Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/8da47a06-14be-360e-99df-bf926e6bc3f9.roa
File:                     8da47a06-14be-360e-99df-bf926e6bc3f9.roa (raw, json)
Hash identifier:          cRcvIQhqhFttmO5YVlqZGJGpHlD0jXD2AXDgJuSOQx8=
Subject key identifier:   0D:34:43:AC:DB:40:68:FE:9A:3D:ED:1A:45:46:76:48:EC:1E:5B:84
Certificate issuer:       /CN=18800324-5150-4981-a144-bdb80e6bcb7c
Certificate serial:       010D0C9F43285844BDF50121161524FFFEBD20E0
Authority key identifier: 11:6B:47:33:36:D9:E8:9D:B5:96:1B:5E:EF:A3:40:22:AE:DE:69:B6
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/8da47a06-14be-360e-99df-bf926e6bc3f9.roa
Signing time:             Thu 01 Feb 2024 02:00:26 +0000
ROA not before:           Thu 01 Feb 2024 02:00:26 +0000
ROA not after:            Wed 01 May 2024 01:00:26 +0000
asID:                     3257
IP address blocks:        107.165.233.0/24 maxlen: 24
                          107.165.241.0/24 maxlen: 24
                          107.165.252.0/24 maxlen: 24
                          136.0.245.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:44:bd:f5:01:21:16:15:24:ff:fe:bd:20:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18800324-5150-4981-a144-bdb80e6bcb7c
        Validity
            Not Before: Feb  1 02:00:26 2024 GMT
            Not After : May  1 01:00:26 2024 GMT
        Subject: CN=bad7a661-ed2c-4d70-94b6-39dbaca780af
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:36:20:cd:38:64:39:72:cb:26:de:59:df:7f:
                    60:31:79:50:bc:a0:9b:2e:97:e4:ff:b3:f0:b8:18:
                    78:cd:06:b5:fe:4e:ba:42:14:7e:dc:1e:6e:b9:0a:
                    8e:d8:88:dd:2e:be:7b:88:55:4d:4e:9d:6a:e3:3a:
                    7b:f2:a4:e0:e0:7f:d3:5d:bc:44:8d:ac:e7:b0:5d:
                    3f:98:76:a4:d9:33:9d:b7:9f:51:f0:bc:c5:86:81:
                    09:cf:56:01:ae:9c:8e:e0:a0:42:d6:f7:13:56:c2:
                    fa:3a:d5:96:47:be:7b:fd:5a:58:44:88:50:3c:39:
                    85:a9:41:cc:a7:41:03:a2:38:ce:48:b1:d4:54:bd:
                    7c:bc:bb:cc:92:a4:f2:90:9a:00:67:95:b1:9b:de:
                    04:12:04:10:a0:d4:02:ef:7f:c1:01:0c:d9:10:6f:
                    86:45:42:04:da:15:b2:50:32:4f:a4:48:82:a9:db:
                    1f:ed:81:b2:c9:61:7f:60:5d:dc:db:2a:ae:a0:6b:
                    80:ae:39:e9:69:41:01:8f:b1:09:8a:1d:0a:b8:06:
                    44:11:11:54:2d:04:50:52:5f:0c:e1:ce:0d:1a:3a:
                    e9:eb:a7:6a:72:80:38:ed:23:f6:11:96:2d:c8:d8:
                    a4:d0:16:9e:4f:f8:eb:ac:79:3d:0a:a8:8f:85:7f:
                    f9:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:34:43:AC:DB:40:68:FE:9A:3D:ED:1A:45:46:76:48:EC:1E:5B:84
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/8da47a06-14be-360e-99df-bf926e6bc3f9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/18800324-5150-4981-a144-bdb80e6bcb7c.crl

            X509v3 Authority Key Identifier:
                keyid:11:6B:47:33:36:D9:E8:9D:B5:96:1B:5E:EF:A3:40:22:AE:DE:69:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  107.165.233.0/24
                  107.165.241.0/24
