/24 maxlen: 24
                          23.230.144.0/24 maxlen: 24
                          23.230.145.0/24 maxlen: 24
                          23.230.167.0/24 maxlen: 24
                          23.230.252.0/24 maxlen: 24
                          45.38.58.0/24 maxlen: 24
                          45.38.158.0/24 maxlen: 24
                          45.38.242.0/24 maxlen: 24
                          45.39.212.0/24 maxlen: 24
                          45.39.243.0/24 maxlen: 24
                          45.39.249.0/24 maxlen: 24
                          104.164.163.0/24 maxlen: 24
                          104.164.183.0/24 maxlen: 24
                          104.165.123.0/24 maxlen: 24
                          104.165.127.0/24 maxlen: 24
                          104.165.169.0/24 maxlen: 24
                          104.165.232.0/24 maxlen: 24
                          104.252.19.0/24 maxlen: 24
                          104.252.28.0/24 maxlen: 24
                          104.252.30.0/24 maxlen: 24
                          104.252.131.0/24 maxlen: 24
                          104.252.143.0/24 maxlen: 24
                          142.252.145.0/24 maxlen: 24
                          166.88.220.0/24 maxlen: 24
                          172.121.255.0/24 maxlen: 24
                          172.252.10.0/24 maxlen: 24
                          172.252.233.0/24 maxlen: 24
                          173.245.93.0/24 maxlen: 24
                          192.177.33.0/24 maxlen: 24
                          192.177.40.0/24 maxlen: 24
                          192.177.56.0/24 maxlen: 24
                          192.177.69.0/24 maxlen: 24
                          192.177.82.0/24 maxlen: 24
                          192.177.98.0/24 maxlen: 24
                          192.177.109.0/24 maxlen: 24
                          205.164.11.0/24 maxlen: 24
                          205.164.46.0/24 maxlen: 24
                          209.73.147.0/24 maxlen: 24
                          216.172.136.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:43:df:8e:74:8c:d6:b8:97:04:12:6b:2a:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18800324-5150-4981-a144-bdb80e6bcb7c
        Validity
            Not Before: Nov 13 10:04:29 2023 GMT
            Not After : Feb 11 10:04:29 2024 GMT
        Subject: CN=a09c2244-b36b-449f-a41e-6de2e97024c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:1f:56:19:d1:d5:9b:be:a2:86:99:a7:a0:a5:
                    b9:f6:04:ff:3a:38:bd:46:43:68:6b:bc:d7:68:bc:
                    c2:a3:a6:b2:3d:54:b3:30:93:bd:49:8a:58:e4:e1:
                    46:cd:63:d0:5f:99:e3:12:bc:51:a3:f7:56:bc:d9:
                    3e:c3:9a:4d:2f:23:7c:54:60:95:d6:3b:8b:32:6c:
                    68:d1:2b:da:2c:e1:b8:59:c6:4a:0a:09:a1:9c:73:
                    63:af:95:dd:d1:27:e3:2b:0d:b1:7a:fd:7b:99:9d:
                    d8:8c:04:32:22:81:8f:9e:68:4c:a7:20:b2:f1:42:
                    78:18:95:af:ca:0a:82:61:46:88:bc:89:e1:47:43:
                    29:8c:fd:7c:fe:02:2d:c7:19:69:7a:bd:26:4c:26:
                    bb:bb:d9:0a:89:46:7e:70:b3:76:2e:83:8d:84:f8:
                    bf:4f:f6:8a:f8:f1:9a:c0:df:3c:c2:35:ee:b0:26:
                    e9:53:0b:3a:02:02:3d:99:98:02:c7:9b:fe:5c:fb:
                    70:ed:ea:2a:9e:45:ed:7c:d0:1b:39:c1:7c:a6:f7:
                    0a:80:10:ed:ec:29:89:18:33:a5:47:a5:3f:a4:66:
                    ca:6a:9f:b9:2c:c3:ef:8f:e8:66:5f:29:8c:d2:f9:
                    e8:7c:c6:f5:c1:0c:ca:38:92:d5:7c:ad:7c:d8:54:
                    86:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:AE:67:66:09:09:D0:27:E1:19:34:5A:45:50:4C:1E:B6:3B:58:4F
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/28164c71-ef11-34d8-b685-5869b6ac85e4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/18800324-5150-4981-a144-bdb80e6bcb7c.crl

            X509v3 Authority Key Identifier:
                keyid:11:6B:47:33:36:D9:E8:9D:B5:96:1B:5E:EF:A3:40:22:AE:DE:69:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.230.39.0/24
                  23.230.42.0/24
                  23.230.70.0/24
                  23.230.111.0/24
                  23.230.144.0/23
                  23.230.167.0/24
                  23.230.217.0/24
                  23.230.252.0/24
                  45.38.58.0/24
                  45.38.158.0/24
                  45.38.242.0/24
                  45.39.212.0/24
                  45.39.243.0/24
                  45.39.249.0/24
                  50.118.252.0/24
                  104.164.163.0/24
                  104.164.183.0/24
                  104.165.123.0/24
                  104.165.127.0/24
                  104.165.169.0/24
                  104.165.232.0/24
                  104.252.19.0/24
                  104.252.28.0/24
                  104.252.30.0/24
                  104.252.131.0/24
                  104.252.143.0/24
                  142.252.145.0/24
                  166.88.220.0/24
                  172.121.255.0/24
                  172.252.10.0/24
                  172.252.233.0/24
                  173.245.93.0/24
                  192.177.33.0/24
                  192.177.40.0/24
                  192.177.56.0/24
                  192.177.69.0/24
                  192.177.82.0/24
                  192.177.98.0/24
                  192.177.109.0/24
                  205.164.11.0/24
                  205.164.46.0/24
                  209.73.147.0/24
                  216.172.136.0/24

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         7c:25:50:b6:96:3f:8a:73:5d:4e:db:e2:85:94:f6:54:ed:5d:
         ff:4f:3a:f6:2c:22:e8:41:28:6b:74:d0:15:79:2c:ae:ea:a1:
         3e:f2:c5:2a:ca:48:90:cc:1a:51:75:cb:f4:b3:8f:74:b5:73:
         74:4d:65:97:af:0c:e8:08:8c:f5:ec:cc:7c:1c:2d:b5:00:15:
         d6:f5:99:76:76:b3:d8:08:c1:ca:cf:e2:f7:54:6f:c7:9c:e2:
