Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/436942b5-aad9-36c3-a8cb-d700ca4758a3.roa
File:                     436942b5-aad9-36c3-a8cb-d700ca4758a3.roa (raw, json)
Hash identifier:          QCZlRoKPn3aZv/Lh+OksBhulhy8l1ADrCK9z049hyfE=
Subject key identifier:   4F:1E:1A:FB:D3:23:9C:63:9B:D9:B2:BD:38:00:80:9E:D4:0C:D0:13
Certificate issuer:       /CN=f5a8e327-ebf4-4f4b-9073-90acd61797cc
Certificate serial:       010D0C9F4328583EE2E48C56DE0D2B6CB1AA2DE9
Authority key identifier: 45:86:65:E2:AF:1E:64:89:10:4A:3B:83:E3:D8:7F:48:93:B5:7B:93
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/436942b5-aad9-36c3-a8cb-d700ca4758a3.roa
Signing time:             Fri 12 Aug 2022 12:00:00 +0000
ROA not before:           Fri 12 Aug 2022 12:00:00 +0000
ROA not after:            Sun 13 Aug 2023 04:00:00 +0000
asID:                     3970
IP address blocks:        2620:9e:6001::/48 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:3e:e2:e4:8c:56:de:0d:2b:6c:b1:aa:2d:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f5a8e327-ebf4-4f4b-9073-90acd61797cc
        Validity
            Not Before: Aug 12 12:00:00 2022 GMT
            Not After : Aug 13 04:00:00 2023 GMT
        Subject: CN=538bef4c-c36b-464d-9dd2-b7beb3ce7025
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:0c:b2:0e:1d:f4:aa:74:d4:f9:11:19:8b:90:
                    a4:df:a9:51:41:64:e6:9f:31:29:43:0b:59:ec:20:
                    8b:11:ac:aa:29:da:51:20:92:2b:0b:8c:27:c2:88:
                    6a:ca:fd:81:14:8b:4a:5d:2d:d2:a0:08:62:4b:0b:
                    72:cf:ef:11:dc:81:e1:ee:20:d8:fa:78:83:a9:08:
                    74:f0:5c:91:54:cb:a7:44:f6:fb:0c:c6:17:13:4b:
                    16:81:5c:74:21:95:6b:0b:ca:21:ba:92:9e:74:65:
                    89:7b:e7:83:7b:4c:b2:12:7f:47:e0:dc:69:4f:32:
                    74:0f:57:f2:de:83:d7:86:cd:8a:18:1a:4c:d8:95:
                    b5:bd:5b:1b:b7:7e:ee:1b:c2:ff:04:fd:c1:67:55:
                    94:f4:8e:13:cd:42:5d:03:35:ce:b8:28:5f:08:35:
                    b5:d7:26:9a:85:78:72:a2:c9:68:2d:06:ea:c4:93:
                    bd:ca:57:35:a5:41:88:12:63:21:9b:b1:84:2f:60:
                    49:ea:98:6d:a0:3d:f5:dd:c4:d5:16:a3:e9:63:b8:
                    bc:a9:43:e5:d3:26:2b:09:2b:0c:6b:06:73:6f:19:
                    1f:85:c5:01:3f:74:63:3d:a3:03:22:0b:2f:b2:44:
                    8e:4d:20:a4:7c:e7:04:75:f7:6e:64:74:f0:3e:db:
                    cd:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:1E:1A:FB:D3:23:9C:63:9B:D9:B2:BD:38:00:80:9E:D4:0C:D0:13
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/436942b5-aad9-36c3-a8cb-d700ca4758a3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/f5a8e327-ebf4-4f4b-9073-90acd61797cc.crl

            X509v3 Authority Key Identifier:
                keyid:45:86:65:E2:AF:1E:64:89:10:4A:3B:83:E3:D8:7F:48:93:B5:7B:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc.cer

            sbgp-ipAddrBlock: critical
                IPv6:
                  2620:9e:6001::/48

