Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/10c40112-bc85-4f75-9bb0-471ec84ba3fe/842fc1e0-d745-3335-8f2b-284592e4eae9.roa
File:                     842fc1e0-d745-3335-8f2b-284592e4eae9.roa (raw, json)
Hash identifier:          yFB7U6tVzOZfJaHvRiVi8uu00u9OtortMIrUASMN4SI=
Subject key identifier:   00:5E:0B:1C:8C:DD:2A:A6:B0:1F:BA:6D:CD:3D:37:D8:B9:79:38:AF
Certificate issuer:       /CN=10c40112-bc85-4f75-9bb0-471ec84ba3fe
Certificate serial:       010D0C9F432858450525742127EFADB5D4E71780
Authority key identifier: D8:E2:5C:0F:58:98:94:D9:C7:71:B2:BE:F6:62:B1:81:17:88:2A:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/10c40112-bc85-4f75-9bb0-471ec84ba3fe.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/10c40112-bc85-4f75-9bb0-471ec84ba3fe/842fc1e0-d745-3335-8f2b-284592e4eae9.roa
Signing time:             Mon 26 Feb 2024 14:00:31 +0000
ROA not before:           Mon 26 Feb 2024 14:00:31 +0000
ROA not after:            Sun 26 May 2024 13:00:31 +0000
asID:                     63436
IP address blocks:        2602:ff68::/36 maxlen: 36

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:45:05:25:74:21:27:ef:ad:b5:d4:e7:17:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=10c40112-bc85-4f75-9bb0-471ec84ba3fe
        Validity
            Not Before: Feb 26 14:00:31 2024 GMT
            Not After : May 26 13:00:31 2024 GMT
        Subject: CN=23f42f76-e18f-457a-b0da-42847929e159
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:ec:79:10:05:39:68:22:6a:a9:63:54:c8:0d:
                    26:33:3c:79:76:25:22:80:b0:c0:d4:1e:52:10:3b:
                    80:8b:c2:68:56:9a:43:e7:2d:bb:66:0b:dc:7e:2c:
                    cc:80:af:ee:fd:9a:4e:58:38:35:0a:d5:65:5f:0b:
                    f1:23:99:25:d3:d7:6f:a7:ac:1d:a2:c6:0b:8e:1f:
                    df:dd:45:df:ec:8a:4b:03:58:32:be:bb:b7:64:f0:
                    0d:f9:aa:7f:64:d5:62:0b:e8:3a:e5:ec:e6:bf:44:
                    4f:7e:74:cd:c8:c1:39:4d:b4:b0:d3:07:84:41:1e:
                    89:2d:42:e1:3e:d9:a1:5e:cc:1a:52:08:95:93:b8:
                    79:45:db:e1:55:e7:21:66:e7:e6:ba:4c:9e:70:9f:
                    4b:9b:3e:84:62:1c:f8:bc:9b:77:3a:51:ff:98:ba:
                    2a:49:15:bf:b4:d3:bb:78:91:eb:ee:3d:8c:e1:cd:
                    be:d9:f8:c7:a1:39:76:35:6e:37:e0:5c:09:ed:2a:
                    f2:8f:60:44:ac:f2:de:7e:15:f4:23:23:ef:3e:b7:
                    c1:5c:2e:a4:ef:1b:70:12:56:90:4d:3c:96:7a:66:
                    cc:4b:49:a1:6b:1a:69:14:4b:04:8b:9b:6b:58:bf:
                    80:37:14:5a:70:e2:b5:a3:95:e2:ab:d3:ec:ef:60:
                    d9:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:5E:0B:1C:8C:DD:2A:A6:B0:1F:BA:6D:CD:3D:37:D8:B9:79:38:AF
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/10c40112-bc85-4f75-9bb0-471ec84ba3fe/842fc1e0-d745-3335-8f2b-284592e4eae9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/10c40112-bc85-4f75-9bb0-471ec84ba3fe/10c40112-bc85-4f75-9bb0-471ec84ba3fe.crl

            X509v3 Authority Key Identifier:
                keyid:D8:E2:5C:0F:58:98:94:D9:C7:71:B2:BE:F6:62:B1:81:17:88:2A:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/10c40112-bc85-4f75-9bb0-471ec84ba3fe.cer

            sbgp-ipAddrBlock: critical
                IPv6:
                  2602:ff68::/36

