Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/5c412cdb-cc72-355d-aa9c-b31dfc98bc41.roa
File:                     5c412cdb-cc72-355d-aa9c-b31dfc98bc41.roa (raw, json)
Hash identifier:          yIcdzSTtuNPduiJcgpWwxnI8Iaw6411gFFKSsnKWJRQ=
Subject key identifier:   7E:80:22:B2:49:8A:91:AA:E8:62:19:42:C4:A5:07:85:33:D7:6A:5B
Certificate issuer:       /CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
Certificate serial:       010D0C9F432858455332D6CEFC309704A93810C0
Authority key identifier: 77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/5c412cdb-cc72-355d-aa9c-b31dfc98bc41.roa
Signing time:             Mon 25 Mar 2024 13:00:33 +0000
ROA not before:           Mon 25 Mar 2024 13:00:33 +0000
ROA not after:            Sun 23 Jun 2024 13:00:33 +0000
asID:                     7029
IP address blocks:        40.138.216.0/22 maxlen: 22

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:45:53:32:d6:ce:fc:30:97:04:a9:38:10:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
        Validity
            Not Before: Mar 25 13:00:33 2024 GMT
            Not After : Jun 23 13:00:33 2024 GMT
        Subject: CN=0ce04903-6b63-423b-b4d9-c7dbef07454c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:fc:72:82:36:d1:43:a9:0b:0c:1b:12:61:73:
                    6e:d6:a6:17:c1:65:b4:ed:e9:62:ef:73:98:2d:fb:
                    a7:c1:22:ae:af:6b:4f:44:a4:a8:29:4f:72:8a:d8:
                    51:54:e1:50:2d:ae:41:04:eb:94:8e:91:3b:a2:21:
                    71:db:3e:d1:25:59:8c:a8:58:f9:f0:a0:aa:6f:53:
                    07:38:07:78:93:e8:ba:6e:b2:da:8e:94:33:48:6e:
                    d1:48:25:34:7e:ed:f7:f1:4a:14:f1:03:11:1d:56:
                    ae:e8:b0:ac:ef:14:3b:8a:04:c0:3c:a1:a7:0b:3a:
                    73:0c:fd:72:0e:03:0b:2a:3f:0c:b6:5c:41:fe:5d:
                    24:df:ac:0c:a7:74:22:7e:1e:67:6d:75:3c:2f:53:
                    37:b7:d3:78:fb:9f:d3:80:39:4a:64:3e:51:51:ed:
                    06:f6:ac:46:b7:f3:cd:35:d7:83:19:63:50:3d:0f:
                    7f:7b:dd:d0:86:7b:f4:10:5a:1c:9b:36:7c:fc:60:
                    57:18:f8:4d:89:3d:0a:e0:ce:30:09:86:64:95:c0:
                    58:9a:ef:97:f5:e4:f4:73:41:da:67:96:86:15:bb:
                    ac:88:62:ed:db:13:c5:bd:a9:19:42:57:6c:cc:90:
                    d0:18:bf:71:b5:13:ae:5c:44:6b:36:2d:50:61:3c:
                    7c:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:80:22:B2:49:8A:91:AA:E8:62:19:42:C4:A5:07:85:33:D7:6A:5B
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/5c412cdb-cc72-355d-aa9c-b31dfc98bc41.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/49bd506e-447c-48e7-9d44-4b373b35b2d3.crl

            X509v3 Authority Key Identifier:
                keyid:77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  40.138.216.0/22

