Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/b95b94ce-bd05-3f01-a82b-1b5e57453d0a.roa
File:                     b95b94ce-bd05-3f01-a82b-1b5e57453d0a.roa (raw, json)
Hash identifier:          tb5bS80FoaWIhhAi94wDnmL5zleOONd4RgHbnj/krcw=
Subject key identifier:   D5:AF:1F:34:BA:57:A6:9E:CC:E8:3E:18:EE:CA:1F:E7:86:86:F7:C3
Certificate issuer:       /CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
Certificate serial:       010D0C9F4328584553331A87E76E7333F0560390
Authority key identifier: 77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/b95b94ce-bd05-3f01-a82b-1b5e57453d0a.roa
Signing time:             Mon 25 Mar 2024 13:00:33 +0000
ROA not before:           Mon 25 Mar 2024 13:00:33 +0000
ROA not after:            Sun 23 Jun 2024 13:00:33 +0000
asID:                     7029
IP address blocks:        206.214.176.0/20 maxlen: 20

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:45:53:33:1a:87:e7:6e:73:33:f0:56:03:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
        Validity
            Not Before: Mar 25 13:00:33 2024 GMT
            Not After : Jun 23 13:00:33 2024 GMT
        Subject: CN=a73e4dcd-8016-40d2-bdb3-c3f8053d6872
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:2d:01:63:23:03:50:47:f3:91:5c:a5:84:c8:
                    f7:c6:38:27:30:da:af:af:ac:59:36:43:63:2e:bc:
                    20:4b:f2:71:9d:24:91:e1:5a:af:9e:fd:24:65:47:
                    b6:9d:3b:29:39:fc:66:70:f3:25:64:be:6a:1e:93:
                    82:3c:70:52:e5:75:fb:7f:d1:8a:de:05:36:f7:95:
                    c3:ac:41:bc:fe:9b:a2:e3:6b:3d:32:0e:9b:d0:fd:
                    0a:ab:01:64:7c:00:a8:57:1c:56:7c:dd:93:74:7a:
                    73:91:f5:dc:74:99:fd:b3:2f:e6:2e:a2:bb:0a:d9:
                    e6:7f:5e:9f:24:b7:1d:7c:ec:44:30:66:a1:17:b4:
                    5e:72:0e:c3:41:98:e0:91:a2:cd:75:d4:38:fd:9b:
                    1e:47:0d:0e:c3:66:fc:d3:63:49:c3:33:1e:f8:09:
                    2f:f5:3b:f4:89:b0:6d:4e:45:dc:b5:00:09:22:63:
                    22:0e:c5:49:76:8a:22:f0:12:48:4b:79:d3:b7:bd:
                    9a:cb:c3:6b:9f:cb:49:c2:d6:43:7e:40:4d:54:92:
                    a5:57:a3:d5:af:5f:7a:87:81:26:7c:47:01:9f:15:
                    5d:27:9a:99:b4:22:e1:e7:e3:65:42:c2:3d:77:1d:
                    a6:bc:d1:f1:99:f1:f6:7c:4b:59:11:7d:55:e2:ba:
                    5c:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:AF:1F:34:BA:57:A6:9E:CC:E8:3E:18:EE:CA:1F:E7:86:86:F7:C3
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/b95b94ce-bd05-3f01-a82b-1b5e57453d0a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/49bd506e-447c-48e7-9d44-4b373b35b2d3.crl

            X509v3 Authority Key Identifier:
                keyid:77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  206.214.176.0/20