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         23:f3:7b:4a:1b:78:7c:e3:c3:60:fd:2d:77:19:a5:7e:ba:9e:
         1b:c3:a1:ca:c1:94:f6:95:35:f0:95:cb:bc:a6:4c:81:37:7b:
         83:57:dc:91:ae:37:b7:bc:31:8f:23:29:2a:ab:f2:bb:22:65:
         d6:9a:07:ad:cd:49:9a:15:95:17:5a:24:31:3d:ac:ba:92:9c:
         61:22:d6:b2:ee:cc:af:59:1c:1d:c1:e8:63:ad:4c:89:67:e4:
         8e:9b:16:94:69:81:64:a8:67:89:23:cb:d0:22:70:b0:9f:08:
         12:f9:b0:70:be:96:21:3e:ae:b7:a2:41:bd:b5:4d:8e:86:44:
         72:1f:e4:4f:fe:7c:bd:79:8e:8c:2f:13:28:17:38:62:af:74:
         b4:3f:16:b2:ed:18:01:58:d6:a3:f3:f7:56:05:18:1e:8f:1f:
         f3:bc:de:de:e6:f9:b5:7d:fa:81:08:ab:8e:ec:2a:25:58:13:
         ca:fe:c6:29:ce:0c:19:03:6e:b4:33:62:f4:95:9f:38:d1:ea:
         10:89:66:12:e0:c0:42:50:5f:6c:e6:0f:04:08:b2:4a:e2:a6:
         5c:f4:57:18:ed:36:c9:7c:33:ad:68:bb:dc:63:6e:23:25:d6:
         1c:2c:43:6d:49:de:bc:f2:47:79:9a:f3:98:e3:99:88:57:c7:
         4e:68:2e:25
-----BEGIN CERTIFICATE-----
MIIGRTCCBS2gAwIBAgIUAQ0Mn0MoWEUFJXQhJ++ttdTnF4AwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkMTBjNDAxMTItYmM4NS00Zjc1LTliYjAtNDcxZWM4NGJh
M2ZlMB4XDTI0MDIyNjE0MDAzMVoXDTI0MDUyNjEzMDAzMVowLzEtMCsGA1UEAxMk
MjNmNDJmNzYtZTE4Zi00NTdhLWIwZGEtNDI4NDc5MjllMTU5MIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi+x5EAU5aCJqqWNUyA0mMzx5diUigLDA1B5S
EDuAi8JoVppD5y27ZgvcfizMgK/u/ZpOWDg1CtVlXwvxI5kl09dvp6wdosYLjh/f
3UXf7IpLA1gyvru3ZPAN+ap/ZNViC+g65ezmv0RPfnTNyME5TbSw0weEQR6JLULh
PtmhXswaUgiVk7h5RdvhVechZufmukyecJ9Lmz6EYhz4vJt3OlH/mLoqSRW/tNO7
eJHr7j2M4c2+2fjHoTl2NW434FwJ7Sryj2BErPLefhX0IyPvPrfBXC6k7xtwElaQ
TTyWembMS0mhaxppFEsEi5trWL+ANxRacOK1o5Xiq9Ps72DZNQIDAQABo4IDVzCC
A1MwHQYDVR0OBBYEFABeCxyM3SqmsB+6bc09N9i5eTivMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xMGM0
MDExMi1iYzg1LTRmNzUtOWJiMC00NzFlYzg0YmEzZmUvODQyZmMxZTAtZDc0NS0z
MzM1LThmMmItMjg0NTkyZTRlYWU5LnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy8wMzU3MjcyYy1h
NzlhLTQ1YmYtOTU4Ni05MmRkNDllZjMyMjMvMTBjNDAxMTItYmM4NS00Zjc1LTli
YjAtNDcxZWM4NGJhM2ZlLzEwYzQwMTEyLWJjODUtNGY3NS05YmIwLTQ3MWVjODRi
YTNmZS5jcmwwHwYDVR0jBBgwFoAU2OJcD1iYlNnHcbK+9mKxgReIKrgwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzAzNTcyNzJjLWE3OWEtNDVi
Zi05NTg2LTkyZGQ0OWVmMzIyMy8xMGM0MDExMi1iYzg1LTRmNzUtOWJiMC00NzFl
Yzg0YmEzZmUuY2VyMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYEJgL/aAAw
VAYDVR0gAQH/BEowSDBGBggrBgEFBQcOAjA6MDgGCCsGAQUFBwIBFixodHRwczov
L3d3dy5hcmluLm5ldC9yZXNvdXJjZXMvcnBraS9jcHMuaHRtbDANBgkqhkiG9w0B
AQsFAAOCAQEAI/N7Sht4fOPDYP0tdxmlfrqeG8OhysGU9pU18JXLvKZMgTd7g1fc
ka43t7wxjyMpKqvyuyJl1poHrc1JmhWVF1okMT2supKcYSLWsu7Mr1kcHcHoY61M
iWfkjpsWlGmBZKhniSPL0CJwsJ8IEvmwcL6WIT6ut6JBvbVNjoZEch/kT/58vXmO
jC8TKBc4Yq90tD8Wsu0YAVjWo/P3VgUYHo8f87ze3ub5tX36gQirjuwqJVgTyv7G
Kc4MGQNutDNi9JWfONHqEIlmEuDAQlBfbOYPBAiySuKmXPRXGO02yXwzrWi73GNu
IyXWHCxDbUnevPJHeZrzmOOZiFfHTmguJQ==
-----END CERTIFICATE-----