Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/4368fcd9-6dab-3262-a42c-fa8c81822f59.roa
File:                     4368fcd9-6dab-3262-a42c-fa8c81822f59.roa (raw, json)
Hash identifier:          FDGIFzPX1F9Bt0cK5Idpge027BgcdLlx1RedYfoz2eQ=
Subject key identifier:   B0:5E:16:7A:08:7B:18:99:FB:C2:57:65:3F:8F:65:A8:A0:FD:65:FD
Certificate issuer:       /CN=f5a8e327-ebf4-4f4b-9073-90acd61797cc
Certificate serial:       010D0C9F4328583FA65ADD01939D2224FCF0BFC0
Authority key identifier: 45:86:65:E2:AF:1E:64:89:10:4A:3B:83:E3:D8:7F:48:93:B5:7B:93
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/4368fcd9-6dab-3262-a42c-fa8c81822f59.roa
Signing time:             Fri 21 Oct 2022 12:00:00 +0000
ROA not before:           Fri 21 Oct 2022 12:00:00 +0000
ROA not after:            Sun 22 Oct 2023 04:00:00 +0000
asID:                     3970
IP address blocks:        2620:9e:6001::/48 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:3f:a6:5a:dd:01:93:9d:22:24:fc:f0:bf:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f5a8e327-ebf4-4f4b-9073-90acd61797cc
        Validity
            Not Before: Oct 21 12:00:00 2022 GMT
            Not After : Oct 22 04:00:00 2023 GMT
        Subject: CN=3b68e308-b9ab-4ccc-a798-8d1f30e10655
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:ea:d8:35:9e:f0:95:2d:ca:58:fa:0b:0b:89:
                    1c:78:9a:f8:f4:c4:98:a4:5a:1a:23:d0:f0:2a:80:
                    0f:f9:2e:40:36:c4:7a:92:1f:f3:1c:d9:a2:79:54:
                    17:a8:2e:87:d1:08:d9:ca:61:0b:3d:68:b2:86:f5:
                    91:0b:a6:9f:c4:b5:75:06:0c:92:02:4a:ae:d0:f8:
                    ef:f2:71:04:25:33:1d:d8:46:46:61:07:57:cb:ca:
                    4f:db:d9:33:be:06:b6:3c:c8:e2:66:27:77:ec:78:
                    18:1e:83:8f:7d:e6:c1:7d:3e:78:d2:38:a5:46:fb:
                    93:a4:0d:dc:d0:fa:08:43:c7:eb:16:64:16:8a:44:
                    e9:e5:f2:e0:f7:44:43:09:86:9e:77:b7:51:df:e3:
                    81:73:c5:63:20:3d:65:55:a4:43:63:07:07:f9:6b:
                    e4:80:ab:bc:48:90:3b:d2:92:7c:29:fe:0c:32:d2:
                    90:2c:c0:79:50:42:62:6f:74:34:7b:64:ae:17:b6:
                    32:49:1f:90:6e:30:fd:e8:dd:e2:43:95:b1:ed:ce:
                    d1:93:92:7d:df:0b:56:a4:8a:35:46:ef:2b:1e:ce:
                    85:cd:88:c7:91:6c:3f:05:7b:b5:af:1a:30:93:25:
                    3a:ea:67:be:dd:02:ff:6f:cb:20:d9:18:39:5f:68:
                    30:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:5E:16:7A:08:7B:18:99:FB:C2:57:65:3F:8F:65:A8:A0:FD:65:FD
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/4368fcd9-6dab-3262-a42c-fa8c81822f59.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/f5a8e327-ebf4-4f4b-9073-90acd61797cc.crl

            X509v3 Authority Key Identifier:
                keyid:45:86:65:E2:AF:1E:64:89:10:4A:3B:83:E3:D8:7F:48:93:B5:7B:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc.cer

            sbgp-ipAddrBlock: critical
                IPv6:
                  2620:9e:6001::/48

