Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/dc235475-22da-3cc7-97a4-13aacdcbd29e.roa
File:                     dc235475-22da-3cc7-97a4-13aacdcbd29e.roa (raw, json)
Hash identifier:          IRuxraopDENMhUi00ncNHBiJGOvuDcqSjsX0ldi88Bo=
Subject key identifier:   A3:E7:46:96:EF:E5:C9:A1:0C:A8:64:4C:CB:D1:42:07:90:F5:93:77
Certificate issuer:       /CN=18800324-5150-4981-a144-bdb80e6bcb7c
Certificate serial:       010D0C9F4328583AD5E210269F7462FDADB65160
Authority key identifier: 11:6B:47:33:36:D9:E8:9D:B5:96:1B:5E:EF:A3:40:22:AE:DE:69:B6
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/dc235475-22da-3cc7-97a4-13aacdcbd29e.roa
Signing time:             Wed 26 Aug 2020 04:00:00 +0000
ROA not before:           Wed 26 Aug 2020 04:00:00 +0000
ROA not after:            Thu 09 Nov 2023 05:00:00 +0000
asID:                     12271
IP address blocks:        104.165.16.0/24 maxlen: 24
                          45.39.178.0/24 maxlen: 24
                          45.39.188.0/24 maxlen: 24
                          45.39.87.0/24 maxlen: 24
                          23.230.215.0/24 maxlen: 24
                          45.38.250.0/24 maxlen: 24
                          45.39.52.0/24 maxlen: 24
                          45.39.171.0/24 maxlen: 24
                          45.39.185.0/24 maxlen: 24
                          45.39.239.0/24 maxlen: 24
                          104.165.67.0/24 maxlen: 24
                          104.252.51.0/24 maxlen: 24
                          104.252.158.0/24 maxlen: 24
                          104.252.240.0/24 maxlen: 24
                          104.253.49.0/24 maxlen: 24
                          107.165.213.0/24 maxlen: 24
                          107.165.230.0/24 maxlen: 24
                          107.186.6.0/24 maxlen: 24
                          107.186.54.0/24 maxlen: 24
                          107.186.65.0/24 maxlen: 24
                          107.186.232.0/24 maxlen: 24
                          107.187.126.0/24 maxlen: 24
                          136.0.68.0/24 maxlen: 24
                          136.0.83.0/24 maxlen: 24
                          136.0.209.0/24 maxlen: 24
                          142.111.143.0/24 maxlen: 24
                          142.252.3.0/24 maxlen: 24
                          142.252.154.0/24 maxlen: 24
                          166.88.78.0/24 maxlen: 24
                          172.120.23.0/24 maxlen: 24
                          172.252.230.0/24 maxlen: 24
                          205.164.42.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:3a:d5:e2:10:26:9f:74:62:fd:ad:b6:51:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18800324-5150-4981-a144-bdb80e6bcb7c
        Validity
            Not Before: Aug 26 04:00:00 2020 GMT
            Not After : Nov  9 05:00:00 2023 GMT
        Subject: CN=4e3524c2-e5f4-4e54-a2f7-8fb27160c12d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:86:f4:cd:29:e9:c0:f5:f3:c1:16:f2:13:9e:
                    9b:6d:fe:69:70:ee:02:e9:29:7f:b2:ab:46:90:91:
                    6d:40:db:b6:4d:2b:20:c9:13:ca:39:d0:37:cd:a5:
                    b9:c7:a2:f9:36:04:e8:cb:5c:30:b9:ab:7e:41:ff:
                    2e:5b:40:9d:92:16:f2:54:ce:51:9a:bd:98:c0:27:
                    34:1b:b8:18:23:60:e1:40:9b:1b:6a:3b:6b:e9:86:
                    93:44:55:3e:cc:be:eb:9b:b8:87:fb:dc:e5:01:9d:
                    c3:52:ad:a6:f5:1c:6e:e1:27:97:c3:38:07:0f:94:
                    54:df:cf:97:b5:98:85:7c:0a:65:db:2b:b7:c6:d2:
                    7c:6c:33:10:33:90:0e:a0:73:26:98:ce:19:94:17:
                    ee:76:7c:df:0b:9c:82:4d:0a:32:e8:6e:a7:6e:f9:
                    80:fb:8b:05:84:b0:c8:20:0a:5a:c1:92:45:9e:36:
                    2f:55:62:1f:8e:0b:4a:de:14:2b:b6:b8:b0:8f:08:
                    71:db:2e:5a:ec:ab:20:4c:c8:09:e4:69:b7:ee:27:
                    4b:3b:b4:d9:9d:51:7a:9a:37:2d:89:3c:1c:42:f8:
                    7e:6b:64:3b:8b:d8:2f:22:6d:4a:8b:6d:09:c7:e9:
                    9d:43:c5:37:ea:af:0c:16:49:34:7e:61:a6:ba:81:
                    16:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:E7:46:96:EF:E5:C9:A1:0C:A8:64:4C:CB:D1:42:07:90:F5:93:77
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/dc235475-22da-3cc7-97a4-13aacdcbd29e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/18800324-5150-4981-a144-bdb80e6bcb7c.crl

            X509v3 Authority Key Identifier:
                keyid:11:6B:47:33:36:D9:E8:9D:B5:96:1B:5E:EF:A3:40:22:AE:DE:69:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.230.215.0/24
                  45.38.250.0/24
                  45.39.52.0/24
                  45.39.87.0/24
                  45.39.171.0/24
                  45.39.178.0/24
                  45.39.185.0/24
                  45.39.188.0/24
                  45.39.239.0/24
                  104.165.16.0/24
                  104.165.67.0/24
                  104.252.51.0/24
                  104.252.158.0/24
                  104.252.240.0/24
                  104.253.49.0/24
                  107.165.213.0/24
                  107.165.230.0/24
                  107.186.6.0/24
                  107.186.54.0/24
                  107.186.65.0/24
                  107.186.232.0/24
                  107.187.126.0/24
                  136.0.68.0/24
                  136.0.83.0/24
                  136.0.209.0/24
                  142.111.143.0/24
                  142.252.3.0/24
                  142.252.154.0/24
                  166.88.78.0/24
                  172.120.23.0/24
                  172.252.230.0/24
                  205.164.42.0/24

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         81:e7:1b:95:57:20:ba:c3:8e:0f:cd:d9:93:a1:4d:ea:d3:64:
         a0:8f:80:18:73:3e:be:7e:be:f9:f0:95:bb:fe:c9:7f:ca:84:
         42:2c:d4:a6:a1:55:a0:23:a1:fd:6b:f5:16:9c:39:bc:2a:fc:
         1a:e8:21:63:6f:d6:1f:47:54:5b:41:c7:65:21:9c:9b:26:83:
