Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/3facce09-1d66-3fba-b74a-a8bb2df7618f.roa
File:                     3facce09-1d66-3fba-b74a-a8bb2df7618f.roa (raw, json)
Hash identifier:          oqhXmCA4D/SpMeXN502aC2Q5p5I4lyOKELfkAW+/QWo=
Subject key identifier:   03:D9:09:67:EC:98:09:59:A2:73:03:2D:3A:37:94:E1:6D:30:60:C3
Certificate issuer:       /CN=18800324-5150-4981-a144-bdb80e6bcb7c
Certificate serial:       010D0C9F43285844A79F850BA78A161A161ADC00
Authority key identifier: 11:6B:47:33:36:D9:E8:9D:B5:96:1B:5E:EF:A3:40:22:AE:DE:69:B6
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/3facce09-1d66-3fba-b74a-a8bb2df7618f.roa
Signing time:             Wed 24 Jan 2024 02:00:26 +0000
ROA not before:           Wed 24 Jan 2024 02:00:26 +0000
ROA not after:            Tue 23 Apr 2024 01:00:26 +0000
asID:                     44477
IP address blocks:        192.177.41.0/24 maxlen: 24
                          192.177.31.0/24 maxlen: 24
                          192.177.28.0/24 maxlen: 24
                          192.177.63.0/24 maxlen: 24
                          142.111.174.0/24 maxlen: 24
                          172.252.158.0/24 maxlen: 24
                          172.252.125.0/24 maxlen: 24
                          172.120.25.0/24 maxlen: 24
                          166.88.213.0/24 maxlen: 24
                          172.252.161.0/24 maxlen: 24
                          107.186.86.0/24 maxlen: 24
                          107.164.204.0/24 maxlen: 24
                          136.0.198.0/24 maxlen: 24
                          136.0.121.0/24 maxlen: 24
                          136.0.96.0/24 maxlen: 24
                          107.186.194.0/24 maxlen: 24
                          142.111.173.0/24 maxlen: 24
                          136.0.251.0/24 maxlen: 24
                          136.0.248.0/24 maxlen: 24
                          136.0.199.0/24 maxlen: 24
                          104.165.175.0/24 maxlen: 24
                          104.164.113.0/24 maxlen: 24
                          104.253.147.0/24 maxlen: 24
                          107.186.157.0/24 maxlen: 24
                          107.164.183.0/24 maxlen: 24
                          104.165.236.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:44:a7:9f:85:0b:a7:8a:16:1a:16:1a:dc:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18800324-5150-4981-a144-bdb80e6bcb7c
        Validity
            Not Before: Jan 24 02:00:26 2024 GMT
            Not After : Apr 23 01:00:26 2024 GMT
        Subject: CN=3baf3fe6-3443-4fd8-8260-07f91b0a0434
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:55:8f:5d:d0:00:33:9b:8e:fd:21:e4:1b:84:
                    35:eb:f8:ff:5b:4a:73:16:37:f0:bc:45:48:61:22:
