Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/10c40112-bc85-4f75-9bb0-471ec84ba3fe/2fb86253-f194-3b83-995b-1f89dae91696.roa
File:                     2fb86253-f194-3b83-995b-1f89dae91696.roa (raw, json)
Hash identifier:          v9eECTmkeyzJulYsyHXCLMmESDSTaVFLo+1DjoniZsA=
Subject key identifier:   4A:BB:35:97:62:05:FF:03:B2:63:44:68:DF:2F:B6:52:20:66:C2:06
Certificate issuer:       /CN=10c40112-bc85-4f75-9bb0-471ec84ba3fe
Certificate serial:       010D0C9F432858450525743BB92194F086BA7BC0
Authority key identifier: D8:E2:5C:0F:58:98:94:D9:C7:71:B2:BE:F6:62:B1:81:17:88:2A:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/10c40112-bc85-4f75-9bb0-471ec84ba3fe.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/10c40112-bc85-4f75-9bb0-471ec84ba3fe/2fb86253-f194-3b83-995b-1f89dae91696.roa
Signing time:             Mon 26 Feb 2024 14:00:31 +0000
ROA not before:           Mon 26 Feb 2024 14:00:31 +0000
ROA not after:            Sun 26 May 2024 13:00:31 +0000
asID:                     63436
IP address blocks:        162.250.32.0/21 maxlen: 21

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:45:05:25:74:3b:b9:21:94:f0:86:ba:7b:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=10c40112-bc85-4f75-9bb0-471ec84ba3fe
        Validity
            Not Before: Feb 26 14:00:31 2024 GMT
            Not After : May 26 13:00:31 2024 GMT
        Subject: CN=e4b4f147-8cd8-4e41-b5bb-81e5412b58dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:60:6c:a7:a6:fc:fd:61:65:e4:98:9a:9f:f4:
                    1a:9d:7a:42:dd:27:88:db:3b:9c:32:ca:10:5b:9b:
                    64:42:7d:a4:eb:6e:11:9f:f2:9b:a7:46:4e:ff:eb:
                    d6:68:19:8c:eb:ef:67:a4:cb:9f:ec:b3:4a:00:5c:
                    36:ba:8f:7b:da:fa:26:99:d6:d1:c1:ab:47:5a:e1:
                    96:0e:2b:55:1b:95:8e:8a:18:9b:60:0e:52:5a:be:
                    86:b0:44:48:5d:62:e4:a7:0a:68:f6:e7:f4:fb:0d:
                    fc:7a:60:fc:ba:e4:32:26:19:37:bf:6f:55:ca:8f:
                    2d:d4:af:00:bf:ad:33:e6:cc:62:98:cd:40:f7:72:
                    52:51:9f:2b:7f:69:07:b4:03:d5:26:3f:49:0e:42:
                    ca:0e:93:b3:67:da:b4:0e:08:4c:ec:a0:f3:b4:c3:
                    d2:60:55:03:ef:d2:93:20:c1:cc:03:f7:7c:d6:89:
                    2e:ae:a5:a8:77:f3:95:ec:f2:06:5d:6a:95:98:42:
                    4c:b8:02:82:7d:04:c1:4d:30:0d:16:f7:60:dd:0c:
                    55:ae:04:b6:60:c6:72:5f:9b:3f:1b:c7:64:78:72:
                    89:61:a3:ea:a6:09:e1:62:da:b3:53:6b:fc:eb:10:
                    dc:a4:29:2a:90:4a:9b:96:2d:ff:48:55:e8:e9:ff:
                    b2:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:BB:35:97:62:05:FF:03:B2:63:44:68:DF:2F:B6:52:20:66:C2:06
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/10c40112-bc85-4f75-9bb0-471ec84ba3fe/2fb86253-f194-3b83-995b-1f89dae91696.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/10c40112-bc85-4f75-9bb0-471ec84ba3fe/10c40112-bc85-4f75-9bb0-471ec84ba3fe.crl

            X509v3 Authority Key Identifier:
                keyid:D8:E2:5C:0F:58:98:94:D9:C7:71:B2:BE:F6:62:B1:81:17:88:2A:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/10c40112-bc85-4f75-9bb0-471ec84ba3fe.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  162.250.32.0/21

