Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/ced18dcc-2d98-3ca4-a7af-7a0f68e1defa.roa
File:                     ced18dcc-2d98-3ca4-a7af-7a0f68e1defa.roa (raw, json)
Hash identifier:          u1h5jX3sDJN2NlY+81Z2D2QF2OxM9X7VUjrM6o5wDpo=
Subject key identifier:   FF:C7:E1:41:39:BD:A9:DB:43:A7:C8:AC:E8:5F:29:6F:1C:B8:F6:A4
Certificate issuer:       /CN=f5a8e327-ebf4-4f4b-9073-90acd61797cc
Certificate serial:       010D0C9F4328583F52531BBBCC9E2DC083827300
Authority key identifier: 45:86:65:E2:AF:1E:64:89:10:4A:3B:83:E3:D8:7F:48:93:B5:7B:93
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/ced18dcc-2d98-3ca4-a7af-7a0f68e1defa.roa
Signing time:             Wed 21 Sep 2022 12:00:00 +0000
ROA not before:           Wed 21 Sep 2022 12:00:00 +0000
ROA not after:            Fri 22 Sep 2023 04:00:00 +0000
asID:                     3970
IP address blocks:        165.140.105.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:3f:52:53:1b:bb:cc:9e:2d:c0:83:82:73:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f5a8e327-ebf4-4f4b-9073-90acd61797cc
        Validity
            Not Before: Sep 21 12:00:00 2022 GMT
            Not After : Sep 22 04:00:00 2023 GMT
        Subject: CN=33d53874-0810-4a14-8b9d-53a39acfc09f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:5d:94:ac:35:df:50:d8:a7:0b:b2:f5:81:38:
                    7c:d9:26:b8:de:16:f5:15:a9:0a:5f:39:06:ce:92:
                    7d:4c:fa:b5:2d:48:ba:33:50:4a:23:ee:f4:48:00:
                    0f:5b:b0:6b:ed:a2:21:fc:a3:bd:b4:bf:05:21:97:
                    87:76:20:4a:7f:e3:4b:f3:5d:6d:b2:bc:1e:62:fa:
                    75:04:bc:87:6b:db:4b:ae:8b:8f:3d:e2:65:19:fa:
                    5f:52:e1:1b:4f:9b:c2:d3:82:98:55:bd:a0:2a:eb:
                    6a:38:61:49:72:dd:7e:12:82:07:df:c5:e1:e1:17:
                    f1:91:2b:6b:1e:e8:8e:7c:5c:6a:e5:2a:a3:b5:88:
                    d2:75:12:43:a1:7c:c0:2a:f3:c6:3b:0d:fd:3c:25:
                    5e:80:39:c9:eb:c3:2d:14:5b:25:0a:1d:6c:b4:87:
                    2d:f3:cf:08:d7:1b:86:37:fa:47:ec:5b:7d:d1:51:
                    8b:7e:d4:4d:98:f2:b1:70:f3:44:9d:fa:d3:65:ed:
                    61:49:c6:94:44:f4:8f:da:2b:a1:ef:c5:51:2f:fb:
                    d3:67:9e:00:bf:59:e6:9b:7c:1e:5f:6c:f7:1e:57:
                    3e:fd:d1:ea:cf:66:27:f0:2f:dc:30:df:61:cc:9f:
                    0a:ee:aa:50:fb:98:3e:3c:38:e7:3d:29:d8:db:fa:
                    bd:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:C7:E1:41:39:BD:A9:DB:43:A7:C8:AC:E8:5F:29:6F:1C:B8:F6:A4
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/ced18dcc-2d98-3ca4-a7af-7a0f68e1defa.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/f5a8e327-ebf4-4f4b-9073-90acd61797cc.crl

            X509v3 Authority Key Identifier:
                keyid:45:86:65:E2:AF:1E:64:89:10:4A:3B:83:E3:D8:7F:48:93:B5:7B:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  165.140.105.0/24

