Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/9462ce5a-4782-3599-b89d-141c9d45276e.roa
File:                     9462ce5a-4782-3599-b89d-141c9d45276e.roa (raw, json)
Hash identifier:          P+uhp+/8tY6uwsjZJ64+QZWLyQEBH8imBXasSoERfgc=
Subject key identifier:   0F:53:97:BA:0B:D5:32:71:E3:9A:BA:7B:90:6D:6D:40:7A:2D:FF:BF
Certificate issuer:       /CN=18800324-5150-4981-a144-bdb80e6bcb7c
Certificate serial:       010D0C9F43285842AE82DD1F2B97768750C6D380
Authority key identifier: 11:6B:47:33:36:D9:E8:9D:B5:96:1B:5E:EF:A3:40:22:AE:DE:69:B6
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/9462ce5a-4782-3599-b89d-141c9d45276e.roa
Signing time:             Thu 27 Jul 2023 03:39:35 +0000
ROA not before:           Thu 27 Jul 2023 03:39:35 +0000
ROA not after:            Wed 25 Oct 2023 03:39:35 +0000
asID:                     1239
IP address blocks:        104.253.132.0/24 maxlen: 24
                          50.117.45.0/24 maxlen: 24
                          23.27.243.0/24 maxlen: 24
                          23.27.14.0/24 maxlen: 24
                          23.27.23.0/24 maxlen: 24
                          23.27.127.0/24 maxlen: 24
                          23.27.248.0/24 maxlen: 24
                          23.230.29.0/24 maxlen: 24
                          23.230.67.0/24 maxlen: 24
                          50.117.96.0/24 maxlen: 24
                          50.118.255.0/24 maxlen: 24
                          104.164.180.0/24 maxlen: 24
                          104.165.29.0/24 maxlen: 24
                          104.165.120.0/24 maxlen: 24
                          104.165.134.0/24 maxlen: 24
                          104.253.106.0/24 maxlen: 24
                          104.253.139.0/24 maxlen: 24
                          104.253.144.0/24 maxlen: 24
                          104.253.146.0/24 maxlen: 24
                          104.253.150.0/24 maxlen: 24
                          107.164.85.0/24 maxlen: 24
                          107.164.145.0/24 maxlen: 24
                          107.164.199.0/24 maxlen: 24
                          107.164.200.0/24 maxlen: 24
                          107.165.138.0/24 maxlen: 24
                          107.165.161.0/24 maxlen: 24
                          107.165.194.0/24 maxlen: 24
                          107.186.35.0/24 maxlen: 24
                          136.0.47.0/24 maxlen: 24
                          136.0.67.0/24 maxlen: 24
                          136.0.99.0/24 maxlen: 24
                          136.0.226.0/24 maxlen: 24
                          142.111.219.0/24 maxlen: 24
                          142.252.51.0/24 maxlen: 24
                          142.252.52.0/24 maxlen: 24
                          166.88.149.0/24 maxlen: 24
                          172.120.14.0/24 maxlen: 24
                          172.252.25.0/24 maxlen: 24
                          172.252.28.0/24 maxlen: 24
                          172.252.54.0/24 maxlen: 24
                          172.252.55.0/24 maxlen: 24
                          172.252.135.0/24 maxlen: 24
                          172.252.137.0/24 maxlen: 24
                          172.252.139.0/24 maxlen: 24
                          172.252.168.0/24 maxlen: 24
                          172.252.215.0/24 maxlen: 24
                          173.245.84.0/24 maxlen: 24
                          205.164.9.0/24 maxlen: 24
                          205.164.32.0/24 maxlen: 24
                          205.164.59.0/24 maxlen: 24
                          209.73.132.0/24 maxlen: 24
                          209.73.136.0/24 maxlen: 24
                          209.73.137.0/24 maxlen: 24
