Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/c839555e-e789-3b73-95a8-28a476db3a2b.roa
File:                     c839555e-e789-3b73-95a8-28a476db3a2b.roa (raw, json)
Hash identifier:          vO4rI166SGM55CBMdBw9ydDnG58NWJHR4AfFThqOCCs=
Subject key identifier:   AB:EA:24:CE:B6:59:E2:69:1A:D1:5C:4C:9E:CD:FE:57:A8:6B:A8:C9
Certificate issuer:       /CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
Certificate serial:       010D0C9F432858455332EC5BF10D04423B0B3740
Authority key identifier: 77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/c839555e-e789-3b73-95a8-28a476db3a2b.roa
Signing time:             Mon 25 Mar 2024 13:00:33 +0000
ROA not before:           Mon 25 Mar 2024 13:00:33 +0000
ROA not after:            Sun 23 Jun 2024 13:00:33 +0000
asID:                     7029
IP address blocks:        69.172.0.0/18 maxlen: 18

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:45:53:32:ec:5b:f1:0d:04:42:3b:0b:37:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
        Validity
            Not Before: Mar 25 13:00:33 2024 GMT
            Not After : Jun 23 13:00:33 2024 GMT
        Subject: CN=6cd0cfe7-dd57-4d9f-8669-c9ac21284359
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:b3:64:de:96:f6:5b:8a:ab:27:ed:90:cf:f2:
                    ed:10:e6:f6:9e:b4:62:d9:33:96:07:b1:da:d8:ea:
                    51:cf:f6:47:77:46:5d:4f:9e:9c:d6:7f:90:a0:fc:
                    fb:83:7e:d8:56:e9:0e:79:c4:96:b3:f3:99:04:ef:
                    d3:41:29:32:fd:75:7c:07:dd:1e:15:93:79:b4:6d:
                    e4:7b:6b:dc:09:26:49:2d:fd:db:c9:79:74:32:f9:
                    54:e2:de:0c:61:be:38:92:dd:8c:b2:86:ae:0f:36:
                    56:ed:31:56:da:00:de:1e:d2:47:54:e4:1c:f3:19:
                    71:57:eb:32:de:99:a4:c2:1d:2d:43:54:d6:7e:ca:
                    17:47:ca:73:07:89:28:2d:bc:c6:a7:90:66:bf:bd:
                    8f:42:eb:b7:15:85:9d:c5:38:31:24:36:d6:5b:9b:
                    56:ae:e4:46:91:fc:e4:cf:45:bd:94:35:2f:a2:a5:
                    a0:b5:f3:d4:eb:c1:3d:04:d9:fa:db:31:c0:c7:d8:
                    fb:bb:56:b2:c2:7b:0a:4c:44:09:82:45:3a:5b:15:
                    09:1c:e9:bb:b3:0c:1e:50:db:b6:c5:37:cc:b2:01:
                    41:e7:39:5d:fa:f4:71:65:91:6e:34:24:60:ea:d7:
                    d5:37:5e:da:b3:96:16:5c:86:d8:e0:2e:9d:3f:b8:
                    57:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:EA:24:CE:B6:59:E2:69:1A:D1:5C:4C:9E:CD:FE:57:A8:6B:A8:C9
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/c839555e-e789-3b73-95a8-28a476db3a2b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/49bd506e-447c-48e7-9d44-4b373b35b2d3.crl

            X509v3 Authority Key Identifier:
                keyid:77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  69.172.0.0/18

