Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/7d43c924-d502-3ce5-b72e-28d8dd0b5bfc.roa
File:                     7d43c924-d502-3ce5-b72e-28d8dd0b5bfc.roa (raw, json)
Hash identifier:          FsaTFy9b0nbW8PBLJmfdEsub3scTwYe4aji1XUcbTWA=
Subject key identifier:   2E:AA:0E:8C:BA:4F:26:1B:53:07:28:76:E4:84:21:13:C1:BA:E1:4D
Certificate issuer:       /CN=18800324-5150-4981-a144-bdb80e6bcb7c
Certificate serial:       010D0C9F4328583CDAA67D300661B9E88A3B0770
Authority key identifier: 11:6B:47:33:36:D9:E8:9D:B5:96:1B:5E:EF:A3:40:22:AE:DE:69:B6
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/7d43c924-d502-3ce5-b72e-28d8dd0b5bfc.roa
Signing time:             Wed 26 Aug 2020 04:00:00 +0000
ROA not before:           Wed 26 Aug 2020 04:00:00 +0000
ROA not after:            Sun 12 May 2024 04:00:00 +0000
asID:                     64267
IP address blocks:        45.38.158.0/24 maxlen: 24
                          23.230.145.0/24 maxlen: 24
                          23.230.217.0/24 maxlen: 24
                          23.230.111.0/24 maxlen: 24
                          23.27.240.0/24 maxlen: 24
                          23.230.42.0/24 maxlen: 24
                          23.230.70.0/24 maxlen: 24
                          23.230.144.0/24 maxlen: 24
                          23.230.167.0/24 maxlen: 24
                          23.230.252.0/24 maxlen: 24
                          45.38.242.0/24 maxlen: 24
                          45.39.72.0/24 maxlen: 24
                          45.39.212.0/24 maxlen: 24
                          45.39.243.0/24 maxlen: 24
                          45.39.249.0/24 maxlen: 24
                          50.118.252.0/24 maxlen: 24
                          104.164.163.0/24 maxlen: 24
                          104.164.183.0/24 maxlen: 24
                          104.165.123.0/24 maxlen: 24
                          104.165.127.0/24 maxlen: 24
                          104.165.169.0/24 maxlen: 24
                          104.165.232.0/24 maxlen: 24
                          104.252.19.0/24 maxlen: 24
                          104.252.28.0/24 maxlen: 24
                          104.252.131.0/24 maxlen: 24
                          104.252.143.0/24 maxlen: 24
                          192.177.33.0/24 maxlen: 24
                          192.177.40.0/24 maxlen: 24
                          192.177.56.0/24 maxlen: 24
                          192.177.69.0/24 maxlen: 24
                          192.177.82.0/24 maxlen: 24
                          192.177.109.0/24 maxlen: 24
                          205.164.11.0/24 maxlen: 24
                          205.164.46.0/24 maxlen: 24
                          216.172.136.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:3c:da:a6:7d:30:06:61:b9:e8:8a:3b:07:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18800324-5150-4981-a144-bdb80e6bcb7c
        Validity
            Not Before: Aug 26 04:00:00 2020 GMT
            Not After : May 12 04:00:00 2024 GMT
