Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/71ea89b4-ed85-463f-83d9-8453300bf2bd/3baf7f9a-e687-3328-8033-03e29de94246.roa
File:                     3baf7f9a-e687-3328-8033-03e29de94246.roa (raw, json)
Hash identifier:          4sOUdOUOSJgueOT2e63vZe+GebgncTvdb+bKQW4VRgM=
Subject key identifier:   45:22:0F:62:32:B7:54:5A:5B:A5:90:49:A9:7B:65:30:24:FD:59:31
Certificate issuer:       /CN=71ea89b4-ed85-463f-83d9-8453300bf2bd
Certificate serial:       010D0C9F43285842458335C87D91AC7A952C6280
Authority key identifier: 00:FA:28:B0:63:5E:34:0C:5A:99:8E:4A:5A:9E:34:69:3A:5A:56:62
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/71ea89b4-ed85-463f-83d9-8453300bf2bd.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/71ea89b4-ed85-463f-83d9-8453300bf2bd/3baf7f9a-e687-3328-8033-03e29de94246.roa
Signing time:             Mon 19 Jun 2023 13:00:19 +0000
ROA not before:           Mon 19 Jun 2023 13:00:19 +0000
ROA not after:            Sun 17 Sep 2023 13:00:19 +0000
asID:                     7862
IP address blocks:        146.23.24.0/22 maxlen: 24
                          146.23.60.0/23 maxlen: 24
                          146.23.4.0/22 maxlen: 24
                          146.23.12.0/22 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:42:45:83:35:c8:7d:91:ac:7a:95:2c:62:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=71ea89b4-ed85-463f-83d9-8453300bf2bd
        Validity
            Not Before: Jun 19 13:00:19 2023 GMT
            Not After : Sep 17 13:00:19 2023 GMT
        Subject: CN=38fd97b5-3b27-4f13-9204-0c15f68a09ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:39:4c:a0:aa:32:2f:31:16:76:88:c4:60:d5:
                    a2:0f:f1:30:81:af:b2:38:23:91:86:2c:ef:24:f5:
                    44:3f:e4:8f:ad:fc:a6:ad:17:be:0e:a6:2c:6e:2b:
                    11:00:e8:27:b1:bc:e0:06:8f:15:ee:ea:e9:f6:66:
                    b3:1b:16:62:61:7c:4d:0a:d8:79:d5:60:d0:ee:60:
                    e7:b7:5a:6b:f7:f1:2f:3d:18:fb:91:e3:ff:30:c7:
                    7c:a6:2b:69:63:7c:0d:33:3e:02:ba:dd:10:0f:1f:
                    7d:25:bf:76:be:0e:eb:ba:89:6b:67:73:41:c7:17:
                    04:14:91:ab:a9:88:3c:85:7c:75:2b:d8:6c:8e:b0:
                    0a:85:76:31:53:d0:98:44:55:a1:13:d8:28:7c:e6:
                    37:ea:ee:74:c9:49:15:90:e2:42:b5:74:e1:eb:5d:
                    37:bb:23:2b:e2:4f:c2:c1:4d:ba:f4:4f:85:bf:83:
                    64:c5:d7:68:ed:fe:32:2f:81:0d:51:e1:de:53:30:
                    e4:85:eb:74:f1:7e:eb:3f:1c:be:4c:90:8d:5e:47:
                    95:37:f8:b0:50:5c:0e:08:8f:51:c5:04:e7:f5:41:
                    54:0e:20:08:9e:25:fd:8c:86:15:ca:d9:95:40:36:
                    8b:43:43:81:0f:ae:e0:2e:a4:66:db:f8:cf:80:80:
                    58:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:22:0F:62:32:B7:54:5A:5B:A5:90:49:A9:7B:65:30:24:FD:59:31
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/71ea89b4-ed85-463f-83d9-8453300bf2bd/3baf7f9a-e687-3328-8033-03e29de94246.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/71ea89b4-ed85-463f-83d9-8453300bf2bd/71ea89b4-ed85-463f-83d9-8453300bf2bd.crl

            X509v3 Authority Key Identifier:
                keyid:00:FA:28:B0:63:5E:34:0C:5A:99:8E:4A:5A:9E:34:69:3A:5A:56:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/71ea89b4-ed85-463f-83d9-8453300bf2bd.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.23.4.0/22
                  146.23.12.0/22
                  146.23.24.0/22
                  146.23.60.0/23

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         06:c3:e9:4d:77:5c:28:9a:79:ab:55:88:4c:fd:e2:e6:ff:3d:
         c4:7b:92:30:1e:0b:95:23:90:83:a7:4d:07:c7:83:21:ce:c3:
         43:d9:49:82:da:dd:0a:bb:08:0f:8f:e6:59:d6:7f:0c:92:00:
         8f:29:a2:48:80:91:c4:32:d0:89:34:8f:aa:3e:5d:15:41:80:
         db:6f:68:ed:0d:f7:17:74:d0:b6:9f:0f:70:6c:da:83:16:38:
         08:8c:e1:5c:eb:c5:b2:06:b4:a4:60:d1:5d:5c:ee:cf:77:86:
         c5:a4:5a:3a:a2:0c:32:c7:51:19:b5:42:6d:0a:75:33:c4:9a:
         6f:cf:75:bb:64:29:fd:7d:2e:4f:46:35:e9:3a:fd:fc:16:fc:
         0a:20:b5:a4:e7:2f:a0:f3:cc:1d:9c:27:d2:4f:84:e7:66:ba:
         2d:62:67:f0:84:58:1b:7f:1d:45:41:a5:a1:c5:e3:3f:83:7c:
         ee:24:5e:0d:ce:19:b1:a6:a5:2e:3b:06:0e:df:6d:ed:38:c0:
         34:da:62:5b:8a:4d:df:f1:ad:fd:23:12:69:75:e5:3b:19:85:
         49:3a:12:5a:a0:0b:d5:e8:83:f1:02:69:54:ad:c3:c4:75:f6:
         6e:15:3e:dc:a6:a7:20:05:ee:f5:62:48:a3:7a:ce:3c:74:4b:
         8c:84:af:bb
-----BEGIN CERTIFICATE-----
MIIGVTCCBT2gAwIBAgIUAQ0Mn0MoWEJFgzXIfZGsepUsYoAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkNzFlYTg5YjQtZWQ4NS00NjNmLTgzZDktODQ1MzMwMGJm
MmJkMB4XDTIzMDYxOTEzMDAxOVoXDTIzMDkxNzEzMDAxOVowLzEtMCsGA1UEAxMk
MzhmZDk3YjUtM2IyNy00ZjEzLTkyMDQtMGMxNWY2OGEwOWFlMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzzlMoKoyLzEWdojEYNWiD/Ewga+yOCORhizv
JPVEP+SPrfymrRe+DqYsbisRAOgnsbzgBo8V7urp9mazGxZiYXxNCth51WDQ7mDn
t1pr9/EvPRj7keP/MMd8pitpY3wNMz4Cut0QDx99Jb92vg7ruolrZ3NBxxcEFJGr
qYg8hXx1K9hsjrAKhXYxU9CYRFWhE9gofOY36u50yUkVkOJCtXTh6103uyMr4k/C
wU269E+Fv4Nkxddo7f4yL4ENUeHeUzDkhet08X7rPxy+TJCNXkeVN/iwUFwOCI9R
xQTn9UFUDiAIniX9jIYVytmVQDaLQ0OBD67gLqRm2/jPgIBYIwIDAQABo4IDZzCC
A2MwHQYDVR0OBBYEFEUiD2Iyt1RaW6WQSal7ZTAk/VkxMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzc0NmUwMTExLWZhZmItNDMwZi1iNzc4LWQyMDRjZmNkOTlhOC83MWVh
ODliNC1lZDg1LTQ2M2YtODNkOS04NDUzMzAwYmYyYmQvM2JhZjdmOWEtZTY4Ny0z
MzI4LTgwMzMtMDNlMjlkZTk0MjQ2LnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy83NDZlMDExMS1m
YWZiLTQzMGYtYjc3OC1kMjA0Y2ZjZDk5YTgvNzFlYTg5YjQtZWQ4NS00NjNmLTgz
ZDktODQ1MzMwMGJmMmJkLzcxZWE4OWI0LWVkODUtNDYzZi04M2Q5LTg0NTMzMDBi
ZjJiZC5jcmwwHwYDVR0jBBgwFoAUAPoosGNeNAxamY5KWp40aTpaVmIwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzc0NmUwMTExLWZhZmItNDMw
Zi1iNzc4LWQyMDRjZmNkOTlhOC83MWVhODliNC1lZDg1LTQ2M2YtODNkOS04NDUz
MzAwYmYyYmQuY2VyMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQCkhcEAwQC
khcMAwQCkhcYAwQBkhc8MFQGA1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4Bggr
BgEFBQcCARYsaHR0cHM6Ly93d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3Bz
Lmh0bWwwDQYJKoZIhvcNAQELBQADggEBAAbD6U13XCiaeatViEz94ub/PcR7kjAe
C5UjkIOnTQfHgyHOw0PZSYLa3Qq7CA+P5lnWfwySAI8pokiAkcQy0Ik0j6o+XRVB
gNtvaO0N9xd00LafD3Bs2oMWOAiM4VzrxbIGtKRg0V1c7s93hsWkWjqiDDLHURm1
Qm0KdTPEmm/PdbtkKf19Lk9GNek6/fwW/AogtaTnL6DzzB2cJ9JPhOdmui1iZ/CE
WBt/HUVBpaHF4z+DfO4kXg3OGbGmpS47Bg7fbe04wDTaYluKTd/xrf0jEml15TsZ
hUk6ElqgC9Xog/ECaVStw8R19m4VPtympyAF7vViSKN6zjx0S4yEr7s=
-----END CERTIFICATE-----