Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/9215edd1-4e57-3fca-80ea-23697404c028.roa
File:                     9215edd1-4e57-3fca-80ea-23697404c028.roa (raw, json)
Hash identifier:          PWhtD1kE/OuyJnXppYxMAmckZmTHpAiV+7GuHRQf0H0=
Subject key identifier:   65:0B:B7:2D:0E:AC:0D:92:CD:B5:AF:6F:2F:E2:62:0B:0F:82:02:94
Certificate issuer:       /CN=f5a8e327-ebf4-4f4b-9073-90acd61797cc
Certificate serial:       010D0C9F4328583F315E11D2BF2423AF897C2DE0
Authority key identifier: 45:86:65:E2:AF:1E:64:89:10:4A:3B:83:E3:D8:7F:48:93:B5:7B:93
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/9215edd1-4e57-3fca-80ea-23697404c028.roa
Signing time:             Fri 09 Sep 2022 12:00:00 +0000
ROA not before:           Fri 09 Sep 2022 12:00:00 +0000
ROA not after:            Sun 10 Sep 2023 04:00:00 +0000
asID:                     3970
IP address blocks:        2620:9e:6001::/48 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:3f:31:5e:11:d2:bf:24:23:af:89:7c:2d:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f5a8e327-ebf4-4f4b-9073-90acd61797cc
        Validity
            Not Before: Sep  9 12:00:00 2022 GMT
            Not After : Sep 10 04:00:00 2023 GMT
        Subject: CN=ab3373dc-bfe9-4b80-9e1e-0c426b66aaa5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:85:fe:a0:3a:9d:de:f6:93:11:8b:6d:ff:0a:
                    14:2d:30:4a:94:5c:c0:37:4b:da:38:c3:0e:ae:6e:
                    fa:e0:0e:06:40:d6:64:b0:bf:d6:ea:ef:9e:86:ce:
                    52:fe:fe:05:a3:86:c0:9d:97:62:76:53:5f:90:6b:
                    d3:52:86:96:d1:1b:5e:3d:3b:27:51:7f:d1:ff:08:
                    18:11:e4:6e:ca:a6:df:e6:ef:08:c3:7e:73:b9:02:
                    6f:66:c6:92:1e:66:7b:f9:21:9f:9f:d8:c0:1f:83:
                    24:91:6f:37:41:35:90:35:4f:cd:9e:cf:9c:d7:b0:
                    f5:cc:08:ca:d4:6b:e7:c7:f3:11:50:98:c7:4f:ad:
                    54:18:65:ce:5b:2e:32:37:72:77:df:6b:a3:aa:22:
                    78:ee:73:09:21:ed:33:06:df:8e:6e:39:cb:45:b0:
                    1c:70:3a:7d:d7:25:6d:96:e7:9b:9c:74:27:1c:1f:
                    6c:7a:d6:b6:94:fb:02:2b:e7:e8:99:76:d7:a9:85:
                    df:cf:b6:bd:e1:77:3f:dc:30:7f:7e:ba:2b:ee:02:
                    9a:de:ac:fd:f6:ac:a3:e7:f6:45:d9:ea:50:48:4c:
                    a9:30:26:76:35:5c:ee:bf:ca:5a:87:ce:90:5f:40:
                    c9:30:92:31:16:7b:b6:36:1c:e6:10:36:ce:17:cf:
                    94:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:0B:B7:2D:0E:AC:0D:92:CD:B5:AF:6F:2F:E2:62:0B:0F:82:02:94
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/9215edd1-4e57-3fca-80ea-23697404c028.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/f5a8e327-ebf4-4f4b-9073-90acd61797cc.crl

            X509v3 Authority Key Identifier:
                keyid:45:86:65:E2:AF:1E:64:89:10:4A:3B:83:E3:D8:7F:48:93:B5:7B:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc.cer

            sbgp-ipAddrBlock: critical
                IPv6:
                  2620:9e:6001::/48

