Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/4c654ef1-8397-37c0-9767-aafb70743663.roa
File:                     4c654ef1-8397-37c0-9767-aafb70743663.roa (raw, json)
Hash identifier:          zNLKQu4ZH4mEmIb1eciy3yh6BRwPALjMn47mkdKdKqs=
Subject key identifier:   5B:EF:A9:79:E9:93:93:2B:E5:FF:41:62:4F:FE:D1:3A:C8:CA:6F:2C
Certificate issuer:       /CN=18800324-5150-4981-a144-bdb80e6bcb7c
Certificate serial:       010D0C9F4328583F169F99F900C71E3B59318400
Authority key identifier: 11:6B:47:33:36:D9:E8:9D:B5:96:1B:5E:EF:A3:40:22:AE:DE:69:B6
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/4c654ef1-8397-37c0-9767-aafb70743663.roa
Signing time:             Wed 26 Aug 2020 17:55:28 +0000
ROA not before:           Wed 26 Aug 2020 17:55:28 +0000
ROA not after:            Tue 03 Dec 2024 05:00:00 +0000
asID:                     212768
IP address blocks:        104.253.150.0/24 maxlen: 24
                          136.0.67.0/24 maxlen: 24
                          104.253.63.0/24 maxlen: 24
                          104.253.139.0/24 maxlen: 24
                          104.253.143.0/24 maxlen: 24
                          104.253.141.0/24 maxlen: 24
                          104.253.146.0/24 maxlen: 24
                          104.253.144.0/24 maxlen: 24
                          107.164.85.0/24 maxlen: 24
                          107.164.200.0/24 maxlen: 24
                          107.164.199.0/24 maxlen: 24
                          107.164.145.0/24 maxlen: 24
                          107.165.161.0/24 maxlen: 24
                          107.165.138.0/24 maxlen: 24
                          136.0.47.0/24 maxlen: 24
                          107.186.35.0/24 maxlen: 24
                          107.165.194.0/24 maxlen: 24
                          205.164.9.0/24 maxlen: 24
                          136.0.226.0/24 maxlen: 24
                          136.0.99.0/24 maxlen: 24
                          142.252.51.0/24 maxlen: 24
                          142.111.219.0/24 maxlen: 24
                          166.88.149.0/24 maxlen: 24
                          142.252.52.0/24 maxlen: 24
                          172.252.215.0/24 maxlen: 24
                          172.120.14.0/24 maxlen: 24
                          173.245.84.0/24 maxlen: 24
                          205.164.59.0/24 maxlen: 24
                          205.164.32.0/24 maxlen: 24
                          209.73.136.0/24 maxlen: 24
                          209.73.137.0/24 maxlen: 24
                          216.172.135.0/24 maxlen: 24
                          216.172.138.0/24 maxlen: 24
                          209.73.132.0/24 maxlen: 24
                          104.253.12.0/24 maxlen: 24
                          104.253.96.0/24 maxlen: 24
                          104.253.132.0/24 maxlen: 24
                          104.253.106.0/24 maxlen: 24
                          104.253.57.0/24 maxlen: 24