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         10:29:9b:16:63:45:95:34:19:31:40:2b:83:a4:da:38:57:04:
         a4:c6:9a:d3:d1:cc:f6:64:b3:e1:0c:80:a2:48:fb:28:61:8e:
         e1:03:8c:25:0e:fe:62:01:e3:7e:04:36:ba:fe:1b:c8:e8:31:
         1a:64:5d:ad:e0:56:79:91:49:8c:aa:1d:2d:02:3d:1a:38:f7:
         e9:01:24:fe:52:85:9f:88:5f:66:a2:23:d5:aa:72:5d:30:c7:
         a0:39:6d:4c:65:a9:73:24:6d:88:11:80:a1:cc:30:b5:39:fd:
         29:cf:bb:d2:47:47:a8:64:c6:44:b7:75:69:77:f6:1d:71:57:
         aa:dc:d0:1c:e2:f3:69:1c:58:58:53:95:a7:e0:ee:d6:14:72:
         18:a8:a3:70:11:95:97:fc:87:46:93:66:aa:e9:37:ac:9d:d5:
         98:fc:94:17:13:8c:e1:25:bf:ef:58:51:d4:64:b3:2e:57:dd:
         37:54:c8:f7:db:94:c4:d5:a4:b5:25:ad:5e:86:7d:9e:b0:52:
         d7:b7:23:17:41:44:37:95:b0:d9:3b:20:e7:a2:64:13:4d:7c:
         43:0e:5c:5a:6a:b6:af:b1:e9:7d:df:0d:7e:97:d6:d8:e4:3b:
         f8:82:d2:42:53:9f:9d:a0:c1:37:ee:80:27:34:02:db:5a:81:
         6c:17:6a:22
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWEVTMxqH525zM/BWA5AwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkNDliZDUwNmUtNDQ3Yy00OGU3LTlkNDQtNGIzNzNiMzVi
MmQzMB4XDTI0MDMyNTEzMDAzM1oXDTI0MDYyMzEzMDAzM1owLzEtMCsGA1UEAxMk
YTczZTRkY2QtODAxNi00MGQyLWJkYjMtYzNmODA1M2Q2ODcyMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqy0BYyMDUEfzkVylhMj3xjgnMNqvr6xZNkNj
LrwgS/JxnSSR4Vqvnv0kZUe2nTspOfxmcPMlZL5qHpOCPHBS5XX7f9GK3gU295XD
rEG8/pui42s9Mg6b0P0KqwFkfACoVxxWfN2TdHpzkfXcdJn9sy/mLqK7Ctnmf16f
JLcdfOxEMGahF7Recg7DQZjgkaLNddQ4/ZseRw0Ow2b802NJwzMe+Akv9Tv0ibBt
TkXctQAJImMiDsVJdooi8BJIS3nTt72ay8Nrn8tJwtZDfkBNVJKlV6PVr196h4Em
fEcBnxVdJ5qZtCLh5+NlQsI9dx2mvNHxmfH2fEtZEX1V4rpcBQIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFNWvHzS6V6aezOg+GO7KH+eGhvfDMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy80OWJk
NTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3M2IzNWIyZDMvYjk1Yjk0Y2UtYmQwNS0z
ZjAxLWE4MmItMWI1ZTU3NDUzZDBhLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy81MjFlYjMzZi05
NjcyLTRjZDktYWNjZS0xMzcyMjdlOTcxYWMvNDliZDUwNmUtNDQ3Yy00OGU3LTlk
NDQtNGIzNzNiMzViMmQzLzQ5YmQ1MDZlLTQ0N2MtNDhlNy05ZDQ0LTRiMzczYjM1
YjJkMy5jcmwwHwYDVR0jBBgwFoAUdwOJO4YyY/94LoeEDRI/xecTaOQwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzUyMWViMzNmLTk2NzItNGNk
OS1hY2NlLTEzNzIyN2U5NzFhYy80OWJkNTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3
M2IzNWIyZDMuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEztawMFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBABApmxZjRZU0GTFAK4Ok2jhXBKTGmtPRzPZks+EMgKJI+yhhjuEDjCUO
/mIB434ENrr+G8joMRpkXa3gVnmRSYyqHS0CPRo49+kBJP5ShZ+IX2aiI9Wqcl0w
x6A5bUxlqXMkbYgRgKHMMLU5/SnPu9JHR6hkxkS3dWl39h1xV6rc0Bzi82kcWFhT
lafg7tYUchioo3ARlZf8h0aTZqrpN6yd1Zj8lBcTjOElv+9YUdRksy5X3TdUyPfb
lMTVpLUlrV6GfZ6wUte3IxdBRDeVsNk7IOeiZBNNfEMOXFpqtq+x6X3fDX6X1tjk
O/iC0kJTn52gwTfugCc0AttagWwXaiI=
-----END CERTIFICATE-----