Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/71ea89b4-ed85-463f-83d9-8453300bf2bd/60e664ce-e3c1-3aaf-9f4c-eeb52f8ff177.roa
File:                     60e664ce-e3c1-3aaf-9f4c-eeb52f8ff177.roa (raw, json)
Hash identifier:          jAY6lJ0BCxlCP1fJEbAa0J2FiAlnQlh1tra70sQANpk=
Subject key identifier:   D6:60:D4:24:BC:19:53:8C:81:2C:54:87:64:E9:16:36:C6:6B:AB:D3
Certificate issuer:       /CN=71ea89b4-ed85-463f-83d9-8453300bf2bd
Certificate serial:       010D0C9F432858421772E5CBF42279FC685D28C0
Authority key identifier: 00:FA:28:B0:63:5E:34:0C:5A:99:8E:4A:5A:9E:34:69:3A:5A:56:62
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/71ea89b4-ed85-463f-83d9-8453300bf2bd.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/71ea89b4-ed85-463f-83d9-8453300bf2bd/60e664ce-e3c1-3aaf-9f4c-eeb52f8ff177.roa
Signing time:             Sat 03 Jun 2023 01:00:17 +0000
ROA not before:           Sat 03 Jun 2023 01:00:17 +0000
ROA not after:            Fri 01 Sep 2023 01:00:17 +0000
asID:                     7862
IP address blocks:        146.23.212.0/22 maxlen: 22
                          146.23.208.0/22 maxlen: 22
                          144.5.60.0/23 maxlen: 23
                          146.23.216.0/22 maxlen: 22

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:42:17:72:e5:cb:f4:22:79:fc:68:5d:28:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=71ea89b4-ed85-463f-83d9-8453300bf2bd
        Validity
            Not Before: Jun  3 01:00:17 2023 GMT
            Not After : Sep  1 01:00:17 2023 GMT
        Subject: CN=aed97662-db87-4840-917b-357fec4ae1f9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:1c:cb:cd:53:69:c0:f0:27:c8:f3:0a:02:4c:
                    10:07:5c:7f:4d:0a:d4:c3:55:72:2c:b1:4c:1d:f4:
                    7f:a1:9f:e5:8a:54:67:fa:25:ce:45:88:ea:19:25:
                    00:c0:9b:c1:52:df:16:b9:76:16:83:85:41:8c:fe:
                    55:4b:2c:bd:a8:0f:06:d5:ae:73:d3:8e:6e:72:89:
                    23:9a:fc:f9:fe:8b:01:a9:11:f1:8b:07:0c:c3:d9:
                    06:c4:08:e2:38:1a:fd:ee:50:ec:dc:cc:69:2f:48:
                    11:c7:45:e0:2a:73:85:52:be:c5:5f:61:ad:b7:7c:
                    cc:01:ab:96:91:c3:71:0e:34:b3:c5:ce:ad:13:c6:
                    4e:79:bb:96:19:01:1f:82:4d:b4:1b:0e:96:a7:87:
                    d8:44:d1:66:f1:c4:54:dd:52:2e:14:81:60:a4:fb:
                    92:b2:8d:81:2f:ef:bf:84:1c:99:e7:96:89:aa:31:
                    f5:27:94:8d:24:cf:e1:93:47:3a:40:ff:7c:1b:b7:
                    17:f1:b1:81:48:9a:b3:dd:eb:ce:55:d3:7b:23:d7:
                    7a:f8:0c:6d:f3:01:51:14:df:92:d7:0c:b6:4f:3d:
                    22:08:40:00:ec:68:89:2e:91:54:1d:e2:43:42:78:
                    a3:03:02:69:35:8c:55:2b:ea:0d:8f:71:d5:5d:ad:
                    6b:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:60:D4:24:BC:19:53:8C:81:2C:54:87:64:E9:16:36:C6:6B:AB:D3
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/71ea89b4-ed85-463f-83d9-8453300bf2bd/60e664ce-e3c1-3aaf-9f4c-eeb52f8ff177.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/71ea89b4-ed85-463f-83d9-8453300bf2bd/71ea89b4-ed85-463f-83d9-8453300bf2bd.crl

            X509v3 Authority Key Identifier:
                keyid:00:FA:28:B0:63:5E:34:0C:5A:99:8E:4A:5A:9E:34:69:3A:5A:56:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/71ea89b4-ed85-463f-83d9-8453300bf2bd.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  144.5.60.0/23
                  146.23.208.0-146.23.219.255

