Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/a83644dc-c363-3f8e-8e0d-829a6b7598ab.roa
File:                     a83644dc-c363-3f8e-8e0d-829a6b7598ab.roa (raw, json)
Hash identifier:          8wutxxY9W7EYP+DCJOJrJuUWnk8/q5DFQ7NGNUkeunU=
Subject key identifier:   E6:9F:D9:2E:C6:6C:96:BA:DD:A1:2F:94:CE:F9:9E:02:39:83:E4:45
Certificate issuer:       /CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
Certificate serial:       010D0C9F432858455332E48401C7D2CF6DE25C80
Authority key identifier: 77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/a83644dc-c363-3f8e-8e0d-829a6b7598ab.roa
Signing time:             Mon 25 Mar 2024 13:00:33 +0000
ROA not before:           Mon 25 Mar 2024 13:00:33 +0000
ROA not after:            Sun 23 Jun 2024 13:00:33 +0000
asID:                     7029
IP address blocks:        66.182.96.0/20 maxlen: 20

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:45:53:32:e4:84:01:c7:d2:cf:6d:e2:5c:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
        Validity
            Not Before: Mar 25 13:00:33 2024 GMT
            Not After : Jun 23 13:00:33 2024 GMT
        Subject: CN=a7cf7b3b-9d0f-413a-8674-a6ec6a3b1dd1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:40:93:bf:41:29:16:40:49:35:e0:4b:60:0c:
                    64:da:12:d5:f0:78:ee:c8:f8:13:68:b0:46:59:2c:
                    ba:49:38:c7:9a:d8:38:f8:5a:2b:0b:d8:75:4f:3e:
                    2e:72:78:da:eb:f1:16:c4:f5:4a:ff:b4:4e:50:5e:
                    f0:0d:92:b4:2d:f6:87:93:47:24:27:7c:01:67:a8:
                    ea:ec:cf:73:99:87:8a:de:6b:8a:f1:1c:c0:2c:89:
                    9f:be:1c:d0:90:54:26:66:80:4b:af:a6:af:2e:e6:
                    1b:2e:4f:1f:98:35:4e:86:55:4d:05:56:86:d9:c4:
                    e6:38:a8:81:2f:b8:41:b8:de:0b:74:e2:da:ec:f5:
                    61:70:c8:7c:e1:fc:ae:4f:36:4c:41:dc:e2:a4:34:
                    7c:cc:ce:85:ca:c7:43:d4:04:be:15:eb:1d:6b:08:
                    44:fa:2d:60:c7:08:b3:3c:91:f1:5f:23:59:1e:4f:
                    2f:9d:55:c7:59:d5:97:38:30:bd:3d:e6:80:b9:78:
                    69:41:fa:4b:40:45:ce:88:8b:36:48:aa:bd:6f:14:
                    18:ef:ac:a1:bb:18:71:2b:9e:76:22:06:aa:37:7c:
                    a9:9e:e9:4e:9a:2c:e4:90:53:f8:d4:4f:25:35:52:
                    a5:c3:d4:65:59:eb:b0:5b:5b:0d:9e:28:7a:67:41:
                    d7:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:9F:D9:2E:C6:6C:96:BA:DD:A1:2F:94:CE:F9:9E:02:39:83:E4:45
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/a83644dc-c363-3f8e-8e0d-829a6b7598ab.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/49bd506e-447c-48e7-9d44-4b373b35b2d3.crl

            X509v3 Authority Key Identifier:
                keyid:77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  66.182.96.0/20

