Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/28e70952-b458-359d-b883-7da69a045bff.roa
File:                     28e70952-b458-359d-b883-7da69a045bff.roa (raw, json)
Hash identifier:          cNu+gjMm9ZARnAIjsGsi4zVI0hMhY4CKWjw/ytiQrDA=
Subject key identifier:   42:D9:77:D3:13:5B:B7:A2:91:9F:7E:F7:88:1E:BA:89:C7:26:18:D2
Certificate issuer:       /CN=f5a8e327-ebf4-4f4b-9073-90acd61797cc
Certificate serial:       010D0C9F4328583EC1B15092B2CB8608DD76C200
Authority key identifier: 45:86:65:E2:AF:1E:64:89:10:4A:3B:83:E3:D8:7F:48:93:B5:7B:93
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/28e70952-b458-359d-b883-7da69a045bff.roa
Signing time:             Sun 31 Jul 2022 12:00:00 +0000
ROA not before:           Sun 31 Jul 2022 12:00:00 +0000
ROA not after:            Tue 01 Aug 2023 04:00:00 +0000
asID:                     3970
IP address blocks:        2620:9e:6001::/48 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:3e:c1:b1:50:92:b2:cb:86:08:dd:76:c2:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f5a8e327-ebf4-4f4b-9073-90acd61797cc
        Validity
            Not Before: Jul 31 12:00:00 2022 GMT
            Not After : Aug  1 04:00:00 2023 GMT
        Subject: CN=08d8eda8-d48d-4a66-bad5-d4e4e6b3afad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:a5:49:a1:ae:43:bf:e7:65:6e:d5:93:12:ad:
                    d1:ed:f8:f8:b5:f3:61:cf:09:06:df:f0:2c:a9:ed:
                    24:0d:d3:d3:6a:2c:d8:5a:3d:ac:e9:ec:2f:30:4a:
                    c1:ac:12:f8:a9:00:8c:f1:d9:bd:b3:ed:a8:5b:9e:
                    18:5c:bb:d3:e6:26:a2:4b:c3:90:2c:6f:0f:8e:02:
                    c4:dc:c4:f4:3a:ef:57:bc:85:24:40:ef:05:5f:9f:
                    e7:04:c6:72:27:ee:83:42:e7:c8:bc:6d:9f:15:51:
                    2d:20:f7:0e:78:12:d6:ea:91:6d:9b:ea:97:b7:fa:
                    2f:88:d5:e4:49:46:c0:28:49:ce:b8:0e:e1:8a:d6:
                    86:5e:a6:0e:73:d0:84:09:51:93:4f:58:04:a2:23:
                    e6:23:ae:e9:a5:98:48:b4:07:94:d5:52:21:e2:86:
                    10:92:d6:63:12:66:e2:65:0f:2a:ed:24:c9:43:e7:
                    74:16:7c:93:98:6d:63:a0:61:fd:b2:9f:6a:fe:56:
                    87:9f:93:e9:e9:8b:19:4b:9e:d3:29:2d:f5:a1:a7:
                    12:43:58:b1:74:24:0f:6f:2b:d8:28:17:ca:fa:96:
                    08:18:95:0c:bd:36:ba:a3:e1:68:34:7f:0c:44:f3:
                    20:b2:8e:78:a4:6b:b4:51:bf:0f:7b:25:ac:b4:5d:
                    d2:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:D9:77:D3:13:5B:B7:A2:91:9F:7E:F7:88:1E:BA:89:C7:26:18:D2
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/28e70952-b458-359d-b883-7da69a045bff.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/f5a8e327-ebf4-4f4b-9073-90acd61797cc.crl

            X509v3 Authority Key Identifier:
                keyid:45:86:65:E2:AF:1E:64:89:10:4A:3B:83:E3:D8:7F:48:93:B5:7B:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc.cer

            sbgp-ipAddrBlock: critical
                IPv6:
                  2620:9e:6001::/48

