Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/417c06d0-3203-44fd-b164-0aed50f5638b/bcb1a241-3c25-331e-a37c-27947141ba01.roa
File:                     bcb1a241-3c25-331e-a37c-27947141ba01.roa (raw, json)
Hash identifier:          xXnZMCA0lbvAdIXvSD6tlBb+hLDMdP4nVVVhSBkVARA=
Subject key identifier:   1C:96:7E:65:AB:53:CF:18:EF:DC:98:36:04:8C:80:5E:E9:57:5E:D4
Certificate issuer:       /CN=417c06d0-3203-44fd-b164-0aed50f5638b
Certificate serial:       010D0C9F432858414DE28696AFC60F8E37A82580
Authority key identifier: 00:CE:A0:C5:4C:5A:68:B3:D1:09:2A:66:78:F3:83:C9:42:07:C5:FD
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/417c06d0-3203-44fd-b164-0aed50f5638b.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/417c06d0-3203-44fd-b164-0aed50f5638b/bcb1a241-3c25-331e-a37c-27947141ba01.roa
Signing time:             Mon 13 Dec 2021 20:50:23 +0000
ROA not before:           Mon 13 Dec 2021 20:50:23 +0000
ROA not after:            Sat 24 Jun 2023 04:00:00 +0000
asID:                     2914
IP address blocks:        69.7.72.0/22 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:41:4d:e2:86:96:af:c6:0f:8e:37:a8:25:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=417c06d0-3203-44fd-b164-0aed50f5638b
        Validity
            Not Before: Dec 13 20:50:23 2021 GMT
            Not After : Jun 24 04:00:00 2023 GMT
        Subject: CN=67990936-6940-4883-ba8c-e20ef6fa9a03
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:50:00:08:ab:e3:0f:ad:62:0d:78:c0:e1:09:
                    3d:1c:8a:a2:c4:23:99:d3:2d:19:79:c2:99:11:03:
                    b5:b7:d9:57:26:92:06:73:18:fb:b7:5b:ad:f8:8d:
                    dc:44:9c:84:4b:d9:6c:04:66:93:05:44:a3:c3:3d:
                    24:f8:fe:f1:17:a9:60:77:29:f8:34:1c:92:89:b7:
                    bd:ab:23:0e:b6:65:f4:62:27:86:9f:e7:77:51:6f:
                    18:1e:e5:29:35:d9:4b:f7:5b:ff:99:61:a8:45:c6:
                    93:49:c3:97:27:3a:00:03:d5:8b:54:bc:a7:ba:8c:
                    4f:2c:89:96:d5:e6:c7:b8:12:4b:58:45:1a:44:c1:
                    ac:22:fc:02:40:98:15:2f:87:a2:44:85:a8:20:92:
                    ea:65:a1:c8:a8:cc:eb:e0:ad:3a:96:31:3e:26:a9:
                    ac:03:39:59:53:9a:47:92:54:6d:f0:01:5a:50:c1:
                    34:98:7a:a5:eb:a7:c5:d8:a2:0c:19:6a:cc:bd:85:
                    d6:4e:c9:47:ee:d3:27:e6:a7:5b:7a:a7:8e:b8:65:
                    12:d9:12:92:c8:64:37:6d:18:5b:fd:b8:08:88:8e:
                    12:f8:70:4f:cd:27:d6:ac:6c:8b:f0:a0:24:b1:3f:
                    b0:21:79:4e:4e:10:71:80:4f:dc:05:5a:3d:75:10:
                    8c:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:96:7E:65:AB:53:CF:18:EF:DC:98:36:04:8C:80:5E:E9:57:5E:D4
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/417c06d0-3203-44fd-b164-0aed50f5638b/bcb1a241-3c25-331e-a37c-27947141ba01.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/417c06d0-3203-44fd-b164-0aed50f5638b/417c06d0-3203-44fd-b164-0aed50f5638b.crl

            X509v3 Authority Key Identifier:
                keyid:00:CE:A0:C5:4C:5A:68:B3:D1:09:2A:66:78:F3:83:C9:42:07:C5:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/417c06d0-3203-44fd-b164-0aed50f5638b.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  69.7.72.0/22

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         5a:9e:02:1b:86:75:dc:59:f6:4f:df:51:c8:14:20:7a:98:fe:
         76:8b:c4:23:0d:6f:69:8d:31:16:e3:4f:b3:81:0e:95:ac:d4:
         cb:79:ae:08:96:a3:4d:19:28:00:6a:37:40:b2:74:cd:0c:15:
         17:92:ae:e5:35:a2:75:88:64:17:08:46:7f:95:66:4e:6a:25:
         b8:ca:5b:19:53:70:67:5c:db:c5:52:5b:2c:4d:75:36:54:18:
         57:e1:3b:5c:f4:6a:db:75:9b:a7:06:a4:9a:c9:8b:3e:3a:a4:
         f3:7d:35:6b:88:8f:ce:cb:df:71:86:ae:3e:29:75:6d:2d:47:
         e0:de:79:30:f0:00:26:e9:54:2a:40:ce:f4:35:b5:6c:5d:38:
         06:91:db:6f:c6:c0:8f:b1:c4:20:9b:e0:7f:8d:a0:12:0f:de:
         40:6f:cc:58:27:30:05:cc:fc:eb:9b:88:10:df:0a:06:39:95:
         a9:53:b2:44:5e:56:69:76:d1:e5:e4:5f:33:37:ed:24:3a:a1:
         e8:d4:0f:a2:c4:08:f1:e4:f0:61:a8:40:0d:a0:d1:c8:97:21:
         04:c1:3a:3d:4b:fa:26:08:84:17:15:00:7b:a9:dc:a1:6b:28:
         5e:43:b6:3c:a6:98:5b:76:3f:65:08:18:61:49:7b:f8:d5:0f:
         7a:ff:8a:e2
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWEFN4oaWr8YPjjeoJYAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkNDE3YzA2ZDAtMzIwMy00NGZkLWIxNjQtMGFlZDUwZjU2
MzhiMB4XDTIxMTIxMzIwNTAyM1oXDTIzMDYyNDA0MDAwMFowLzEtMCsGA1UEAxMk
Njc5OTA5MzYtNjk0MC00ODgzLWJhOGMtZTIwZWY2ZmE5YTAzMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0FAACKvjD61iDXjA4Qk9HIqixCOZ0y0ZecKZ
EQO1t9lXJpIGcxj7t1ut+I3cRJyES9lsBGaTBUSjwz0k+P7xF6lgdyn4NBySibe9
qyMOtmX0YieGn+d3UW8YHuUpNdlL91v/mWGoRcaTScOXJzoAA9WLVLynuoxPLImW
1ebHuBJLWEUaRMGsIvwCQJgVL4eiRIWoIJLqZaHIqMzr4K06ljE+JqmsAzlZU5pH
klRt8AFaUME0mHql66fF2KIMGWrMvYXWTslH7tMn5qdbeqeOuGUS2RKSyGQ3bRhb
/bgIiI4S+HBPzSfWrGyL8KAksT+wIXlOThBxgE/cBVo9dRCM6wIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFByWfmWrU88Y79yYNgSMgF7pV17UMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy80MTdj
MDZkMC0zMjAzLTQ0ZmQtYjE2NC0wYWVkNTBmNTYzOGIvYmNiMWEyNDEtM2MyNS0z
MzFlLWEzN2MtMjc5NDcxNDFiYTAxLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy81MjFlYjMzZi05
NjcyLTRjZDktYWNjZS0xMzcyMjdlOTcxYWMvNDE3YzA2ZDAtMzIwMy00NGZkLWIx
NjQtMGFlZDUwZjU2MzhiLzQxN2MwNmQwLTMyMDMtNDRmZC1iMTY0LTBhZWQ1MGY1
NjM4Yi5jcmwwHwYDVR0jBBgwFoAUAM6gxUxaaLPRCSpmePODyUIHxf0wDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzUyMWViMzNmLTk2NzItNGNk
OS1hY2NlLTEzNzIyN2U5NzFhYy80MTdjMDZkMC0zMjAzLTQ0ZmQtYjE2NC0wYWVk
NTBmNTYzOGIuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCRQdIMFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBAFqeAhuGddxZ9k/fUcgUIHqY/naLxCMNb2mNMRbjT7OBDpWs1Mt5rgiW
o00ZKABqN0CydM0MFReSruU1onWIZBcIRn+VZk5qJbjKWxlTcGdc28VSWyxNdTZU
GFfhO1z0att1m6cGpJrJiz46pPN9NWuIj87L33GGrj4pdW0tR+DeeTDwACbpVCpA
zvQ1tWxdOAaR22/GwI+xxCCb4H+NoBIP3kBvzFgnMAXM/OubiBDfCgY5lalTskRe
Vml20eXkXzM37SQ6oejUD6LECPHk8GGoQA2g0ciXIQTBOj1L+iYIhBcVAHup3KFr
KF5DtjymmFt2P2UIGGFJe/jVD3r/iuI=
-----END CERTIFICATE-----