Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/dacace1d-dd14-30f6-b9c8-918b4770d4b1.roa
File:                     dacace1d-dd14-30f6-b9c8-918b4770d4b1.roa (raw, json)
Hash identifier:          wengJ/EEZdxCFb4pJVjJxVI3gXNGS13FXTZot/dSY7A=
Subject key identifier:   72:57:0A:1C:0D:23:43:DC:22:01:C5:1E:AF:C7:65:43:77:45:37:3C
Certificate issuer:       /CN=18800324-5150-4981-a144-bdb80e6bcb7c
Certificate serial:       010D0C9F4328583EF0271674D00DB01F81C7E200
Authority key identifier: 11:6B:47:33:36:D9:E8:9D:B5:96:1B:5E:EF:A3:40:22:AE:DE:69:B6
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/dacace1d-dd14-30f6-b9c8-918b4770d4b1.roa
Signing time:             Wed 26 Aug 2020 17:55:28 +0000
ROA not before:           Wed 26 Aug 2020 17:55:28 +0000
ROA not after:            Tue 19 Nov 2024 05:00:00 +0000
asID:                     398373
IP address blocks:        107.164.145.0/24 maxlen: 24
                          142.111.219.0/24 maxlen: 24
                          172.120.14.0/24 maxlen: 24
                          104.165.107.0/24 maxlen: 24
                          104.165.91.0/24 maxlen: 24
                          104.165.83.0/24 maxlen: 24
                          104.165.81.0/24 maxlen: 24
                          104.165.73.0/24 maxlen: 24
                          104.165.78.0/24 maxlen: 24
                          104.165.29.0/24 maxlen: 24
                          104.164.180.0/24 maxlen: 24
                          50.118.255.0/24 maxlen: 24
                          50.118.248.0/24 maxlen: 24
                          50.117.96.0/24 maxlen: 24
                          50.117.45.0/24 maxlen: 24
                          23.230.67.0/24 maxlen: 24
                          23.27.248.0/24 maxlen: 24
                          23.27.243.0/24 maxlen: 24
                          23.27.23.0/24 maxlen: 24
                          23.27.14.0/24 maxlen: 24
                          23.27.127.0/24 maxlen: 24
                          23.230.29.0/24 maxlen: 24
                          104.253.96.0/24 maxlen: 24
                          104.253.57.0/24 maxlen: 24
                          104.253.29.0/24 maxlen: 24
                          104.253.63.0/24 maxlen: 24
                          104.253.12.0/24 maxlen: 24
                          104.253.11.0/24 maxlen: 24
                          104.165.114.0/24 maxlen: 24
                          104.165.120.0/24 maxlen: 24
                          104.165.134.0/24 maxlen: 24
                          104.165.109.0/24 maxlen: 24
                          104.253.106.0/24 maxlen: 24
                          104.253.132.0/24 maxlen: 24
                          104.253.141.0/24 maxlen: 24
                          104.253.143.0/24 maxlen: 24
                          104.253.139.0/24 maxlen: 24
                          104.253.146.0/24 maxlen: 24
                          104.253.144.0/24 maxlen: 24