                  107.165.252.0/24
                  136.0.245.0/24

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         49:98:58:fd:3b:51:c6:04:36:66:09:9e:ab:18:c3:b0:a5:d0:
         a8:87:c7:c4:4a:df:63:34:57:7a:99:9e:78:72:44:bc:e5:7b:
         72:19:6c:00:48:13:1f:19:c2:c9:21:d8:c7:03:96:61:ef:1e:
         d4:5f:24:86:01:f3:8f:16:f5:b1:0d:1e:e6:e5:48:ce:63:a6:
         87:3b:04:c3:be:fe:42:77:9b:f6:f1:60:ae:72:c4:f0:68:22:
         15:ae:32:78:cb:fb:50:f7:f6:11:b2:4b:65:66:5a:4d:dd:06:
         f5:0b:de:23:fe:d6:1b:0b:5d:28:ed:d4:c6:eb:1e:c0:92:1e:
         4a:60:34:5d:a7:b2:1f:67:c6:69:bd:ed:e5:f9:52:ad:11:bd:
         34:be:f4:04:87:8d:ea:72:dc:28:2e:ae:9c:75:6b:65:9e:e1:
         93:23:e9:5a:c7:47:08:64:17:8a:68:e6:1f:76:81:4b:26:72:
         2e:14:a0:6a:38:83:6f:a2:2b:e5:f8:37:9f:a1:b8:0d:4b:21:
         95:f6:82:48:ec:94:04:a2:cf:ea:0c:8d:8e:d0:6d:4d:9b:9b:
         f5:25:09:9d:8f:ee:67:e9:25:f8:77:b8:82:5f:58:f0:e7:d0:
         e4:7e:e3:b7:a8:85:d3:99:74:08:6c:ea:df:7d:82:67:c8:b2:
         e6:66:d7:e8
-----BEGIN CERTIFICATE-----
MIIGVTCCBT2gAwIBAgIUAQ0Mn0MoWES99QEhFhUk//69IOAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkMTg4MDAzMjQtNTE1MC00OTgxLWExNDQtYmRiODBlNmJj
YjdjMB4XDTI0MDIwMTAyMDAyNloXDTI0MDUwMTAxMDAyNlowLzEtMCsGA1UEAxMk
YmFkN2E2NjEtZWQyYy00ZDcwLTk0YjYtMzlkYmFjYTc4MGFmMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAijYgzThkOXLLJt5Z339gMXlQvKCbLpfk/7Pw
uBh4zQa1/k66QhR+3B5uuQqO2IjdLr57iFVNTp1q4zp78qTg4H/TXbxEjaznsF0/
mHak2TOdt59R8LzFhoEJz1YBrpyO4KBC1vcTVsL6OtWWR757/VpYRIhQPDmFqUHM
p0EDojjOSLHUVL18vLvMkqTykJoAZ5Wxm94EEgQQoNQC73/BAQzZEG+GRUIE2hWy
UDJPpEiCqdsf7YGyyWF/YF3c2yquoGuArjnpaUEBj7EJih0KuAZEERFULQRQUl8M
4c4NGjrp66dqcoA47SP2EZYtyNik0BaeT/jrrHk9CqiPhX/5LQIDAQABo4IDZzCC
A2MwHQYDVR0OBBYEFA00Q6zbQGj+mj3tGkVGdkjsHluEMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzc0NmUwMTExLWZhZmItNDMwZi1iNzc4LWQyMDRjZmNkOTlhOC8xODgw
MDMyNC01MTUwLTQ5ODEtYTE0NC1iZGI4MGU2YmNiN2MvOGRhNDdhMDYtMTRiZS0z
NjBlLTk5ZGYtYmY5MjZlNmJjM2Y5LnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy83NDZlMDExMS1m
YWZiLTQzMGYtYjc3OC1kMjA0Y2ZjZDk5YTgvMTg4MDAzMjQtNTE1MC00OTgxLWEx
NDQtYmRiODBlNmJjYjdjLzE4ODAwMzI0LTUxNTAtNDk4MS1hMTQ0LWJkYjgwZTZi
Y2I3Yy5jcmwwHwYDVR0jBBgwFoAUEWtHMzbZ6J21lhte76NAIq7eabYwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzc0NmUwMTExLWZhZmItNDMw
Zi1iNzc4LWQyMDRjZmNkOTlhOC8xODgwMDMyNC01MTUwLTQ5ODEtYTE0NC1iZGI4
MGU2YmNiN2MuY2VyMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAa6XpAwQA
a6XxAwQAa6X8AwQAiAD1MFQGA1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4Bggr
BgEFBQcCARYsaHR0cHM6Ly93d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3Bz
Lmh0bWwwDQYJKoZIhvcNAQELBQADggEBAEmYWP07UcYENmYJnqsYw7Cl0KiHx8RK
32M0V3qZnnhyRLzle3IZbABIEx8Zwskh2McDlmHvHtRfJIYB848W9bENHublSM5j
poc7BMO+/kJ3m/bxYK5yxPBoIhWuMnjL+1D39hGyS2VmWk3dBvUL3iP+1hsLXSjt
1MbrHsCSHkpgNF2nsh9nxmm97eX5Uq0RvTS+9ASHjepy3Cgurpx1a2We4ZMj6VrH
RwhkF4po5h92gUsmci4UoGo4g2+iK+X4N5+huA1LIZX2gkjslASiz+oMjY7QbU2b
m/UlCZ2P7mfpJfh3uIJfWPDn0OR+47eohdOZdAhs6t99gmfIsuZm1+g=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:10:27 2024 by rpki-client on console-fra.rpki-client.org