Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/0c772b4b-15fb-4b38-b505-dfe915dae9cd/4ef9f429-7e0f-3d1d-be75-0e51b6915e54.roa
File:                     4ef9f429-7e0f-3d1d-be75-0e51b6915e54.roa (raw, json)
Hash identifier:          X5nwGXpNocIy45ymIDFhFdkAJUbXFR08Kw5XO4knIzw=
Subject key identifier:   EA:45:DE:C2:14:94:BB:B2:9E:26:6F:30:6E:B6:B4:57:F2:AE:FA:E8
Certificate issuer:       /CN=0c772b4b-15fb-4b38-b505-dfe915dae9cd
Certificate serial:       010D0C9F43285843F6590336A6AD6507C729FBC0
Authority key identifier: F1:45:52:CC:E6:22:4E:29:4E:15:2D:5C:E4:BD:DD:05:3A:08:B5:72
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/0c772b4b-15fb-4b38-b505-dfe915dae9cd.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/0c772b4b-15fb-4b38-b505-dfe915dae9cd/4ef9f429-7e0f-3d1d-be75-0e51b6915e54.roa
Signing time:             Tue 21 Nov 2023 14:00:21 +0000
ROA not before:           Tue 21 Nov 2023 14:00:21 +0000
ROA not after:            Mon 19 Feb 2024 14:00:21 +0000
asID:                     34553
IP address blocks:        23.170.176.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:43:f6:59:03:36:a6:ad:65:07:c7:29:fb:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0c772b4b-15fb-4b38-b505-dfe915dae9cd
        Validity
            Not Before: Nov 21 14:00:21 2023 GMT
            Not After : Feb 19 14:00:21 2024 GMT
        Subject: CN=81d8d6b1-f931-407a-af04-6e2791cde866
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:f4:09:b7:6b:e3:50:50:33:82:47:67:58:f2:
                    0d:31:a3:b2:c7:5c:89:e8:81:00:06:f1:ea:a2:b0:
                    53:87:a4:c4:d7:25:14:b0:59:62:13:b7:98:cd:53:
                    ed:94:b5:ba:3d:72:67:03:87:83:7d:b7:5e:aa:13:
                    7f:14:4a:5b:52:66:80:41:34:e4:b9:a8:03:d3:03:
                    f0:9a:df:56:49:16:54:f0:10:e8:e8:b8:6e:4e:27:
                    36:8a:8e:8a:43:4f:2f:1e:67:86:ed:18:72:47:3c:
                    8c:6e:29:05:2e:74:3b:17:47:0f:33:36:4a:b3:06:
                    5e:e8:36:a8:0e:40:4b:de:76:bf:1b:17:e3:be:30:
                    a0:c8:4c:10:05:30:26:a5:2c:5f:23:48:49:ab:80:
                    00:65:2f:0a:16:0b:c2:c4:5d:d0:69:f6:94:9a:cf:
                    81:b1:aa:d6:75:0f:0c:1a:87:38:4d:f0:35:02:5d:
                    9a:8d:15:65:b5:d0:31:cc:01:ce:80:c2:4d:db:06:
                    57:34:9e:91:79:84:d6:be:3e:c3:fa:9e:bd:9e:4f:
                    ed:cc:88:24:b4:02:63:59:56:5c:82:5d:1c:30:1a:
                    95:41:97:f4:fd:c1:af:30:5f:37:b1:20:76:88:e6:
                    8f:10:a0:dd:d9:3b:32:43:48:78:ce:ee:6a:4e:ad:
                    e1:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:45:DE:C2:14:94:BB:B2:9E:26:6F:30:6E:B6:B4:57:F2:AE:FA:E8
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/0c772b4b-15fb-4b38-b505-dfe915dae9cd/4ef9f429-7e0f-3d1d-be75-0e51b6915e54.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/0c772b4b-15fb-4b38-b505-dfe915dae9cd/0c772b4b-15fb-4b38-b505-dfe915dae9cd.crl

            X509v3 Authority Key Identifier:
                keyid:F1:45:52:CC:E6:22:4E:29:4E:15:2D:5C:E4:BD:DD:05:3A:08:B5:72

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/0c772b4b-15fb-4b38-b505-dfe915dae9cd.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.170.176.0/24