                          107.164.85.0/24 maxlen: 24
                          104.253.150.0/24 maxlen: 24
                          107.164.200.0/24 maxlen: 24
                          107.164.199.0/24 maxlen: 24
                          107.165.161.0/24 maxlen: 24
                          107.165.138.0/24 maxlen: 24
                          107.186.35.0/24 maxlen: 24
                          107.165.194.0/24 maxlen: 24
                          136.0.47.0/24 maxlen: 24
                          136.0.67.0/24 maxlen: 24
                          136.0.99.0/24 maxlen: 24
                          136.0.226.0/24 maxlen: 24
                          142.252.52.0/24 maxlen: 24
                          166.88.149.0/24 maxlen: 24
                          209.73.132.0/24 maxlen: 24
                          205.164.59.0/24 maxlen: 24
                          205.164.9.0/24 maxlen: 24
                          205.164.32.0/24 maxlen: 24
                          172.252.215.0/24 maxlen: 24
                          173.245.84.0/24 maxlen: 24
                          216.172.135.0/24 maxlen: 24
                          216.172.138.0/24 maxlen: 24
                          209.73.136.0/24 maxlen: 24
                          209.73.137.0/24 maxlen: 24
                          142.252.51.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:3e:f0:27:16:74:d0:0d:b0:1f:81:c7:e2:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18800324-5150-4981-a144-bdb80e6bcb7c
        Validity
            Not Before: Aug 26 17:55:28 2020 GMT
            Not After : Nov 19 05:00:00 2024 GMT
        Subject: CN=f721dc23-3ccc-434f-88be-aa0845d48aca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:c5:21:52:d2:fa:73:c8:73:97:63:74:13:47:
                    45:e6:e6:87:b9:5d:ba:e7:a2:e6:de:86:81:73:c9:
                    09:b8:18:c8:88:02:8e:96:6d:3d:fe:9f:55:27:cf:
                    06:7f:8c:83:e4:1e:1c:88:55:20:1e:9a:d0:b3:fa:
                    72:44:67:9f:8a:4a:bf:a2:6c:97:21:fe:3c:f3:20:
                    81:82:8c:b8:bd:ca:7c:d1:f2:38:72:ab:a8:00:f7:
                    43:84:87:79:63:de:d9:99:89:54:1b:9d:ed:72:f7:
                    77:09:e9:41:e3:58:56:d2:b6:db:c5:bf:1d:97:b2:
                    29:54:fe:98:6a:96:ff:60:5b:d0:57:d9:66:f8:a2:
                    2d:70:1e:af:fd:81:5e:45:2b:c3:9d:54:0c:13:4f:
                    12:3b:c9:dd:f4:16:af:fe:c0:a0:9c:1d:eb:e5:07:
                    2a:2a:3f:3a:13:2a:31:a5:c1:f9:09:09:48:4c:1b:
                    6c:3b:a6:c6:73:fb:57:19:9b:08:28:34:b2:03:65:
                    90:91:81:03:0e:b2:fa:b2:e1:21:f1:7c:6d:b4:85:
                    07:4d:79:aa:71:74:b2:f4:7f:d5:bb:5f:cb:9e:7f:
                    ca:75:4b:e3:75:25:8d:9a:46:58:53:d4:07:8c:99:
                    ec:dd:66:98:30:47:d6:9e:6e:b9:74:f3:d2:0d:6c:
                    b6:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:57:0A:1C:0D:23:43:DC:22:01:C5:1E:AF:C7:65:43:77:45:37:3C