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         75:53:e5:bd:55:65:c3:13:27:0a:f6:53:ca:fc:4c:c2:c4:47:
         b5:90:5f:5f:66:7e:4e:e9:64:70:07:a4:c4:dc:27:fd:04:f6:
         2e:13:88:b5:34:aa:b6:53:bd:45:2c:75:e5:da:89:dc:ed:31:
         90:62:3d:bf:c3:e1:3a:31:1b:1a:93:39:e6:08:9e:fa:cf:07:
         8f:1a:43:b4:71:da:4a:d8:57:0a:b9:72:7a:e8:b3:69:2e:33:
         ad:c6:7b:0a:9d:11:36:b9:d3:f0:18:5a:b9:e0:5c:a4:e8:db:
         fb:ea:0d:54:12:ac:d5:54:a9:1b:2c:2c:8c:fe:85:05:19:2d:
         85:9c:bf:10:90:a1:2f:1c:5c:4e:b6:5e:42:75:d6:f2:38:25:
         45:af:4d:5c:3c:fa:ca:95:90:d9:46:bb:4e:c3:18:7a:3d:13:
         70:85:d4:3b:0c:8f:9c:f4:bf:77:db:b3:dc:6e:87:3d:66:d6:
         56:20:24:bd:78:0c:35:c9:b8:1c:98:7b:d2:da:09:0e:a2:39:
         97:37:89:6d:ad:79:42:77:95:89:9d:c5:eb:59:ea:50:9e:84:
         c2:9c:ff:4e:25:6b:d8:8f:59:98:81:63:b9:7f:cb:c1:b9:a5:
         91:57:72:b4:1c:00:d0:d9:1b:16:1e:73:10:bb:fc:05:46:b4:
         9c:3e:fe:f8
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWD9SUxu7zJ4twIOCcwAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkZjVhOGUzMjctZWJmNC00ZjRiLTkwNzMtOTBhY2Q2MTc5
N2NjMB4XDTIyMDkyMTEyMDAwMFoXDTIzMDkyMjA0MDAwMFowLzEtMCsGA1UEAxMk
MzNkNTM4NzQtMDgxMC00YTE0LThiOWQtNTNhMzlhY2ZjMDlmMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjF2UrDXfUNinC7L1gTh82Sa43hb1FakKXzkG
zpJ9TPq1LUi6M1BKI+70SAAPW7Br7aIh/KO9tL8FIZeHdiBKf+NL811tsrweYvp1
BLyHa9tLrouPPeJlGfpfUuEbT5vC04KYVb2gKutqOGFJct1+EoIH38Xh4RfxkStr
HuiOfFxq5SqjtYjSdRJDoXzAKvPGOw39PCVegDnJ68MtFFslCh1stIct888I1xuG
N/pH7Ft90VGLftRNmPKxcPNEnfrTZe1hScaURPSP2iuh78VRL/vTZ54Av1nmm3we
X2z3Hlc+/dHqz2Yn8C/cMN9hzJ8K7qpQ+5g+PDjnPSnY2/q9GwIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFP/H4UE5vanbQ6fIrOhfKW8cuPakMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy9mNWE4
ZTMyNy1lYmY0LTRmNGItOTA3My05MGFjZDYxNzk3Y2MvY2VkMThkY2MtMmQ5OC0z
Y2E0LWE3YWYtN2EwZjY4ZTFkZWZhLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy81MjFlYjMzZi05
NjcyLTRjZDktYWNjZS0xMzcyMjdlOTcxYWMvZjVhOGUzMjctZWJmNC00ZjRiLTkw
NzMtOTBhY2Q2MTc5N2NjL2Y1YThlMzI3LWViZjQtNGY0Yi05MDczLTkwYWNkNjE3
OTdjYy5jcmwwHwYDVR0jBBgwFoAURYZl4q8eZIkQSjuD49h/SJO1e5MwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzUyMWViMzNmLTk2NzItNGNk
OS1hY2NlLTEzNzIyN2U5NzFhYy9mNWE4ZTMyNy1lYmY0LTRmNGItOTA3My05MGFj
ZDYxNzk3Y2MuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQApYxpMFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBAHVT5b1VZcMTJwr2U8r8TMLER7WQX19mfk7pZHAHpMTcJ/0E9i4TiLU0
qrZTvUUsdeXaidztMZBiPb/D4ToxGxqTOeYInvrPB48aQ7Rx2krYVwq5cnros2ku
M63GewqdETa50/AYWrngXKTo2/vqDVQSrNVUqRssLIz+hQUZLYWcvxCQoS8cXE62
XkJ11vI4JUWvTVw8+sqVkNlGu07DGHo9E3CF1DsMj5z0v3fbs9xuhz1m1lYgJL14
DDXJuByYe9LaCQ6iOZc3iW2teUJ3lYmdxetZ6lCehMKc/04la9iPWZiBY7l/y8G5
pZFXcrQcANDZGxYecxC7/AVGtJw+/vg=
-----END CERTIFICATE-----