Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/302111be-b954-4c5e-ac9b-4f85c3c11fe2/775cdf9d-ab14-3228-974b-fb3f452c5cfb.roa
File:                     775cdf9d-ab14-3228-974b-fb3f452c5cfb.roa (raw, json)
Hash identifier:          uL8I3Fro3JYN5W+qFcwsFcvkfRMMujd9CzMQ2vIfX28=
Subject key identifier:   03:D4:A2:C3:6C:1B:A1:92:59:3F:FB:95:26:B1:5D:BF:02:DB:61:F0
Certificate issuer:       /CN=302111be-b954-4c5e-ac9b-4f85c3c11fe2
Certificate serial:       010D0C9F43285844720B5B3AE1031EBE88C00B00
Authority key identifier: C8:52:80:DE:48:F1:3F:44:A9:6E:56:69:6B:13:6B:04:12:53:9A:AC
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/302111be-b954-4c5e-ac9b-4f85c3c11fe2.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/302111be-b954-4c5e-ac9b-4f85c3c11fe2/775cdf9d-ab14-3228-974b-fb3f452c5cfb.roa
Signing time:             Wed 03 Jan 2024 12:00:00 +0000
ROA not before:           Wed 03 Jan 2024 12:00:00 +0000
ROA not after:            Wed 29 Jan 2025 05:00:00 +0000
asID:                     36040
IP address blocks:        136.117.0.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:44:72:0b:5b:3a:e1:03:1e:be:88:c0:0b:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=302111be-b954-4c5e-ac9b-4f85c3c11fe2
        Validity
            Not Before: Jan  3 12:00:00 2024 GMT
            Not After : Jan 29 05:00:00 2025 GMT
        Subject: CN=1ba095c4-34f3-409e-8c19-0ac4927c5134
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:0c:dc:dc:ab:d8:60:ea:ca:c3:ac:01:fc:c7:
                    71:88:bd:5d:36:cb:a4:e5:32:8d:1a:fb:7a:3b:f9:
                    f3:1c:52:14:06:07:d9:9a:32:45:a9:4d:41:2d:ff:
                    68:8a:de:3f:a5:aa:3b:e3:a4:05:ff:ae:df:74:96:
                    a5:ee:15:1d:31:30:9e:a4:a8:74:3b:92:a8:e8:b2:
                    d7:ae:b7:87:22:d9:36:46:8d:51:0a:6c:32:3b:45:
                    03:e3:8c:5c:02:5d:cc:eb:65:51:cb:fb:d7:31:47:
                    e1:7f:08:75:14:bb:8e:4f:3e:aa:ae:07:21:18:b3:
                    d2:35:48:b1:51:de:7c:9c:64:c2:99:7f:41:e9:85:
                    d5:88:78:a7:76:93:af:a9:ec:30:c7:af:25:54:f7:
                    6a:05:e1:08:d3:b4:43:aa:b0:1b:98:02:42:16:dc:
                    c2:08:7d:32:68:a6:2e:0a:20:e6:5c:e8:93:af:9c:
                    bd:a8:4e:8b:9e:f8:9e:67:85:71:5b:d0:22:fa:d0:
                    ad:1c:51:2e:ed:dc:5f:76:62:28:fe:96:2a:a6:43:
                    f2:ca:99:f8:47:6a:5c:67:89:7b:b9:e4:e2:b3:65:
                    2d:57:0a:d5:a2:d6:5f:6c:ca:fc:29:b6:db:41:0a:
                    57:88:30:1d:71:c0:c1:cd:22:3f:c6:28:98:42:fa:
                    3d:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:D4:A2:C3:6C:1B:A1:92:59:3F:FB:95:26:B1:5D:BF:02:DB:61:F0
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/302111be-b954-4c5e-ac9b-4f85c3c11fe2/775cdf9d-ab14-3228-974b-fb3f452c5cfb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/302111be-b954-4c5e-ac9b-4f85c3c11fe2/302111be-b954-4c5e-ac9b-4f85c3c11fe2.crl

            X509v3 Authority Key Identifier:
                keyid:C8:52:80:DE:48:F1:3F:44:A9:6E:56:69:6B:13:6B:04:12:53:9A:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/302111be-b954-4c5e-ac9b-4f85c3c11fe2.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  136.117.0.0/24

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         9e:77:42:27:57:9a:e2:08:3f:ca:97:ef:40:f9:3b:d1:80:2a:
         b7:c4:6d:62:60:53:07:c9:af:6d:8d:ba:b6:bb:df:65:3d:45:
         bd:76:58:4a:8b:24:da:80:7e:ce:6a:f3:b4:aa:eb:59:f5:6c:
         7c:3f:c7:66:e5:81:85:78:56:67:7b:10:0f:8e:b1:03:9a:6d:
         99:aa:8a:cb:28:5b:b4:38:0a:0b:e8:4e:6d:dc:44:76:56:a3:
         6f:6b:3a:55:57:44:7e:53:6a:6d:f7:69:06:8f:00:52:11:56:
         2e:84:a9:73:c4:66:d9:56:0f:7f:ae:11:ba:be:12:cc:52:0b:
         7c:db:99:4b:18:5b:ef:76:fa:f7:dc:f3:9e:9f:9f:8e:af:a3:
         b5:9e:ec:f1:ba:b1:18:d6:ef:1e:32:fe:12:c6:af:ea:71:a0:
         df:31:43:01:36:75:3a:18:ef:80:05:94:b4:a4:11:9a:92:97:
         db:29:53:74:9f:a0:99:b1:bc:c1:43:a9:e6:2c:b1:2c:c4:af:
         2a:cf:e2:8a:11:06:35:ed:7b:46:7f:b6:8d:2c:28:bb:2e:a3:
         31:24:5c:63:9c:82:82:2a:56:8d:8e:3a:08:2e:14:d9:00:78:
         b6:7a:4e:16:14:d9:47:00:42:ea:b1:65:27:18:e3:61:b6:8d:
         b4:11:fa:4f
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWERyC1s64QMevojACwAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkMzAyMTExYmUtYjk1NC00YzVlLWFjOWItNGY4NWMzYzEx
ZmUyMB4XDTI0MDEwMzEyMDAwMFoXDTI1MDEyOTA1MDAwMFowLzEtMCsGA1UEAxMk
MWJhMDk1YzQtMzRmMy00MDllLThjMTktMGFjNDkyN2M1MTM0MIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0gzc3KvYYOrKw6wB/MdxiL1dNsuk5TKNGvt6
O/nzHFIUBgfZmjJFqU1BLf9oit4/pao746QF/67fdJal7hUdMTCepKh0O5Ko6LLX
rreHItk2Ro1RCmwyO0UD44xcAl3M62VRy/vXMUfhfwh1FLuOTz6qrgchGLPSNUix
Ud58nGTCmX9B6YXViHindpOvqewwx68lVPdqBeEI07RDqrAbmAJCFtzCCH0yaKYu
CiDmXOiTr5y9qE6LnvieZ4VxW9Ai+tCtHFEu7dxfdmIo/pYqpkPyypn4R2pcZ4l7
ueTis2UtVwrVotZfbMr8KbbbQQpXiDAdccDBzSI/xiiYQvo9eQIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFAPUosNsG6GSWT/7lSaxXb8C22HwMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzc0NmUwMTExLWZhZmItNDMwZi1iNzc4LWQyMDRjZmNkOTlhOC8zMDIx
MTFiZS1iOTU0LTRjNWUtYWM5Yi00Zjg1YzNjMTFmZTIvNzc1Y2RmOWQtYWIxNC0z
MjI4LTk3NGItZmIzZjQ1MmM1Y2ZiLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy83NDZlMDExMS1m
YWZiLTQzMGYtYjc3OC1kMjA0Y2ZjZDk5YTgvMzAyMTExYmUtYjk1NC00YzVlLWFj
OWItNGY4NWMzYzExZmUyLzMwMjExMWJlLWI5NTQtNGM1ZS1hYzliLTRmODVjM2Mx
MWZlMi5jcmwwHwYDVR0jBBgwFoAUyFKA3kjxP0SpblZpaxNrBBJTmqwwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzc0NmUwMTExLWZhZmItNDMw
Zi1iNzc4LWQyMDRjZmNkOTlhOC8zMDIxMTFiZS1iOTU0LTRjNWUtYWM5Yi00Zjg1
YzNjMTFmZTIuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAiHUAMFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBAJ53QidXmuIIP8qX70D5O9GAKrfEbWJgUwfJr22Nura732U9Rb12WEqL
JNqAfs5q87Sq61n1bHw/x2blgYV4Vmd7EA+OsQOabZmqissoW7Q4CgvoTm3cRHZW
o29rOlVXRH5Tam33aQaPAFIRVi6EqXPEZtlWD3+uEbq+EsxSC3zbmUsYW+92+vfc
856fn46vo7We7PG6sRjW7x4y/hLGr+pxoN8xQwE2dToY74AFlLSkEZqSl9spU3Sf
oJmxvMFDqeYssSzEryrP4ooRBjXte0Z/to0sKLsuozEkXGOcgoIqVo2OOgguFNkA
eLZ6ThYU2UcAQuqxZScY42G2jbQR+k8=
-----END CERTIFICATE-----