                          104.253.29.0/24 maxlen: 24
                          104.253.11.0/24 maxlen: 24
                          104.165.134.0/24 maxlen: 24
                          104.165.120.0/24 maxlen: 24
                          104.165.114.0/24 maxlen: 24
                          104.165.109.0/24 maxlen: 24
                          104.165.107.0/24 maxlen: 24
                          104.165.91.0/24 maxlen: 24
                          104.165.83.0/24 maxlen: 24
                          104.165.29.0/24 maxlen: 24
                          104.165.73.0/24 maxlen: 24
                          104.165.78.0/24 maxlen: 24
                          104.165.81.0/24 maxlen: 24
                          104.164.180.0/24 maxlen: 24
                          50.118.255.0/24 maxlen: 24
                          50.118.248.0/24 maxlen: 24
                          50.117.96.0/24 maxlen: 24
                          50.117.45.0/24 maxlen: 24
                          23.230.29.0/24 maxlen: 24
                          23.230.67.0/24 maxlen: 24
                          23.27.243.0/24 maxlen: 24
                          23.27.127.0/24 maxlen: 24
                          23.27.23.0/24 maxlen: 24
                          23.27.14.0/24 maxlen: 24
                          23.27.248.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:3f:16:9f:99:f9:00:c7:1e:3b:59:31:84:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18800324-5150-4981-a144-bdb80e6bcb7c
        Validity
            Not Before: Aug 26 17:55:28 2020 GMT
            Not After : Dec  3 05:00:00 2024 GMT
        Subject: CN=fd563a39-6566-4309-9774-2166199c4b83
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:50:63:4e:27:85:d7:7f:a2:bb:1b:cc:da:61:
                    46:3a:c5:49:ae:9d:b8:df:3c:cb:1e:43:e9:27:37:
                    38:51:2e:e4:e4:21:7c:ea:34:2d:fa:b6:e5:5d:86:
                    c7:6a:e3:2d:13:97:86:56:d4:5c:4b:74:d9:2a:62:
                    cb:20:84:26:42:86:ab:c3:06:2a:eb:99:18:17:8b:
                    79:f8:7b:0c:8d:79:09:94:1b:7e:8d:cf:c0:c2:f9:
                    46:eb:a9:ec:a3:07:89:23:78:f9:d7:fc:70:db:9a:
                    3a:7b:7d:6e:67:45:78:5a:b3:ad:c1:3f:20:0f:46:
                    a7:03:c4:9b:79:c1:eb:55:fd:ae:55:bc:5d:19:bb:
                    05:04:3c:eb:76:1d:dd:67:bb:5f:54:66:0b:43:50:
                    24:00:58:2b:ef:0a:d0:93:fc:9a:85:6c:c2:27:f0:
                    48:e4:ec:6b:9f:68:d6:82:d4:3d:10:bd:0f:a5:83:
                    b2:c5:f3:b4:8b:bc:5c:29:7e:a3:55:73:a9:ac:7d:
                    4b:c2:b7:d4:8e:d9:11:30:20:d0:6c:d9:a9:4f:d1:
                    b7:98:46:c2:9f:e5:44:d4:fa:e8:f8:49:f8:66:4c:
                    87:ec:53:94:c9:d1:a9:6c:fb:c2:51:05:70:73:34:
                    ca:0a:a5:b8:32:03:70:4e:0f:27:47:38:26:85:ea:
                    5f:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:EF:A9:79:E9:93:93:2B:E5:FF:41:62:4F:FE:D1:3A:C8:CA:6F:2C
