Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/71dd4cfe-7aa0-3934-be9a-6834ebe2820a.roa
File:                     71dd4cfe-7aa0-3934-be9a-6834ebe2820a.roa (raw, json)
Hash identifier:          goyQ6OM2FedN62H+/KLkDuLW7RPYIPTl82RkUIgbsEE=
Subject key identifier:   CA:97:85:97:8C:CE:A4:1E:A8:47:40:1A:BF:F6:6A:48:DD:D2:A2:63
Certificate issuer:       /CN=f5a8e327-ebf4-4f4b-9073-90acd61797cc
Certificate serial:       010D0C9F4328583FA90C2FF5E5E5390979B1EC80
Authority key identifier: 45:86:65:E2:AF:1E:64:89:10:4A:3B:83:E3:D8:7F:48:93:B5:7B:93
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/71dd4cfe-7aa0-3934-be9a-6834ebe2820a.roa
Signing time:             Sat 22 Oct 2022 12:00:00 +0000
ROA not before:           Sat 22 Oct 2022 12:00:00 +0000
ROA not after:            Mon 23 Oct 2023 04:00:00 +0000
asID:                     3970
IP address blocks:        2620:9e:6001::/48 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:3f:a9:0c:2f:f5:e5:e5:39:09:79:b1:ec:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f5a8e327-ebf4-4f4b-9073-90acd61797cc
        Validity
            Not Before: Oct 22 12:00:00 2022 GMT
            Not After : Oct 23 04:00:00 2023 GMT
        Subject: CN=654867a3-bde6-4494-8f61-8158c52ae432
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:b5:7a:a5:27:0b:ed:a6:a6:ac:e6:4e:dd:b3:
                    ea:64:5c:d1:18:16:5e:dd:f5:0f:2a:dc:8f:49:8d:
                    12:3f:2b:86:b0:40:4d:bb:c7:a9:09:a1:73:6f:e7:
                    25:32:0b:52:77:85:89:c4:cc:a6:ed:f6:2f:0e:34:
                    34:52:40:fd:74:e2:00:fa:75:3c:aa:e3:a4:17:f2:
                    ec:6e:b3:04:b1:b6:a0:4c:c1:17:b4:ae:5b:2e:ec:
                    c0:2c:c3:a4:bd:2e:34:93:b1:40:ac:e3:85:4a:bd:
                    7f:12:36:b6:ab:89:a4:e6:9a:aa:06:53:ec:2e:83:
                    60:51:11:2d:62:8c:23:15:c3:4b:51:2b:7c:8e:ce:
                    05:8a:ad:c4:04:9b:a9:aa:d6:f8:55:a1:a7:a9:33:
                    4a:97:d8:80:23:2e:c1:7f:85:e9:b5:68:e1:8f:08:
                    82:f9:ac:42:4e:0c:c2:38:ed:19:63:2b:f6:5e:d4:
                    10:2a:ef:6a:f7:71:3c:01:b8:a6:ea:bb:e7:72:e5:
                    fc:90:62:6c:cf:43:14:e4:fa:58:40:63:e2:cd:f6:
                    b3:91:11:86:8b:a4:85:8d:82:51:24:08:aa:31:87:
                    b7:e8:35:b0:9b:fe:ed:0a:65:9b:62:3c:21:39:37:
                    b0:c1:3a:e8:a3:78:c6:ca:8b:ac:47:5c:c3:d4:28:
                    a3:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:97:85:97:8C:CE:A4:1E:A8:47:40:1A:BF:F6:6A:48:DD:D2:A2:63
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/71dd4cfe-7aa0-3934-be9a-6834ebe2820a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/f5a8e327-ebf4-4f4b-9073-90acd61797cc.crl

            X509v3 Authority Key Identifier:
                keyid:45:86:65:E2:AF:1E:64:89:10:4A:3B:83:E3:D8:7F:48:93:B5:7B:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc.cer

            sbgp-ipAddrBlock: critical
                IPv6:
                  2620:9e:6001::/48

