Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/0118e41f-94dc-31bf-9a21-96fa963f59fa.roa
File:                     0118e41f-94dc-31bf-9a21-96fa963f59fa.roa (raw, json)
Hash identifier:          wTQ3nBouPsSpKZ+jg7lh5vj4OhebyF1tFhv507DM52w=
Subject key identifier:   AD:AC:B5:13:EA:45:DB:3A:2C:C4:01:66:D2:20:FB:FB:A6:63:EA:ED
Certificate issuer:       /CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
Certificate serial:       010D0C9F432858455333225141BBE72E64C4B100
Authority key identifier: 77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/0118e41f-94dc-31bf-9a21-96fa963f59fa.roa
Signing time:             Mon 25 Mar 2024 13:00:33 +0000
ROA not before:           Mon 25 Mar 2024 13:00:33 +0000
ROA not after:            Sun 23 Jun 2024 13:00:33 +0000
asID:                     7029
IP address blocks:        209.92.36.0/23 maxlen: 23

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:45:53:33:22:51:41:bb:e7:2e:64:c4:b1:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
        Validity
            Not Before: Mar 25 13:00:33 2024 GMT
            Not After : Jun 23 13:00:33 2024 GMT
        Subject: CN=2194676c-6765-48aa-a758-9dfc736c8e62
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:32:8c:99:81:ea:b3:1b:07:0d:a4:7d:68:f1:
                    c6:53:39:17:45:7b:af:52:40:1e:a6:af:58:eb:8d:
                    aa:10:51:52:1f:cb:4c:75:10:fe:36:03:56:6e:e5:
                    84:49:57:e7:de:26:0b:01:dd:4e:12:58:21:f4:41:
                    c1:b7:e5:3d:10:bc:0c:21:15:ef:b8:a3:50:92:f0:
                    9d:fc:8e:72:cd:c0:40:3c:1d:ad:99:18:21:d8:ce:
                    e6:01:53:32:cd:d0:ec:f4:b2:c1:5a:f8:c7:c5:69:
                    02:73:9e:0b:8c:f4:01:e7:33:05:a5:1b:d0:62:04:
                    3e:e7:e7:8f:5c:ac:f7:02:e9:7c:93:c4:4c:c5:6a:
                    f9:cc:c3:1b:45:d5:ef:78:36:a8:0b:69:6d:d8:fb:
                    86:b2:80:0a:88:57:f1:ea:3d:c1:5d:32:09:dc:fd:
                    38:2d:eb:4f:4f:e9:15:d2:99:6d:31:c5:6e:0b:0b:
                    02:5e:f1:90:b6:66:87:32:44:dd:80:27:92:51:08:
                    ee:43:41:b4:78:49:14:c5:fe:da:1d:c0:91:a7:ee:
                    74:ea:8d:2b:b4:9a:f2:87:5c:24:cd:d1:62:45:f7:
                    e7:30:7a:6b:fd:4a:47:4b:a8:d7:1c:2d:09:64:eb:
                    ac:8e:67:c7:c8:25:aa:40:a9:b3:a1:c1:3a:fb:30:
                    8c:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:AC:B5:13:EA:45:DB:3A:2C:C4:01:66:D2:20:FB:FB:A6:63:EA:ED
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/0118e41f-94dc-31bf-9a21-96fa963f59fa.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/49bd506e-447c-48e7-9d44-4b373b35b2d3.crl

            X509v3 Authority Key Identifier:
                keyid:77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  209.92.36.0/23