                    43:4c:49:7a:9c:25:49:5a:10:e8:a7:3f:51:ee:32:
                    8e:28:86:f3:8e:ab:ff:a0:c9:1b:f9:b9:6c:aa:54:
                    5b:1f:d4:74:40:8e:de:db:79:f4:c1:b2:11:1e:b6:
                    d7:32:68:e9:38:8f:5e:67:28:18:88:8a:b3:c7:ab:
                    b1:45:6b:97:48:de:e9:40:29:14:08:47:9c:82:60:
                    99:d6:d9:30:1a:d9:83:ef:83:28:1b:65:2f:15:25:
                    10:b8:fe:02:a2:3d:91:c6:15:c5:db:1d:6c:37:f5:
                    84:41:d8:41:65:f7:c9:44:70:e2:0d:9c:bc:ac:c8:
                    21:4b:80:c0:58:a2:84:44:3e:25:c5:ca:d1:1c:16:
                    71:e7:77:98:f4:a0:53:38:a8:f6:47:25:3a:32:0c:
                    e0:7d:75:89:44:20:ea:bb:6c:5e:b7:b7:99:96:96:
                    bc:7d:b8:44:cd:53:bf:79:ac:80:6e:51:16:3a:30:
                    79:82:fa:7c:8b:0a:43:df:6e:d1:18:af:b1:12:82:
                    e8:ed:5e:43:5b:05:9c:35:13:b0:f0:a2:b3:7f:f9:
                    00:e1:9f:45:90:9e:5f:24:75:41:6b:19:41:ce:db:
                    68:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:D9:09:67:EC:98:09:59:A2:73:03:2D:3A:37:94:E1:6D:30:60:C3
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/3facce09-1d66-3fba-b74a-a8bb2df7618f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/18800324-5150-4981-a144-bdb80e6bcb7c.crl

            X509v3 Authority Key Identifier:
                keyid:11:6B:47:33:36:D9:E8:9D:B5:96:1B:5E:EF:A3:40:22:AE:DE:69:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  104.164.113.0/24
                  104.165.175.0/24
                  104.165.236.0/24
                  104.253.147.0/24
                  107.164.183.0/24
                  107.164.204.0/24
                  107.186.86.0/24
                  107.186.157.0/24
                  107.186.194.0/24
                  136.0.96.0/24
                  136.0.121.0/24
                  136.0.198.0/23
                  136.0.248.0/24
                  136.0.251.0/24
                  142.111.173.0-142.111.174.255
                  166.88.213.0/24
                  172.120.25.0/24
                  172.252.125.0/24
                  172.252.158.0/24
                  172.252.161.0/24
                  192.177.28.0/24
                  192.177.31.0/24
                  192.177.41.0/24
                  192.177.63.0/24

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         53:5b:27:01:55:ac:bb:25:de:a2:5d:20:7f:66:9b:92:24:82:
         8a:b8:32:8f:e7:c2:dd:d9:0b:9b:ac:7c:e4:0b:5d:1d:bb:d5:
         5a:cf:ce:73:6d:76:70:b6:8b:47:79:fe:00:5b:29:29:38:81:
         a1:ef:44:8d:eb:d0:ca:be:af:31:5b:de:4d:74:ef:7d:cc:d7:
         5c:5f:4c:8c:5e:c9:e9:41:75:de:02:f4:cd:f2:2c:89:b7:bb:
         ac:d4:f4:00:5e:99:16:01:bd:a0:43:68:47:b0:64:95:25:ec:
         12:ed:24:83:21:0d:c7:68:fa:a4:47:5c:c1:5b:83:53:1e:d6:
         3c:c2:95:61:97:5b:72:99:5a:60:14:a2:f8:88:77:cb:c3:59:
         a1:39:24:e7:94:cc:6d:49:c4:0f:76:79:df:c0:ef:d2:73:c4:
         c9:cf:82:cc:b7:b2:8b:84:63:ba:8c:28:81:e3:69:50:c1:57:
         78:6b:77:5a:54:57:d7:29:d7:4d:08:66:85:95:e9:5b:e0:1f:
         fe:6a:67:c7:0b:5b:7e:b7:5c:ad:0f:05:1a:aa:79:77:ad:3b:
         a2:3d:81:93:74:8f:01:eb:85:71:a3:9b:d6:8f:8b:f6:f8:ab:
         0d:66:16:7f:23:2e:5f:69:d5:8f:be:f8:df:ec:c0:18:fe:49:
         48:9f:93:17
-----BEGIN CERTIFICATE-----
MIIG2jCCBcKgAwIBAgIUAQ0Mn0MoWESnn4ULp4oWGhYa3AAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkMTg4MDAzMjQtNTE1MC00OTgxLWExNDQtYmRiODBlNmJj
YjdjMB4XDTI0MDEyNDAyMDAyNloXDTI0MDQyMzAxMDAyNlowLzEtMCsGA1UEAxMk
M2JhZjNmZTYtMzQ0My00ZmQ4LTgyNjAtMDdmOTFiMGEwNDM0MIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiFWPXdAAM5uO/SHkG4Q16/j/W0pzFjfwvEVI
YSJDTEl6nCVJWhDopz9R7jKOKIbzjqv/oMkb+blsqlRbH9R0QI7e23n0wbIRHrbX
MmjpOI9eZygYiIqzx6uxRWuXSN7pQCkUCEecgmCZ1tkwGtmD74MoG2UvFSUQuP4C
oj2RxhXF2x1sN/WEQdhBZffJRHDiDZy8rMghS4DAWKKERD4lxcrRHBZx53eY9KBT
OKj2RyU6MgzgfXWJRCDqu2xet7eZlpa8fbhEzVO/eayAblEWOjB5gvp8iwpD327R
GK+xEoLo7V5DWwWcNROw8KKzf/kA4Z9FkJ5fJHVBaxlBzttoSQIDAQABo4ID7DCC
A+gwHQYDVR0OBBYEFAPZCWfsmAlZonMDLTo3lOFtMGDDMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzc0NmUwMTExLWZhZmItNDMwZi1iNzc4LWQyMDRjZmNkOTlhOC8xODgw
MDMyNC01MTUwLTQ5ODEtYTE0NC1iZGI4MGU2YmNiN2MvM2ZhY2NlMDktMWQ2Ni0z
ZmJhLWI3NGEtYThiYjJkZjc2MThmLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy83NDZlMDExMS1m
YWZiLTQzMGYtYjc3OC1kMjA0Y2ZjZDk5YTgvMTg4MDAzMjQtNTE1MC00OTgxLWEx
NDQtYmRiODBlNmJjYjdjLzE4ODAwMzI0LTUxNTAtNDk4MS1hMTQ0LWJkYjgwZTZi
Y2I3Yy5jcmwwHwYDVR0jBBgwFoAUEWtHMzbZ6J21lhte76NAIq7eabYwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzc0NmUwMTExLWZhZmItNDMw
Zi1iNzc4LWQyMDRjZmNkOTlhOC8xODgwMDMyNC01MTUwLTQ5ODEtYTE0NC1iZGI4
MGU2YmNiN2MuY2VyMIG1BggrBgEFBQcBBwEB/wSBpTCBojCBnwQCAAEwgZgDBABo
pHEDBABopa8DBABopewDBABo/ZMDBABrpLcDBABrpMwDBABrulYDBABrup0DBABr
usIDBACIAGADBACIAHkDBAGIAMYDBACIAPgDBACIAPswDAMEAI5vrQMEAI5vrgME
AKZY1QMEAKx4GQMEAKz8fQMEAKz8ngMEAKz8oQMEAMCxHAMEAMCxHwMEAMCxKQME
AMCxPzBUBgNVHSABAf8ESjBIMEYGCCsGAQUFBw4CMDowOAYIKwYBBQUHAgEWLGh0
dHBzOi8vd3d3LmFyaW4ubmV0L3Jlc291cmNlcy9ycGtpL2Nwcy5odG1sMA0GCSqG
SIb3DQEBCwUAA4IBAQBTWycBVay7Jd6iXSB/ZpuSJIKKuDKP58Ld2QubrHzkC10d
u9Vaz85zbXZwtotHef4AWykpOIGh70SN69DKvq8xW95NdO99zNdcX0yMXsnpQXXe
AvTN8iyJt7us1PQAXpkWAb2gQ2hHsGSVJewS7SSDIQ3HaPqkR1zBW4NTHtY8wpVh
l1tymVpgFKL4iHfLw1mhOSTnlMxtScQPdnnfwO/Sc8TJz4LMt7KLhGO6jCiB42lQ
wVd4a3daVFfXKddNCGaFlelb4B/+amfHC1t+t1ytDwUaqnl3rTuiPYGTdI8B64Vx
o5vWj4v2+KsNZhZ/Iy5fadWPvvjf7MAY/klIn5MX
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:42:06 2024 by rpki-client on console-ams.rpki-client.org