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         c8:24:26:78:8c:bc:e9:24:af:4b:64:8c:57:ad:f5:6c:57:cc:
         24:62:53:53:b3:af:7b:8f:fa:63:d3:96:cd:af:42:89:5c:74:
         7f:dd:46:26:df:79:7d:c4:5d:80:32:fd:d4:f7:e5:ff:3d:60:
         fe:c5:fb:6b:67:cb:30:30:a9:b0:8c:e1:7f:47:5a:d9:a1:0a:
         74:f7:45:1f:82:1f:60:87:8e:40:21:46:b3:2f:ee:c8:26:30:
         87:9a:59:f6:83:70:bd:ef:bd:5d:10:f0:e3:d5:2f:8c:af:e4:
         35:cd:80:86:2b:c5:ee:5a:b8:e1:d7:98:56:5f:63:d1:06:03:
         95:04:bc:8a:82:1e:e0:c6:91:77:bd:f8:28:b3:01:16:51:6d:
         e1:76:a7:e1:91:b1:f3:81:9a:64:f3:e9:8d:b2:99:fd:a4:10:
         a3:95:46:8d:d4:0d:3b:77:9c:20:de:cc:87:4b:30:e8:b9:b6:
         49:b6:79:de:f2:ff:03:d1:80:f7:84:fb:e6:bb:30:cb:a8:01:
         c4:6a:e5:16:1e:72:50:50:8e:d4:24:cc:f3:c4:f3:de:18:91:
         2a:f0:db:df:58:d1:dd:e3:32:68:29:0d:98:d2:53:1f:65:55:
         78:1f:7b:39:70:f4:7e:33:8b:08:33:89:ed:e1:1d:b6:c8:17:
         31:84:91:8b
-----BEGIN CERTIFICATE-----
MIIGUTCCBTmgAwIBAgIUAQ0Mn0MoWEIXcuXL9CJ5/GhdKMAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkNzFlYTg5YjQtZWQ4NS00NjNmLTgzZDktODQ1MzMwMGJm
MmJkMB4XDTIzMDYwMzAxMDAxN1oXDTIzMDkwMTAxMDAxN1owLzEtMCsGA1UEAxMk
YWVkOTc2NjItZGI4Ny00ODQwLTkxN2ItMzU3ZmVjNGFlMWY5MIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzxzLzVNpwPAnyPMKAkwQB1x/TQrUw1VyLLFM
HfR/oZ/lilRn+iXORYjqGSUAwJvBUt8WuXYWg4VBjP5VSyy9qA8G1a5z045ucokj
mvz5/osBqRHxiwcMw9kGxAjiOBr97lDs3MxpL0gRx0XgKnOFUr7FX2Gtt3zMAauW
kcNxDjSzxc6tE8ZOebuWGQEfgk20Gw6Wp4fYRNFm8cRU3VIuFIFgpPuSso2BL++/
hByZ55aJqjH1J5SNJM/hk0c6QP98G7cX8bGBSJqz3evOVdN7I9d6+Axt8wFRFN+S
1wy2Tz0iCEAA7GiJLpFUHeJDQnijAwJpNYxVK+oNj3HVXa1rtwIDAQABo4IDYzCC
A18wHQYDVR0OBBYEFNZg1CS8GVOMgSxUh2TpFjbGa6vTMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzc0NmUwMTExLWZhZmItNDMwZi1iNzc4LWQyMDRjZmNkOTlhOC83MWVh
ODliNC1lZDg1LTQ2M2YtODNkOS04NDUzMzAwYmYyYmQvNjBlNjY0Y2UtZTNjMS0z
YWFmLTlmNGMtZWViNTJmOGZmMTc3LnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy83NDZlMDExMS1m
YWZiLTQzMGYtYjc3OC1kMjA0Y2ZjZDk5YTgvNzFlYTg5YjQtZWQ4NS00NjNmLTgz
ZDktODQ1MzMwMGJmMmJkLzcxZWE4OWI0LWVkODUtNDYzZi04M2Q5LTg0NTMzMDBi
ZjJiZC5jcmwwHwYDVR0jBBgwFoAUAPoosGNeNAxamY5KWp40aTpaVmIwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzc0NmUwMTExLWZhZmItNDMw
Zi1iNzc4LWQyMDRjZmNkOTlhOC83MWVhODliNC1lZDg1LTQ2M2YtODNkOS04NDUz
MzAwYmYyYmQuY2VyMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQBkAU8MAwD
BASSF9ADBAKSF9gwVAYDVR0gAQH/BEowSDBGBggrBgEFBQcOAjA6MDgGCCsGAQUF
BwIBFixodHRwczovL3d3dy5hcmluLm5ldC9yZXNvdXJjZXMvcnBraS9jcHMuaHRt
bDANBgkqhkiG9w0BAQsFAAOCAQEAyCQmeIy86SSvS2SMV631bFfMJGJTU7Ove4/6
Y9OWza9CiVx0f91GJt95fcRdgDL91Pfl/z1g/sX7a2fLMDCpsIzhf0da2aEKdPdF
H4IfYIeOQCFGsy/uyCYwh5pZ9oNwve+9XRDw49UvjK/kNc2AhivF7lq44deYVl9j
0QYDlQS8ioIe4MaRd734KLMBFlFt4Xan4ZGx84GaZPPpjbKZ/aQQo5VGjdQNO3ec
IN7Mh0sw6Lm2SbZ53vL/A9GA94T75rswy6gBxGrlFh5yUFCO1CTM88Tz3hiRKvDb
31jR3eMyaCkNmNJTH2VVeB97OXD0fjOLCDOJ7eEdtsgXMYSRiw==
-----END CERTIFICATE-----