Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/df403b66-c032-33cb-8639-76d419b57853.roa
File:                     df403b66-c032-33cb-8639-76d419b57853.roa (raw, json)
Hash identifier:          mfuZ93zud8b5QimgHNQ88+nkdo4OgOAUXBGh9xRwvCA=
Subject key identifier:   05:AE:42:82:45:E5:42:01:FD:FC:8C:EE:96:6E:D1:9F:41:61:61:4B
Certificate issuer:       /CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
Certificate serial:       010D0C9F4328584553331F5A43B5014F75B64DD8
Authority key identifier: 77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/df403b66-c032-33cb-8639-76d419b57853.roa
Signing time:             Mon 25 Mar 2024 13:00:33 +0000
ROA not before:           Mon 25 Mar 2024 13:00:33 +0000
ROA not after:            Sun 23 Jun 2024 13:00:33 +0000
asID:                     7029
IP address blocks:        207.223.192.0/19 maxlen: 19

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:45:53:33:1f:5a:43:b5:01:4f:75:b6:4d:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
        Validity
            Not Before: Mar 25 13:00:33 2024 GMT
            Not After : Jun 23 13:00:33 2024 GMT
        Subject: CN=4b1da4e2-afe4-4384-a472-a1e2b0f22894
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:a7:51:3e:55:dd:84:70:68:44:0d:66:b1:78:
                    af:1c:c7:5b:b8:02:8d:cc:94:12:f5:4a:e4:a2:60:
                    be:36:7f:bd:59:4c:ed:61:8b:d4:f6:ad:70:72:33:
                    78:8b:8f:f6:17:e7:3d:48:63:d6:05:9b:61:85:bd:
                    cf:8f:fa:d6:50:7f:a5:32:21:60:3d:a0:ee:94:2f:
                    5d:36:dc:a6:66:c7:bb:69:de:74:93:30:28:5b:4a:
                    a4:c9:fc:01:f4:06:dc:35:03:85:10:a6:58:da:a2:
                    aa:b1:3f:0e:ac:8a:81:fb:ad:92:8b:84:88:33:e5:
                    52:3a:00:2d:d0:97:23:b8:13:51:da:c3:b6:35:be:
                    64:82:93:b7:e2:88:4d:f2:c6:16:83:64:e7:45:d2:
                    e9:d5:5b:6f:62:3f:c9:9c:c5:48:43:90:3a:3b:1d:
                    db:2c:13:93:a8:e8:49:31:ef:73:db:ce:70:0e:92:
                    97:61:5f:09:ec:10:6e:de:a5:c3:bf:b1:d0:f0:3a:
                    14:81:e3:9d:51:b7:2e:7f:7c:0f:96:ef:7f:b0:05:
                    ad:cb:0d:67:6b:f7:4c:e4:b8:8a:dc:d3:87:8e:59:
                    af:97:1b:b2:95:76:56:78:5d:2b:aa:da:75:92:40:
                    fb:0d:9c:1f:93:92:db:09:5f:47:f9:bb:c8:f6:67:
                    65:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:AE:42:82:45:E5:42:01:FD:FC:8C:EE:96:6E:D1:9F:41:61:61:4B
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/df403b66-c032-33cb-8639-76d419b57853.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/49bd506e-447c-48e7-9d44-4b373b35b2d3.crl

            X509v3 Authority Key Identifier:
                keyid:77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  207.223.192.0/19

