Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/97648213-6d61-3b68-a6a7-a8c71c983847.roa
File:                     97648213-6d61-3b68-a6a7-a8c71c983847.roa (raw, json)
Hash identifier:          MzPWAYCfaxtsgVRuexc9qSM1voc0No152Ihs/8lgTCs=
Subject key identifier:   5D:AD:11:AA:34:92:F8:BD:FF:86:F8:34:C6:F4:A4:EF:1A:EA:8D:29
Certificate issuer:       /CN=18800324-5150-4981-a144-bdb80e6bcb7c
Certificate serial:       010D0C9F4328583729BD2D08C68ED9FDDD91EF00
Authority key identifier: 11:6B:47:33:36:D9:E8:9D:B5:96:1B:5E:EF:A3:40:22:AE:DE:69:B6
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/97648213-6d61-3b68-a6a7-a8c71c983847.roa
Signing time:             Tue 01 Sep 2020 04:00:00 +0000
ROA not before:           Tue 01 Sep 2020 04:00:00 +0000
ROA not after:            Thu 15 Sep 2022 04:00:00 +0000
asID:                     212715
IP address blocks:        104.253.96.0/24 maxlen: 24
                          173.245.84.0/24 maxlen: 24
                          209.73.136.0/24 maxlen: 24
                          104.165.109.0/24 maxlen: 24
                          104.165.107.0/24 maxlen: 24
                          104.165.83.0/24 maxlen: 24
                          104.165.78.0/24 maxlen: 24
                          104.165.29.0/24 maxlen: 24
                          23.230.67.0/24 maxlen: 24
                          23.27.248.0/24 maxlen: 24
                          23.27.127.0/24 maxlen: 24
                          23.27.14.0/24 maxlen: 24
                          23.27.23.0/24 maxlen: 24
                          23.27.243.0/24 maxlen: 24
                          23.230.29.0/24 maxlen: 24
                          50.117.45.0/24 maxlen: 24
                          50.117.96.0/24 maxlen: 24
                          50.118.248.0/24 maxlen: 24
                          50.118.255.0/24 maxlen: 24
                          104.164.180.0/24 maxlen: 24
                          104.165.73.0/24 maxlen: 24
                          104.165.81.0/24 maxlen: 24
                          104.165.91.0/24 maxlen: 24
                          104.165.114.0/24 maxlen: 24
                          104.165.120.0/24 maxlen: 24
                          104.165.134.0/24 maxlen: 24
                          104.253.11.0/24 maxlen: 24
                          104.253.12.0/24 maxlen: 24
                          104.253.29.0/24 maxlen: 24
                          104.253.57.0/24 maxlen: 24
                          104.253.63.0/24 maxlen: 24
                          104.253.106.0/24 maxlen: 24
                          104.253.132.0/24 maxlen: 24
                          104.253.139.0/24 maxlen: 24
                          104.253.141.0/24 maxlen: 24
                          104.253.143.0/24 maxlen: 24
                          104.253.144.0/24 maxlen: 24
                          104.253.146.0/24 maxlen: 24
                          104.253.150.0/24 maxlen: 24
