Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/a15c9c0c-1fd6-3e77-92b5-2f5457198f3c.roa
File:                     a15c9c0c-1fd6-3e77-92b5-2f5457198f3c.roa (raw, json)
Hash identifier:          P7XLKr9XNPFxxNanmzOrWUv9H6O5CXXpJy3aRnKkwhU=
Subject key identifier:   D5:B2:52:61:DB:52:A1:BD:9F:40:A7:FF:78:6B:2B:FE:99:F8:99:9D
Certificate issuer:       /CN=18800324-5150-4981-a144-bdb80e6bcb7c
Certificate serial:       010D0C9F4328583CB6A0B62ACECF7DF738CD6060
Authority key identifier: 11:6B:47:33:36:D9:E8:9D:B5:96:1B:5E:EF:A3:40:22:AE:DE:69:B6
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/a15c9c0c-1fd6-3e77-92b5-2f5457198f3c.roa
Signing time:             Wed 26 Aug 2020 04:00:00 +0000
ROA not before:           Wed 26 Aug 2020 04:00:00 +0000
ROA not after:            Mon 29 Apr 2024 04:00:00 +0000
asID:                     1239
IP address blocks:        107.165.224.0/24 maxlen: 24
                          107.165.176.0/24 maxlen: 24
                          107.165.219.0/24 maxlen: 24
                          107.164.213.0/24 maxlen: 24
                          107.164.146.0/24 maxlen: 24
                          107.164.151.0/24 maxlen: 24
                          142.111.5.0/24 maxlen: 24
                          142.111.187.0/24 maxlen: 24
                          107.164.207.0/24 maxlen: 24
                          107.165.136.0/24 maxlen: 24
                          107.165.182.0/24 maxlen: 24
                          107.165.221.0/24 maxlen: 24
                          107.165.253.0/24 maxlen: 24
                          107.165.254.0/24 maxlen: 24
                          107.186.0.0/24 maxlen: 24
                          107.186.29.0/24 maxlen: 24
                          107.186.86.0/24 maxlen: 24
                          107.186.157.0/24 maxlen: 24
                          107.186.194.0/24 maxlen: 24
                          107.186.196.0/24 maxlen: 24
                          107.186.203.0/24 maxlen: 24
                          107.187.45.0/24 maxlen: 24
                          107.187.108.0/24 maxlen: 24
                          136.0.78.0/24 maxlen: 24
                          136.0.88.0/24 maxlen: 24
                          136.0.92.0/24 maxlen: 24
                          136.0.108.0/24 maxlen: 24
                          136.0.199.0/24 maxlen: 24
                          136.0.206.0/24 maxlen: 24
                          136.0.241.0/24 maxlen: 24
                          136.0.248.0/24 maxlen: 24
                          136.0.251.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:3c:b6:a0:b6:2a:ce:cf:7d:f7:38:cd:60:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18800324-5150-4981-a144-bdb80e6bcb7c
        Validity
            Not Before: Aug 26 04:00:00 2020 GMT
            Not After : Apr 29 04:00:00 2024 GMT
        Subject: CN=d749fcaf-6c56-4d55-923c-3430837bb582
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:20:ea:e8:ad:38:f6:b5:38:6c:3b:bb:47:a2:
                    32:8d:5a:ae:5b:cc:8f:6e:90:64:13:fc:4f:d4:a4:
                    13:a9:24:50:c0:db:a2:cb:51:d3:ff:bd:b0:8a:a6:
                    a4:44:e3:72:93:c3:25:d7:ed:54:ad:4c:fd:ac:24:
                    8a:01:7f:49:ca:04:87:1d:a2:6d:ab:9b:03:e3:81:
                    b4:25:7c:f3:2c:c0:00:67:b2:cd:7d:ec:23:6e:b9:
                    ae:6d:4a:b2:4c:b4:90:70:09:d8:37:4c:24:5e:ca:
                    10:5d:c8:56:d0:e6:d8:08:32:db:fc:24:74:80:a4:
                    b1:29:36:a3:0b:78:88:c1:3b:e1:8f:18:bc:f4:e5:
                    3c:25:b4:47:61:0f:1f:92:88:6a:7c:72:5b:d5:ad:
                    21:ba:63:0f:7c:56:18:08:d1:a4:c1:2d:4b:0a:28:
                    9d:47:1c:7d:6c:92:c6:e5:1b:74:10:07:e1:c0:49:
                    30:e0:58:be:a0:92:b0:fa:b3:2d:52:04:7c:95:dc:
                    7f:98:7d:24:8e:3f:cb:fb:c7:ed:47:32:2a:80:81:
                    60:76:8f:29:1a:65:c6:f2:a9:0b:06:36:89:c7:03:
                    bf:3f:c4:75:75:84:1b:4e:eb:19:d2:53:89:92:91:
                    e2:d8:cb:3c:97:dc:34:00:36:d8:5e:d7:bd:ea:27:
                    0c:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:B2:52:61:DB:52:A1:BD:9F:40:A7:FF:78:6B:2B:FE:99:F8:99:9D
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/a15c9c0c-1fd6-3e77-92b5-2f5457198f3c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/18800324-5150-4981-a144-bdb80e6bcb7c.crl

            X509v3 Authority Key Identifier:
                keyid:11:6B:47:33:36:D9:E8:9D:B5:96:1B:5E:EF:A3:40:22:AE:DE:69:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  107.164.146.0/24
                  107.164.151.0/24
                  107.164.207.0/24
                  107.164.213.0/24
                  107.165.136.0/24
                  107.165.176.0/24
                  107.165.182.0/24
                  107.165.219.0/24
                  107.165.221.0/24
                  107.165.224.0/24
                  107.165.253.0-107.165.254.255
                  107.186.0.0/24
                  107.186.29.0/24
                  107.186.86.0/24
                  107.186.157.0/24
                  107.186.194.0/24
                  107.186.196.0/24
                  107.186.203.0/24
                  107.187.45.0/24
                  107.187.108.0/24
                  136.0.78.0/24
                  136.0.88.0/24
                  136.0.92.0/24
                  136.0.108.0/24
                  136.0.199.0/24
                  136.0.206.0/24
                  136.0.241.0/24
                  136.0.248.0/24
                  136.0.251.0/24
                  142.111.5.0/24
                  142.111.187.0/24

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         78:66:fd:41:db:76:b0:e0:41:08:d6:f8:45:d7:63:a1:e6:91:
         32:19:7e:cc:0a:2f:48:3f:8b:4d:c3:65:3c:ae:b1:01:7d:01:
         78:29:49:6d:ab:98:e1:8f:95:64:43:83:66:fd:61:30:b3:58:
         cd:fe:a5:56:85:b9:d0:c1:09:4b:d4:3c:91:06:22:77:2d:a1:
         76:ca:a9:15:14:e2:cb:3f:56:ad:7b:59:9d:6e:02:1e:32:9c:
         08:27:c9:af:27:22:d8:bd:b8:cf:dd:40:64:d3:de:f8:06:dd:
         f7:8e:e1:1e:bf:7d:6f:2b:9f:c2:58:be:bc:ce:f0:6e:a3:88:
         34:a6:f4:5e:4c:f1:7a:61:2c:a7:a2:bf:9f:45:27:e7:b1:b6:
         ea:aa:17:79:b6:ac:2c:0d:89:8f:9a:f2:06:4d:3d:36:bf:73:
         cb:6d:95:bd:cf:18:da:43:f8:b3:9e:b3:0a:b5:8b:f4:e2:24:
         32:f6:d8:e6:b9:12:b5:9f:4d:6b:b9:c2:11:07:89:c1:4a:74:
         72:6a:d9:aa:47:b2:f6:24:07:56:52:28:be:00:cd:b1:33:72:
         f6:5e:2e:42:e1:6b:08:67:d6:45:39:60:c4:ae:7c:26:03:21:
         16:67:e2:8c:87:37:c9:0f:d5:0b:4d:a7:14:19:c4:1b:ed:de:
         7a:ff:3c:f7
-----BEGIN CERTIFICATE-----
MIIHBDCCBeygAwIBAgIUAQ0Mn0MoWDy2oLYqzs999zjNYGAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkMTg4MDAzMjQtNTE1MC00OTgxLWExNDQtYmRiODBlNmJj
YjdjMB4XDTIwMDgyNjA0MDAwMFoXDTI0MDQyOTA0MDAwMFowLzEtMCsGA1UEAxMk
ZDc0OWZjYWYtNmM1Ni00ZDU1LTkyM2MtMzQzMDgzN2JiNTgyMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmiDq6K049rU4bDu7R6IyjVquW8yPbpBkE/xP
1KQTqSRQwNuiy1HT/72wiqakRONyk8Ml1+1UrUz9rCSKAX9JygSHHaJtq5sD44G0
JXzzLMAAZ7LNfewjbrmubUqyTLSQcAnYN0wkXsoQXchW0ObYCDLb/CR0gKSxKTaj
C3iIwTvhjxi89OU8JbRHYQ8fkohqfHJb1a0humMPfFYYCNGkwS1LCiidRxx9bJLG
5Rt0EAfhwEkw4Fi+oJKw+rMtUgR8ldx/mH0kjj/L+8ftRzIqgIFgdo8pGmXG8qkL
BjaJxwO/P8R1dYQbTusZ0lOJkpHi2Ms8l9w0ADbYXte96icMdQIDAQABo4IEFjCC
BBIwHQYDVR0OBBYEFNWyUmHbUqG9n0Cn/3hrK/6Z+JmdMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzc0NmUwMTExLWZhZmItNDMwZi1iNzc4LWQyMDRjZmNkOTlhOC8xODgw
MDMyNC01MTUwLTQ5ODEtYTE0NC1iZGI4MGU2YmNiN2MvYTE1YzljMGMtMWZkNi0z
ZTc3LTkyYjUtMmY1NDU3MTk4ZjNjLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy83NDZlMDExMS1m
YWZiLTQzMGYtYjc3OC1kMjA0Y2ZjZDk5YTgvMTg4MDAzMjQtNTE1MC00OTgxLWEx
NDQtYmRiODBlNmJjYjdjLzE4ODAwMzI0LTUxNTAtNDk4MS1hMTQ0LWJkYjgwZTZi
Y2I3Yy5jcmwwHwYDVR0jBBgwFoAUEWtHMzbZ6J21lhte76NAIq7eabYwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzc0NmUwMTExLWZhZmItNDMw
Zi1iNzc4LWQyMDRjZmNkOTlhOC8xODgwMDMyNC01MTUwLTQ5ODEtYTE0NC1iZGI4
MGU2YmNiN2MuY2VyMIHfBggrBgEFBQcBBwEB/wSBzzCBzDCByQQCAAEwgcIDBABr
pJIDBABrpJcDBABrpM8DBABrpNUDBABrpYgDBABrpbADBABrpbYDBABrpdsDBABr
pd0DBABrpeAwDAMEAGul/QMEAGul/gMEAGu6AAMEAGu6HQMEAGu6VgMEAGu6nQME
AGu6wgMEAGu6xAMEAGu6ywMEAGu7LQMEAGu7bAMEAIgATgMEAIgAWAMEAIgAXAME
AIgAbAMEAIgAxwMEAIgAzgMEAIgA8QMEAIgA+AMEAIgA+wMEAI5vBQMEAI5vuzBU
BgNVHSABAf8ESjBIMEYGCCsGAQUFBw4CMDowOAYIKwYBBQUHAgEWLGh0dHBzOi8v
d3d3LmFyaW4ubmV0L3Jlc291cmNlcy9ycGtpL2Nwcy5odG1sMA0GCSqGSIb3DQEB
CwUAA4IBAQB4Zv1B23aw4EEI1vhF12Oh5pEyGX7MCi9IP4tNw2U8rrEBfQF4KUlt
q5jhj5VkQ4Nm/WEws1jN/qVWhbnQwQlL1DyRBiJ3LaF2yqkVFOLLP1ate1mdbgIe
MpwIJ8mvJyLYvbjP3UBk0974Bt33juEev31vK5/CWL68zvBuo4g0pvReTPF6YSyn
or+fRSfnsbbqqhd5tqwsDYmPmvIGTT02v3PLbZW9zxjaQ/iznrMKtYv04iQy9tjm
uRK1n01rucIRB4nBSnRyatmqR7L2JAdWUii+AM2xM3L2Xi5C4WsIZ9ZFOWDErnwm
AyEWZ+KMhzfJD9ULTacUGcQb7d56/zz3
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:42:10 2024 by rpki-client on console-ams.rpki-client.org