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         27:51:58:49:ca:1b:9e:40:d3:bb:57:3e:23:e7:07:4f:74:54:
         bb:e7:25:5c:e4:42:6e:80:92:a5:e3:84:8f:d5:ca:48:30:33:
         dc:e0:da:1e:ac:ec:d1:a3:de:b5:13:5b:5c:05:6d:09:18:5d:
         33:bc:00:34:2f:61:bb:c1:3e:a2:3c:87:4e:08:12:8d:63:4d:
         e6:bc:40:a0:a0:e8:3f:dd:13:09:24:bb:25:60:ac:44:5a:cf:
         d4:51:eb:c0:fe:88:0d:c4:ef:1b:13:74:d1:14:51:fd:de:8f:
         78:e3:4a:f6:c7:a8:84:18:3d:ee:74:d8:9d:d8:4c:04:5a:18:
         66:8a:87:52:02:f4:db:fd:0f:c0:c6:62:86:f9:58:27:2e:1e:
         af:5a:62:84:07:10:cd:b7:0b:a9:bb:e3:76:15:d3:46:35:47:
         ca:1e:ae:f7:79:c6:25:e6:d3:d4:ee:79:84:09:79:a8:0f:2d:
         de:0c:30:d5:e3:40:25:34:1f:7c:f5:54:52:0c:94:a0:42:86:
         28:d3:27:75:82:0b:54:e2:11:20:14:69:8d:d1:15:39:82:79:
         3f:a4:c5:bf:20:9b:14:37:18:44:f8:60:49:d5:f6:04:61:91:
         dd:87:90:2b:9c:0d:2f:b7:3c:9d:25:f5:92:d6:39:ed:93:d7:
         67:9c:c6:e4
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWEUFJXQ7uSGU8Ia6e8AwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkMTBjNDAxMTItYmM4NS00Zjc1LTliYjAtNDcxZWM4NGJh
M2ZlMB4XDTI0MDIyNjE0MDAzMVoXDTI0MDUyNjEzMDAzMVowLzEtMCsGA1UEAxMk
ZTRiNGYxNDctOGNkOC00ZTQxLWI1YmItODFlNTQxMmI1OGRkMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoGBsp6b8/WFl5Jian/QanXpC3SeI2zucMsoQ
W5tkQn2k624Rn/Kbp0ZO/+vWaBmM6+9npMuf7LNKAFw2uo972vommdbRwatHWuGW
DitVG5WOihibYA5SWr6GsERIXWLkpwpo9uf0+w38emD8uuQyJhk3v29Vyo8t1K8A
v60z5sximM1A93JSUZ8rf2kHtAPVJj9JDkLKDpOzZ9q0DghM7KDztMPSYFUD79KT
IMHMA/d81okurqWod/OV7PIGXWqVmEJMuAKCfQTBTTANFvdg3QxVrgS2YMZyX5s/
G8dkeHKJYaPqpgnhYtqzU2v86xDcpCkqkEqbli3/SFXo6f+ylwIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFEq7NZdiBf8DsmNEaN8vtlIgZsIGMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xMGM0
MDExMi1iYzg1LTRmNzUtOWJiMC00NzFlYzg0YmEzZmUvMmZiODYyNTMtZjE5NC0z
YjgzLTk5NWItMWY4OWRhZTkxNjk2LnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy8wMzU3MjcyYy1h
NzlhLTQ1YmYtOTU4Ni05MmRkNDllZjMyMjMvMTBjNDAxMTItYmM4NS00Zjc1LTli
YjAtNDcxZWM4NGJhM2ZlLzEwYzQwMTEyLWJjODUtNGY3NS05YmIwLTQ3MWVjODRi
YTNmZS5jcmwwHwYDVR0jBBgwFoAU2OJcD1iYlNnHcbK+9mKxgReIKrgwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzAzNTcyNzJjLWE3OWEtNDVi
Zi05NTg2LTkyZGQ0OWVmMzIyMy8xMGM0MDExMi1iYzg1LTRmNzUtOWJiMC00NzFl
Yzg0YmEzZmUuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDovogMFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBACdRWEnKG55A07tXPiPnB090VLvnJVzkQm6AkqXjhI/VykgwM9zg2h6s
7NGj3rUTW1wFbQkYXTO8ADQvYbvBPqI8h04IEo1jTea8QKCg6D/dEwkkuyVgrERa
z9RR68D+iA3E7xsTdNEUUf3ej3jjSvbHqIQYPe502J3YTARaGGaKh1IC9Nv9D8DG
Yob5WCcuHq9aYoQHEM23C6m743YV00Y1R8oervd5xiXm09TueYQJeagPLd4MMNXj
QCU0H3z1VFIMlKBChijTJ3WCC1TiESAUaY3RFTmCeT+kxb8gmxQ3GET4YEnV9gRh
kd2HkCucDS+3PJ0l9ZLWOe2T12ecxuQ=
-----END CERTIFICATE-----