                          107.164.85.0/24 maxlen: 24
                          107.164.199.0/24 maxlen: 24
                          107.164.145.0/24 maxlen: 24
                          107.164.200.0/24 maxlen: 24
                          107.165.138.0/24 maxlen: 24
                          107.165.161.0/24 maxlen: 24
                          216.172.138.0/24 maxlen: 24
                          216.172.135.0/24 maxlen: 24
                          209.73.132.0/24 maxlen: 24
                          209.73.137.0/24 maxlen: 24
                          205.164.9.0/24 maxlen: 24
                          205.164.32.0/24 maxlen: 24
                          205.164.59.0/24 maxlen: 24
                          136.0.47.0/24 maxlen: 24
                          136.0.67.0/24 maxlen: 24
                          136.0.99.0/24 maxlen: 24
                          136.0.226.0/24 maxlen: 24
                          142.111.219.0/24 maxlen: 24
                          142.252.51.0/24 maxlen: 24
                          142.252.52.0/24 maxlen: 24
                          166.88.149.0/24 maxlen: 24
                          172.120.14.0/24 maxlen: 24
                          172.252.215.0/24 maxlen: 24
                          107.186.35.0/24 maxlen: 24
                          107.165.194.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:37:29:bd:2d:08:c6:8e:d9:fd:dd:91:ef:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18800324-5150-4981-a144-bdb80e6bcb7c
        Validity
            Not Before: Sep  1 04:00:00 2020 GMT
            Not After : Sep 15 04:00:00 2022 GMT
        Subject: CN=302e53cf-b53a-43e1-88af-97e83c7c2ce4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:fa:38:3f:12:5b:f9:fa:7d:2b:8a:dd:9f:8b:
                    41:3b:bd:1c:d2:86:e7:41:d0:78:0c:93:c1:90:54:
                    c2:30:79:c9:98:45:53:78:54:d3:06:7d:c8:ce:ed:
                    9f:da:92:50:7a:80:a1:b8:0a:1b:ac:43:a0:21:b8:
                    9e:43:33:27:61:7b:ff:e7:78:6c:ef:4f:83:b2:83:
                    66:41:3c:6e:d1:2d:d6:01:1f:12:00:e2:95:9a:b6:
                    36:80:de:a0:ae:a2:c0:3d:e9:d2:ad:9a:43:06:3c:
                    c2:5b:b3:2c:d8:91:85:10:23:1c:3d:f3:66:1b:8f:
                    fb:9e:1a:ef:22:91:91:ac:51:59:1a:22:80:a2:e8:
                    1e:c1:92:71:b4:d0:ce:9d:27:93:b1:df:6b:c6:a7:
                    21:5d:e4:4a:a1:22:36:95:19:17:e9:40:38:7c:4a:
                    3d:d4:96:32:21:56:3e:e5:b4:66:b5:33:4a:2e:3e:
                    46:34:d3:27:59:49:7f:d7:98:c3:05:8c:f3:72:de:
                    a2:01:36:e0:c9:6e:39:cb:59:86:32:8b:73:d2:17:
                    6a:a8:3a:f1:f1:e8:c1:7a:ca:20:5d:2a:3a:78:c1:
                    68:d5:37:f4:0a:c7:49:a6:93:a6:e9:b6:81:a4:6a:
                    8b:cf:a9:a9:8f:57:c8:3b:00:36:f1:56:ba:54:73:
                    6c:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:AD:11:AA:34:92:F8:BD:FF:86:F8:34:C6:F4:A4:EF:1A:EA:8D:29