                          216.172.135.0/24 maxlen: 24
                          216.172.138.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:42:ae:82:dd:1f:2b:97:76:87:50:c6:d3:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18800324-5150-4981-a144-bdb80e6bcb7c
        Validity
            Not Before: Jul 27 03:39:35 2023 GMT
            Not After : Oct 25 03:39:35 2023 GMT
        Subject: CN=eb379b2c-f01c-488b-8d3b-76f2694af5f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:32:9d:96:26:83:20:8c:4d:bc:ba:cb:4b:b7:
                    e5:1c:5d:6c:ea:2d:64:7a:28:6b:c4:04:11:f3:8e:
                    40:74:9d:44:ef:c3:dc:97:79:aa:2e:96:29:37:88:
                    ad:ac:05:36:15:18:5f:07:ed:d3:5b:92:3d:3d:e4:
                    18:3e:a9:9b:4f:e4:89:7b:bb:cd:f1:d8:14:6a:8c:
                    ba:4c:23:fc:1b:3b:0a:ed:b8:9b:44:c4:d9:34:29:
                    46:17:19:21:cc:79:f0:f8:7f:f6:b9:54:8a:ac:b8:
                    e0:88:cf:30:0f:a8:8f:a8:0b:bd:5f:fe:e9:6e:82:
                    37:f5:c1:54:9c:33:b6:64:a7:25:9d:23:be:44:cc:
                    3e:99:04:c2:ac:da:78:8e:ba:aa:ed:79:37:e4:df:
                    75:54:d7:68:f8:a1:ad:e8:97:8e:60:87:cb:1f:18:
                    6f:4f:5c:7c:60:42:54:44:08:d0:be:24:43:7c:dc:
                    ab:32:af:c6:3a:4d:0b:20:06:a6:da:6c:0e:9f:2b:
                    d3:59:2c:ff:9e:f3:e1:7c:58:ca:1c:fd:18:e4:6e:
                    a9:32:9b:bc:14:6e:7e:4d:40:43:81:bb:a1:eb:1f:
                    77:8f:4d:eb:d5:88:f2:a9:d0:9f:bb:2c:63:d0:b0:
                    f7:32:f5:8f:59:09:4e:0f:b4:d1:01:f2:dc:f6:c6:
                    fb:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:53:97:BA:0B:D5:32:71:E3:9A:BA:7B:90:6D:6D:40:7A:2D:FF:BF
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/9462ce5a-4782-3599-b89d-141c9d45276e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/18800324-5150-4981-a144-bdb80e6bcb7c.crl

            X509v3 Authority Key Identifier:
                keyid:11:6B:47:33:36:D9:E8:9D:B5:96:1B:5E:EF:A3:40:22:AE:DE:69:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.27.14.0/24
                  23.27.23.0/24
                  23.27.127.0/24
                  23.27.243.0/24
                  23.27.248.0/24
                  23.230.29.0/24
                  23.230.67.0/24
                  50.117.45.0/24
                  50.117.96.0/24
                  50.118.255.0/24
                  104.164.180.0/24
                  104.165.29.0/24
                  104.165.120.0/24
                  104.165.134.0/24
                  104.253.106.0/24
                  104.253.132.0/24
                  104.253.139.0/24
                  104.253.144.0/24
                  104.253.146.0/24
                  104.253.150.0/24
                  107.164.85.0/24
                  107.164.145.0/24
                  107.164.199.0-107.164.200.255
                  107.165.138.0/24
                  107.165.161.0/24
                  107.165.194.0/24
                  107.186.35.0/24
                  136.0.47.0/24
                  136.0.67.0/24
                  136.0.99.0/24
                  136.0.226.0/24
                  142.111.219.0/24
                  142.252.51.0-142.252.52.255
                  166.88.149.0/24
                  172.120.14.0/24
                  172.252.25.0/24
                  172.252.28.0/24
                  172.252.54.0/23
                  172.252.135.0/24
                  172.252.137.0/24
                  172.252.139.0/24
                  172.252.168.0/24
                  172.252.215.0/24
                  173.245.84.0/24
                  205.164.9.0/24
