Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/6c528cd7-1fb7-3869-925c-337da7cb4f2e.roa
File:                     6c528cd7-1fb7-3869-925c-337da7cb4f2e.roa (raw, json)
Hash identifier:          6OY9+63q1jkDjiDm3AhrhZ69jhGWEImx8Ad9uO06moE=
Subject key identifier:   A2:01:EC:CA:02:8C:AA:93:FA:A5:8C:D5:D8:D0:8B:1F:64:63:F6:EA
Certificate issuer:       /CN=18800324-5150-4981-a144-bdb80e6bcb7c
Certificate serial:       010D0C9F4328583C3080712F7AEB6E8F9790BB00
Authority key identifier: 11:6B:47:33:36:D9:E8:9D:B5:96:1B:5E:EF:A3:40:22:AE:DE:69:B6
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/6c528cd7-1fb7-3869-925c-337da7cb4f2e.roa
Signing time:             Wed 26 Aug 2020 04:00:00 +0000
ROA not before:           Wed 26 Aug 2020 04:00:00 +0000
ROA not after:            Tue 12 Mar 2024 04:00:00 +0000
asID:                     7046
IP address blocks:        107.164.85.0/24 maxlen: 24
                          142.252.52.0/24 maxlen: 24
                          104.253.57.0/24 maxlen: 24
                          104.253.29.0/24 maxlen: 24
                          104.253.96.0/24 maxlen: 24
                          104.253.63.0/24 maxlen: 24
                          104.165.91.0/24 maxlen: 24
                          104.253.11.0/24 maxlen: 24
                          104.165.134.0/24 maxlen: 24
                          104.165.109.0/24 maxlen: 24
                          104.165.107.0/24 maxlen: 24
                          104.165.120.0/24 maxlen: 24
                          104.165.114.0/24 maxlen: 24
                          50.118.248.0/24 maxlen: 24
                          50.117.45.0/24 maxlen: 24
                          50.117.96.0/24 maxlen: 24
                          50.118.255.0/24 maxlen: 24
                          104.164.180.0/24 maxlen: 24
                          104.165.29.0/24 maxlen: 24
                          104.165.73.0/24 maxlen: 24
                          104.165.81.0/24 maxlen: 24
                          104.165.83.0/24 maxlen: 24
                          104.165.78.0/24 maxlen: 24
                          104.253.12.0/24 maxlen: 24
                          172.252.215.0/24 maxlen: 24
                          172.120.14.0/24 maxlen: 24
                          166.88.149.0/24 maxlen: 24
                          142.252.51.0/24 maxlen: 24
                          142.111.219.0/24 maxlen: 24
                          107.164.145.0/24 maxlen: 24
                          107.164.199.0/24 maxlen: 24
                          107.164.200.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:3c:30:80:71:2f:7a:eb:6e:8f:97:90:bb:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18800324-5150-4981-a144-bdb80e6bcb7c
        Validity
            Not Before: Aug 26 04:00:00 2020 GMT
            Not After : Mar 12 04:00:00 2024 GMT
        Subject: CN=5bb06a20-259a-4298-9cfa-9329b0960a42