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         46:40:6b:47:06:90:d5:9d:9b:e9:95:98:48:96:45:ca:29:1a:
         19:c1:10:58:56:e8:91:9e:b6:63:22:5e:83:05:1a:d7:54:3a:
         48:87:e3:44:60:e3:90:29:3c:15:22:22:65:8d:bb:d1:d5:51:
         54:02:5b:23:71:54:82:69:0c:c4:b7:b7:86:21:a4:81:fe:6a:
         c7:6b:b5:2f:3d:57:e8:54:99:1c:d1:9b:d6:63:30:7f:3e:4e:
         16:f6:43:c2:63:85:dd:53:7e:35:70:8f:51:d5:b8:35:fd:38:
         54:1a:71:58:b5:aa:47:a1:7a:c4:4e:90:19:89:5e:51:fc:08:
         0c:13:1d:69:cc:75:ab:82:83:94:91:da:cd:30:a3:6b:99:5d:
         d4:d9:45:13:83:b6:2a:9a:62:e7:0f:b7:52:4b:54:f2:b5:f4:
         ef:fe:4d:4b:32:6b:07:5c:f3:ac:b0:b6:69:32:4b:32:f6:6d:
         4f:e8:08:15:e5:03:ef:6d:37:55:3f:2b:41:97:38:87:ab:63:
         f6:ef:9c:f6:5a:54:cd:3e:12:8e:0c:99:88:8e:0b:cf:93:74:
         88:f1:9b:8f:e0:63:f6:9f:90:00:45:ef:1b:ab:e3:2e:57:88:
         f8:18:1d:a8:ee:63:37:83:ac:5e:93:f9:48:e9:66:68:73:1b:
         57:28:5a:4d
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWEP2WQM2pq1lB8cp+8AwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkMGM3NzJiNGItMTVmYi00YjM4LWI1MDUtZGZlOTE1ZGFl
OWNkMB4XDTIzMTEyMTE0MDAyMVoXDTI0MDIxOTE0MDAyMVowLzEtMCsGA1UEAxMk
ODFkOGQ2YjEtZjkzMS00MDdhLWFmMDQtNmUyNzkxY2RlODY2MIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAofQJt2vjUFAzgkdnWPINMaOyx1yJ6IEABvHq
orBTh6TE1yUUsFliE7eYzVPtlLW6PXJnA4eDfbdeqhN/FEpbUmaAQTTkuagD0wPw
mt9WSRZU8BDo6LhuTic2io6KQ08vHmeG7RhyRzyMbikFLnQ7F0cPMzZKswZe6Dao
DkBL3na/GxfjvjCgyEwQBTAmpSxfI0hJq4AAZS8KFgvCxF3QafaUms+BsarWdQ8M
Goc4TfA1Al2ajRVltdAxzAHOgMJN2wZXNJ6ReYTWvj7D+p69nk/tzIgktAJjWVZc
gl0cMBqVQZf0/cGvMF83sSB2iOaPEKDd2TsyQ0h4zu5qTq3hLQIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFOpF3sIUlLuyniZvMG62tFfyrvroMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzc0NmUwMTExLWZhZmItNDMwZi1iNzc4LWQyMDRjZmNkOTlhOC8wYzc3
MmI0Yi0xNWZiLTRiMzgtYjUwNS1kZmU5MTVkYWU5Y2QvNGVmOWY0MjktN2UwZi0z
ZDFkLWJlNzUtMGU1MWI2OTE1ZTU0LnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy83NDZlMDExMS1m
YWZiLTQzMGYtYjc3OC1kMjA0Y2ZjZDk5YTgvMGM3NzJiNGItMTVmYi00YjM4LWI1
MDUtZGZlOTE1ZGFlOWNkLzBjNzcyYjRiLTE1ZmItNGIzOC1iNTA1LWRmZTkxNWRh
ZTljZC5jcmwwHwYDVR0jBBgwFoAU8UVSzOYiTilOFS1c5L3dBToItXIwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzc0NmUwMTExLWZhZmItNDMw
Zi1iNzc4LWQyMDRjZmNkOTlhOC8wYzc3MmI0Yi0xNWZiLTRiMzgtYjUwNS1kZmU5
MTVkYWU5Y2QuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAF6qwMFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBAEZAa0cGkNWdm+mVmEiWRcopGhnBEFhW6JGetmMiXoMFGtdUOkiH40Rg
45ApPBUiImWNu9HVUVQCWyNxVIJpDMS3t4YhpIH+asdrtS89V+hUmRzRm9ZjMH8+
Thb2Q8Jjhd1TfjVwj1HVuDX9OFQacVi1qkehesROkBmJXlH8CAwTHWnMdauCg5SR
2s0wo2uZXdTZRRODtiqaYucPt1JLVPK19O/+TUsyawdc86ywtmkySzL2bU/oCBXl
A+9tN1U/K0GXOIerY/bvnPZaVM0+Eo4MmYiOC8+TdIjxm4/gY/afkABF7xur4y5X
iPgYHajuYzeDrF6T+UjpZmhzG1coWk0=
-----END CERTIFICATE-----