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         50:a8:51:90:82:6b:94:3a:8d:1c:a1:71:77:65:f7:30:64:01:
         d3:c3:1b:60:bc:e1:22:79:e5:1f:05:36:96:0d:ce:ca:0d:06:
         0d:40:3d:b8:a0:e3:c5:70:09:72:76:53:59:be:4e:54:8e:e7:
         b0:44:d2:d7:a3:23:f8:bc:bd:82:a8:fe:b2:4d:14:99:dd:c0:
         44:a5:aa:0f:65:af:43:bd:ab:ca:39:24:cb:a1:c6:80:3d:f6:
         9f:8c:07:24:03:a8:3d:3a:99:50:62:1d:e8:ad:14:30:fb:6f:
         36:b4:92:fb:0d:21:01:4b:80:8b:c2:7b:77:d2:fd:2d:ef:1d:
         ae:4b:a4:41:f3:9f:30:21:4e:fd:97:21:6e:85:31:64:fe:13:
         f7:3d:03:20:66:bd:9e:0c:09:b9:36:53:66:d0:4a:01:8a:da:
         eb:a3:e7:9f:0b:e0:90:b0:9a:a4:5e:f8:e5:f4:4f:7b:b4:0c:
         45:c0:60:35:1b:fa:a0:00:da:17:13:7b:d2:2e:03:69:44:2a:
         ef:fd:a0:9b:c9:94:6e:42:a1:ae:41:16:f8:84:aa:50:7e:8d:
         d9:bf:e0:34:f9:f3:15:20:89:a0:fb:35:82:0d:39:a6:7a:b3:
         05:b7:e4:58:e1:b5:9b:10:bb:eb:7e:f0:f1:ef:cb:96:27:f4:
         7f:7c:2b:3d
-----BEGIN CERTIFICATE-----
MIIGRjCCBS6gAwIBAgIUAQ0Mn0MoWD+mWt0Bk50iJPzwv8AwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkZjVhOGUzMjctZWJmNC00ZjRiLTkwNzMtOTBhY2Q2MTc5
N2NjMB4XDTIyMTAyMTEyMDAwMFoXDTIzMTAyMjA0MDAwMFowLzEtMCsGA1UEAxMk
M2I2OGUzMDgtYjlhYi00Y2NjLWE3OTgtOGQxZjMwZTEwNjU1MIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6OrYNZ7wlS3KWPoLC4kceJr49MSYpFoaI9Dw
KoAP+S5ANsR6kh/zHNmieVQXqC6H0QjZymELPWiyhvWRC6afxLV1BgySAkqu0Pjv
8nEEJTMd2EZGYQdXy8pP29kzvga2PMjiZid37HgYHoOPfebBfT540jilRvuTpA3c
0PoIQ8frFmQWikTp5fLg90RDCYaed7dR3+OBc8VjID1lVaRDYwcH+WvkgKu8SJA7
0pJ8Kf4MMtKQLMB5UEJib3Q0e2SuF7YySR+QbjD96N3iQ5Wx7c7Rk5J93wtWpIo1
Ru8rHs6FzYjHkWw/BXu1rxowkyU66me+3QL/b8sg2Rg5X2gwywIDAQABo4IDWDCC
A1QwHQYDVR0OBBYEFLBeFnoIexiZ+8JXZT+PZaig/WX9MIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy9mNWE4
ZTMyNy1lYmY0LTRmNGItOTA3My05MGFjZDYxNzk3Y2MvNDM2OGZjZDktNmRhYi0z
MjYyLWE0MmMtZmE4YzgxODIyZjU5LnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy81MjFlYjMzZi05
NjcyLTRjZDktYWNjZS0xMzcyMjdlOTcxYWMvZjVhOGUzMjctZWJmNC00ZjRiLTkw
NzMtOTBhY2Q2MTc5N2NjL2Y1YThlMzI3LWViZjQtNGY0Yi05MDczLTkwYWNkNjE3
OTdjYy5jcmwwHwYDVR0jBBgwFoAURYZl4q8eZIkQSjuD49h/SJO1e5MwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzUyMWViMzNmLTk2NzItNGNk
OS1hY2NlLTEzNzIyN2U5NzFhYy9mNWE4ZTMyNy1lYmY0LTRmNGItOTA3My05MGFj
ZDYxNzk3Y2MuY2VyMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAJiAAnmAB
MFQGA1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6
Ly93d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcN
AQELBQADggEBAFCoUZCCa5Q6jRyhcXdl9zBkAdPDG2C84SJ55R8FNpYNzsoNBg1A
Pbig48VwCXJ2U1m+TlSO57BE0tejI/i8vYKo/rJNFJndwESlqg9lr0O9q8o5JMuh
xoA99p+MByQDqD06mVBiHeitFDD7bza0kvsNIQFLgIvCe3fS/S3vHa5LpEHznzAh
Tv2XIW6FMWT+E/c9AyBmvZ4MCbk2U2bQSgGK2uuj558L4JCwmqRe+OX0T3u0DEXA
YDUb+qAA2hcTe9IuA2lEKu/9oJvJlG5Coa5BFviEqlB+jdm/4DT58xUgiaD7NYIN
OaZ6swW35FjhtZsQu+t+8PHvy5Yn9H98Kz0=
-----END CERTIFICATE-----