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:d4:c8:d7:a6:f2:4b:a6:1e:ab:08:e2:a3:31:
                    7e:34:64:04:ca:13:b0:4b:52:9f:58:63:d3:6a:a1:
                    92:76:1e:bf:cb:f4:09:b1:ef:0b:4b:95:5c:31:37:
                    da:13:bd:0d:04:21:5f:39:db:3e:3a:3a:a8:89:bb:
                    1c:7e:58:bc:77:52:a0:ed:a9:38:ae:24:77:1a:45:
                    81:30:50:e1:74:db:f4:82:c2:fc:2c:40:01:b3:b0:
                    d4:0f:c1:c8:0a:71:b6:3d:ed:20:53:d2:f5:74:4d:
                    84:0f:c0:75:1e:4e:0e:8f:f8:e2:ff:3f:c2:dc:32:
                    da:11:5f:f0:ed:d8:79:72:d1:0c:f9:10:6c:1f:10:
                    21:d6:78:6e:0d:f1:b8:d2:e3:8e:b2:ce:84:9a:39:
                    27:6f:99:2e:2d:e3:c1:3c:88:d7:cf:80:77:46:1f:
                    74:ae:51:24:8b:a2:7c:12:6c:d0:da:4e:b9:da:84:
                    e8:53:3f:07:d5:7c:4f:dc:0e:17:15:fa:bd:1c:93:
                    02:8e:e3:8a:12:c3:a5:bf:81:64:37:77:5a:fd:29:
                    58:61:e1:a8:60:e2:2b:6b:b3:ae:2f:ff:b8:e6:4c:
                    e0:d2:4b:df:a0:5a:84:19:8c:27:1a:e0:4f:a6:29:
                    9a:b7:34:40:75:aa:1b:e9:5f:50:39:3b:77:58:6c:
                    02:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:01:EC:CA:02:8C:AA:93:FA:A5:8C:D5:D8:D0:8B:1F:64:63:F6:EA
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/6c528cd7-1fb7-3869-925c-337da7cb4f2e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/18800324-5150-4981-a144-bdb80e6bcb7c.crl

            X509v3 Authority Key Identifier:
                keyid:11:6B:47:33:36:D9:E8:9D:B5:96:1B:5E:EF:A3:40:22:AE:DE:69:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  50.117.45.0/24
                  50.117.96.0/24
                  50.118.248.0/24
                  50.118.255.0/24
                  104.164.180.0/24
                  104.165.29.0/24
                  104.165.73.0/24
                  104.165.78.0/24
                  104.165.81.0/24
                  104.165.83.0/24
                  104.165.91.0/24
                  104.165.107.0/24
                  104.165.109.0/24
                  104.165.114.0/24
                  104.165.120.0/24
                  104.165.134.0/24
                  104.253.11.0-104.253.12.255
                  104.253.29.0/24
                  104.253.57.0/24
                  104.253.63.0/24
                  104.253.96.0/24
                  107.164.85.0/24
                  107.164.145.0/24
                  107.164.199.0-107.164.200.255
                  142.111.219.0/24
                  142.252.51.0-142.252.52.255
                  166.88.149.0/24
                  172.120.14.0/24
                  172.252.215.0/24

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         65:c0:f9:c1:e1:67:ec:38:de:1d:c7:c9:f3:fa:40:47:0b:de:
         67:c5:5c:68:2c:31:26:d5:81:48:28:36:0d:94:84:0c:c8:67:
         28:aa:ca:72:9f:56:7a:23:81:18:aa:03:27:54:a5:dd:dd:71:
         4e:4a:53:1a:8d:0e:23:a3:99:d7:1f:f8:6a:c9:76:0a:34:6a:
         e5:56:6c:b8:51:78:d5:6c:0b:00:d9:1d:f6:bc:4e:bf:4d:13:
         91:a2:b3:5b:12:43:ad:9f:bf:64:f7:18:3e:ff:38:d8:ce:8e:
         68:ae:28:8d:d6:29:0c:89:c7:77:79:9b:3e:14:0a:f4:37:21:
         e8:72:78:76:6a:b6:cb:4e:54:62:07:44:ca:76:80:02:2f:88:
         1c:6b:24:67:01:4a:c9:d5:06:30:43:b0:ed:8b:49:75:ea:d4:
         d1:e8:04:ca:d0:93:1e:66:7f:a1:f5:1d:76:94:20:01:ea:3d:
         97:4c:1f:9d:44:4b:b9:f3:03:a9:87:f1:f4:27:eb:35:81:5d:
         30:9e:0f:73:ae:c4:76:5e:48:57:99:5e:43:21:ee:a7:17:1f:
         af:0d:21:b3:0b:d3:d3:3e:1f:c9:42:98:9f:f5:60:54:13:95:
         23:18:29:78:6d:2a:24:91:6d:1a:bb:ba:76:b3:b3:10:53:ce:
         8e:20:f6:d0
-----BEGIN CERTIFICATE-----
MIIHCDCCBfCgAwIBAgIUAQ0Mn0MoWDwwgHEveutuj5eQuwAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkMTg4MDAzMjQtNTE1MC00OTgxLWExNDQtYmRiODBlNmJj
YjdjMB4XDTIwMDgyNjA0MDAwMFoXDTI0MDMxMjA0MDAwMFowLzEtMCsGA1UEAxMk
NWJiMDZhMjAtMjU5YS00Mjk4LTljZmEtOTMyOWIwOTYwYTQyMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3NTI16byS6YeqwjiozF+NGQEyhOwS1KfWGPT
aqGSdh6/y/QJse8LS5VcMTfaE70NBCFfOds+Ojqoibscfli8d1Kg7ak4riR3GkWB
MFDhdNv0gsL8LEABs7DUD8HICnG2Pe0gU9L1dE2ED8B1Hk4Oj/ji/z/C3DLaEV/w
7dh5ctEM+RBsHxAh1nhuDfG40uOOss6Emjknb5kuLePBPIjXz4B3Rh90rlEki6J8
EmzQ2k652oToUz8H1XxP3A4XFfq9HJMCjuOKEsOlv4FkN3da/SlYYeGoYOIra7Ou
L/+45kzg0kvfoFqEGYwnGuBPpimatzRAdaob6V9QOTt3WGwCvwIDAQABo4IEGjCC
BBYwHQYDVR0OBBYEFKIB7MoCjKqT+qWM1djQix9kY/bqMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzc0NmUwMTExLWZhZmItNDMwZi1iNzc4LWQyMDRjZmNkOTlhOC8xODgw
MDMyNC01MTUwLTQ5ODEtYTE0NC1iZGI4MGU2YmNiN2MvNmM1MjhjZDctMWZiNy0z
ODY5LTkyNWMtMzM3ZGE3Y2I0ZjJlLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy83NDZlMDExMS1m
YWZiLTQzMGYtYjc3OC1kMjA0Y2ZjZDk5YTgvMTg4MDAzMjQtNTE1MC00OTgxLWEx
NDQtYmRiODBlNmJjYjdjLzE4ODAwMzI0LTUxNTAtNDk4MS1hMTQ0LWJkYjgwZTZi
Y2I3Yy5jcmwwHwYDVR0jBBgwFoAUEWtHMzbZ6J21lhte76NAIq7eabYwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzc0NmUwMTExLWZhZmItNDMw
Zi1iNzc4LWQyMDRjZmNkOTlhOC8xODgwMDMyNC01MTUwLTQ5ODEtYTE0NC1iZGI4
MGU2YmNiN2MuY2VyMIHjBggrBgEFBQcBBwEB/wSB0zCB0DCBzQQCAAEwgcYDBAAy
dS0DBAAydWADBAAydvgDBAAydv8DBABopLQDBABopR0DBABopUkDBABopU4DBABo
pVEDBABopVMDBABopVsDBABopWsDBABopW0DBABopXIDBABopXgDBABopYYwDAME
AGj9CwMEAGj9DAMEAGj9HQMEAGj9OQMEAGj9PwMEAGj9YAMEAGukVQMEAGukkTAM
AwQAa6THAwQAa6TIAwQAjm/bMAwDBACO/DMDBACO/DQDBACmWJUDBACseA4DBACs
/NcwVAYDVR0gAQH/BEowSDBGBggrBgEFBQcOAjA6MDgGCCsGAQUFBwIBFixodHRw
czovL3d3dy5hcmluLm5ldC9yZXNvdXJjZXMvcnBraS9jcHMuaHRtbDANBgkqhkiG
9w0BAQsFAAOCAQEAZcD5weFn7DjeHcfJ8/pARwveZ8VcaCwxJtWBSCg2DZSEDMhn
KKrKcp9WeiOBGKoDJ1Sl3d1xTkpTGo0OI6OZ1x/4asl2CjRq5VZsuFF41WwLANkd
9rxOv00TkaKzWxJDrZ+/ZPcYPv842M6OaK4ojdYpDInHd3mbPhQK9Dch6HJ4dmq2
y05UYgdEynaAAi+IHGskZwFKydUGMEOw7YtJderU0egEytCTHmZ/ofUddpQgAeo9
l0wfnURLufMDqYfx9CfrNYFdMJ4Pc67Edl5IV5leQyHupxcfrw0hswvT0z4fyUKY
n/VgVBOVIxgpeG0qJJFtGru6drOzEFPOjiD20A==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:42:08 2024 by rpki-client on console-ams.rpki-client.org