Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/353a077c-3a9c-3bff-9998-b58b0a901640.roa
File:                     353a077c-3a9c-3bff-9998-b58b0a901640.roa (raw, json)
Hash identifier:          h6wgnSObk1dWwRAQif+ViQDAusB0gHigJ5lKj82bxnU=
Subject key identifier:   86:A8:28:B2:28:D5:9A:58:16:98:9D:1F:4F:39:3E:7A:1A:66:42:B6
Certificate issuer:       /CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
Certificate serial:       010D0C9F432858455332E0B07453C090FCC16E00
Authority key identifier: 77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/353a077c-3a9c-3bff-9998-b58b0a901640.roa
Signing time:             Mon 25 Mar 2024 13:00:33 +0000
ROA not before:           Mon 25 Mar 2024 13:00:33 +0000
ROA not after:            Sun 23 Jun 2024 13:00:33 +0000
asID:                     7029
IP address blocks:        64.232.0.0/16 maxlen: 16

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:45:53:32:e0:b0:74:53:c0:90:fc:c1:6e:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
        Validity
            Not Before: Mar 25 13:00:33 2024 GMT
            Not After : Jun 23 13:00:33 2024 GMT
        Subject: CN=efd4d024-629d-44ec-a8f3-965eb2e94333
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:f2:1e:85:80:ab:ae:50:63:d6:12:69:51:0a:
                    9f:f7:35:74:bd:c3:d5:e3:13:d5:7d:a9:b3:83:16:
                    ee:a4:ab:4c:ff:e3:1c:db:c9:16:4b:27:5f:e8:a6:
                    62:f1:4e:d8:fc:00:07:9e:48:7f:5c:5f:8c:6e:ec:
                    b0:aa:ac:ad:05:a8:18:b5:11:0d:a3:d2:6f:50:3c:
                    77:ae:2a:88:5b:d4:55:fe:83:85:b6:4f:ae:3e:69:
                    60:a4:ca:91:30:9d:79:92:39:21:3b:b7:2a:e2:4f:
                    7c:6f:19:26:36:8c:74:f8:7b:14:26:3f:17:28:9e:
                    2a:2f:b3:7d:81:30:3e:81:3f:3f:f3:33:fb:eb:29:
                    ed:db:d9:d3:1a:c6:ce:33:53:24:6d:a1:87:c9:b9:
                    b9:59:51:ec:25:da:56:3d:7b:8e:5d:6c:45:b1:bd:
                    b0:db:ce:ef:d7:df:1f:d0:06:12:04:5d:0a:6e:ec:
                    06:0f:4c:1e:67:e4:ca:5b:40:e6:04:00:3c:9f:db:
                    cd:a7:26:95:e8:4b:1b:a4:c9:6a:50:97:9c:61:10:
                    de:ed:df:8f:c5:52:27:ff:6a:ee:43:c0:f0:eb:6f:
                    18:43:98:13:93:06:29:7a:24:b3:61:78:f0:f1:d0:
                    71:f1:c2:7a:f9:52:d1:9a:76:7f:21:6e:a1:f9:88:
                    6d:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:A8:28:B2:28:D5:9A:58:16:98:9D:1F:4F:39:3E:7A:1A:66:42:B6
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/353a077c-3a9c-3bff-9998-b58b0a901640.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/49bd506e-447c-48e7-9d44-4b373b35b2d3.crl

            X509v3 Authority Key Identifier:
                keyid:77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.232.0.0/16