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         50:9e:45:d7:4b:ac:26:47:9e:71:0a:bf:2e:ff:b9:dd:23:ef:
         f7:c7:5b:28:30:95:22:af:f7:e3:59:ab:84:9a:e5:02:a8:fb:
         88:d7:93:5e:50:de:1a:87:d8:69:11:f4:a9:c0:a7:2b:73:0a:
         2e:0e:e9:69:3f:0c:29:21:47:9d:1c:d5:d8:12:6e:bb:2b:10:
         56:23:fe:65:0f:19:15:bf:bb:48:32:1d:c9:55:f1:cd:94:e6:
         82:25:40:59:a1:b6:0d:45:fc:e7:d2:a4:a0:be:9f:97:30:e3:
         b7:e9:95:e6:a8:7d:92:9f:72:ea:14:d1:59:bb:3d:ee:7e:06:
         56:de:f4:06:ba:88:84:b8:ed:c9:a6:7f:67:34:12:2c:b6:e0:
         fe:f3:ea:ba:e6:58:13:67:7c:29:51:8e:31:44:22:ed:97:41:
         2d:65:c9:09:04:8f:4e:27:64:81:03:eb:6c:7a:12:ba:d4:11:
         a9:f0:a9:74:31:96:86:ab:61:68:ad:54:70:83:6c:44:a1:3a:
         0b:d7:77:79:6d:85:a6:25:62:12:06:4e:5b:be:53:87:13:90:
         c6:47:eb:f3:7d:4c:79:39:5f:49:b1:d5:98:f3:52:10:cd:fa:
         67:ff:8a:07:1e:0e:3a:af:ce:d6:39:d6:e9:2e:69:d5:60:9f:
         2a:43:14:51
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWEVTMx9aQ7UBT3W2TdgwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkNDliZDUwNmUtNDQ3Yy00OGU3LTlkNDQtNGIzNzNiMzVi
MmQzMB4XDTI0MDMyNTEzMDAzM1oXDTI0MDYyMzEzMDAzM1owLzEtMCsGA1UEAxMk
NGIxZGE0ZTItYWZlNC00Mzg0LWE0NzItYTFlMmIwZjIyODk0MIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoKdRPlXdhHBoRA1msXivHMdbuAKNzJQS9Urk
omC+Nn+9WUztYYvU9q1wcjN4i4/2F+c9SGPWBZthhb3Pj/rWUH+lMiFgPaDulC9d
NtymZse7ad50kzAoW0qkyfwB9AbcNQOFEKZY2qKqsT8OrIqB+62Si4SIM+VSOgAt
0JcjuBNR2sO2Nb5kgpO34ohN8sYWg2TnRdLp1VtvYj/JnMVIQ5A6Ox3bLBOTqOhJ
Me9z285wDpKXYV8J7BBu3qXDv7HQ8DoUgeOdUbcuf3wPlu9/sAWtyw1na/dM5LiK
3NOHjlmvlxuylXZWeF0rqtp1kkD7DZwfk5LbCV9H+bvI9mdl5QIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFAWuQoJF5UIB/fyM7pZu0Z9BYWFLMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy80OWJk
NTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3M2IzNWIyZDMvZGY0MDNiNjYtYzAzMi0z
M2NiLTg2MzktNzZkNDE5YjU3ODUzLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy81MjFlYjMzZi05
NjcyLTRjZDktYWNjZS0xMzcyMjdlOTcxYWMvNDliZDUwNmUtNDQ3Yy00OGU3LTlk
NDQtNGIzNzNiMzViMmQzLzQ5YmQ1MDZlLTQ0N2MtNDhlNy05ZDQ0LTRiMzczYjM1
YjJkMy5jcmwwHwYDVR0jBBgwFoAUdwOJO4YyY/94LoeEDRI/xecTaOQwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzUyMWViMzNmLTk2NzItNGNk
OS1hY2NlLTEzNzIyN2U5NzFhYy80OWJkNTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3
M2IzNWIyZDMuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFz9/AMFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBAFCeRddLrCZHnnEKvy7/ud0j7/fHWygwlSKv9+NZq4Sa5QKo+4jXk15Q
3hqH2GkR9KnApytzCi4O6Wk/DCkhR50c1dgSbrsrEFYj/mUPGRW/u0gyHclV8c2U
5oIlQFmhtg1F/OfSpKC+n5cw47fpleaofZKfcuoU0Vm7Pe5+Blbe9Aa6iIS47cmm
f2c0Eiy24P7z6rrmWBNnfClRjjFEIu2XQS1lyQkEj04nZIED62x6ErrUEanwqXQx
loarYWitVHCDbEShOgvXd3lthaYlYhIGTlu+U4cTkMZH6/N9THk5X0mx1ZjzUhDN
+mf/igceDjqvztY51ukuadVgnypDFFE=
-----END CERTIFICATE-----