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         6e:72:bf:bf:93:7b:43:d6:02:31:da:d2:8c:e0:22:59:2b:e7:
         aa:1c:13:6e:54:a1:29:61:eb:29:cf:82:16:dc:db:3d:86:ec:
         df:72:bc:f0:04:96:8f:e0:24:2d:93:ef:c9:ea:a1:88:82:75:
         07:f4:0c:ff:91:aa:9a:3a:88:3c:7b:69:62:73:df:f2:cd:8d:
         4a:e8:cd:66:1e:88:2b:78:d3:fc:3b:5c:48:00:75:60:b1:a0:
         c2:2d:66:c7:05:c7:03:17:cb:32:c9:2f:df:59:6c:fe:39:4b:
         6b:7d:5a:38:ce:68:2f:3e:b2:18:60:64:86:1a:a3:aa:45:39:
         9d:b3:4a:dd:93:5f:82:16:5d:2d:79:56:2d:d8:69:e1:a4:fa:
         03:79:49:34:49:8c:cf:8c:9e:81:db:99:6c:98:e5:a7:b1:22:
         59:75:91:dd:b9:d6:e3:05:76:1b:19:7d:a9:57:14:f6:bb:5e:
         18:48:43:70:53:46:d8:0e:c8:22:49:69:9a:03:2e:53:df:86:
         dd:f1:0d:fa:1c:da:71:cf:98:86:d8:63:86:21:67:50:c3:cb:
         40:3c:db:db:68:01:0d:fc:55:73:61:a7:d8:7e:e2:8f:a6:ed:
         f8:1a:8a:34:5b:3c:4b:3f:16:93:a3:5a:7d:76:f0:c8:52:c4:
         a0:e6:71:13
-----BEGIN CERTIFICATE-----
MIIGRjCCBS6gAwIBAgIUAQ0Mn0MoWD7BsVCSssuGCN12wgAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkZjVhOGUzMjctZWJmNC00ZjRiLTkwNzMtOTBhY2Q2MTc5
N2NjMB4XDTIyMDczMTEyMDAwMFoXDTIzMDgwMTA0MDAwMFowLzEtMCsGA1UEAxMk
MDhkOGVkYTgtZDQ4ZC00YTY2LWJhZDUtZDRlNGU2YjNhZmFkMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhqVJoa5Dv+dlbtWTEq3R7fj4tfNhzwkG3/As
qe0kDdPTaizYWj2s6ewvMErBrBL4qQCM8dm9s+2oW54YXLvT5iaiS8OQLG8PjgLE
3MT0Ou9XvIUkQO8FX5/nBMZyJ+6DQufIvG2fFVEtIPcOeBLW6pFtm+qXt/oviNXk
SUbAKEnOuA7hitaGXqYOc9CECVGTT1gEoiPmI67ppZhItAeU1VIh4oYQktZjEmbi
ZQ8q7STJQ+d0FnyTmG1joGH9sp9q/laHn5Pp6YsZS57TKS31oacSQ1ixdCQPbyvY
KBfK+pYIGJUMvTa6o+FoNH8MRPMgso54pGu0Ub8PeyWstF3SiQIDAQABo4IDWDCC
A1QwHQYDVR0OBBYEFELZd9MTW7eikZ9+94geuonHJhjSMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy9mNWE4
ZTMyNy1lYmY0LTRmNGItOTA3My05MGFjZDYxNzk3Y2MvMjhlNzA5NTItYjQ1OC0z
NTlkLWI4ODMtN2RhNjlhMDQ1YmZmLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy81MjFlYjMzZi05
NjcyLTRjZDktYWNjZS0xMzcyMjdlOTcxYWMvZjVhOGUzMjctZWJmNC00ZjRiLTkw
NzMtOTBhY2Q2MTc5N2NjL2Y1YThlMzI3LWViZjQtNGY0Yi05MDczLTkwYWNkNjE3
OTdjYy5jcmwwHwYDVR0jBBgwFoAURYZl4q8eZIkQSjuD49h/SJO1e5MwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzUyMWViMzNmLTk2NzItNGNk
OS1hY2NlLTEzNzIyN2U5NzFhYy9mNWE4ZTMyNy1lYmY0LTRmNGItOTA3My05MGFj
ZDYxNzk3Y2MuY2VyMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAJiAAnmAB
MFQGA1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6
Ly93d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcN
AQELBQADggEBAG5yv7+Te0PWAjHa0ozgIlkr56ocE25UoSlh6ynPghbc2z2G7N9y
vPAElo/gJC2T78nqoYiCdQf0DP+Rqpo6iDx7aWJz3/LNjUrozWYeiCt40/w7XEgA
dWCxoMItZscFxwMXyzLJL99ZbP45S2t9WjjOaC8+shhgZIYao6pFOZ2zSt2TX4IW
XS15Vi3YaeGk+gN5STRJjM+MnoHbmWyY5aexIll1kd251uMFdhsZfalXFPa7XhhI
Q3BTRtgOyCJJaZoDLlPfht3xDfoc2nHPmIbYY4YhZ1DDy0A829toAQ38VXNhp9h+
4o+m7fgaijRbPEs/FpOjWn128MhSxKDmcRM=
-----END CERTIFICATE-----