         bc:ad:57:f4:5f:e6:24:a8:42:f0:cb:5f:00:27:29:e2:89:3b:
         27:b8:b3:7d:fa:67:74:31:3e:3c:28:c3:09:6b:e5:ee:9e:18:
         5c:3e:20:a3:13:05:97:b4:0d:44:9b:9a:3a:d2:fe:05:93:a2:
         bf:17:05:23:89:ce:93:28:ab:17:7c:d6:2b:c0:45:eb:93:3e:
         12:ef:d1:97:80:78:37:89:26:e2:43:08:fd:65:b7:79:d2:99:
         da:a7:8c:31:2d:7d:49:52:c0:8f:6b:24:30:28:91:26:c1:7f:
         8b:47:97:65:4b:4a:1d:8b:bd:8e:c3:41:95:57:17:76:36:61:
         1e:a1:5a:96:3c:f4:fe:4e:8e:cc:78:54:18:6a:4f:e6:a6:17:
         f9:87:f6:c4:71:c1:38:f8:5a:9d:3e:27:e6:88:9c:93:f9:30:
         cb:44:b0:71:13:29:f9:c4:8c:3f:61:8b:78:77:05:a5:20:5c:
         5d:e4:9b:50
-----BEGIN CERTIFICATE-----
MIIHAjCCBeqgAwIBAgIUAQ0Mn0MoWDrV4hAmn3Ri/a22UWAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkMTg4MDAzMjQtNTE1MC00OTgxLWExNDQtYmRiODBlNmJj
YjdjMB4XDTIwMDgyNjA0MDAwMFoXDTIzMTEwOTA1MDAwMFowLzEtMCsGA1UEAxMk
NGUzNTI0YzItZTVmNC00ZTU0LWEyZjctOGZiMjcxNjBjMTJkMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl4b0zSnpwPXzwRbyE56bbf5pcO4C6Sl/sqtG
kJFtQNu2TSsgyRPKOdA3zaW5x6L5NgToy1wwuat+Qf8uW0CdkhbyVM5Rmr2YwCc0
G7gYI2DhQJsbajtr6YaTRFU+zL7rm7iH+9zlAZ3DUq2m9Rxu4SeXwzgHD5RU38+X
tZiFfApl2yu3xtJ8bDMQM5AOoHMmmM4ZlBfudnzfC5yCTQoy6G6nbvmA+4sFhLDI
IApawZJFnjYvVWIfjgtK3hQrtriwjwhx2y5a7KsgTMgJ5Gm37idLO7TZnVF6mjct
iTwcQvh+a2Q7i9gvIm1Ki20Jx+mdQ8U36q8MFkk0fmGmuoEWgwIDAQABo4IEFDCC
BBAwHQYDVR0OBBYEFKPnRpbv5cmhDKhkTMvRQgeQ9ZN3MIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzc0NmUwMTExLWZhZmItNDMwZi1iNzc4LWQyMDRjZmNkOTlhOC8xODgw
MDMyNC01MTUwLTQ5ODEtYTE0NC1iZGI4MGU2YmNiN2MvZGMyMzU0NzUtMjJkYS0z
Y2M3LTk3YTQtMTNhYWNkY2JkMjllLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy83NDZlMDExMS1m
YWZiLTQzMGYtYjc3OC1kMjA0Y2ZjZDk5YTgvMTg4MDAzMjQtNTE1MC00OTgxLWEx
NDQtYmRiODBlNmJjYjdjLzE4ODAwMzI0LTUxNTAtNDk4MS1hMTQ0LWJkYjgwZTZi
Y2I3Yy5jcmwwHwYDVR0jBBgwFoAUEWtHMzbZ6J21lhte76NAIq7eabYwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzc0NmUwMTExLWZhZmItNDMw
Zi1iNzc4LWQyMDRjZmNkOTlhOC8xODgwMDMyNC01MTUwLTQ5ODEtYTE0NC1iZGI4
MGU2YmNiN2MuY2VyMIHdBggrBgEFBQcBBwEB/wSBzTCByjCBxwQCAAEwgcADBAAX
5tcDBAAtJvoDBAAtJzQDBAAtJ1cDBAAtJ6sDBAAtJ7IDBAAtJ7kDBAAtJ7wDBAAt
J+8DBABopRADBABopUMDBABo/DMDBABo/J4DBABo/PADBABo/TEDBABrpdUDBABr
peYDBABrugYDBABrujYDBABrukEDBABruugDBABru34DBACIAEQDBACIAFMDBACI
ANEDBACOb48DBACO/AMDBACO/JoDBACmWE4DBACseBcDBACs/OYDBADNpCowVAYD
VR0gAQH/BEowSDBGBggrBgEFBQcOAjA6MDgGCCsGAQUFBwIBFixodHRwczovL3d3
dy5hcmluLm5ldC9yZXNvdXJjZXMvcnBraS9jcHMuaHRtbDANBgkqhkiG9w0BAQsF
AAOCAQEAgecblVcgusOOD83Zk6FN6tNkoI+AGHM+vn6++fCVu/7Jf8qEQizUpqFV
oCOh/Wv1Fpw5vCr8GughY2/WH0dUW0HHZSGcmyaDvK1X9F/mJKhC8MtfACcp4ok7
J7izffpndDE+PCjDCWvl7p4YXD4goxMFl7QNRJuaOtL+BZOivxcFI4nOkyirF3zW
K8BF65M+Eu/Rl4B4N4km4kMI/WW3edKZ2qeMMS19SVLAj2skMCiRJsF/i0eXZUtK
HYu9jsNBlVcXdjZhHqFaljz0/k6OzHhUGGpP5qYX+Yf2xHHBOPhanT4n5oick/kw
y0SwcRMp+cSMP2GLeHcFpSBcXeSbUA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:10:32 2024 by rpki-client on console-fra.rpki-client.org