                  205.164.32.0/24
                  205.164.59.0/24
                  209.73.132.0/24
                  209.73.136.0/23
                  216.172.135.0/24
                  216.172.138.0/24

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         2e:24:37:b9:5f:a2:7e:0c:00:2d:48:c5:6f:cf:ff:04:f1:28:
         bb:20:32:fe:4f:0c:14:fc:ec:dc:c4:87:6d:4c:51:5b:d1:cb:
         77:e6:87:9a:4f:3f:6a:e5:58:c0:cd:11:eb:df:0b:d5:0c:e5:
         61:eb:d2:ba:66:28:09:34:b4:74:db:d5:2d:e5:de:cb:b6:b3:
         a1:1e:3d:c8:1f:28:92:f9:8b:b8:d0:01:0a:3e:87:91:60:2f:
         1f:f9:8a:df:e4:79:79:b7:49:98:b5:af:f7:42:4d:3e:91:cc:
         9d:51:3d:b5:a5:e1:93:d9:3e:e2:71:f1:4e:ea:74:82:1d:6f:
         80:a2:dd:da:87:b4:9e:fb:8e:08:87:04:a8:03:18:c2:26:72:
         04:5c:fd:7c:11:69:f2:48:ec:08:6b:d2:86:03:7d:98:a1:31:
         a3:4c:c3:8b:38:3d:37:7c:9f:de:aa:21:04:c4:a2:f5:f6:c5:
         ab:e6:fd:0f:7c:0a:4c:0a:ff:39:66:d1:15:6b:75:4f:6f:e5:
         0f:88:27:f1:d2:46:81:9a:e2:f1:16:90:17:81:81:c6:21:63:
         c9:29:4d:8a:1b:74:67:88:72:e3:e6:48:b2:b1:32:10:99:ac:
         6e:45:68:02:4e:cf:4d:35:57:ef:8f:f7:d0:32:e8:fd:60:fb:
         c1:c9:28:57
-----BEGIN CERTIFICATE-----
MIIHiTCCBnGgAwIBAgIUAQ0Mn0MoWEKugt0fK5d2h1DG04AwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkMTg4MDAzMjQtNTE1MC00OTgxLWExNDQtYmRiODBlNmJj
YjdjMB4XDTIzMDcyNzAzMzkzNVoXDTIzMTAyNTAzMzkzNVowLzEtMCsGA1UEAxMk
ZWIzNzliMmMtZjAxYy00ODhiLThkM2ItNzZmMjY5NGFmNWYyMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAizKdliaDIIxNvLrLS7flHF1s6i1keihrxAQR
845AdJ1E78Pcl3mqLpYpN4itrAU2FRhfB+3TW5I9PeQYPqmbT+SJe7vN8dgUaoy6
TCP8GzsK7bibRMTZNClGFxkhzHnw+H/2uVSKrLjgiM8wD6iPqAu9X/7pboI39cFU
nDO2ZKclnSO+RMw+mQTCrNp4jrqq7Xk35N91VNdo+KGt6JeOYIfLHxhvT1x8YEJU
RAjQviRDfNyrMq/GOk0LIAam2mwOnyvTWSz/nvPhfFjKHP0Y5G6pMpu8FG5+TUBD
gbuh6x93j03r1YjyqdCfuyxj0LD3MvWPWQlOD7TRAfLc9sb7NwIDAQABo4IEmzCC
BJcwHQYDVR0OBBYEFA9Tl7oL1TJx45q6e5BtbUB6Lf+/MIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzc0NmUwMTExLWZhZmItNDMwZi1iNzc4LWQyMDRjZmNkOTlhOC8xODgw
MDMyNC01MTUwLTQ5ODEtYTE0NC1iZGI4MGU2YmNiN2MvOTQ2MmNlNWEtNDc4Mi0z
NTk5LWI4OWQtMTQxYzlkNDUyNzZlLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy83NDZlMDExMS1m
YWZiLTQzMGYtYjc3OC1kMjA0Y2ZjZDk5YTgvMTg4MDAzMjQtNTE1MC00OTgxLWEx
NDQtYmRiODBlNmJjYjdjLzE4ODAwMzI0LTUxNTAtNDk4MS1hMTQ0LWJkYjgwZTZi
Y2I3Yy5jcmwwHwYDVR0jBBgwFoAUEWtHMzbZ6J21lhte76NAIq7eabYwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzc0NmUwMTExLWZhZmItNDMw
Zi1iNzc4LWQyMDRjZmNkOTlhOC8xODgwMDMyNC01MTUwLTQ5ODEtYTE0NC1iZGI4
MGU2YmNiN2MuY2VyMIIBYwYIKwYBBQUHAQcBAf8EggFSMIIBTjCCAUoEAgABMIIB
QgMEABcbDgMEABcbFwMEABcbfwMEABcb8wMEABcb+AMEABfmHQMEABfmQwMEADJ1
LQMEADJ1YAMEADJ2/wMEAGiktAMEAGilHQMEAGileAMEAGilhgMEAGj9agMEAGj9
hAMEAGj9iwMEAGj9kAMEAGj9kgMEAGj9lgMEAGukVQMEAGukkTAMAwQAa6THAwQA
a6TIAwQAa6WKAwQAa6WhAwQAa6XCAwQAa7ojAwQAiAAvAwQAiABDAwQAiABjAwQA
iADiAwQAjm/bMAwDBACO/DMDBACO/DQDBACmWJUDBACseA4DBACs/BkDBACs/BwD
BAGs/DYDBACs/IcDBACs/IkDBACs/IsDBACs/KgDBACs/NcDBACt9VQDBADNpAkD
BADNpCADBADNpDsDBADRSYQDBAHRSYgDBADYrIcDBADYrIowVAYDVR0gAQH/BEow
SDBGBggrBgEFBQcOAjA6MDgGCCsGAQUFBwIBFixodHRwczovL3d3dy5hcmluLm5l
dC9yZXNvdXJjZXMvcnBraS9jcHMuaHRtbDANBgkqhkiG9w0BAQsFAAOCAQEALiQ3
uV+ifgwALUjFb8//BPEouyAy/k8MFPzs3MSHbUxRW9HLd+aHmk8/auVYwM0R698L
1QzlYevSumYoCTS0dNvVLeXey7azoR49yB8okvmLuNABCj6HkWAvH/mK3+R5ebdJ
mLWv90JNPpHMnVE9taXhk9k+4nHxTup0gh1vgKLd2oe0nvuOCIcEqAMYwiZyBFz9
fBFp8kjsCGvShgN9mKExo0zDizg9N3yf3qohBMSi9fbFq+b9D3wKTAr/OWbRFWt1
T2/lD4gn8dJGgZri8RaQF4GBxiFjySlNiht0Z4hy4+ZIsrEyEJmsbkVoAk7PTTVX
74/30DLo/WD7wckoVw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:42:09 2024 by rpki-client on console-ams.rpki-client.org