Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/bc831f6b-71a6-46bb-9f64-2da80ccc244c/14c275be-5fc7-3b37-baf1-93f063cdc73f.roa
File:                     14c275be-5fc7-3b37-baf1-93f063cdc73f.roa (raw, json)
Hash identifier:          +EzurGokLI+3xuegDF3MA5pOb8kpycRrkSuyuImAzvw=
Subject key identifier:   7A:65:3B:C8:25:F7:39:42:C0:E9:F8:28:81:C6:11:D4:61:4D:EC:7A
Certificate issuer:       /CN=bc831f6b-71a6-46bb-9f64-2da80ccc244c
Certificate serial:       010D0C9F4328583735B77F6E47B5822865834280
Authority key identifier: A9:50:46:A5:5A:7E:BB:0F:CE:06:22:BA:A4:AF:11:59:F2:3E:CD:24
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/bc831f6b-71a6-46bb-9f64-2da80ccc244c.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/bc831f6b-71a6-46bb-9f64-2da80ccc244c/14c275be-5fc7-3b37-baf1-93f063cdc73f.roa
Signing time:             Fri 21 Jun 2019 04:00:00 +0000
ROA not before:           Fri 21 Jun 2019 04:00:00 +0000
ROA not after:            Mon 12 Dec 2022 05:00:00 +0000
asID:                     18254
IP address blocks:        104.143.43.0/24 maxlen: 24
                          172.81.104.0/24 maxlen: 24
                          23.186.64.0/24 maxlen: 24
                          23.249.23.0/24 maxlen: 24
                          172.81.99.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:37:35:b7:7f:6e:47:b5:82:28:65:83:42:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bc831f6b-71a6-46bb-9f64-2da80ccc244c
        Validity
            Not Before: Jun 21 04:00:00 2019 GMT
            Not After : Dec 12 05:00:00 2022 GMT
        Subject: CN=5d9a277d-2364-43ed-a8f7-6b6f815f4661
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:db:ff:80:0d:2d:45:71:c2:83:61:d9:eb:66:
                    16:02:c6:33:31:85:9b:c4:b9:39:a5:43:fb:f6:26:
                    72:db:50:65:a4:4b:f4:93:9d:01:83:2a:e5:36:69:
                    67:f4:c2:83:2e:87:c9:99:e0:ab:ea:3c:3a:c5:f1:
                    a7:17:59:aa:bb:50:34:10:ec:51:5a:65:dc:f7:e3:
                    01:75:f8:7a:ac:b1:24:4a:ab:b6:ee:1e:91:70:55:
                    2e:eb:de:78:64:84:7b:e8:08:18:dc:bb:0a:dc:75:
                    a2:86:43:c6:02:4b:8c:39:46:1d:2f:21:fb:4b:03:
                    e2:33:20:cc:77:07:a4:e4:de:04:97:15:a8:c5:6b:
                    b6:13:9a:20:52:af:46:ea:ae:df:da:f8:97:e1:28:
                    35:96:67:55:82:f5:5e:30:6f:0f:76:d3:4f:e8:08:
                    5a:48:23:09:ac:86:2e:67:65:fd:5b:58:27:7e:7b:
                    af:48:df:9c:66:20:5a:1d:b7:9b:53:b8:39:4a:49:
                    18:b7:a1:d3:99:f5:53:37:b7:7a:a0:15:ba:a5:0e:
                    c6:ca:7e:c5:10:e9:7e:aa:2f:d5:ea:f9:23:8b:ee:
                    16:08:02:6a:ea:b0:b2:f1:c9:fb:bc:cc:5f:37:0b:
                    51:8f:a3:fb:60:6e:9c:1c:55:f7:c8:ff:88:c3:ca:
                    d6:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:65:3B:C8:25:F7:39:42:C0:E9:F8:28:81:C6:11:D4:61:4D:EC:7A
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/bc831f6b-71a6-46bb-9f64-2da80ccc244c/14c275be-5fc7-3b37-baf1-93f063cdc73f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/bc831f6b-71a6-46bb-9f64-2da80ccc244c/bc831f6b-71a6-46bb-9f64-2da80ccc244c.crl

            X509v3 Authority Key Identifier:
                keyid:A9:50:46:A5:5A:7E:BB:0F:CE:06:22:BA:A4:AF:11:59:F2:3E:CD:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/bc831f6b-71a6-46bb-9f64-2da80ccc244c.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.186.64.0/24
                  23.249.23.0/24
                  104.143.43.0/24
                  172.81.99.0/24
                  172.81.104.0/24

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         36:9b:3b:d2:6a:16:89:e0:be:ff:8b:10:9c:2b:3c:78:a7:81:
         8d:0b:ba:ca:76:cf:a9:50:7e:20:cc:3c:80:96:b5:c4:ae:e7:
         27:0f:e4:ea:06:5c:2b:c3:ed:bc:93:a8:39:06:f2:46:e9:03:
         7a:8d:42:48:9d:b6:e9:2f:1e:4d:ac:3d:b2:94:6a:75:19:3b:
         71:81:93:03:15:90:8f:16:26:70:0e:35:4d:74:ac:40:33:74:
         56:0c:a9:1f:62:b7:73:04:6c:49:95:26:c8:db:b0:31:c9:ba:
         00:52:6b:f7:3c:34:25:56:e5:d1:ad:ce:40:7b:08:93:f7:1a:
         ff:42:3a:8c:91:1e:35:78:e3:02:eb:8b:65:ae:ad:e2:bc:5e:
         65:a1:b6:f3:a6:6f:92:49:d1:2c:a4:54:2a:d1:c7:d3:1a:8a:
         f6:03:13:77:01:c1:4f:25:21:a3:ba:3c:04:51:91:5a:d2:05:
         b8:7b:af:7d:89:9a:84:ec:1d:34:f3:97:89:9b:8b:32:2e:23:
         40:a7:0c:f5:28:d5:33:be:c2:f9:dc:a0:71:45:a0:43:b2:34:
         1e:ae:05:c0:11:0e:03:ca:a3:6d:bb:8f:62:4c:f7:73:79:f9:
         65:93:6c:d4:f8:f9:ba:da:d4:65:f5:4c:16:df:a8:3b:d9:55:
         2b:b4:9a:87
-----BEGIN CERTIFICATE-----
MIIGWzCCBUOgAwIBAgIUAQ0Mn0MoWDc1t39uR7WCKGWDQoAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkYmM4MzFmNmItNzFhNi00NmJiLTlmNjQtMmRhODBjY2My
NDRjMB4XDTE5MDYyMTA0MDAwMFoXDTIyMTIxMjA1MDAwMFowLzEtMCsGA1UEAxMk
NWQ5YTI3N2QtMjM2NC00M2VkLWE4ZjctNmI2ZjgxNWY0NjYxMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3dv/gA0tRXHCg2HZ62YWAsYzMYWbxLk5pUP7
9iZy21BlpEv0k50BgyrlNmln9MKDLofJmeCr6jw6xfGnF1mqu1A0EOxRWmXc9+MB
dfh6rLEkSqu27h6RcFUu6954ZIR76AgY3LsK3HWihkPGAkuMOUYdLyH7SwPiMyDM
dwek5N4ElxWoxWu2E5ogUq9G6q7f2viX4Sg1lmdVgvVeMG8PdtNP6AhaSCMJrIYu
Z2X9W1gnfnuvSN+cZiBaHbebU7g5SkkYt6HTmfVTN7d6oBW6pQ7Gyn7FEOl+qi/V
6vkji+4WCAJq6rCy8cn7vMxfNwtRj6P7YG6cHFX3yP+Iw8rWVQIDAQABo4IDbTCC
A2kwHQYDVR0OBBYEFHplO8gl9zlCwOn4KIHGEdRhTex6MIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzL2Y2MGM5ZjMyLWE4N2MtNDMzOS1hMmYzLTYyOTlhM2IwMmUyOS9iYzgz
MWY2Yi03MWE2LTQ2YmItOWY2NC0yZGE4MGNjYzI0NGMvMTRjMjc1YmUtNWZjNy0z
YjM3LWJhZjEtOTNmMDYzY2RjNzNmLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy9mNjBjOWYzMi1h
ODdjLTQzMzktYTJmMy02Mjk5YTNiMDJlMjkvYmM4MzFmNmItNzFhNi00NmJiLTlm
NjQtMmRhODBjY2MyNDRjL2JjODMxZjZiLTcxYTYtNDZiYi05ZjY0LTJkYTgwY2Nj
MjQ0Yy5jcmwwHwYDVR0jBBgwFoAUqVBGpVp+uw/OBiK6pK8RWfI+zSQwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzL2Y2MGM5ZjMyLWE4N2MtNDMz
OS1hMmYzLTYyOTlhM2IwMmUyOS9iYzgzMWY2Yi03MWE2LTQ2YmItOWY2NC0yZGE4
MGNjYzI0NGMuY2VyMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQAF7pAAwQA
F/kXAwQAaI8rAwQArFFjAwQArFFoMFQGA1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIw
OjA4BggrBgEFBQcCARYsaHR0cHM6Ly93d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jw
a2kvY3BzLmh0bWwwDQYJKoZIhvcNAQELBQADggEBADabO9JqFongvv+LEJwrPHin
gY0Lusp2z6lQfiDMPICWtcSu5ycP5OoGXCvD7byTqDkG8kbpA3qNQkidtukvHk2s
PbKUanUZO3GBkwMVkI8WJnAONU10rEAzdFYMqR9it3MEbEmVJsjbsDHJugBSa/c8
NCVW5dGtzkB7CJP3Gv9COoyRHjV44wLri2WureK8XmWhtvOmb5JJ0SykVCrRx9Ma
ivYDE3cBwU8lIaO6PARRkVrSBbh7r32JmoTsHTTzl4mbizIuI0CnDPUo1TO+wvnc
oHFFoEOyNB6uBcARDgPKo227j2JM93N5+WWTbNT4+bra1GX1TBbfqDvZVSu0moc=
-----END CERTIFICATE-----