Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/a859609a-e573-3d19-9645-150e064a7489.roa
File:                     a859609a-e573-3d19-9645-150e064a7489.roa (raw, json)
Hash identifier:          m5gqQydIDANmJX9jD9n/M90P9Vy0VxHEihx78xYO0QE=
Subject key identifier:   B4:98:5A:D4:50:F9:B3:E7:F5:71:B5:85:0B:D3:BF:53:86:EB:7C:7C
Certificate issuer:       /CN=18800324-5150-4981-a144-bdb80e6bcb7c
Certificate serial:       010D0C9F43285845083B665EC00A188C59235200
Authority key identifier: 11:6B:47:33:36:D9:E8:9D:B5:96:1B:5E:EF:A3:40:22:AE:DE:69:B6
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/a859609a-e573-3d19-9645-150e064a7489.roa
Signing time:             Tue 27 Feb 2024 16:32:13 +0000
ROA not before:           Tue 27 Feb 2024 16:32:13 +0000
ROA not after:            Mon 27 May 2024 15:32:13 +0000
asID:                     7922
IP address blocks:        23.230.73.0/24 maxlen: 24
                          23.27.118.0/24 maxlen: 24
                          23.27.9.0/24 maxlen: 24
                          23.27.31.0/24 maxlen: 24
                          23.27.45.0/24 maxlen: 24
                          23.27.232.0/24 maxlen: 24
                          23.27.254.0/24 maxlen: 24
                          23.230.43.0/24 maxlen: 24
                          23.230.76.0/24 maxlen: 24
                          23.230.163.0/24 maxlen: 24
                          23.230.166.0/24 maxlen: 24
                          23.230.228.0/24 maxlen: 24
                          45.38.43.0/24 maxlen: 24
                          45.38.208.0/24 maxlen: 24
                          45.38.238.0/24 maxlen: 24
                          45.39.208.0/24 maxlen: 24
                          45.39.232.0/24 maxlen: 24
                          50.117.49.0/24 maxlen: 24
                          50.118.175.0/24 maxlen: 24
                          50.118.217.0/24 maxlen: 24
                          104.164.161.0/24 maxlen: 24
                          104.164.178.0/24 maxlen: 24
                          104.164.182.0/24 maxlen: 24
                          104.164.216.0/24 maxlen: 24
                          104.164.220.0/24 maxlen: 24
                          104.164.221.0/24 maxlen: 24
                          104.165.17.0/24 maxlen: 24
                          104.165.82.0/24 maxlen: 24
                          104.165.94.0/24 maxlen: 24
                          104.165.116.0/24 maxlen: 24
                          104.165.207.0/24 maxlen: 24
                          104.165.234.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:45:08:3b:66:5e:c0:0a:18:8c:59:23:52:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18800324-5150-4981-a144-bdb80e6bcb7c
        Validity
            Not Before: Feb 27 16:32:13 2024 GMT
            Not After : May 27 15:32:13 2024 GMT
        Subject: CN=1e6dfa36-5de4-486c-8596-e709f2e61247
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:f1:ee:d7:6b:50:d0:37:c0:c8:0e:7a:54:30:
                    9c:af:23:82:20:8b:b7:cb:79:85:7a:ca:2b:fd:00:
                    8a:ce:77:37:2b:97:62:dc:c8:24:f2:c2:2d:4c:d4:
                    f2:e5:5f:b4:4a:67:a6:61:66:ae:ef:cd:1a:da:40:
                    25:c7:23:9a:ad:b5:71:4c:30:cc:5e:18:aa:e5:ac:
                    04:2a:65:a8:ce:e1:67:3e:80:a0:51:8e:81:98:a3:
                    a5:bd:fa:50:c6:9b:5e:81:40:35:a9:be:a8:24:90:
                    30:f9:48:98:52:95:f4:26:3b:fb:a3:90:8a:f2:2f:
                    b4:82:2e:94:da:b3:ff:ff:70:30:5d:b6:d0:76:db:
                    d6:4f:42:12:37:ad:d0:fe:34:dc:c1:93:1d:c8:f6:
                    b4:34:cc:b1:2b:cb:0f:13:16:a2:74:a3:12:50:d7:
                    9c:cc:7c:9c:ec:98:18:21:2d:63:1f:71:69:81:6e:
                    07:a9:d5:6f:07:88:84:78:2c:7b:70:f5:55:3c:8a:
                    ab:8d:42:ae:5a:f6:92:3f:4f:4f:47:cd:8b:f5:54:
                    d6:5c:17:f2:c0:0d:4a:94:7a:e3:37:d7:13:8b:43:
                    00:61:2e:7d:b5:fa:83:29:91:3e:b0:fc:4e:e0:ed:
                    4d:0b:91:01:e8:d3:36:8d:58:eb:00:d3:6d:31:0c:
                    41:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:98:5A:D4:50:F9:B3:E7:F5:71:B5:85:0B:D3:BF:53:86:EB:7C:7C
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/a859609a-e573-3d19-9645-150e064a7489.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/18800324-5150-4981-a144-bdb80e6bcb7c.crl

            X509v3 Authority Key Identifier:
                keyid:11:6B:47:33:36:D9:E8:9D:B5:96:1B:5E:EF:A3:40:22:AE:DE:69:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.27.9.0/24
                  23.27.31.0/24
                  23.27.45.0/24
                  23.27.118.0/24
                  23.27.232.0/24
                  23.27.254.0/24
                  23.230.43.0/24
                  23.230.73.0/24
                  23.230.76.0/24
                  23.230.163.0/24
                  23.230.166.0/24
                  23.230.228.0/24
                  45.38.43.0/24
                  45.38.208.0/24
                  45.38.238.0/24
                  45.39.208.0/24
                  45.39.232.0/24
                  50.117.49.0/24
                  50.118.175.0/24
                  50.118.217.0/24
                  104.164.161.0/24
                  104.164.178.0/24
                  104.164.182.0/24
                  104.164.216.0/24
                  104.164.220.0/23
                  104.165.17.0/24
                  104.165.82.0/24
                  104.165.94.0/24
                  104.165.116.0/24
                  104.165.207.0/24
                  104.165.234.0/24

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         7e:4a:06:c0:6a:03:c5:d0:80:02:f6:09:1d:5c:94:da:6a:2f:
         32:6f:22:3d:eb:98:bc:a7:53:05:ae:47:1d:f2:7d:3e:8f:96:
         cb:81:fb:7c:dd:cd:ee:d3:fa:0e:e5:c3:9f:2d:21:a7:44:0b:
         48:14:ef:99:67:4f:46:70:12:d2:59:e5:53:5b:93:9f:ef:78:
         89:ea:2d:4e:44:72:71:3d:6b:a5:88:83:9c:c2:8e:27:7b:6a:
         51:6b:84:ca:a9:46:81:a0:fe:3d:42:5e:90:2a:32:b4:9c:cd:
         6f:8a:6d:1f:29:83:ef:f0:32:2a:de:d0:d2:cd:f6:87:75:ae:
         8f:8e:48:8f:43:96:df:b5:73:ff:8f:13:0c:21:0f:e0:9a:22:
         ec:c9:65:bd:3b:eb:1b:ff:f9:02:d4:3d:54:fe:0a:68:b5:56:
         15:8d:b5:59:a7:23:33:20:ce:f6:86:ec:bb:7d:bd:5f:ba:a8:
         b8:a9:a6:be:30:8f:c5:63:02:4d:3c:d3:18:ed:9a:52:0c:ba:
         a3:b6:84:5b:c7:48:e9:55:7d:4f:08:49:fc:53:7b:68:38:1d:
         b1:32:14:8f:e5:e1:3c:5f:1e:db:26:f6:ae:06:30:78:6f:6a:
         7f:9f:d9:1e:a5:87:84:10:ff:e0:60:96:b5:62:ee:2e:19:a9:
         b5:ed:e6:83
-----BEGIN CERTIFICATE-----
MIIG/DCCBeSgAwIBAgIUAQ0Mn0MoWEUIO2ZewAoYjFkjUgAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkMTg4MDAzMjQtNTE1MC00OTgxLWExNDQtYmRiODBlNmJj
YjdjMB4XDTI0MDIyNzE2MzIxM1oXDTI0MDUyNzE1MzIxM1owLzEtMCsGA1UEAxMk
MWU2ZGZhMzYtNWRlNC00ODZjLTg1OTYtZTcwOWYyZTYxMjQ3MIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEApvHu12tQ0DfAyA56VDCcryOCIIu3y3mFesor
/QCKznc3K5di3Mgk8sItTNTy5V+0SmemYWau780a2kAlxyOarbVxTDDMXhiq5awE
KmWozuFnPoCgUY6BmKOlvfpQxptegUA1qb6oJJAw+UiYUpX0Jjv7o5CK8i+0gi6U
2rP//3AwXbbQdtvWT0ISN63Q/jTcwZMdyPa0NMyxK8sPExaidKMSUNeczHyc7JgY
IS1jH3FpgW4HqdVvB4iEeCx7cPVVPIqrjUKuWvaSP09PR82L9VTWXBfywA1KlHrj
N9cTi0MAYS59tfqDKZE+sPxO4O1NC5EB6NM2jVjrANNtMQxBcQIDAQABo4IEDjCC
BAowHQYDVR0OBBYEFLSYWtRQ+bPn9XG1hQvTv1OG63x8MIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzc0NmUwMTExLWZhZmItNDMwZi1iNzc4LWQyMDRjZmNkOTlhOC8xODgw
MDMyNC01MTUwLTQ5ODEtYTE0NC1iZGI4MGU2YmNiN2MvYTg1OTYwOWEtZTU3My0z
ZDE5LTk2NDUtMTUwZTA2NGE3NDg5LnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy83NDZlMDExMS1m
YWZiLTQzMGYtYjc3OC1kMjA0Y2ZjZDk5YTgvMTg4MDAzMjQtNTE1MC00OTgxLWEx
NDQtYmRiODBlNmJjYjdjLzE4ODAwMzI0LTUxNTAtNDk4MS1hMTQ0LWJkYjgwZTZi
Y2I3Yy5jcmwwHwYDVR0jBBgwFoAUEWtHMzbZ6J21lhte76NAIq7eabYwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzc0NmUwMTExLWZhZmItNDMw
Zi1iNzc4LWQyMDRjZmNkOTlhOC8xODgwMDMyNC01MTUwLTQ5ODEtYTE0NC1iZGI4
MGU2YmNiN2MuY2VyMIHXBggrBgEFBQcBBwEB/wSBxzCBxDCBwQQCAAEwgboDBAAX
GwkDBAAXGx8DBAAXGy0DBAAXG3YDBAAXG+gDBAAXG/4DBAAX5isDBAAX5kkDBAAX
5kwDBAAX5qMDBAAX5qYDBAAX5uQDBAAtJisDBAAtJtADBAAtJu4DBAAtJ9ADBAAt
J+gDBAAydTEDBAAydq8DBAAydtkDBABopKEDBABopLIDBABopLYDBABopNgDBAFo
pNwDBABopREDBABopVIDBABopV4DBABopXQDBABopc8DBABopeowVAYDVR0gAQH/
BEowSDBGBggrBgEFBQcOAjA6MDgGCCsGAQUFBwIBFixodHRwczovL3d3dy5hcmlu
Lm5ldC9yZXNvdXJjZXMvcnBraS9jcHMuaHRtbDANBgkqhkiG9w0BAQsFAAOCAQEA
fkoGwGoDxdCAAvYJHVyU2movMm8iPeuYvKdTBa5HHfJ9Po+Wy4H7fN3N7tP6DuXD
ny0hp0QLSBTvmWdPRnAS0lnlU1uTn+94ieotTkRycT1rpYiDnMKOJ3tqUWuEyqlG
gaD+PUJekCoytJzNb4ptHymD7/AyKt7Q0s32h3Wuj45Ij0OW37Vz/48TDCEP4Joi
7MllvTvrG//5AtQ9VP4KaLVWFY21WacjMyDO9obsu329X7qouKmmvjCPxWMCTTzT
GO2aUgy6o7aEW8dI6VV9TwhJ/FN7aDgdsTIUj+XhPF8e2yb2rgYweG9qf5/ZHqWH
hBD/4GCWtWLuLhmpte3mgw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:10:28 2024 by rpki-client on console-fra.rpki-client.org