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/4c654ef1-8397-37c0-9767-aafb70743663.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/18800324-5150-4981-a144-bdb80e6bcb7c.crl

            X509v3 Authority Key Identifier:
                keyid:11:6B:47:33:36:D9:E8:9D:B5:96:1B:5E:EF:A3:40:22:AE:DE:69:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.27.14.0/24
                  23.27.23.0/24
                  23.27.127.0/24
                  23.27.243.0/24
                  23.27.248.0/24
                  23.230.29.0/24
                  23.230.67.0/24
                  50.117.45.0/24
                  50.117.96.0/24
                  50.118.248.0/24
                  50.118.255.0/24
                  104.164.180.0/24
                  104.165.29.0/24
                  104.165.73.0/24
                  104.165.78.0/24
                  104.165.81.0/24
                  104.165.83.0/24
                  104.165.91.0/24
                  104.165.107.0/24
                  104.165.109.0/24
                  104.165.114.0/24
                  104.165.120.0/24
                  104.165.134.0/24
                  104.253.11.0-104.253.12.255
                  104.253.29.0/24
                  104.253.57.0/24
                  104.253.63.0/24
                  104.253.96.0/24
                  104.253.106.0/24
                  104.253.132.0/24
                  104.253.139.0/24
                  104.253.141.0/24
                  104.253.143.0-104.253.144.255
                  104.253.146.0/24
                  104.253.150.0/24
                  107.164.85.0/24
                  107.164.145.0/24
                  107.164.199.0-107.164.200.255
                  107.165.138.0/24
                  107.165.161.0/24
                  107.165.194.0/24
                  107.186.35.0/24
                  136.0.47.0/24
                  136.0.67.0/24
                  136.0.99.0/24
                  136.0.226.0/24
                  142.111.219.0/24
                  142.252.51.0-142.252.52.255
                  166.88.149.0/24
                  172.120.14.0/24
                  172.252.215.0/24
                  173.245.84.0/24
                  205.164.9.0/24
                  205.164.32.0/24
                  205.164.59.0/24
                  209.73.132.0/24
                  209.73.136.0/23
                  216.172.135.0/24
                  216.172.138.0/24

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         35:a3:ab:a2:94:d9:be:3b:97:6f:af:c9:cd:f0:f7:67:1a:3e:
         b1:a3:c0:09:7f:13:c3:40:f2:48:68:93:d2:72:32:1a:f2:13:
         c2:e9:9f:08:01:27:ca:82:1b:23:35:29:84:83:12:70:1e:7b:
         b1:71:cc:14:95:3d:46:a7:bb:bc:62:a9:f1:05:8c:b6:7b:6a:
         8c:b8:0d:21:0d:ac:73:75:ea:67:a5:e4:7f:99:92:4c:70:41:
         c3:f2:e2:3d:9c:e5:30:45:42:dc:22:e3:6d:af:ce:a8:30:a3:
         ff:0e:69:00:89:ad:9c:3c:6d:de:b0:73:1d:48:83:76:09:91:
         cd:f0:8e:53:4b:7d:67:62:e5:9b:1a:6b:88:a6:a0:07:1a:0e:
         66:2d:1c:8e:34:8c:60:f4:a7:f6:0b:40:fa:3e:c5:b4:0a:7b:
         5c:a6:83:96:94:6c:c9:ee:d6:53:bb:19:14:a7:f5:7d:70:d2:
         44:c2:40:69:ae:00:81:f1:c6:8d:30:71:c0:2b:74:5f:ed:7e:
         f3:1e:80:b3:07:82:63:0b:b2:ef:f9:e2:1b:48:5e:0b:53:85:
         cf:de:b6:ba:f7:a8:3a:86:2d:5e:c7:ff:21:35:81:df:59:7f:
         dc:50:68:7f:0a:2d:42:53:6c:5f:c5:c2:f0:b1:bd:0e:a9:0b:
         d3:05:1b:44
-----BEGIN CERTIFICATE-----
MIIHyTCCBrGgAwIBAgIUAQ0Mn0MoWD8Wn5n5AMceO1kxhAAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkMTg4MDAzMjQtNTE1MC00OTgxLWExNDQtYmRiODBlNmJj
YjdjMB4XDTIwMDgyNjE3NTUyOFoXDTI0MTIwMzA1MDAwMFowLzEtMCsGA1UEAxMk
ZmQ1NjNhMzktNjU2Ni00MzA5LTk3NzQtMjE2NjE5OWM0YjgzMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl1BjTieF13+iuxvM2mFGOsVJrp243zzLHkPp
Jzc4US7k5CF86jQt+rblXYbHauMtE5eGVtRcS3TZKmLLIIQmQoarwwYq65kYF4t5
+HsMjXkJlBt+jc/AwvlG66nsoweJI3j51/xw25o6e31uZ0V4WrOtwT8gD0anA8Sb
ecHrVf2uVbxdGbsFBDzrdh3dZ7tfVGYLQ1AkAFgr7wrQk/yahWzCJ/BI5Oxrn2jW
gtQ9EL0PpYOyxfO0i7xcKX6jVXOprH1LwrfUjtkRMCDQbNmpT9G3mEbCn+VE1Pro
+En4ZkyH7FOUydGpbPvCUQVwczTKCqW4MgNwTg8nRzgmhepfpwIDAQABo4IE2zCC
BNcwHQYDVR0OBBYEFFvvqXnpk5Mr5f9BYk/+0TrIym8sMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzc0NmUwMTExLWZhZmItNDMwZi1iNzc4LWQyMDRjZmNkOTlhOC8xODgw
MDMyNC01MTUwLTQ5ODEtYTE0NC1iZGI4MGU2YmNiN2MvNGM2NTRlZjEtODM5Ny0z
N2MwLTk3NjctYWFmYjcwNzQzNjYzLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy83NDZlMDExMS1m
YWZiLTQzMGYtYjc3OC1kMjA0Y2ZjZDk5YTgvMTg4MDAzMjQtNTE1MC00OTgxLWEx
NDQtYmRiODBlNmJjYjdjLzE4ODAwMzI0LTUxNTAtNDk4MS1hMTQ0LWJkYjgwZTZi
Y2I3Yy5jcmwwHwYDVR0jBBgwFoAUEWtHMzbZ6J21lhte76NAIq7eabYwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzc0NmUwMTExLWZhZmItNDMw
Zi1iNzc4LWQyMDRjZmNkOTlhOC8xODgwMDMyNC01MTUwLTQ5ODEtYTE0NC1iZGI4
MGU2YmNiN2MuY2VyMIIBowYIKwYBBQUHAQcBAf8EggGSMIIBjjCCAYoEAgABMIIB
ggMEABcbDgMEABcbFwMEABcbfwMEABcb8wMEABcb+AMEABfmHQMEABfmQwMEADJ1
LQMEADJ1YAMEADJ2+AMEADJ2/wMEAGiktAMEAGilHQMEAGilSQMEAGilTgMEAGil
UQMEAGilUwMEAGilWwMEAGilawMEAGilbQMEAGilcgMEAGileAMEAGilhjAMAwQA
aP0LAwQAaP0MAwQAaP0dAwQAaP05AwQAaP0/AwQAaP1gAwQAaP1qAwQAaP2EAwQA
aP2LAwQAaP2NMAwDBABo/Y8DBABo/ZADBABo/ZIDBABo/ZYDBABrpFUDBABrpJEw
DAMEAGukxwMEAGukyAMEAGuligMEAGuloQMEAGulwgMEAGu6IwMEAIgALwMEAIgA
QwMEAIgAYwMEAIgA4gMEAI5v2zAMAwQAjvwzAwQAjvw0AwQApliVAwQArHgOAwQA
rPzXAwQArfVUAwQAzaQJAwQAzaQgAwQAzaQ7AwQA0UmEAwQB0UmIAwQA2KyHAwQA
2KyKMFQGA1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0
cHM6Ly93d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZI
hvcNAQELBQADggEBADWjq6KU2b47l2+vyc3w92caPrGjwAl/E8NA8khok9JyMhry
E8LpnwgBJ8qCGyM1KYSDEnAee7FxzBSVPUanu7xiqfEFjLZ7aoy4DSENrHN16mel
5H+ZkkxwQcPy4j2c5TBFQtwi422vzqgwo/8OaQCJrZw8bd6wcx1Ig3YJkc3wjlNL
fWdi5Zsaa4imoAcaDmYtHI40jGD0p/YLQPo+xbQKe1ymg5aUbMnu1lO7GRSn9X1w
0kTCQGmuAIHxxo0wccArdF/tfvMegLMHgmMLsu/54htIXgtThc/etrr3qDqGLV7H
/yE1gd9Zf9xQaH8KLUJTbF/FwvCxvQ6pC9MFG0Q=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:42:06 2024 by rpki-client on console-ams.rpki-client.org