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         09:14:5f:4c:5f:e8:e7:da:03:27:0d:e4:57:74:36:6b:8d:1b:
         42:2b:84:3e:78:a8:87:d2:ff:b6:67:e4:20:44:f9:95:01:92:
         6f:d4:d3:cb:0e:53:d9:de:6a:27:aa:c0:0f:60:a2:61:d4:2e:
         de:ff:77:b4:3a:2a:cb:cc:15:53:cd:b5:58:e0:b7:a8:91:1a:
         5c:b9:bc:0c:42:8d:68:42:59:65:5d:c6:c6:74:27:d5:bc:15:
         e4:05:c7:96:58:c9:a8:df:41:1e:38:1b:d4:6b:38:8c:25:99:
         45:a1:ce:34:6c:a3:41:7a:97:4d:9a:d8:e8:59:2e:b3:ea:be:
         89:16:96:7c:05:37:3a:d6:66:66:49:02:84:6b:1b:ea:16:d9:
         28:a5:8a:c0:2b:92:cc:70:17:c5:6a:42:31:13:14:3b:34:69:
         e7:2c:6b:af:14:53:f7:4c:69:92:f2:70:5f:b6:a9:6f:9f:ce:
         3d:3d:86:56:c6:6b:2c:f6:61:d6:8e:f1:f9:f0:4b:5d:30:98:
         55:62:62:7f:53:86:52:4d:44:c1:fa:02:fc:77:a6:4f:3c:98:
         0a:00:27:39:db:32:29:b5:69:78:f9:7f:d6:9a:fd:06:ed:ec:
         fa:9d:23:1a:04:5b:36:dc:90:07:0d:ed:51:ae:e7:d1:c6:10:
         f7:a6:86:de
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWEVTMuSEAcfSz23iXIAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkNDliZDUwNmUtNDQ3Yy00OGU3LTlkNDQtNGIzNzNiMzVi
MmQzMB4XDTI0MDMyNTEzMDAzM1oXDTI0MDYyMzEzMDAzM1owLzEtMCsGA1UEAxMk
YTdjZjdiM2ItOWQwZi00MTNhLTg2NzQtYTZlYzZhM2IxZGQxMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu0CTv0EpFkBJNeBLYAxk2hLV8HjuyPgTaLBG
WSy6STjHmtg4+ForC9h1Tz4ucnja6/EWxPVK/7ROUF7wDZK0LfaHk0ckJ3wBZ6jq
7M9zmYeK3muK8RzALImfvhzQkFQmZoBLr6avLuYbLk8fmDVOhlVNBVaG2cTmOKiB
L7hBuN4LdOLa7PVhcMh84fyuTzZMQdzipDR8zM6FysdD1AS+FesdawhE+i1gxwiz
PJHxXyNZHk8vnVXHWdWXODC9PeaAuXhpQfpLQEXOiIs2SKq9bxQY76yhuxhxK552
IgaqN3ypnulOmizkkFP41E8lNVKlw9RlWeuwW1sNnih6Z0HXFQIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFOaf2S7GbJa63aEvlM75ngI5g+RFMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy80OWJk
NTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3M2IzNWIyZDMvYTgzNjQ0ZGMtYzM2My0z
ZjhlLThlMGQtODI5YTZiNzU5OGFiLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy81MjFlYjMzZi05
NjcyLTRjZDktYWNjZS0xMzcyMjdlOTcxYWMvNDliZDUwNmUtNDQ3Yy00OGU3LTlk
NDQtNGIzNzNiMzViMmQzLzQ5YmQ1MDZlLTQ0N2MtNDhlNy05ZDQ0LTRiMzczYjM1
YjJkMy5jcmwwHwYDVR0jBBgwFoAUdwOJO4YyY/94LoeEDRI/xecTaOQwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzUyMWViMzNmLTk2NzItNGNk
OS1hY2NlLTEzNzIyN2U5NzFhYy80OWJkNTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3
M2IzNWIyZDMuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEQrZgMFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBAAkUX0xf6OfaAycN5Fd0NmuNG0IrhD54qIfS/7Zn5CBE+ZUBkm/U08sO
U9neaieqwA9gomHULt7/d7Q6KsvMFVPNtVjgt6iRGly5vAxCjWhCWWVdxsZ0J9W8
FeQFx5ZYyajfQR44G9RrOIwlmUWhzjRso0F6l02a2OhZLrPqvokWlnwFNzrWZmZJ
AoRrG+oW2SilisArksxwF8VqQjETFDs0aecsa68UU/dMaZLycF+2qW+fzj09hlbG
ayz2YdaO8fnwS10wmFViYn9ThlJNRMH6Avx3pk88mAoAJznbMim1aXj5f9aa/Qbt
7PqdIxoEWzbckAcN7VGu59HGEPemht4=
-----END CERTIFICATE-----