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         8a:a0:47:98:7f:06:b3:d4:50:0b:2d:21:68:fa:57:3e:6d:7e:
         ef:e5:02:1b:3d:8a:32:e2:9c:67:41:b8:cc:a1:d2:b5:f5:67:
         fb:e9:73:ec:bd:c0:85:25:53:00:ce:ef:50:9c:ec:0f:79:a7:
         1d:7c:40:5f:08:e8:1c:b8:03:5c:08:85:d4:94:0b:0b:4e:c2:
         c7:87:ee:62:8e:ff:c0:6c:13:55:8f:13:21:c8:e1:bd:03:94:
         d0:39:04:e6:80:89:1d:7c:bc:d7:95:5e:21:14:5a:17:c1:31:
         48:58:27:35:1b:15:85:4b:d9:1c:95:0e:bc:2a:34:49:38:40:
         be:5e:5a:17:75:fc:22:ef:06:8b:9d:88:85:44:23:f5:4e:fc:
         43:c6:99:e2:8e:e4:ff:f9:44:9b:88:d2:12:5c:03:fd:39:3c:
         c1:50:c6:04:ad:b4:c7:d3:4b:3e:dc:ad:a8:b9:a5:52:2b:f2:
         a6:5d:92:4e:07:58:be:a5:c0:59:58:ff:86:2a:60:f5:15:2a:
         83:ed:12:40:2e:18:87:14:d5:88:2b:75:54:a5:a9:f1:b3:26:
         87:5a:db:f0:4b:a1:ec:ad:a3:5d:fb:80:90:e0:2b:2f:d2:39:
         49:d2:27:37:33:10:ed:30:a1:e7:41:bf:ca:70:b1:1a:e4:df:
         4f:24:f2:1f
-----BEGIN CERTIFICATE-----
MIIGRjCCBS6gAwIBAgIUAQ0Mn0MoWD7i5IxW3g0rbLGqLekwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkZjVhOGUzMjctZWJmNC00ZjRiLTkwNzMtOTBhY2Q2MTc5
N2NjMB4XDTIyMDgxMjEyMDAwMFoXDTIzMDgxMzA0MDAwMFowLzEtMCsGA1UEAxMk
NTM4YmVmNGMtYzM2Yi00NjRkLTlkZDItYjdiZWIzY2U3MDI1MIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvQyyDh30qnTU+REZi5Ck36lRQWTmnzEpQwtZ
7CCLEayqKdpRIJIrC4wnwohqyv2BFItKXS3SoAhiSwtyz+8R3IHh7iDY+niDqQh0
8FyRVMunRPb7DMYXE0sWgVx0IZVrC8ohupKedGWJe+eDe0yyEn9H4NxpTzJ0D1fy
3oPXhs2KGBpM2JW1vVsbt37uG8L/BP3BZ1WU9I4TzUJdAzXOuChfCDW11yaahXhy
osloLQbqxJO9ylc1pUGIEmMhm7GEL2BJ6phtoD313cTVFqPpY7i8qUPl0yYrCSsM
awZzbxkfhcUBP3RjPaMDIgsvskSOTSCkfOcEdfduZHTwPtvNEQIDAQABo4IDWDCC
A1QwHQYDVR0OBBYEFE8eGvvTI5xjm9myvTgAgJ7UDNATMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy9mNWE4
ZTMyNy1lYmY0LTRmNGItOTA3My05MGFjZDYxNzk3Y2MvNDM2OTQyYjUtYWFkOS0z
NmMzLWE4Y2ItZDcwMGNhNDc1OGEzLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy81MjFlYjMzZi05
NjcyLTRjZDktYWNjZS0xMzcyMjdlOTcxYWMvZjVhOGUzMjctZWJmNC00ZjRiLTkw
NzMtOTBhY2Q2MTc5N2NjL2Y1YThlMzI3LWViZjQtNGY0Yi05MDczLTkwYWNkNjE3
OTdjYy5jcmwwHwYDVR0jBBgwFoAURYZl4q8eZIkQSjuD49h/SJO1e5MwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzUyMWViMzNmLTk2NzItNGNk
OS1hY2NlLTEzNzIyN2U5NzFhYy9mNWE4ZTMyNy1lYmY0LTRmNGItOTA3My05MGFj
ZDYxNzk3Y2MuY2VyMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAJiAAnmAB
MFQGA1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6
Ly93d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcN
AQELBQADggEBAIqgR5h/BrPUUAstIWj6Vz5tfu/lAhs9ijLinGdBuMyh0rX1Z/vp
c+y9wIUlUwDO71Cc7A95px18QF8I6By4A1wIhdSUCwtOwseH7mKO/8BsE1WPEyHI
4b0DlNA5BOaAiR18vNeVXiEUWhfBMUhYJzUbFYVL2RyVDrwqNEk4QL5eWhd1/CLv
BoudiIVEI/VO/EPGmeKO5P/5RJuI0hJcA/05PMFQxgSttMfTSz7crai5pVIr8qZd
kk4HWL6lwFlY/4YqYPUVKoPtEkAuGIcU1YgrdVSlqfGzJoda2/BLoeyto137gJDg
Ky/SOUnSJzczEO0woedBv8pwsRrk308k8h8=
-----END CERTIFICATE-----