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/dacace1d-dd14-30f6-b9c8-918b4770d4b1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/18800324-5150-4981-a144-bdb80e6bcb7c.crl

            X509v3 Authority Key Identifier:
                keyid:11:6B:47:33:36:D9:E8:9D:B5:96:1B:5E:EF:A3:40:22:AE:DE:69:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.27.14.0/24
                  23.27.23.0/24
                  23.27.127.0/24
                  23.27.243.0/24
                  23.27.248.0/24
                  23.230.29.0/24
                  23.230.67.0/24
                  50.117.45.0/24
                  50.117.96.0/24
                  50.118.248.0/24
                  50.118.255.0/24
                  104.164.180.0/24
                  104.165.29.0/24
                  104.165.73.0/24
                  104.165.78.0/24
                  104.165.81.0/24
                  104.165.83.0/24
                  104.165.91.0/24
                  104.165.107.0/24
                  104.165.109.0/24
                  104.165.114.0/24
                  104.165.120.0/24
                  104.165.134.0/24
                  104.253.11.0-104.253.12.255
                  104.253.29.0/24
                  104.253.57.0/24
                  104.253.63.0/24
                  104.253.96.0/24
                  104.253.106.0/24
                  104.253.132.0/24
                  104.253.139.0/24
                  104.253.141.0/24
                  104.253.143.0-104.253.144.255
                  104.253.146.0/24
                  104.253.150.0/24
                  107.164.85.0/24
                  107.164.145.0/24
                  107.164.199.0-107.164.200.255
                  107.165.138.0/24
                  107.165.161.0/24
                  107.165.194.0/24
                  107.186.35.0/24
                  136.0.47.0/24
                  136.0.67.0/24
                  136.0.99.0/24
                  136.0.226.0/24
                  142.111.219.0/24
                  142.252.51.0-142.252.52.255
                  166.88.149.0/24
                  172.120.14.0/24
                  172.252.215.0/24
                  173.245.84.0/24
                  205.164.9.0/24
                  205.164.32.0/24
                  205.164.59.0/24
                  209.73.132.0/24
                  209.73.136.0/23
                  216.172.135.0/24
                  216.172.138.0/24

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         1d:29:99:bd:91:74:23:68:db:1f:9c:54:6a:2d:22:0b:e7:74:
         cd:04:61:e6:b9:4d:ce:b1:1d:87:8a:ff:11:1d:76:cb:3f:77:
         8b:3b:f7:84:63:9f:70:3a:3f:16:c8:9e:1c:3f:0f:e0:ff:14:
         87:0d:00:fa:11:15:0e:d1:3a:d9:fe:40:40:a2:37:4a:81:e2:
         d3:b8:64:52:6f:d2:cc:fe:ac:b5:85:cc:2e:08:3b:cd:e9:bf:
         77:1f:b3:c8:b0:5b:a4:fa:e0:1f:5b:6c:d6:10:45:5e:3a:b4:
         3e:25:2a:41:ef:ca:4d:55:45:53:78:11:7e:2f:42:4c:b4:76:
         5b:45:5a:ac:7d:f0:0d:8c:6b:a2:7b:3b:9b:03:fb:79:b1:1a:
         cd:c2:c5:0b:44:3d:c7:27:f7:cb:ae:9c:78:f7:6d:db:06:30:
         c5:4f:71:5f:d8:7e:e2:73:a6:7e:b4:c7:de:89:4d:6d:bf:43:
         b3:41:2f:06:2e:64:f6:e8:f7:1c:75:6e:80:58:6c:03:8e:cf:
         c7:d2:cb:5a:fa:ea:9d:0b:05:b4:54:dd:7f:f3:ec:a1:1e:86:
         2a:c4:b2:71:fc:9d:ec:5b:c9:aa:c5:d3:ed:b5:61:d8:31:36:
         81:d5:0f:2d:d1:10:e9:bc:fb:fb:d9:0e:1a:8a:de:3d:a1:81:
         59:49:b1:2e
-----BEGIN CERTIFICATE-----
MIIHyTCCBrGgAwIBAgIUAQ0Mn0MoWD7wJxZ00A2wH4HH4gAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkMTg4MDAzMjQtNTE1MC00OTgxLWExNDQtYmRiODBlNmJj
YjdjMB4XDTIwMDgyNjE3NTUyOFoXDTI0MTExOTA1MDAwMFowLzEtMCsGA1UEAxMk
ZjcyMWRjMjMtM2NjYy00MzRmLTg4YmUtYWEwODQ1ZDQ4YWNhMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjMUhUtL6c8hzl2N0E0dF5uaHuV2656Lm3oaB
c8kJuBjIiAKOlm09/p9VJ88Gf4yD5B4ciFUgHprQs/pyRGefikq/omyXIf488yCB
goy4vcp80fI4cquoAPdDhId5Y97ZmYlUG53tcvd3CelB41hW0rbbxb8dl7IpVP6Y
apb/YFvQV9lm+KItcB6v/YFeRSvDnVQME08SO8nd9Bav/sCgnB3r5QcqKj86Eyox
pcH5CQlITBtsO6bGc/tXGZsIKDSyA2WQkYEDDrL6suEh8XxttIUHTXmqcXSy9H/V
u1/Lnn/KdUvjdSWNmkZYU9QHjJns3WaYMEfWnm65dPPSDWy25QIDAQABo4IE2zCC
BNcwHQYDVR0OBBYEFHJXChwNI0PcIgHFHq/HZUN3RTc8MIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzc0NmUwMTExLWZhZmItNDMwZi1iNzc4LWQyMDRjZmNkOTlhOC8xODgw
MDMyNC01MTUwLTQ5ODEtYTE0NC1iZGI4MGU2YmNiN2MvZGFjYWNlMWQtZGQxNC0z
MGY2LWI5YzgtOTE4YjQ3NzBkNGIxLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy83NDZlMDExMS1m
YWZiLTQzMGYtYjc3OC1kMjA0Y2ZjZDk5YTgvMTg4MDAzMjQtNTE1MC00OTgxLWEx
NDQtYmRiODBlNmJjYjdjLzE4ODAwMzI0LTUxNTAtNDk4MS1hMTQ0LWJkYjgwZTZi
Y2I3Yy5jcmwwHwYDVR0jBBgwFoAUEWtHMzbZ6J21lhte76NAIq7eabYwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzc0NmUwMTExLWZhZmItNDMw
Zi1iNzc4LWQyMDRjZmNkOTlhOC8xODgwMDMyNC01MTUwLTQ5ODEtYTE0NC1iZGI4
MGU2YmNiN2MuY2VyMIIBowYIKwYBBQUHAQcBAf8EggGSMIIBjjCCAYoEAgABMIIB
ggMEABcbDgMEABcbFwMEABcbfwMEABcb8wMEABcb+AMEABfmHQMEABfmQwMEADJ1
LQMEADJ1YAMEADJ2+AMEADJ2/wMEAGiktAMEAGilHQMEAGilSQMEAGilTgMEAGil
UQMEAGilUwMEAGilWwMEAGilawMEAGilbQMEAGilcgMEAGileAMEAGilhjAMAwQA
aP0LAwQAaP0MAwQAaP0dAwQAaP05AwQAaP0/AwQAaP1gAwQAaP1qAwQAaP2EAwQA
aP2LAwQAaP2NMAwDBABo/Y8DBABo/ZADBABo/ZIDBABo/ZYDBABrpFUDBABrpJEw
DAMEAGukxwMEAGukyAMEAGuligMEAGuloQMEAGulwgMEAGu6IwMEAIgALwMEAIgA
QwMEAIgAYwMEAIgA4gMEAI5v2zAMAwQAjvwzAwQAjvw0AwQApliVAwQArHgOAwQA
rPzXAwQArfVUAwQAzaQJAwQAzaQgAwQAzaQ7AwQA0UmEAwQB0UmIAwQA2KyHAwQA
2KyKMFQGA1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0
cHM6Ly93d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZI
hvcNAQELBQADggEBAB0pmb2RdCNo2x+cVGotIgvndM0EYea5Tc6xHYeK/xEddss/
d4s794Rjn3A6PxbInhw/D+D/FIcNAPoRFQ7ROtn+QECiN0qB4tO4ZFJv0sz+rLWF
zC4IO83pv3cfs8iwW6T64B9bbNYQRV46tD4lKkHvyk1VRVN4EX4vQky0dltFWqx9
8A2Ma6J7O5sD+3mxGs3CxQtEPccn98uunHj3bdsGMMVPcV/YfuJzpn60x96JTW2/
Q7NBLwYuZPbo9xx1boBYbAOOz8fSy1r66p0LBbRU3X/z7KEehirEsnH8nexbyarF
0+21YdgxNoHVDy3REOm8+/vZDhqK3j2hgVlJsS4=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:42:12 2024 by rpki-client on console-ams.rpki-client.org