Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/d009fa97-c905-3e40-bd37-db2b9637df57.roa
File:                     d009fa97-c905-3e40-bd37-db2b9637df57.roa (raw, json)
Hash identifier:          0tHAI4Elt6T35AFgR7UJsyJ/TpzbGVlNfhVQX9yFf9Y=
Subject key identifier:   61:1D:C5:20:18:ED:CD:1A:11:0B:A4:52:BC:1C:F2:8C:FE:24:38:6E
Certificate issuer:       /CN=f5a8e327-ebf4-4f4b-9073-90acd61797cc
Certificate serial:       010D0C9F4328583D5EE9EC6B2AD3C469C302F270
Authority key identifier: 45:86:65:E2:AF:1E:64:89:10:4A:3B:83:E3:D8:7F:48:93:B5:7B:93
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/d009fa97-c905-3e40-bd37-db2b9637df57.roa
Signing time:             Sun 27 Mar 2022 04:00:00 +0000
ROA not before:           Sun 27 Mar 2022 04:00:00 +0000
ROA not after:            Mon 27 Mar 2023 04:00:00 +0000
asID:                     3970
IP address blocks:        2620:9e:6001::/48 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:3d:5e:e9:ec:6b:2a:d3:c4:69:c3:02:f2:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f5a8e327-ebf4-4f4b-9073-90acd61797cc
        Validity
            Not Before: Mar 27 04:00:00 2022 GMT
            Not After : Mar 27 04:00:00 2023 GMT
        Subject: CN=023bf83c-7f33-4e68-a40b-ea13b486e75f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:92:47:79:fc:3c:94:69:b1:47:e9:9b:15:c9:
                    8f:7b:69:a7:57:db:a3:78:4f:04:8d:3f:64:80:0f:
                    26:94:d9:e8:8b:17:0c:62:9b:79:8d:b5:65:db:93:
                    62:a6:c9:16:60:a0:6c:b5:9c:66:46:09:1e:35:06:
                    62:ac:2d:7d:11:a8:d6:73:0f:27:eb:13:5a:e6:91:
                    97:b9:66:a6:65:68:17:f0:de:a2:80:be:b9:66:10:
                    e9:82:2c:90:1d:63:e5:c5:75:c5:f9:91:b5:ff:03:
                    f7:1d:15:3b:28:38:50:46:54:8b:0a:75:b7:40:e4:
                    cc:09:cf:09:dc:69:84:b3:69:7a:ac:35:67:81:ee:
                    8f:68:9c:ac:44:5e:cb:54:e9:f8:f3:85:c6:08:e5:
                    c0:b2:9c:92:22:bd:ea:85:6d:f6:19:fe:c2:c1:26:
                    e7:0a:4e:e3:94:82:2c:2d:56:de:4c:c3:e7:d1:ac:
                    d6:80:17:25:11:7d:b9:82:2b:ea:81:b4:0b:ef:71:
                    f3:11:44:60:71:89:c4:64:8c:fa:6c:33:1d:fd:52:
                    23:7d:22:5a:d7:d7:14:4a:9e:20:29:90:5b:20:11:
                    42:84:4e:a3:e1:90:af:74:6b:7c:ad:c0:c9:1c:4c:
                    51:a7:2c:36:4c:1a:32:9f:ea:e8:f9:71:3c:24:9f:
                    d2:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:1D:C5:20:18:ED:CD:1A:11:0B:A4:52:BC:1C:F2:8C:FE:24:38:6E
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/d009fa97-c905-3e40-bd37-db2b9637df57.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/f5a8e327-ebf4-4f4b-9073-90acd61797cc.crl

            X509v3 Authority Key Identifier:
                keyid:45:86:65:E2:AF:1E:64:89:10:4A:3B:83:E3:D8:7F:48:93:B5:7B:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc.cer

            sbgp-ipAddrBlock: critical
                IPv6:
                  2620:9e:6001::/48