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         77:43:07:4d:c1:6e:f0:45:07:80:7a:ff:39:81:c9:b7:37:fc:
         46:e4:56:79:c0:84:39:d4:c3:d7:30:72:99:4c:cd:bc:d2:9f:
         bf:24:f4:41:62:ee:71:78:1f:87:8d:7d:85:4f:77:03:33:77:
         ce:63:34:a3:20:cb:f9:5c:85:69:f9:ec:fd:9a:6c:07:42:fb:
         7c:a7:03:ec:0d:30:5a:83:23:8c:ca:8f:6f:12:5a:6e:58:98:
         0a:d5:d9:bf:95:d5:f5:b2:70:13:47:1f:2d:f8:f7:9e:1b:18:
         07:82:db:54:3d:d2:53:b2:9d:66:1c:fb:bd:0e:5b:21:9f:84:
         0a:8a:0d:0e:fd:a2:48:e2:e2:9d:41:84:82:dc:8d:9d:6c:d0:
         62:90:85:96:96:ac:82:5c:4a:4d:46:5d:16:ba:af:4d:24:03:
         b2:ce:4d:f0:70:76:6f:ce:80:c0:e1:b2:fe:e3:f6:21:82:3e:
         90:0e:29:c1:fe:96:a5:7c:df:63:a0:21:c2:c9:53:96:fa:21:
         59:27:07:20:59:be:4c:60:48:7c:61:89:09:31:09:b4:a5:fb:
         76:0c:c1:5e:49:b8:74:30:26:3b:02:e4:25:3d:53:5c:64:76:
         4c:9f:f6:8d:f2:00:c6:0f:94:82:13:9b:77:32:78:f3:f3:98:
         0d:b6:af:6c
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWEVTMuxb8Q0EQjsLN0AwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkNDliZDUwNmUtNDQ3Yy00OGU3LTlkNDQtNGIzNzNiMzVi
MmQzMB4XDTI0MDMyNTEzMDAzM1oXDTI0MDYyMzEzMDAzM1owLzEtMCsGA1UEAxMk
NmNkMGNmZTctZGQ1Ny00ZDlmLTg2NjktYzlhYzIxMjg0MzU5MIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0bNk3pb2W4qrJ+2Qz/LtEOb2nrRi2TOWB7Ha
2OpRz/ZHd0ZdT56c1n+QoPz7g37YVukOecSWs/OZBO/TQSky/XV8B90eFZN5tG3k
e2vcCSZJLf3byXl0MvlU4t4MYb44kt2MsoauDzZW7TFW2gDeHtJHVOQc8xlxV+sy
3pmkwh0tQ1TWfsoXR8pzB4koLbzGp5Bmv72PQuu3FYWdxTgxJDbWW5tWruRGkfzk
z0W9lDUvoqWgtfPU68E9BNn62zHAx9j7u1aywnsKTEQJgkU6WxUJHOm7swweUNu2
xTfMsgFB5zld+vRxZZFuNCRg6tfVN17as5YWXIbY4C6dP7hXHwIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFKvqJM62WeJpGtFcTJ7N/leoa6jJMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy80OWJk
NTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3M2IzNWIyZDMvYzgzOTU1NWUtZTc4OS0z
YjczLTk1YTgtMjhhNDc2ZGIzYTJiLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy81MjFlYjMzZi05
NjcyLTRjZDktYWNjZS0xMzcyMjdlOTcxYWMvNDliZDUwNmUtNDQ3Yy00OGU3LTlk
NDQtNGIzNzNiMzViMmQzLzQ5YmQ1MDZlLTQ0N2MtNDhlNy05ZDQ0LTRiMzczYjM1
YjJkMy5jcmwwHwYDVR0jBBgwFoAUdwOJO4YyY/94LoeEDRI/xecTaOQwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzUyMWViMzNmLTk2NzItNGNk
OS1hY2NlLTEzNzIyN2U5NzFhYy80OWJkNTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3
M2IzNWIyZDMuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQGRawAMFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBAHdDB03BbvBFB4B6/zmBybc3/EbkVnnAhDnUw9cwcplMzbzSn78k9EFi
7nF4H4eNfYVPdwMzd85jNKMgy/lchWn57P2abAdC+3ynA+wNMFqDI4zKj28SWm5Y
mArV2b+V1fWycBNHHy34954bGAeC21Q90lOynWYc+70OWyGfhAqKDQ79okji4p1B
hILcjZ1s0GKQhZaWrIJcSk1GXRa6r00kA7LOTfBwdm/OgMDhsv7j9iGCPpAOKcH+
lqV832OgIcLJU5b6IVknByBZvkxgSHxhiQkxCbSl+3YMwV5JuHQwJjsC5CU9U1xk
dkyf9o3yAMYPlIITm3cyePPzmA22r2w=
-----END CERTIFICATE-----