Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/4ba12f25-2783-3bd5-b26d-1cc1c5555171.roa
File:                     4ba12f25-2783-3bd5-b26d-1cc1c5555171.roa (raw, json)
Hash identifier:          G+wlZRdb6RFSSbn/QN9Us6Zyw0iCquKk4jIWlOACNRQ=
Subject key identifier:   1B:75:C2:3C:69:19:5B:7D:0F:FE:75:C4:D3:13:53:D1:70:F0:83:23
Certificate issuer:       /CN=18800324-5150-4981-a144-bdb80e6bcb7c
Certificate serial:       010D0C9F4328583CF984B0D4FC824D4E7A2F93C0
Authority key identifier: 11:6B:47:33:36:D9:E8:9D:B5:96:1B:5E:EF:A3:40:22:AE:DE:69:B6
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/4ba12f25-2783-3bd5-b26d-1cc1c5555171.roa
Signing time:             Wed 26 Aug 2020 04:00:00 +0000
ROA not before:           Wed 26 Aug 2020 04:00:00 +0000
ROA not after:            Thu 23 May 2024 04:00:00 +0000
asID:                     3561
IP address blocks:        107.164.9.0/24 maxlen: 24
                          104.253.36.0/24 maxlen: 24
                          104.253.43.0/24 maxlen: 24
                          45.38.219.0/24 maxlen: 24
                          23.230.17.0/24 maxlen: 24
                          23.230.137.0/24 maxlen: 24
                          23.230.240.0/24 maxlen: 24
                          50.117.110.0/24 maxlen: 24
                          104.253.41.0/24 maxlen: 24
                          104.253.130.0/24 maxlen: 24
                          107.164.13.0/24 maxlen: 24
                          107.164.103.0/24 maxlen: 24
                          107.164.167.0/24 maxlen: 24
                          136.0.218.0/24 maxlen: 24
                          142.111.145.0/24 maxlen: 24
                          142.111.182.0/24 maxlen: 24
                          142.111.210.0/24 maxlen: 24
                          142.111.214.0/24 maxlen: 24
                          142.252.6.0/24 maxlen: 24
                          142.252.21.0/24 maxlen: 24
                          142.252.116.0/24 maxlen: 24
                          142.252.184.0/24 maxlen: 24
                          166.88.40.0/24 maxlen: 24
                          166.88.46.0/24 maxlen: 24
                          172.120.6.0/24 maxlen: 24
                          172.120.22.0/24 maxlen: 24
                          172.120.24.0/24 maxlen: 24
                          172.121.17.0/24 maxlen: 24
                          172.121.28.0/24 maxlen: 24
                          172.252.153.0/24 maxlen: 24
                          172.252.165.0/24 maxlen: 24
                          172.252.184.0/24 maxlen: 24
                          172.252.186.0/24 maxlen: 24
                          192.177.53.0/24 maxlen: 24
                          192.177.72.0/24 maxlen: 24
                          192.177.84.0/24 maxlen: 24
                          192.177.90.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:3c:f9:84:b0:d4:fc:82:4d:4e:7a:2f:93:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18800324-5150-4981-a144-bdb80e6bcb7c
        Validity
            Not Before: Aug 26 04:00:00 2020 GMT
            Not After : May 23 04:00:00 2024 GMT