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         14:2d:56:75:d5:c6:31:6d:2f:33:c3:13:cd:e2:2e:a2:23:86:
         54:77:78:54:e3:da:db:c8:8f:e4:a6:d0:ff:bf:b9:e7:83:cc:
         a9:c4:82:7e:95:de:1f:1b:fa:05:f3:55:cf:26:b0:77:fc:24:
         41:a2:e4:aa:29:59:c6:bc:91:35:48:4b:61:04:9b:7c:1d:a6:
         ea:df:39:81:d8:e5:e5:17:d4:d2:20:f4:ea:8c:a8:75:25:33:
         79:d3:75:04:33:ad:d4:76:67:81:1e:68:c3:c7:a1:97:8d:6e:
         04:79:a9:fa:33:f6:1b:b6:d8:33:55:8a:84:4f:df:b5:3a:bd:
         38:64:09:2b:d5:df:98:59:04:ac:4b:d2:17:d0:3c:a6:16:3f:
         1f:37:89:b8:cb:91:b1:3e:0f:52:83:f4:3a:44:69:04:71:f4:
         d2:3e:0d:cb:12:88:52:e0:48:54:6d:f5:e4:f9:4b:7c:54:b8:
         bd:80:c0:9b:85:d6:38:ca:80:2d:dc:b5:48:e9:87:74:82:af:
         3b:42:15:ca:bf:c0:2a:aa:cd:02:dc:07:24:80:ee:e8:75:5c:
         99:ba:5b:56:6b:e3:fc:35:4d:31:7a:df:cc:93:a4:ab:07:1b:
         76:ad:7d:29:f7:17:96:cf:09:f5:84:56:7f:c3:e5:5e:c7:07:
         64:2c:40:36
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWEVTMyJRQbvnLmTEsQAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkNDliZDUwNmUtNDQ3Yy00OGU3LTlkNDQtNGIzNzNiMzVi
MmQzMB4XDTI0MDMyNTEzMDAzM1oXDTI0MDYyMzEzMDAzM1owLzEtMCsGA1UEAxMk
MjE5NDY3NmMtNjc2NS00OGFhLWE3NTgtOWRmYzczNmM4ZTYyMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhDKMmYHqsxsHDaR9aPHGUzkXRXuvUkAepq9Y
642qEFFSH8tMdRD+NgNWbuWESVfn3iYLAd1OElgh9EHBt+U9ELwMIRXvuKNQkvCd
/I5yzcBAPB2tmRgh2M7mAVMyzdDs9LLBWvjHxWkCc54LjPQB5zMFpRvQYgQ+5+eP
XKz3Aul8k8RMxWr5zMMbRdXveDaoC2lt2PuGsoAKiFfx6j3BXTIJ3P04LetPT+kV
0pltMcVuCwsCXvGQtmaHMkTdgCeSUQjuQ0G0eEkUxf7aHcCRp+506o0rtJryh1wk
zdFiRffnMHpr/UpHS6jXHC0JZOusjmfHyCWqQKmzocE6+zCMNwIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFK2stRPqRds6LMQBZtIg+/umY+rtMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy80OWJk
NTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3M2IzNWIyZDMvMDExOGU0MWYtOTRkYy0z
MWJmLTlhMjEtOTZmYTk2M2Y1OWZhLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy81MjFlYjMzZi05
NjcyLTRjZDktYWNjZS0xMzcyMjdlOTcxYWMvNDliZDUwNmUtNDQ3Yy00OGU3LTlk
NDQtNGIzNzNiMzViMmQzLzQ5YmQ1MDZlLTQ0N2MtNDhlNy05ZDQ0LTRiMzczYjM1
YjJkMy5jcmwwHwYDVR0jBBgwFoAUdwOJO4YyY/94LoeEDRI/xecTaOQwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzUyMWViMzNmLTk2NzItNGNk
OS1hY2NlLTEzNzIyN2U5NzFhYy80OWJkNTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3
M2IzNWIyZDMuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB0VwkMFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBABQtVnXVxjFtLzPDE83iLqIjhlR3eFTj2tvIj+Sm0P+/ueeDzKnEgn6V
3h8b+gXzVc8msHf8JEGi5KopWca8kTVIS2EEm3wdpurfOYHY5eUX1NIg9OqMqHUl
M3nTdQQzrdR2Z4EeaMPHoZeNbgR5qfoz9hu22DNVioRP37U6vThkCSvV35hZBKxL
0hfQPKYWPx83ibjLkbE+D1KD9DpEaQRx9NI+DcsSiFLgSFRt9eT5S3xUuL2AwJuF
1jjKgC3ctUjph3SCrztCFcq/wCqqzQLcBySA7uh1XJm6W1Zr4/w1TTF638yTpKsH
G3atfSn3F5bPCfWEVn/D5V7HB2QsQDY=
-----END CERTIFICATE-----