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         37:48:d2:a1:9b:12:b4:d8:4a:f8:ca:4e:2e:89:8c:e3:75:a7:
         08:ef:f8:3f:b9:15:9d:03:86:84:64:b9:01:fe:60:d0:f0:33:
         fa:07:00:df:cb:47:ff:34:d4:fd:62:95:48:f5:78:95:cb:04:
         0f:b7:2b:b0:e8:63:3a:b7:63:4f:c1:d9:ee:7c:b6:e7:c0:4a:
         98:b4:57:82:2c:a4:30:b1:1c:b0:ca:ef:28:52:1f:85:93:81:
         8b:e2:bc:2d:cc:97:c2:7a:a1:a4:60:09:4e:e0:09:fa:00:c5:
         99:0b:73:f0:f1:31:99:44:b6:b1:65:35:03:2a:3c:9a:9b:48:
         8e:b4:40:1d:82:78:25:a4:72:70:3b:42:be:8a:6b:f7:b2:1b:
         76:d4:d2:0a:63:60:ac:d2:02:d5:b2:2e:d7:66:1a:6c:5f:da:
         fd:78:a5:bc:fc:93:80:02:0d:b1:40:6e:36:35:14:ef:60:1b:
         f0:23:06:93:36:38:b0:ab:2c:10:d3:3f:42:8f:14:dd:da:37:
         40:6e:97:76:1b:2f:67:f7:5f:83:03:1c:79:d2:d3:d9:02:3f:
         a7:89:2a:57:87:af:06:16:6c:97:1d:93:64:57:b6:05:f5:df:
         0d:d1:b2:0f:83:0a:33:cc:e6:9d:b4:e7:62:55:de:e7:be:b6:
         ba:8d:df:95
-----BEGIN CERTIFICATE-----
MIIGRjCCBS6gAwIBAgIUAQ0Mn0MoWD+pDC/15eU5CXmx7IAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkZjVhOGUzMjctZWJmNC00ZjRiLTkwNzMtOTBhY2Q2MTc5
N2NjMB4XDTIyMTAyMjEyMDAwMFoXDTIzMTAyMzA0MDAwMFowLzEtMCsGA1UEAxMk
NjU0ODY3YTMtYmRlNi00NDk0LThmNjEtODE1OGM1MmFlNDMyMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy7V6pScL7aamrOZO3bPqZFzRGBZe3fUPKtyP
SY0SPyuGsEBNu8epCaFzb+clMgtSd4WJxMym7fYvDjQ0UkD9dOIA+nU8quOkF/Ls
brMEsbagTMEXtK5bLuzALMOkvS40k7FArOOFSr1/Eja2q4mk5pqqBlPsLoNgUREt
YowjFcNLUSt8js4Fiq3EBJupqtb4VaGnqTNKl9iAIy7Bf4XptWjhjwiC+axCTgzC
OO0ZYyv2XtQQKu9q93E8Abim6rvncuX8kGJsz0MU5PpYQGPizfazkRGGi6SFjYJR
JAiqMYe36DWwm/7tCmWbYjwhOTewwTroo3jGyousR1zD1CijkwIDAQABo4IDWDCC
A1QwHQYDVR0OBBYEFMqXhZeMzqQeqEdAGr/2akjd0qJjMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy9mNWE4
ZTMyNy1lYmY0LTRmNGItOTA3My05MGFjZDYxNzk3Y2MvNzFkZDRjZmUtN2FhMC0z
OTM0LWJlOWEtNjgzNGViZTI4MjBhLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy81MjFlYjMzZi05
NjcyLTRjZDktYWNjZS0xMzcyMjdlOTcxYWMvZjVhOGUzMjctZWJmNC00ZjRiLTkw
NzMtOTBhY2Q2MTc5N2NjL2Y1YThlMzI3LWViZjQtNGY0Yi05MDczLTkwYWNkNjE3
OTdjYy5jcmwwHwYDVR0jBBgwFoAURYZl4q8eZIkQSjuD49h/SJO1e5MwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzUyMWViMzNmLTk2NzItNGNk
OS1hY2NlLTEzNzIyN2U5NzFhYy9mNWE4ZTMyNy1lYmY0LTRmNGItOTA3My05MGFj
ZDYxNzk3Y2MuY2VyMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAJiAAnmAB
MFQGA1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6
Ly93d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcN
AQELBQADggEBADdI0qGbErTYSvjKTi6JjON1pwjv+D+5FZ0DhoRkuQH+YNDwM/oH
AN/LR/801P1ilUj1eJXLBA+3K7DoYzq3Y0/B2e58tufASpi0V4IspDCxHLDK7yhS
H4WTgYvivC3Ml8J6oaRgCU7gCfoAxZkLc/DxMZlEtrFlNQMqPJqbSI60QB2CeCWk
cnA7Qr6Ka/eyG3bU0gpjYKzSAtWyLtdmGmxf2v14pbz8k4ACDbFAbjY1FO9gG/Aj
BpM2OLCrLBDTP0KPFN3aN0Bul3YbL2f3X4MDHHnS09kCP6eJKleHrwYWbJcdk2RX
tgX13w3Rsg+DCjPM5p2052JV3ue+trqN35U=
-----END CERTIFICATE-----