        Subject: CN=f09b2071-710d-4468-a02f-4841d2aafa74
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:76:eb:1d:00:55:51:7a:83:c9:1f:ad:98:bf:
                    bc:cf:7b:6e:28:9d:4d:d8:d7:41:71:6f:0c:88:8e:
                    94:d0:06:b4:0b:bb:ea:8f:01:97:1d:ad:6b:a4:07:
                    ee:fa:66:e1:17:1f:da:fd:b5:a2:96:97:f1:8c:2a:
                    43:1a:b4:20:a7:16:73:b1:37:e6:13:ea:67:0f:4c:
                    0a:76:db:28:37:78:4d:ed:b8:d7:4d:7e:60:3e:a3:
                    df:fa:40:5d:90:ca:fe:40:97:3f:71:ea:9a:f0:ec:
                    ac:0b:a8:06:e3:35:d6:f4:56:11:da:1b:c8:e4:05:
                    fc:3a:32:eb:5a:5c:e4:78:16:ff:ca:6e:28:36:7f:
                    71:f2:c7:c1:68:ef:ef:d3:7e:e8:98:51:36:2b:8b:
                    69:77:7d:37:b9:c7:2c:43:3b:ab:18:f9:40:94:a2:
                    4b:f8:1a:23:9f:ba:e6:6f:42:80:d5:81:e9:46:b3:
                    2e:e4:f7:31:c9:51:94:48:62:ea:fe:0b:19:a7:9e:
                    6e:53:3b:2e:25:fc:c7:70:5e:e7:d8:a0:5d:78:b7:
                    f5:06:e7:ba:6f:80:11:e7:78:71:79:0d:ca:29:c8:
                    07:e7:a1:b7:39:96:30:74:47:77:a1:09:36:90:38:
                    f5:36:63:5b:fa:9e:e9:b1:48:e9:55:16:d8:05:1f:
                    1e:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:75:C2:3C:69:19:5B:7D:0F:FE:75:C4:D3:13:53:D1:70:F0:83:23
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/4ba12f25-2783-3bd5-b26d-1cc1c5555171.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/18800324-5150-4981-a144-bdb80e6bcb7c.crl

            X509v3 Authority Key Identifier:
                keyid:11:6B:47:33:36:D9:E8:9D:B5:96:1B:5E:EF:A3:40:22:AE:DE:69:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.230.17.0/24
                  23.230.137.0/24
                  23.230.240.0/24
                  45.38.219.0/24
                  50.117.110.0/24
                  104.253.36.0/24
                  104.253.41.0/24
                  104.253.43.0/24
                  104.253.130.0/24
                  107.164.9.0/24
                  107.164.13.0/24
                  107.164.103.0/24
                  107.164.167.0/24
                  136.0.218.0/24
                  142.111.145.0/24
                  142.111.182.0/24
                  142.111.210.0/24
                  142.111.214.0/24
                  142.252.6.0/24
                  142.252.21.0/24
                  142.252.116.0/24
                  142.252.184.0/24
                  166.88.40.0/24
                  166.88.46.0/24
                  172.120.6.0/24
                  172.120.22.0/24
                  172.120.24.0/24
                  172.121.17.0/24
                  172.121.28.0/24
                  172.252.153.0/24
                  172.252.165.0/24
                  172.252.184.0/24
                  172.252.186.0/24
                  192.177.53.0/24
                  192.177.72.0/24
                  192.177.84.0/24
                  192.177.90.0/24

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         14:e1:22:df:18:3a:e4:b9:da:70:e4:1e:da:94:af:94:0e:29:
         68:c7:1f:40:d8:9a:2b:99:67:88:74:1b:ba:12:65:31:98:7c:
         c5:dc:49:9f:10:95:ad:e1:7d:e6:51:9a:fa:ae:22:64:c3:fa:
         8e:c6:7f:0f:ac:4d:e7:ec:ff:c8:13:f7:9a:18:1f:5e:29:a6:
         3a:48:8c:16:1c:86:25:5b:63:a5:2a:03:b8:83:d9:ec:f5:6d:
         f8:86:57:85:99:6e:11:71:c1:08:9b:2c:95:c4:51:db:f5:79:
         ce:38:c3:72:0f:d4:29:74:9a:14:44:5b:b4:b5:09:32:13:ae:
         6a:e1:7d:69:48:a6:32:eb:97:5d:d7:93:0d:79:7e:6e:a4:84:
         18:71:e0:64:7e:1a:76:69:d0:42:20:70:28:77:de:95:03:b1:
         c6:cf:f8:75:d6:2a:65:6b:65:f6:20:fc:c3:5f:20:6a:db:35:
         c1:44:be:04:8e:46:7f:91:b8:53:74:57:2f:d8:3e:6c:ed:2b:
         86:4b:1f:96:33:e3:09:22:0a:42:87:b5:7f:7f:52:09:cd:39:
         4e:bd:0d:f4:80:fc:2e:4a:a9:dc:37:1a:40:a1:9f:ad:cc:57:
         05:cf:60:db:8c:0e:d6:62:49:06:8e:23:15:c7:0d:37:4c:6c:
         ec:ee:71:50
-----BEGIN CERTIFICATE-----
MIIHIDCCBgigAwIBAgIUAQ0Mn0MoWDz5hLDU/IJNTnovk8AwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkMTg4MDAzMjQtNTE1MC00OTgxLWExNDQtYmRiODBlNmJj
YjdjMB4XDTIwMDgyNjA0MDAwMFoXDTI0MDUyMzA0MDAwMFowLzEtMCsGA1UEAxMk
ZjA5YjIwNzEtNzEwZC00NDY4LWEwMmYtNDg0MWQyYWFmYTc0MIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmnbrHQBVUXqDyR+tmL+8z3tuKJ1N2NdBcW8M
iI6U0Aa0C7vqjwGXHa1rpAfu+mbhFx/a/bWilpfxjCpDGrQgpxZzsTfmE+pnD0wK
dtsoN3hN7bjXTX5gPqPf+kBdkMr+QJc/ceqa8OysC6gG4zXW9FYR2hvI5AX8OjLr
WlzkeBb/ym4oNn9x8sfBaO/v037omFE2K4tpd303uccsQzurGPlAlKJL+Bojn7rm
b0KA1YHpRrMu5PcxyVGUSGLq/gsZp55uUzsuJfzHcF7n2KBdeLf1Bue6b4AR53hx
eQ3KKcgH56G3OZYwdEd3oQk2kDj1NmNb+p7psUjpVRbYBR8eJQIDAQABo4IEMjCC
BC4wHQYDVR0OBBYEFBt1wjxpGVt9D/51xNMTU9Fw8IMjMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzc0NmUwMTExLWZhZmItNDMwZi1iNzc4LWQyMDRjZmNkOTlhOC8xODgw
MDMyNC01MTUwLTQ5ODEtYTE0NC1iZGI4MGU2YmNiN2MvNGJhMTJmMjUtMjc4My0z
YmQ1LWIyNmQtMWNjMWM1NTU1MTcxLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy83NDZlMDExMS1m
YWZiLTQzMGYtYjc3OC1kMjA0Y2ZjZDk5YTgvMTg4MDAzMjQtNTE1MC00OTgxLWEx
NDQtYmRiODBlNmJjYjdjLzE4ODAwMzI0LTUxNTAtNDk4MS1hMTQ0LWJkYjgwZTZi
Y2I3Yy5jcmwwHwYDVR0jBBgwFoAUEWtHMzbZ6J21lhte76NAIq7eabYwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzc0NmUwMTExLWZhZmItNDMw
Zi1iNzc4LWQyMDRjZmNkOTlhOC8xODgwMDMyNC01MTUwLTQ5ODEtYTE0NC1iZGI4
MGU2YmNiN2MuY2VyMIH7BggrBgEFBQcBBwEB/wSB6zCB6DCB5QQCAAEwgd4DBAAX
5hEDBAAX5okDBAAX5vADBAAtJtsDBAAydW4DBABo/SQDBABo/SkDBABo/SsDBABo
/YIDBABrpAkDBABrpA0DBABrpGcDBABrpKcDBACIANoDBACOb5EDBACOb7YDBACO
b9IDBACOb9YDBACO/AYDBACO/BUDBACO/HQDBACO/LgDBACmWCgDBACmWC4DBACs
eAYDBACseBYDBACseBgDBACseREDBACseRwDBACs/JkDBACs/KUDBACs/LgDBACs
/LoDBADAsTUDBADAsUgDBADAsVQDBADAsVowVAYDVR0gAQH/BEowSDBGBggrBgEF
BQcOAjA6MDgGCCsGAQUFBwIBFixodHRwczovL3d3dy5hcmluLm5ldC9yZXNvdXJj
ZXMvcnBraS9jcHMuaHRtbDANBgkqhkiG9w0BAQsFAAOCAQEAFOEi3xg65LnacOQe
2pSvlA4paMcfQNiaK5lniHQbuhJlMZh8xdxJnxCVreF95lGa+q4iZMP6jsZ/D6xN
5+z/yBP3mhgfXimmOkiMFhyGJVtjpSoDuIPZ7PVt+IZXhZluEXHBCJsslcRR2/V5
zjjDcg/UKXSaFERbtLUJMhOuauF9aUimMuuXXdeTDXl+bqSEGHHgZH4admnQQiBw
KHfelQOxxs/4ddYqZWtl9iD8w18gats1wUS+BI5Gf5G4U3RXL9g+bO0rhksfljPj
CSIKQoe1f39SCc05Tr0N9ID8Lkqp3DcaQKGfrcxXBc9g24wO1mJJBo4jFccNN0xs
7O5xUA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:10:22 2024 by rpki-client on console-fra.rpki-client.org