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         58:f7:ec:01:11:99:51:a5:76:97:5b:87:59:db:5a:e8:1a:46:
         fd:35:c5:f8:25:1e:4f:9e:a3:5f:63:bb:ae:1f:78:9e:6d:c2:
         e7:6e:08:af:34:75:44:04:e8:a2:3a:40:a3:ad:ac:8a:36:6c:
         27:01:9a:00:e6:e0:76:ed:bd:02:69:23:5a:e2:69:78:1f:84:
         20:b0:b8:19:6d:b3:86:3d:7a:f0:32:32:dc:9e:76:ec:58:b9:
         f0:99:98:ed:81:b5:e5:44:5c:c3:ce:a9:95:86:97:32:c5:8e:
         0c:e0:d1:72:f1:56:3f:26:2b:60:b1:b4:48:4b:a2:64:b1:82:
         20:1b:65:80:59:08:3d:92:44:41:dc:19:d8:1b:e1:e0:48:d0:
         48:95:7d:5f:ce:a4:80:58:9f:9b:0e:34:51:bf:0c:86:b9:fd:
         92:32:cc:5f:b5:b8:d9:fe:94:22:d5:6f:29:99:3f:5b:d6:56:
         4a:3f:74:95:6a:cd:8d:eb:a6:11:0c:ee:52:fe:c8:76:38:2a:
         63:6a:38:56:9c:5e:48:38:80:ef:e0:d4:c3:6a:01:e5:d3:37:
         98:94:57:8d:46:3e:df:78:2d:50:0c:2a:c8:8f:29:d2:ba:94:
         fe:35:05:4a:fc:a2:bf:c7:c4:f9:5c:8b:0b:8d:0e:e0:1e:38:
         36:a9:14:1d
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWEVTMtbO/DCXBKk4EMAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkNDliZDUwNmUtNDQ3Yy00OGU3LTlkNDQtNGIzNzNiMzVi
MmQzMB4XDTI0MDMyNTEzMDAzM1oXDTI0MDYyMzEzMDAzM1owLzEtMCsGA1UEAxMk
MGNlMDQ5MDMtNmI2My00MjNiLWI0ZDktYzdkYmVmMDc0NTRjMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5vxygjbRQ6kLDBsSYXNu1qYXwWW07eli73OY
LfunwSKur2tPRKSoKU9yithRVOFQLa5BBOuUjpE7oiFx2z7RJVmMqFj58KCqb1MH
OAd4k+i6brLajpQzSG7RSCU0fu338UoU8QMRHVau6LCs7xQ7igTAPKGnCzpzDP1y
DgMLKj8MtlxB/l0k36wMp3Qifh5nbXU8L1M3t9N4+5/TgDlKZD5RUe0G9qxGt/PN
NdeDGWNQPQ9/e93Qhnv0EFocmzZ8/GBXGPhNiT0K4M4wCYZklcBYmu+X9eT0c0Ha
Z5aGFbusiGLt2xPFvakZQldszJDQGL9xtROuXERrNi1QYTx8ewIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFH6AIrJJipGq6GIZQsSlB4Uz12pbMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy80OWJk
NTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3M2IzNWIyZDMvNWM0MTJjZGItY2M3Mi0z
NTVkLWFhOWMtYjMxZGZjOThiYzQxLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy81MjFlYjMzZi05
NjcyLTRjZDktYWNjZS0xMzcyMjdlOTcxYWMvNDliZDUwNmUtNDQ3Yy00OGU3LTlk
NDQtNGIzNzNiMzViMmQzLzQ5YmQ1MDZlLTQ0N2MtNDhlNy05ZDQ0LTRiMzczYjM1
YjJkMy5jcmwwHwYDVR0jBBgwFoAUdwOJO4YyY/94LoeEDRI/xecTaOQwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzUyMWViMzNmLTk2NzItNGNk
OS1hY2NlLTEzNzIyN2U5NzFhYy80OWJkNTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3
M2IzNWIyZDMuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCKIrYMFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBAFj37AERmVGldpdbh1nbWugaRv01xfglHk+eo19ju64feJ5twuduCK80
dUQE6KI6QKOtrIo2bCcBmgDm4HbtvQJpI1riaXgfhCCwuBlts4Y9evAyMtyeduxY
ufCZmO2BteVEXMPOqZWGlzLFjgzg0XLxVj8mK2CxtEhLomSxgiAbZYBZCD2SREHc
Gdgb4eBI0EiVfV/OpIBYn5sONFG/DIa5/ZIyzF+1uNn+lCLVbymZP1vWVko/dJVq
zY3rphEM7lL+yHY4KmNqOFacXkg4gO/g1MNqAeXTN5iUV41GPt94LVAMKsiPKdK6
lP41BUr8or/HxPlciwuNDuAeODapFB0=
-----END CERTIFICATE-----