         b2:39:18:c5:01:0b:d2:16:c7:d2:b7:f0:cd:30:07:e9:8a:55:
         64:97:cc:ae:8b:1e:0d:79:f7:a7:0a:e1:54:d1:28:8d:e1:cc:
         2d:b0:68:35:b7:9a:d8:15:93:d5:3e:2f:bd:b9:58:6f:09:a3:
         e7:a7:8b:b5:b3:94:15:c2:1a:e1:55:78:6c:06:9f:4d:4d:f8:
         c6:dc:42:82:4a:1c:f8:16:61:8e:40:39:fa:0d:89:91:26:89:
         5a:eb:9e:db:dd:a3:da:a7:89:69:3c:6f:bd:1f:87:15:29:ac:
         b9:62:24:7b:54:85:1c:03:33:0e:e5:10:5d:a5:74:83:bf:0e:
         fa:43:95:e4:1a:38:de:a4:80:bb:58:23:6c:78:3c:00:13:a5:
         45:65:d5:81:ce:9b:ea:3a:fd:1e:b0:6c:d1:cb:33:76:7b:2f:
         7f:52:1d:c0
-----BEGIN CERTIFICATE-----
MIIHSTCCBjGgAwIBAgIUAQ0Mn0MoWEPfjnSM1riXBBJrKoAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkMTg4MDAzMjQtNTE1MC00OTgxLWExNDQtYmRiODBlNmJj
YjdjMB4XDTIzMTExMzEwMDQyOVoXDTI0MDIxMTEwMDQyOVowLzEtMCsGA1UEAxMk
YTA5YzIyNDQtYjM2Yi00NDlmLWE0MWUtNmRlMmU5NzAyNGM4MIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjh9WGdHVm76ihpmnoKW59gT/Oji9RkNoa7zX
aLzCo6ayPVSzMJO9SYpY5OFGzWPQX5njErxRo/dWvNk+w5pNLyN8VGCV1juLMmxo
0SvaLOG4WcZKCgmhnHNjr5Xd0SfjKw2xev17mZ3YjAQyIoGPnmhMpyCy8UJ4GJWv
ygqCYUaIvInhR0MpjP18/gItxxlper0mTCa7u9kKiUZ+cLN2LoONhPi/T/aK+PGa
wN88wjXusCbpUws6AgI9mZgCx5v+XPtw7eoqnkXtfNAbOcF8pvcKgBDt7CmJGDOl
R6U/pGbKap+5LMPvj+hmXymM0vnofMb1wQzKOJLVfK182FSGYQIDAQABo4IEWzCC
BFcwHQYDVR0OBBYEFEmuZ2YJCdAn4Rk0WkVQTB62O1hPMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzc0NmUwMTExLWZhZmItNDMwZi1iNzc4LWQyMDRjZmNkOTlhOC8xODgw
MDMyNC01MTUwLTQ5ODEtYTE0NC1iZGI4MGU2YmNiN2MvMjgxNjRjNzEtZWYxMS0z
NGQ4LWI2ODUtNTg2OWI2YWM4NWU0LnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy83NDZlMDExMS1m
YWZiLTQzMGYtYjc3OC1kMjA0Y2ZjZDk5YTgvMTg4MDAzMjQtNTE1MC00OTgxLWEx
NDQtYmRiODBlNmJjYjdjLzE4ODAwMzI0LTUxNTAtNDk4MS1hMTQ0LWJkYjgwZTZi
Y2I3Yy5jcmwwHwYDVR0jBBgwFoAUEWtHMzbZ6J21lhte76NAIq7eabYwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzc0NmUwMTExLWZhZmItNDMw
Zi1iNzc4LWQyMDRjZmNkOTlhOC8xODgwMDMyNC01MTUwLTQ5ODEtYTE0NC1iZGI4
MGU2YmNiN2MuY2VyMIIBIwYIKwYBBQUHAQcBAf8EggESMIIBDjCCAQoEAgABMIIB
AgMEABfmJwMEABfmKgMEABfmRgMEABfmbwMEARfmkAMEABfmpwMEABfm2QMEABfm
/AMEAC0mOgMEAC0mngMEAC0m8gMEAC0n1AMEAC0n8wMEAC0n+QMEADJ2/AMEAGik
owMEAGiktwMEAGilewMEAGilfwMEAGilqQMEAGil6AMEAGj8EwMEAGj8HAMEAGj8
HgMEAGj8gwMEAGj8jwMEAI78kQMEAKZY3AMEAKx5/wMEAKz8CgMEAKz86QMEAK31
XQMEAMCxIQMEAMCxKAMEAMCxOAMEAMCxRQMEAMCxUgMEAMCxYgMEAMCxbQMEAM2k
CwMEAM2kLgMEANFJkwMEANisiDBUBgNVHSABAf8ESjBIMEYGCCsGAQUFBw4CMDow
OAYIKwYBBQUHAgEWLGh0dHBzOi8vd3d3LmFyaW4ubmV0L3Jlc291cmNlcy9ycGtp
L2Nwcy5odG1sMA0GCSqGSIb3DQEBCwUAA4IBAQB8JVC2lj+Kc11O2+KFlPZU7V3/
Tzr2LCLoQShrdNAVeSyu6qE+8sUqykiQzBpRdcv0s490tXN0TWWXrwzoCIz17Mx8
HC21ABXW9Zl2drPYCMHKz+L3VG/HnOKyORjFAQvSFsfSt/DNMAfpilVkl8yuix4N
efenCuFU0SiN4cwtsGg1t5rYFZPVPi+9uVhvCaPnp4u1s5QVwhrhVXhsBp9NTfjG
3EKCShz4FmGOQDn6DYmRJola657b3aPap4lpPG+9H4cVKay5YiR7VIUcAzMO5RBd
pXSDvw76Q5XkGjjepIC7WCNseDwAE6VFZdWBzpvqOv0esGzRyzN2ey9/Uh3A
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:10:20 2024 by rpki-client on console-fra.rpki-client.org