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         2d:19:ac:3a:8d:76:58:4b:2b:18:e7:8a:c5:ec:56:a2:5c:07:
         5d:b6:e3:8c:ea:49:68:e8:8d:96:67:df:ff:9e:cd:93:69:77:
         b8:32:12:85:19:89:37:02:30:34:7e:4d:cd:f8:02:ce:64:85:
         d4:70:7b:25:cb:8a:2f:0f:2a:cc:f4:15:37:18:4f:60:3c:a4:
         13:5b:f0:5a:45:89:a7:5c:a0:7a:21:99:b4:02:0c:e1:f3:b2:
         39:8c:1f:d0:92:2c:67:e1:c8:b6:73:15:ea:86:f6:24:df:dc:
         5f:8a:30:0b:88:e2:bd:f2:15:24:a3:93:06:44:34:a0:cf:f1:
         e6:ee:5e:19:ab:2a:61:1c:e8:31:a4:dc:03:7e:7a:7c:3c:d3:
         e7:9a:12:ee:13:37:c0:c1:fe:f5:bc:73:12:83:60:27:59:29:
         21:a6:7b:81:e8:5c:66:e9:f6:1b:bd:c9:3b:7b:30:a7:23:21:
         60:d2:11:33:5b:0a:58:02:27:42:50:eb:66:ad:33:8c:f9:e5:
         f1:b2:de:43:07:6f:4c:b7:5d:3c:e2:d7:7d:0d:9b:66:73:c7:
         96:d1:38:05:d1:46:14:92:5c:32:81:4d:5c:01:64:90:5a:ba:
         43:87:37:9c:d7:32:4e:e2:a9:68:df:f0:74:b1:f0:25:20:40:
         88:63:d4:43
-----BEGIN CERTIFICATE-----
MIIGQjCCBSqgAwIBAgIUAQ0Mn0MoWEVTMuCwdFPAkPzBbgAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkNDliZDUwNmUtNDQ3Yy00OGU3LTlkNDQtNGIzNzNiMzVi
MmQzMB4XDTI0MDMyNTEzMDAzM1oXDTI0MDYyMzEzMDAzM1owLzEtMCsGA1UEAxMk
ZWZkNGQwMjQtNjI5ZC00NGVjLWE4ZjMtOTY1ZWIyZTk0MzMzMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhPIehYCrrlBj1hJpUQqf9zV0vcPV4xPVfamz
gxbupKtM/+Mc28kWSydf6KZi8U7Y/AAHnkh/XF+MbuywqqytBagYtRENo9JvUDx3
riqIW9RV/oOFtk+uPmlgpMqRMJ15kjkhO7cq4k98bxkmNox0+HsUJj8XKJ4qL7N9
gTA+gT8/8zP76ynt29nTGsbOM1MkbaGHybm5WVHsJdpWPXuOXWxFsb2w287v198f
0AYSBF0KbuwGD0weZ+TKW0DmBAA8n9vNpyaV6EsbpMlqUJecYRDe7d+PxVIn/2ru
Q8Dw628YQ5gTkwYpeiSzYXjw8dBx8cJ6+VLRmnZ/IW6h+YhtSQIDAQABo4IDVDCC
A1AwHQYDVR0OBBYEFIaoKLIo1ZpYFpidH085PnoaZkK2MIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy80OWJk
NTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3M2IzNWIyZDMvMzUzYTA3N2MtM2E5Yy0z
YmZmLTk5OTgtYjU4YjBhOTAxNjQwLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy81MjFlYjMzZi05
NjcyLTRjZDktYWNjZS0xMzcyMjdlOTcxYWMvNDliZDUwNmUtNDQ3Yy00OGU3LTlk
NDQtNGIzNzNiMzViMmQzLzQ5YmQ1MDZlLTQ0N2MtNDhlNy05ZDQ0LTRiMzczYjM1
YjJkMy5jcmwwHwYDVR0jBBgwFoAUdwOJO4YyY/94LoeEDRI/xecTaOQwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzUyMWViMzNmLTk2NzItNGNk
OS1hY2NlLTEzNzIyN2U5NzFhYy80OWJkNTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3
M2IzNWIyZDMuY2VyMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAQOgwVAYD
VR0gAQH/BEowSDBGBggrBgEFBQcOAjA6MDgGCCsGAQUFBwIBFixodHRwczovL3d3
dy5hcmluLm5ldC9yZXNvdXJjZXMvcnBraS9jcHMuaHRtbDANBgkqhkiG9w0BAQsF
AAOCAQEALRmsOo12WEsrGOeKxexWolwHXbbjjOpJaOiNlmff/57Nk2l3uDIShRmJ
NwIwNH5NzfgCzmSF1HB7JcuKLw8qzPQVNxhPYDykE1vwWkWJp1ygeiGZtAIM4fOy
OYwf0JIsZ+HItnMV6ob2JN/cX4owC4jivfIVJKOTBkQ0oM/x5u5eGasqYRzoMaTc
A356fDzT55oS7hM3wMH+9bxzEoNgJ1kpIaZ7gehcZun2G73JO3swpyMhYNIRM1sK
WAInQlDrZq0zjPnl8bLeQwdvTLddPOLXfQ2bZnPHltE4BdFGFJJcMoFNXAFkkFq6
Q4c3nNcyTuKpaN/wdLHwJSBAiGPUQw==
-----END CERTIFICATE-----