Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/63a5f6f8-db62-4fa6-9f0e-264b4222665f.roa
File:                     63a5f6f8-db62-4fa6-9f0e-264b4222665f.roa (raw, json)
Hash identifier:          qgNQs62m8cJTUWxny/+TBbxqoO4ZtKYZk13e7/EaXBM=
Subject key identifier:   94:38:77:44:CB:05:6F:63:D2:7B:81:76:0C:F0:0A:28:F4:F2:B2:A6
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       44C45EF1E6DC42A1FC3861ACC9BA403F7195B611
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/63a5f6f8-db62-4fa6-9f0e-264b4222665f.roa
Signing time:             Mon 13 Nov 2023 00:00:00 +0000
ROA not before:           Mon 13 Nov 2023 00:00:00 +0000
ROA not after:            Mon 18 Dec 2023 23:59:59 +0000
asID:                     8987
IP address blocks:        216.221.160.0/19 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:c4:5e:f1:e6:dc:42:a1:fc:38:61:ac:c9:ba:40:3f:71:95:b6:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 13 00:00:00 2023 GMT
            Not After : Dec 18 23:59:59 2023 GMT
        Subject: serialNumber=9e5617db10a973273282c8c06968da65fa50fadb8dd35ede87740423bddc312a, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:15:96:68:52:ce:89:72:e5:0c:da:c1:d7:2e:
                    35:89:ab:f6:ac:14:de:fa:69:a5:ab:0b:64:31:86:
                    ce:16:d3:f6:5e:af:41:ac:fe:16:9c:bc:7c:4a:fb:
                    4f:79:86:1a:9c:47:3b:4e:08:aa:78:5a:f6:dc:be:
                    ec:ff:62:8e:67:12:e4:4f:dd:6b:f5:61:61:22:66:
                    17:a6:76:e1:7b:07:93:2d:1d:e3:d0:ae:88:3c:63:
                    9c:2d:71:7c:3c:5b:66:79:65:63:87:a8:ae:75:45:
                    af:01:c3:d6:42:15:7e:4b:d4:2b:48:75:db:99:19:
                    64:da:ea:06:a4:c8:e6:d7:23:7d:73:bf:f6:f0:04:
                    d4:bd:e2:fa:47:ae:c8:8a:9e:ba:78:d3:12:80:57:
                    96:7b:d5:c0:46:27:da:b1:b1:b1:35:23:36:2f:3e:
                    c1:6e:1e:a9:e2:53:d6:c6:d1:c0:fa:00:e4:b2:af:
                    20:2a:71:0d:ba:f9:81:83:5d:99:92:c2:32:09:a6:
                    66:c7:12:1d:9c:02:35:08:a3:9c:57:98:b9:2d:9c:
                    62:b0:fa:8b:0f:1f:9b:98:4b:e9:af:b0:b3:4d:27:
                    69:d4:ee:ae:89:a7:02:07:bd:e5:05:fc:b1:cf:ba:
                    b8:6a:ec:71:d4:2a:8e:13:b9:1d:e2:a1:09:b2:e3:
                    c3:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:38:77:44:CB:05:6F:63:D2:7B:81:76:0C:F0:0A:28:F4:F2:B2:A6
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/63a5f6f8-db62-4fa6-9f0e-264b4222665f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.221.160.0/19

    Signature Algorithm: sha256WithRSAEncryption
         9f:04:b1:85:51:ad:04:de:d7:e4:04:c0:7f:94:d5:94:9d:9e:
         01:f5:e5:5f:a5:87:2a:d4:87:0d:ff:fc:d2:cd:92:29:2a:9c:
         07:c9:b6:02:61:c4:1b:f2:88:ee:cf:6e:af:0f:36:2a:fd:9b:
         f7:5b:5f:3a:1b:93:6b:df:15:5b:20:9e:c4:cd:c7:06:ae:a6:
         57:c2:21:8e:b3:94:18:c8:85:27:f4:aa:29:3c:4f:4e:fa:42:
         15:a5:aa:37:d0:8a:72:21:dc:1c:0e:88:83:65:87:4c:93:a4:
         f5:f4:49:c6:0c:2d:eb:91:32:f8:79:ba:b7:c9:24:e9:7b:17:
         9e:3f:2f:81:ef:d0:64:8c:ea:1b:f3:e6:2b:bd:f3:ce:80:6e:
         fa:fd:0f:4d:54:a6:74:c1:68:9e:31:fa:ac:8c:3e:dc:7c:c9:
         03:da:61:8d:ca:da:ea:20:6d:d7:af:a4:19:8a:e5:ad:ad:d4:
         13:84:48:58:da:cb:df:9e:1f:9e:f3:74:ad:84:db:1c:32:d3:
         ae:91:96:30:9a:7d:3a:58:15:85:29:00:e8:da:05:ae:78:a7:
         e1:7e:aa:7d:65:e2:4b:32:55:4d:11:92:7f:c9:f8:33:a2:81:
         cb:2b:3e:4b:db:d8:21:b2:e9:a0:93:d6:24:e5:16:8a:df:a7:
         fe:34:ae:f9
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIURMRe8ebcQqH8OGGsybpAP3GVthEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjMxMTEzMDAwMDAwWhcNMjMxMjE4MjM1OTU5
WjB6MUkwRwYDVQQFE0A5ZTU2MTdkYjEwYTk3MzI3MzI4MmM4YzA2OTY4ZGE2NWZh
NTBmYWRiOGRkMzVlZGU4Nzc0MDQyM2JkZGMzMTJhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCTFZZoUs6JcuUM2sHXLjWJq/asFN76aaWrC2Qxhs4W0/Ze
r0Gs/hacvHxK+095hhqcRztOCKp4Wvbcvuz/Yo5nEuRP3Wv1YWEiZhemduF7B5Mt
HePQrog8Y5wtcXw8W2Z5ZWOHqK51Ra8Bw9ZCFX5L1CtIdduZGWTa6gakyObXI31z
v/bwBNS94vpHrsiKnrp40xKAV5Z71cBGJ9qxsbE1IzYvPsFuHqniU9bG0cD6AOSy
ryAqcQ26+YGDXZmSwjIJpmbHEh2cAjUIo5xXmLktnGKw+osPH5uYS+mvsLNNJ2nU
7q6JpwIHveUF/LHPurhq7HHUKo4TuR3ioQmy48P/AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUlDh3RMsFb2PSe4F2DPAKKPTysqYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzYzYTVmNmY4LWRiNjItNGZhNi05ZjBlLTI2NGI0MjIyNjY1Zi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAXY3aAwDQYJKoZIhvcNAQELBQADggEBAJ8EsYVRrQTe1+QEwH+U1ZSdngH1
5V+lhyrUhw3//NLNkikqnAfJtgJhxBvyiO7Pbq8PNir9m/dbXzobk2vfFVsgnsTN
xwauplfCIY6zlBjIhSf0qik8T076QhWlqjfQinIh3BwOiINlh0yTpPX0ScYMLeuR
Mvh5urfJJOl7F54/L4Hv0GSM6hvz5iu9886Abvr9D01UpnTBaJ4x+qyMPtx8yQPa
YY3K2uogbdevpBmK5a2t1BOESFjay9+eH57zdK2E2xwy066RljCafTpYFYUpAOja
Ba54p+F+qn1l4ksyVU0Rkn/J+DOigcsrPkvb2CGy6aCT1iTlForfp/40rvk=
-----END CERTIFICATE-----