Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/20a1bcc0-3b74-3abf-a77c-2ee705a06610.roa
File:                     20a1bcc0-3b74-3abf-a77c-2ee705a06610.roa (raw, json)
Hash identifier:          kvx+pfPtHslSp+9bxPR+Md4J5LiYs5GIFUHpUsjA08A=
Subject key identifier:   88:8F:74:C2:26:4E:63:26:AE:75:E6:4F:40:EC:F1:87:AA:70:5E:B7
Certificate issuer:       /CN=f5a8e327-ebf4-4f4b-9073-90acd61797cc
Certificate serial:       010D0C9F432858403A43B7632C8C7122731BF6C0
Authority key identifier: 45:86:65:E2:AF:1E:64:89:10:4A:3B:83:E3:D8:7F:48:93:B5:7B:93
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/20a1bcc0-3b74-3abf-a77c-2ee705a06610.roa
Signing time:             Tue 13 Dec 2022 12:00:00 +0000
ROA not before:           Tue 13 Dec 2022 12:00:00 +0000
ROA not after:            Thu 14 Dec 2023 05:00:00 +0000
asID:                     3970
IP address blocks:        2620:9e:6001::/48 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:40:3a:43:b7:63:2c:8c:71:22:73:1b:f6:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f5a8e327-ebf4-4f4b-9073-90acd61797cc
        Validity
            Not Before: Dec 13 12:00:00 2022 GMT
            Not After : Dec 14 05:00:00 2023 GMT
        Subject: CN=e3f46f31-0ef5-4aea-a638-c816040eaa91
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:8d:96:c0:a3:fb:93:0a:dd:fc:d2:78:96:cb:
                    4c:c6:51:93:60:8f:86:3e:a8:c9:3c:eb:71:ea:31:
                    fd:e0:18:a6:1b:5d:f2:2c:c2:71:06:5c:f0:fb:12:
                    5d:a9:20:5f:37:9c:ce:ad:70:29:45:da:bf:ee:8b:
                    ad:36:59:cc:ea:4d:f0:ca:44:79:f4:42:1f:a3:e1:
                    d3:8e:8f:6d:ed:4a:01:db:ed:3d:ec:ea:8f:92:62:
                    a8:e2:df:f9:82:d4:01:64:9a:1a:76:21:ed:2c:50:
                    3d:45:6e:4d:19:31:02:a7:31:6e:83:c5:1a:9d:dc:
                    4b:3f:7b:44:1f:e5:19:ee:f6:dc:2e:f2:fb:bd:41:
                    1a:3e:f0:08:e4:d6:34:59:e0:50:18:f2:6e:4a:61:
                    c7:1a:5f:01:a4:d3:ba:a1:81:a8:90:93:28:26:e7:
                    02:2e:12:7f:33:00:41:7e:5e:8a:cd:4f:65:8b:32:
                    37:00:d5:49:11:b1:8a:41:6b:94:b7:ea:d5:cf:0b:
                    72:b5:0c:e7:21:fa:67:52:a3:f1:8f:b9:51:14:a7:
                    56:c0:fc:c1:93:15:ba:26:5e:a6:e7:a6:8b:c8:d6:
                    da:30:cc:bd:f2:c0:3d:88:32:9f:50:1c:3d:01:4d:
                    73:20:2e:e2:01:79:db:22:2a:af:8a:74:9a:94:e0:
                    2b:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:8F:74:C2:26:4E:63:26:AE:75:E6:4F:40:EC:F1:87:AA:70:5E:B7
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/20a1bcc0-3b74-3abf-a77c-2ee705a06610.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/f5a8e327-ebf4-4f4b-9073-90acd61797cc.crl

            X509v3 Authority Key Identifier:
                keyid:45:86:65:E2:AF:1E:64:89:10:4A:3B:83:E3:D8:7F:48:93:B5:7B:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc.cer

            sbgp-ipAddrBlock: critical
                IPv6:
                  2620:9e:6001::/48