        Subject: CN=e7963ea8-9718-4d16-aa4a-f2e58b4ff2e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:5c:fe:3a:61:9a:1f:22:4e:75:a6:22:bb:5b:
                    fb:57:e4:4d:d0:c8:19:22:da:cb:a7:34:a5:7b:74:
                    b3:92:b3:86:9d:60:71:60:38:3f:5c:1b:bc:b7:95:
                    f9:d6:02:4d:09:57:8f:37:ee:84:e3:de:ae:ae:4d:
                    d2:54:7c:ac:c0:da:43:11:4f:ca:48:56:f3:8c:76:
                    49:0b:a3:cc:a3:32:33:e7:c8:5e:29:e1:d9:f3:d3:
                    26:08:42:70:43:44:38:5b:f7:5a:10:57:83:53:20:
                    76:ae:18:d2:f8:e3:d8:a3:77:83:37:20:ee:e2:b8:
                    ab:d7:a3:75:b8:5e:66:91:37:1c:95:0e:08:cc:a5:
                    48:3f:d4:ed:44:f0:cc:69:73:6a:5e:d2:fd:95:ad:
                    12:29:64:41:43:38:fe:e4:44:9d:86:67:ad:9c:67:
                    82:46:0c:50:ed:f4:a8:f4:46:07:69:2a:24:4e:2f:
                    e3:6a:03:7d:6d:d3:6d:e8:7e:d7:41:d7:7a:7a:df:
                    96:35:e0:88:02:bb:20:79:31:de:c0:4b:b8:fb:93:
                    86:53:e2:0b:1c:4d:27:f4:96:7c:f8:4e:1a:52:d5:
                    d0:95:f1:c2:2f:41:97:a0:78:dd:d9:ca:94:e7:eb:
                    67:51:28:ff:e1:f0:c9:d9:48:7b:08:f5:3e:78:d8:
                    1a:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:AA:0E:8C:BA:4F:26:1B:53:07:28:76:E4:84:21:13:C1:BA:E1:4D
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/7d43c924-d502-3ce5-b72e-28d8dd0b5bfc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/18800324-5150-4981-a144-bdb80e6bcb7c.crl

            X509v3 Authority Key Identifier:
                keyid:11:6B:47:33:36:D9:E8:9D:B5:96:1B:5E:EF:A3:40:22:AE:DE:69:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.27.240.0/24
                  23.230.42.0/24
                  23.230.70.0/24
                  23.230.111.0/24
                  23.230.144.0/23
                  23.230.167.0/24
                  23.230.217.0/24
                  23.230.252.0/24
                  45.38.158.0/24
                  45.38.242.0/24
                  45.39.72.0/24
                  45.39.212.0/24
                  45.39.243.0/24
                  45.39.249.0/24
                  50.118.252.0/24
                  104.164.163.0/24
                  104.164.183.0/24
                  104.165.123.0/24
                  104.165.127.0/24
                  104.165.169.0/24
                  104.165.232.0/24
                  104.252.19.0/24
                  104.252.28.0/24
                  104.252.131.0/24
                  104.252.143.0/24
                  192.177.33.0/24
                  192.177.40.0/24
                  192.177.56.0/24
                  192.177.69.0/24
                  192.177.82.0/24
                  192.177.109.0/24
                  205.164.11.0/24
                  205.164.46.0/24
                  216.172.136.0/24

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         43:9b:3d:eb:56:19:9b:97:61:00:be:46:d7:28:7d:7c:1a:64:
         00:0d:6f:74:50:64:33:fe:cf:e8:64:57:b1:8a:1f:57:b3:1b:
         c0:7a:f6:da:14:95:db:c4:eb:e2:b5:90:2e:2b:b4:cd:e9:31:
         77:a1:65:59:02:c7:6d:5c:75:38:74:6a:50:53:8e:e6:64:12:
         af:f5:f1:7f:c3:1c:1c:c4:3e:10:f0:f3:3e:4e:0f:3e:3d:39:
         71:5e:2a:db:64:19:98:68:39:23:b1:f6:56:4f:02:b0:c7:5f:
         c9:d5:a1:4e:d5:42:27:27:05:ac:01:80:03:cf:8d:46:8f:7c:
         1b:c0:de:b3:c9:37:a4:01:d2:1e:07:e7:6a:fa:e8:46:27:d5:
         e4:d8:72:96:8d:59:e5:13:5c:fc:07:34:56:be:28:c6:4b:86:
         b1:ca:20:20:97:19:b5:3e:32:10:fb:87:a3:b3:22:02:33:f0:
         f0:bc:a4:da:d3:d9:b5:64:53:ee:bb:1c:1b:9e:39:11:bd:13:
         49:39:98:d1:ac:1b:70:30:78:a5:e7:dd:57:99:c7:43:52:17:
         5a:f3:1b:b0:a2:00:53:0e:5a:22:fe:77:5e:78:ea:1d:5a:34:
         7b:7d:5d:4d:22:69:44:54:77:e7:d6:cb:ed:2a:39:2a:c9:30:
         aa:f0:13:f1
-----BEGIN CERTIFICATE-----
MIIHDjCCBfagAwIBAgIUAQ0Mn0MoWDzapn0wBmG56Io7B3AwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkMTg4MDAzMjQtNTE1MC00OTgxLWExNDQtYmRiODBlNmJj
YjdjMB4XDTIwMDgyNjA0MDAwMFoXDTI0MDUxMjA0MDAwMFowLzEtMCsGA1UEAxMk
ZTc5NjNlYTgtOTcxOC00ZDE2LWFhNGEtZjJlNThiNGZmMmUzMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7Vz+OmGaHyJOdaYiu1v7V+RN0MgZItrLpzSl
e3SzkrOGnWBxYDg/XBu8t5X51gJNCVePN+6E496urk3SVHyswNpDEU/KSFbzjHZJ
C6PMozIz58heKeHZ89MmCEJwQ0Q4W/daEFeDUyB2rhjS+OPYo3eDNyDu4rir16N1
uF5mkTcclQ4IzKVIP9TtRPDMaXNqXtL9la0SKWRBQzj+5ESdhmetnGeCRgxQ7fSo
9EYHaSokTi/jagN9bdNt6H7XQdd6et+WNeCIArsgeTHewEu4+5OGU+ILHE0n9JZ8
+E4aUtXQlfHCL0GXoHjd2cqU5+tnUSj/4fDJ2Uh7CPU+eNgakwIDAQABo4IEIDCC
BBwwHQYDVR0OBBYEFC6qDoy6TyYbUwcoduSEIRPBuuFNMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzc0NmUwMTExLWZhZmItNDMwZi1iNzc4LWQyMDRjZmNkOTlhOC8xODgw
MDMyNC01MTUwLTQ5ODEtYTE0NC1iZGI4MGU2YmNiN2MvN2Q0M2M5MjQtZDUwMi0z
Y2U1LWI3MmUtMjhkOGRkMGI1YmZjLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy83NDZlMDExMS1m
YWZiLTQzMGYtYjc3OC1kMjA0Y2ZjZDk5YTgvMTg4MDAzMjQtNTE1MC00OTgxLWEx
NDQtYmRiODBlNmJjYjdjLzE4ODAwMzI0LTUxNTAtNDk4MS1hMTQ0LWJkYjgwZTZi
Y2I3Yy5jcmwwHwYDVR0jBBgwFoAUEWtHMzbZ6J21lhte76NAIq7eabYwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzc0NmUwMTExLWZhZmItNDMw
Zi1iNzc4LWQyMDRjZmNkOTlhOC8xODgwMDMyNC01MTUwLTQ5ODEtYTE0NC1iZGI4
MGU2YmNiN2MuY2VyMIHpBggrBgEFBQcBBwEB/wSB2TCB1jCB0wQCAAEwgcwDBAAX
G/ADBAAX5ioDBAAX5kYDBAAX5m8DBAEX5pADBAAX5qcDBAAX5tkDBAAX5vwDBAAt
Jp4DBAAtJvIDBAAtJ0gDBAAtJ9QDBAAtJ/MDBAAtJ/kDBAAydvwDBABopKMDBABo
pLcDBABopXsDBABopX8DBABopakDBABopegDBABo/BMDBABo/BwDBABo/IMDBABo
/I8DBADAsSEDBADAsSgDBADAsTgDBADAsUUDBADAsVIDBADAsW0DBADNpAsDBADN
pC4DBADYrIgwVAYDVR0gAQH/BEowSDBGBggrBgEFBQcOAjA6MDgGCCsGAQUFBwIB
FixodHRwczovL3d3dy5hcmluLm5ldC9yZXNvdXJjZXMvcnBraS9jcHMuaHRtbDAN
BgkqhkiG9w0BAQsFAAOCAQEAQ5s961YZm5dhAL5G1yh9fBpkAA1vdFBkM/7P6GRX
sYofV7MbwHr22hSV28Tr4rWQLiu0zekxd6FlWQLHbVx1OHRqUFOO5mQSr/Xxf8Mc
HMQ+EPDzPk4PPj05cV4q22QZmGg5I7H2Vk8CsMdfydWhTtVCJycFrAGAA8+NRo98
G8Des8k3pAHSHgfnavroRifV5Nhylo1Z5RNc/Ac0Vr4oxkuGscogIJcZtT4yEPuH
o7MiAjPw8Lyk2tPZtWRT7rscG545Eb0TSTmY0awbcDB4pefdV5nHQ1IXWvMbsKIA
Uw5aIv53XnjqHVo0e31dTSJpRFR359bL7So5KskwqvAT8Q==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:42:08 2024 by rpki-client on console-ams.rpki-client.org