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         2f:0a:ff:31:96:81:d6:fc:1f:88:ce:c4:5d:e5:f2:85:77:20:
         06:c9:1e:d7:d5:07:a2:2d:55:a1:ab:48:cf:46:60:36:96:92:
         2b:98:45:7e:1f:10:0d:d6:53:d9:72:d4:d3:5c:e3:e9:47:7e:
         9b:ff:23:09:8c:fd:4f:4c:9c:7d:73:fc:2b:e1:89:d8:c7:cc:
         62:2d:c6:13:c5:95:0c:90:29:bc:cd:7a:27:a8:96:d2:fc:61:
         60:0f:33:97:fb:a7:18:5e:4e:dc:68:43:b3:a2:92:97:4a:97:
         fa:f8:f1:f5:a6:d1:f5:89:24:9b:bd:a4:0c:e5:1a:f6:73:a9:
         ef:cd:4e:be:2e:c4:f3:9b:be:bf:25:26:92:90:2d:2d:21:e8:
         69:4e:5b:09:f0:00:58:fc:d4:fe:a4:dc:48:b2:7e:7d:cd:98:
         54:f8:1e:5f:a2:78:2d:f1:23:05:14:2a:0b:24:cf:0a:5c:f2:
         d3:cb:01:df:15:39:a9:c5:01:0f:e1:3a:88:54:92:90:42:11:
         0f:0f:9b:52:ba:ab:54:ea:f5:ae:a7:5b:07:50:45:70:d8:16:
         66:76:4e:1f:7b:ff:42:af:de:b3:22:b7:f4:2a:2e:e8:5b:2b:
         5e:01:6f:21:e4:ff:91:6f:9c:03:0c:3a:f3:46:13:b7:34:40:
         9d:b6:9a:d1
-----BEGIN CERTIFICATE-----
MIIGRjCCBS6gAwIBAgIUAQ0Mn0MoWD1e6exrKtPEacMC8nAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkZjVhOGUzMjctZWJmNC00ZjRiLTkwNzMtOTBhY2Q2MTc5
N2NjMB4XDTIyMDMyNzA0MDAwMFoXDTIzMDMyNzA0MDAwMFowLzEtMCsGA1UEAxMk
MDIzYmY4M2MtN2YzMy00ZTY4LWE0MGItZWExM2I0ODZlNzVmMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4JJHefw8lGmxR+mbFcmPe2mnV9ujeE8EjT9k
gA8mlNnoixcMYpt5jbVl25NipskWYKBstZxmRgkeNQZirC19EajWcw8n6xNa5pGX
uWamZWgX8N6igL65ZhDpgiyQHWPlxXXF+ZG1/wP3HRU7KDhQRlSLCnW3QOTMCc8J
3GmEs2l6rDVnge6PaJysRF7LVOn484XGCOXAspySIr3qhW32Gf7CwSbnCk7jlIIs
LVbeTMPn0azWgBclEX25givqgbQL73HzEURgcYnEZIz6bDMd/VIjfSJa19cUSp4g
KZBbIBFChE6j4ZCvdGt8rcDJHExRpyw2TBoyn+ro+XE8JJ/ScwIDAQABo4IDWDCC
A1QwHQYDVR0OBBYEFGEdxSAY7c0aEQukUrwc8oz+JDhuMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy9mNWE4
ZTMyNy1lYmY0LTRmNGItOTA3My05MGFjZDYxNzk3Y2MvZDAwOWZhOTctYzkwNS0z
ZTQwLWJkMzctZGIyYjk2MzdkZjU3LnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy81MjFlYjMzZi05
NjcyLTRjZDktYWNjZS0xMzcyMjdlOTcxYWMvZjVhOGUzMjctZWJmNC00ZjRiLTkw
NzMtOTBhY2Q2MTc5N2NjL2Y1YThlMzI3LWViZjQtNGY0Yi05MDczLTkwYWNkNjE3
OTdjYy5jcmwwHwYDVR0jBBgwFoAURYZl4q8eZIkQSjuD49h/SJO1e5MwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzUyMWViMzNmLTk2NzItNGNk
OS1hY2NlLTEzNzIyN2U5NzFhYy9mNWE4ZTMyNy1lYmY0LTRmNGItOTA3My05MGFj
ZDYxNzk3Y2MuY2VyMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAJiAAnmAB
MFQGA1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6
Ly93d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcN
AQELBQADggEBAC8K/zGWgdb8H4jOxF3l8oV3IAbJHtfVB6ItVaGrSM9GYDaWkiuY
RX4fEA3WU9ly1NNc4+lHfpv/IwmM/U9MnH1z/CvhidjHzGItxhPFlQyQKbzNeieo
ltL8YWAPM5f7pxheTtxoQ7OikpdKl/r48fWm0fWJJJu9pAzlGvZzqe/NTr4uxPOb
vr8lJpKQLS0h6GlOWwnwAFj81P6k3Eiyfn3NmFT4Hl+ieC3xIwUUKgskzwpc8tPL
Ad8VOanFAQ/hOohUkpBCEQ8Pm1K6q1Tq9a6nWwdQRXDYFmZ2Th97/0Kv3rMit/Qq
LuhbK14BbyHk/5FvnAMMOvNGE7c0QJ22mtE=
-----END CERTIFICATE-----