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         6c:7a:34:df:25:08:4a:6b:c2:09:f2:7e:81:9f:b2:73:04:b9:
         2f:ec:ed:98:0e:96:43:22:b9:4e:e4:41:59:31:c9:b8:9e:b1:
         7b:14:4f:4d:77:9b:4c:f0:51:91:09:1a:75:f5:9f:ea:56:32:
         01:b6:75:4f:55:1d:41:8d:e2:83:cf:34:0e:87:61:0f:42:b3:
         14:43:5f:8d:0a:6b:4f:21:33:09:d5:63:77:28:1f:9e:74:6d:
         6c:d6:39:f1:3a:4f:74:1a:b0:39:8d:d7:44:fd:62:d6:cc:da:
         4b:6d:e0:19:32:04:96:fc:98:a1:f3:a3:22:96:dd:27:75:73:
         2d:79:90:70:ac:d9:73:f5:4c:55:ef:fc:d4:db:f4:db:59:61:
         37:48:f0:68:1b:ac:2d:90:c3:68:eb:a0:87:3a:73:8a:eb:e2:
         62:2d:23:e8:06:f2:e3:a4:ca:da:31:6c:d5:4e:9b:45:cd:06:
         34:5c:a8:23:53:e4:82:5f:d5:18:bb:22:5f:a7:82:43:a4:a3:
         8a:37:b3:c7:02:76:24:9e:76:5e:e7:2a:8a:6b:1f:40:b7:86:
         8e:dd:69:a0:3e:cd:06:d9:5c:f5:a7:dd:48:be:99:f1:4d:65:
         d5:5e:0d:cb:f3:8e:0a:bd:4e:2d:ac:5d:68:cf:61:8c:f7:ba:
         2e:69:bb:82
-----BEGIN CERTIFICATE-----
MIIGRjCCBS6gAwIBAgIUAQ0Mn0MoWEA6Q7djLIxxInMb9sAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkZjVhOGUzMjctZWJmNC00ZjRiLTkwNzMtOTBhY2Q2MTc5
N2NjMB4XDTIyMTIxMzEyMDAwMFoXDTIzMTIxNDA1MDAwMFowLzEtMCsGA1UEAxMk
ZTNmNDZmMzEtMGVmNS00YWVhLWE2MzgtYzgxNjA0MGVhYTkxMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEApI2WwKP7kwrd/NJ4lstMxlGTYI+GPqjJPOtx
6jH94BimG13yLMJxBlzw+xJdqSBfN5zOrXApRdq/7outNlnM6k3wykR59EIfo+HT
jo9t7UoB2+097OqPkmKo4t/5gtQBZJoadiHtLFA9RW5NGTECpzFug8UandxLP3tE
H+UZ7vbcLvL7vUEaPvAI5NY0WeBQGPJuSmHHGl8BpNO6oYGokJMoJucCLhJ/MwBB
fl6KzU9lizI3ANVJEbGKQWuUt+rVzwtytQznIfpnUqPxj7lRFKdWwPzBkxW6Jl6m
56aLyNbaMMy98sA9iDKfUBw9AU1zIC7iAXnbIiqvinSalOArgQIDAQABo4IDWDCC
A1QwHQYDVR0OBBYEFIiPdMImTmMmrnXmT0Ds8YeqcF63MIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy9mNWE4
ZTMyNy1lYmY0LTRmNGItOTA3My05MGFjZDYxNzk3Y2MvMjBhMWJjYzAtM2I3NC0z
YWJmLWE3N2MtMmVlNzA1YTA2NjEwLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy81MjFlYjMzZi05
NjcyLTRjZDktYWNjZS0xMzcyMjdlOTcxYWMvZjVhOGUzMjctZWJmNC00ZjRiLTkw
NzMtOTBhY2Q2MTc5N2NjL2Y1YThlMzI3LWViZjQtNGY0Yi05MDczLTkwYWNkNjE3
OTdjYy5jcmwwHwYDVR0jBBgwFoAURYZl4q8eZIkQSjuD49h/SJO1e5MwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzUyMWViMzNmLTk2NzItNGNk
OS1hY2NlLTEzNzIyN2U5NzFhYy9mNWE4ZTMyNy1lYmY0LTRmNGItOTA3My05MGFj
ZDYxNzk3Y2MuY2VyMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAJiAAnmAB
MFQGA1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6
Ly93d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcN
AQELBQADggEBAGx6NN8lCEprwgnyfoGfsnMEuS/s7ZgOlkMiuU7kQVkxybiesXsU
T013m0zwUZEJGnX1n+pWMgG2dU9VHUGN4oPPNA6HYQ9CsxRDX40Ka08hMwnVY3co
H550bWzWOfE6T3QasDmN10T9YtbM2ktt4BkyBJb8mKHzoyKW3Sd1cy15kHCs2XP1
TFXv/NTb9NtZYTdI8GgbrC2Qw2jroIc6c4rr4mItI+gG8uOkytoxbNVOm0XNBjRc
qCNT5IJf1Ri7Il+ngkOko4o3s8cCdiSedl7nKoprH0C3ho7daaA+zQbZXPWn3Ui+
mfFNZdVeDcvzjgq9Ti2sXWjPYYz3ui5pu4I=
-----END CERTIFICATE-----