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         51:a1:a0:03:be:95:67:bb:ad:46:be:53:eb:8b:d6:d1:85:ef:
         c1:32:1c:9c:23:db:44:38:bf:f6:35:d3:9e:9c:1c:f2:2b:26:
         16:e3:4a:6b:8a:69:e8:cd:d1:65:89:01:59:bf:3d:ba:6e:4e:
         67:39:0d:17:da:75:c7:fb:17:d9:07:d1:59:b5:c1:a1:d5:a9:
         5d:f9:30:59:2b:97:8d:1f:39:01:09:6e:28:d2:e0:98:1c:bc:
         a3:7e:5a:a6:9a:dc:1a:32:42:ed:cd:c3:33:15:bf:38:bc:36:
         32:4f:7a:41:83:bf:a0:23:19:0e:87:6c:39:55:01:d4:b3:a3:
         aa:2a:95:c9:8d:f8:8d:ab:42:07:85:0c:96:9c:7d:fe:de:f8:
         c4:64:6e:cb:c9:78:81:35:f2:40:5e:ae:12:00:9d:eb:bc:94:
         94:16:29:cf:56:57:67:39:33:ca:dc:77:b0:16:b8:37:de:23:
         08:38:0c:ca:4d:3f:db:21:ea:06:82:38:3c:01:6d:95:e2:42:
         3f:33:3d:b7:6a:7a:d9:f0:8e:41:71:20:75:37:af:97:13:a5:
         8e:6a:70:1b:36:5c:a7:37:a0:eb:88:90:f8:1e:e3:42:3d:15:
         ac:55:90:67:b3:4b:f9:4d:ce:7f:fd:00:96:47:f2:a1:d3:8d:
         54:f6:61:6b
-----BEGIN CERTIFICATE-----
MIIGRjCCBS6gAwIBAgIUAQ0Mn0MoWD8xXhHSvyQjr4l8LeAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkZjVhOGUzMjctZWJmNC00ZjRiLTkwNzMtOTBhY2Q2MTc5
N2NjMB4XDTIyMDkwOTEyMDAwMFoXDTIzMDkxMDA0MDAwMFowLzEtMCsGA1UEAxMk
YWIzMzczZGMtYmZlOS00YjgwLTllMWUtMGM0MjZiNjZhYWE1MIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi4X+oDqd3vaTEYtt/woULTBKlFzAN0vaOMMO
rm764A4GQNZksL/W6u+ehs5S/v4Fo4bAnZdidlNfkGvTUoaW0RtePTsnUX/R/wgY
EeRuyqbf5u8Iw35zuQJvZsaSHmZ7+SGfn9jAH4MkkW83QTWQNU/Nns+c17D1zAjK
1Gvnx/MRUJjHT61UGGXOWy4yN3J332ujqiJ47nMJIe0zBt+ObjnLRbAccDp91yVt
luebnHQnHB9seta2lPsCK+fomXbXqYXfz7a94Xc/3DB/fror7gKa3qz99qyj5/ZF
2epQSEypMCZ2NVzuv8pah86QX0DJMJIxFnu2NhzmEDbOF8+U0wIDAQABo4IDWDCC
A1QwHQYDVR0OBBYEFGULty0OrA2SzbWvby/iYgsPggKUMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy9mNWE4
ZTMyNy1lYmY0LTRmNGItOTA3My05MGFjZDYxNzk3Y2MvOTIxNWVkZDEtNGU1Ny0z
ZmNhLTgwZWEtMjM2OTc0MDRjMDI4LnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy81MjFlYjMzZi05
NjcyLTRjZDktYWNjZS0xMzcyMjdlOTcxYWMvZjVhOGUzMjctZWJmNC00ZjRiLTkw
NzMtOTBhY2Q2MTc5N2NjL2Y1YThlMzI3LWViZjQtNGY0Yi05MDczLTkwYWNkNjE3
OTdjYy5jcmwwHwYDVR0jBBgwFoAURYZl4q8eZIkQSjuD49h/SJO1e5MwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzUyMWViMzNmLTk2NzItNGNk
OS1hY2NlLTEzNzIyN2U5NzFhYy9mNWE4ZTMyNy1lYmY0LTRmNGItOTA3My05MGFj
ZDYxNzk3Y2MuY2VyMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAJiAAnmAB
MFQGA1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6
Ly93d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcN
AQELBQADggEBAFGhoAO+lWe7rUa+U+uL1tGF78EyHJwj20Q4v/Y1056cHPIrJhbj
SmuKaejN0WWJAVm/PbpuTmc5DRfadcf7F9kH0Vm1waHVqV35MFkrl40fOQEJbijS
4JgcvKN+Wqaa3BoyQu3NwzMVvzi8NjJPekGDv6AjGQ6HbDlVAdSzo6oqlcmN+I2r
QgeFDJacff7e+MRkbsvJeIE18kBerhIAneu8lJQWKc9WV2c5M8rcd7AWuDfeIwg4
DMpNP9sh6gaCODwBbZXiQj8zPbdqetnwjkFxIHU3r5cTpY5qcBs2XKc3oOuIkPge
40I9FaxVkGezS/lNzn/9AJZH8qHTjVT2YWs=
-----END CERTIFICATE-----