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/97648213-6d61-3b68-a6a7-a8c71c983847.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/18800324-5150-4981-a144-bdb80e6bcb7c.crl

            X509v3 Authority Key Identifier:
                keyid:11:6B:47:33:36:D9:E8:9D:B5:96:1B:5E:EF:A3:40:22:AE:DE:69:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.27.14.0/24
                  23.27.23.0/24
                  23.27.127.0/24
                  23.27.243.0/24
                  23.27.248.0/24
                  23.230.29.0/24
                  23.230.67.0/24
                  50.117.45.0/24
                  50.117.96.0/24
                  50.118.248.0/24
                  50.118.255.0/24
                  104.164.180.0/24
                  104.165.29.0/24
                  104.165.73.0/24
                  104.165.78.0/24
                  104.165.81.0/24
                  104.165.83.0/24
                  104.165.91.0/24
                  104.165.107.0/24
                  104.165.109.0/24
                  104.165.114.0/24
                  104.165.120.0/24
                  104.165.134.0/24
                  104.253.11.0-104.253.12.255
                  104.253.29.0/24
                  104.253.57.0/24
                  104.253.63.0/24
                  104.253.96.0/24
                  104.253.106.0/24
                  104.253.132.0/24
                  104.253.139.0/24
                  104.253.141.0/24
                  104.253.143.0-104.253.144.255
                  104.253.146.0/24
                  104.253.150.0/24
                  107.164.85.0/24
                  107.164.145.0/24
                  107.164.199.0-107.164.200.255
                  107.165.138.0/24
                  107.165.161.0/24
                  107.165.194.0/24
                  107.186.35.0/24
                  136.0.47.0/24
                  136.0.67.0/24
                  136.0.99.0/24
                  136.0.226.0/24
                  142.111.219.0/24
                  142.252.51.0-142.252.52.255
                  166.88.149.0/24
                  172.120.14.0/24
                  172.252.215.0/24
                  173.245.84.0/24
                  205.164.9.0/24
                  205.164.32.0/24
                  205.164.59.0/24
                  209.73.132.0/24
                  209.73.136.0/23
                  216.172.135.0/24
                  216.172.138.0/24

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         34:03:ce:c9:d9:cc:39:b8:15:dc:e1:62:cf:f0:65:a2:23:4f:
         5e:1a:90:bb:89:ae:dd:9a:e4:93:bf:84:22:76:ef:33:47:9c:
         d6:99:6f:cc:d6:3e:12:07:7d:2e:7d:6a:89:53:33:57:f7:e0:
         31:bd:a2:3d:99:f7:73:74:97:77:d8:1c:e5:18:7e:15:bf:8c:
         9e:95:fa:f8:67:db:56:2b:41:90:a5:48:0c:a3:56:81:9d:98:
         25:2a:13:7e:1c:28:6b:42:d9:8b:78:23:2f:9f:c3:9f:cc:42:
         06:f7:70:a3:6b:7c:cd:fa:5d:37:43:8a:f3:f6:2f:b4:39:62:
         1d:ca:c4:40:af:62:73:51:4a:9a:5f:d6:b6:c6:98:e7:c5:9e:
         3a:02:a5:9c:ca:e1:e6:72:2d:15:f8:0c:b8:93:6f:d4:d0:a0:
         a7:38:1d:66:f8:7e:2e:9e:7a:f3:d5:a3:aa:13:f4:e2:cc:32:
         bc:1d:4c:54:0c:ae:78:b2:9e:55:5b:1a:99:b3:50:c9:60:21:
         0a:23:99:0b:03:97:cb:f0:11:6a:00:18:64:bc:c3:fa:94:d1:
         2a:c9:01:cb:fd:a3:f9:69:5a:42:b9:77:37:29:a6:79:08:c8:
         c3:d5:e3:37:4e:c3:b4:03:61:82:7c:46:f7:b8:94:f3:78:91:
         cb:1b:c5:49
-----BEGIN CERTIFICATE-----
MIIHyTCCBrGgAwIBAgIUAQ0Mn0MoWDcpvS0Ixo7Z/d2R7wAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkMTg4MDAzMjQtNTE1MC00OTgxLWExNDQtYmRiODBlNmJj
YjdjMB4XDTIwMDkwMTA0MDAwMFoXDTIyMDkxNTA0MDAwMFowLzEtMCsGA1UEAxMk
MzAyZTUzY2YtYjUzYS00M2UxLTg4YWYtOTdlODNjN2MyY2U0MIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkPo4PxJb+fp9K4rdn4tBO70c0obnQdB4DJPB
kFTCMHnJmEVTeFTTBn3Izu2f2pJQeoChuAobrEOgIbieQzMnYXv/53hs70+DsoNm
QTxu0S3WAR8SAOKVmrY2gN6grqLAPenSrZpDBjzCW7Ms2JGFECMcPfNmG4/7nhrv
IpGRrFFZGiKAougewZJxtNDOnSeTsd9rxqchXeRKoSI2lRkX6UA4fEo91JYyIVY+
5bRmtTNKLj5GNNMnWUl/15jDBYzzct6iATbgyW45y1mGMotz0hdqqDrx8ejBesog
XSo6eMFo1Tf0CsdJppOm6baBpGqLz6mpj1fIOwA28Va6VHNsZwIDAQABo4IE2zCC
BNcwHQYDVR0OBBYEFF2tEao0kvi9/4b4NMb0pO8a6o0pMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzc0NmUwMTExLWZhZmItNDMwZi1iNzc4LWQyMDRjZmNkOTlhOC8xODgw
MDMyNC01MTUwLTQ5ODEtYTE0NC1iZGI4MGU2YmNiN2MvOTc2NDgyMTMtNmQ2MS0z
YjY4LWE2YTctYThjNzFjOTgzODQ3LnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy83NDZlMDExMS1m
YWZiLTQzMGYtYjc3OC1kMjA0Y2ZjZDk5YTgvMTg4MDAzMjQtNTE1MC00OTgxLWEx
NDQtYmRiODBlNmJjYjdjLzE4ODAwMzI0LTUxNTAtNDk4MS1hMTQ0LWJkYjgwZTZi
Y2I3Yy5jcmwwHwYDVR0jBBgwFoAUEWtHMzbZ6J21lhte76NAIq7eabYwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzc0NmUwMTExLWZhZmItNDMw
Zi1iNzc4LWQyMDRjZmNkOTlhOC8xODgwMDMyNC01MTUwLTQ5ODEtYTE0NC1iZGI4
MGU2YmNiN2MuY2VyMIIBowYIKwYBBQUHAQcBAf8EggGSMIIBjjCCAYoEAgABMIIB
ggMEABcbDgMEABcbFwMEABcbfwMEABcb8wMEABcb+AMEABfmHQMEABfmQwMEADJ1
LQMEADJ1YAMEADJ2+AMEADJ2/wMEAGiktAMEAGilHQMEAGilSQMEAGilTgMEAGil
UQMEAGilUwMEAGilWwMEAGilawMEAGilbQMEAGilcgMEAGileAMEAGilhjAMAwQA
aP0LAwQAaP0MAwQAaP0dAwQAaP05AwQAaP0/AwQAaP1gAwQAaP1qAwQAaP2EAwQA
aP2LAwQAaP2NMAwDBABo/Y8DBABo/ZADBABo/ZIDBABo/ZYDBABrpFUDBABrpJEw
DAMEAGukxwMEAGukyAMEAGuligMEAGuloQMEAGulwgMEAGu6IwMEAIgALwMEAIgA
QwMEAIgAYwMEAIgA4gMEAI5v2zAMAwQAjvwzAwQAjvw0AwQApliVAwQArHgOAwQA
rPzXAwQArfVUAwQAzaQJAwQAzaQgAwQAzaQ7AwQA0UmEAwQB0UmIAwQA2KyHAwQA
2KyKMFQGA1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0
cHM6Ly93d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZI
hvcNAQELBQADggEBADQDzsnZzDm4FdzhYs/wZaIjT14akLuJrt2a5JO/hCJ27zNH
nNaZb8zWPhIHfS59aolTM1f34DG9oj2Z93N0l3fYHOUYfhW/jJ6V+vhn21YrQZCl
SAyjVoGdmCUqE34cKGtC2Yt4Iy+fw5/MQgb3cKNrfM36XTdDivP2L7Q5Yh3KxECv
YnNRSppf1rbGmOfFnjoCpZzK4eZyLRX4DLiTb9TQoKc4HWb4fi6eevPVo6oT9OLM
MrwdTFQMrniynlVbGpmzUMlgIQojmQsDl8vwEWoAGGS8w/qU0SrJAcv9o/lpWkK5
dzcppnkIyMPV4zdOw7QDYYJ8Rve4lPN4kcsbxUk=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:10:27 2024 by rpki-client on console-fra.rpki-client.org