Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/71ea89b4-ed85-463f-83d9-8453300bf2bd/82af1e5e-badb-38dc-a447-1a7c1e50d2b4.roa
File:                     82af1e5e-badb-38dc-a447-1a7c1e50d2b4.roa (raw, json)
Hash identifier:          OEyYyogRR6sZshC4tlNJVhrs9qckCsqHhnB0xkdrc9w=
Subject key identifier:   30:8C:AC:2C:69:D2:5A:56:3F:D0:00:AD:D2:02:DA:2A:19:73:59:95
Certificate issuer:       /CN=71ea89b4-ed85-463f-83d9-8453300bf2bd
Certificate serial:       010D0C9F432858423A587120C6959E56B6B4EC00
Authority key identifier: 00:FA:28:B0:63:5E:34:0C:5A:99:8E:4A:5A:9E:34:69:3A:5A:56:62
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/71ea89b4-ed85-463f-83d9-8453300bf2bd.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/71ea89b4-ed85-463f-83d9-8453300bf2bd/82af1e5e-badb-38dc-a447-1a7c1e50d2b4.roa
Signing time:             Thu 15 Jun 2023 13:00:18 +0000
ROA not before:           Thu 15 Jun 2023 13:00:18 +0000
ROA not after:            Wed 13 Sep 2023 13:00:18 +0000
asID:                     7862
IP address blocks:        146.23.200.0/23 maxlen: 24
                          146.23.178.0/24 maxlen: 24
                          146.23.56.0/23 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:42:3a:58:71:20:c6:95:9e:56:b6:b4:ec:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=71ea89b4-ed85-463f-83d9-8453300bf2bd
        Validity
            Not Before: Jun 15 13:00:18 2023 GMT
            Not After : Sep 13 13:00:18 2023 GMT
        Subject: CN=31377115-62bd-47ee-bfce-35bda7333400
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:b0:93:63:39:de:6e:dc:8d:59:4e:7c:7b:44:
                    80:21:1e:30:f3:a7:c2:94:57:9a:19:08:fb:13:b7:
                    68:ca:69:2a:65:2e:99:3b:b3:c4:31:a0:6c:5f:6d:
                    f8:b2:54:a1:6f:a1:08:71:cd:d9:8f:70:44:38:ac:
                    c6:bd:0d:17:36:eb:a5:b0:31:cf:51:d2:8f:13:a2:
                    40:79:9f:ba:e6:c5:09:f3:a5:bf:e1:fb:63:b9:1a:
                    65:66:54:5a:b0:28:f2:5c:5a:8f:7d:77:ec:a6:bf:
                    cd:9e:dd:9c:fa:b1:0e:2d:55:5b:65:01:7a:5b:29:
                    3a:22:67:bf:6f:e8:b4:bd:ce:d6:1f:1d:4a:7b:ff:
                    a5:5f:e4:4b:2f:ca:e7:c0:5b:cc:e7:61:90:aa:5b:
                    39:30:26:8b:ac:06:cb:eb:10:fe:8c:03:48:29:7f:
                    08:d8:51:2b:a6:9c:4d:38:75:7f:be:5a:16:f9:5f:
                    de:cb:ef:50:b3:7b:a6:1c:68:fd:23:e8:cb:2a:76:
                    d3:b2:64:c2:8a:93:4a:ad:e1:a4:cd:7d:4f:ae:a6:
                    8b:e8:49:92:dc:7b:b0:5e:34:b2:54:bf:97:51:52:
                    88:54:d7:d2:bc:e7:11:a7:8a:cd:a5:b4:f5:c4:df:
                    46:32:96:f9:53:f1:09:54:42:e2:e0:de:10:d8:48:
                    a2:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:8C:AC:2C:69:D2:5A:56:3F:D0:00:AD:D2:02:DA:2A:19:73:59:95
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/71ea89b4-ed85-463f-83d9-8453300bf2bd/82af1e5e-badb-38dc-a447-1a7c1e50d2b4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/71ea89b4-ed85-463f-83d9-8453300bf2bd/71ea89b4-ed85-463f-83d9-8453300bf2bd.crl

            X509v3 Authority Key Identifier:
                keyid:00:FA:28:B0:63:5E:34:0C:5A:99:8E:4A:5A:9E:34:69:3A:5A:56:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/71ea89b4-ed85-463f-83d9-8453300bf2bd.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.23.56.0/23
                  146.23.178.0/24
                  146.23.200.0/23

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         7e:6d:19:a9:a3:ad:37:34:91:49:d3:77:1a:45:dc:b3:49:23:
         e0:6d:7f:b7:8d:0b:bc:3e:dd:51:41:b5:69:aa:f0:92:68:85:
         3f:f1:5e:f8:39:95:07:e5:36:3c:ce:5b:e3:6a:e9:d9:ec:df:
         1b:2b:06:48:ab:69:3d:4b:3f:79:16:8c:d5:70:d0:c1:90:72:
         d8:ca:63:7d:db:29:fa:cc:18:f0:bc:d1:ff:c1:af:9c:99:0a:
         44:06:35:8e:66:46:ea:2c:e7:c4:f6:c8:10:51:81:8b:eb:ad:
         50:24:dc:ac:80:0a:6e:bc:6f:e7:b8:18:0b:d7:51:26:f3:8e:
         a5:6b:78:60:eb:04:72:88:ab:82:f3:6b:92:9a:3e:92:b5:52:
         38:57:e1:22:68:08:57:ec:2b:9e:f4:86:16:ee:db:f7:a0:81:
         95:23:34:ba:02:b8:a8:1a:d8:2c:d9:40:c1:b4:be:84:28:4d:
         37:07:49:3c:b3:34:28:a6:81:96:dc:5d:61:6b:04:d5:11:7f:
         3e:8d:d6:dc:8f:f5:e0:4b:c1:47:60:90:c1:6e:0a:24:62:21:
         12:1b:50:4a:99:54:84:33:8b:ab:70:19:30:94:c8:25:65:ce:
         f7:9a:6e:c3:81:10:68:9c:05:50:76:f7:fa:04:c7:c9:01:ee:
         c7:79:4b:1c
-----BEGIN CERTIFICATE-----
MIIGTzCCBTegAwIBAgIUAQ0Mn0MoWEI6WHEgxpWeVra07AAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkNzFlYTg5YjQtZWQ4NS00NjNmLTgzZDktODQ1MzMwMGJm
MmJkMB4XDTIzMDYxNTEzMDAxOFoXDTIzMDkxMzEzMDAxOFowLzEtMCsGA1UEAxMk
MzEzNzcxMTUtNjJiZC00N2VlLWJmY2UtMzViZGE3MzMzNDAwMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg7CTYznebtyNWU58e0SAIR4w86fClFeaGQj7
E7doymkqZS6ZO7PEMaBsX234slShb6EIcc3Zj3BEOKzGvQ0XNuulsDHPUdKPE6JA
eZ+65sUJ86W/4ftjuRplZlRasCjyXFqPfXfspr/Nnt2c+rEOLVVbZQF6Wyk6Ime/
b+i0vc7WHx1Ke/+lX+RLL8rnwFvM52GQqls5MCaLrAbL6xD+jANIKX8I2FErppxN
OHV/vloW+V/ey+9Qs3umHGj9I+jLKnbTsmTCipNKreGkzX1PrqaL6EmS3HuwXjSy
VL+XUVKIVNfSvOcRp4rNpbT1xN9GMpb5U/EJVELi4N4Q2EiiWQIDAQABo4IDYTCC
A10wHQYDVR0OBBYEFDCMrCxp0lpWP9AArdIC2ioZc1mVMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzc0NmUwMTExLWZhZmItNDMwZi1iNzc4LWQyMDRjZmNkOTlhOC83MWVh
ODliNC1lZDg1LTQ2M2YtODNkOS04NDUzMzAwYmYyYmQvODJhZjFlNWUtYmFkYi0z
OGRjLWE0NDctMWE3YzFlNTBkMmI0LnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy83NDZlMDExMS1m
YWZiLTQzMGYtYjc3OC1kMjA0Y2ZjZDk5YTgvNzFlYTg5YjQtZWQ4NS00NjNmLTgz
ZDktODQ1MzMwMGJmMmJkLzcxZWE4OWI0LWVkODUtNDYzZi04M2Q5LTg0NTMzMDBi
ZjJiZC5jcmwwHwYDVR0jBBgwFoAUAPoosGNeNAxamY5KWp40aTpaVmIwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzc0NmUwMTExLWZhZmItNDMw
Zi1iNzc4LWQyMDRjZmNkOTlhOC83MWVhODliNC1lZDg1LTQ2M2YtODNkOS04NDUz
MzAwYmYyYmQuY2VyMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBkhc4AwQA
kheyAwQBkhfIMFQGA1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcC
ARYsaHR0cHM6Ly93d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWww
DQYJKoZIhvcNAQELBQADggEBAH5tGamjrTc0kUnTdxpF3LNJI+Btf7eNC7w+3VFB
tWmq8JJohT/xXvg5lQflNjzOW+Nq6dns3xsrBkiraT1LP3kWjNVw0MGQctjKY33b
KfrMGPC80f/Br5yZCkQGNY5mRuos58T2yBBRgYvrrVAk3KyACm68b+e4GAvXUSbz
jqVreGDrBHKIq4Lza5KaPpK1UjhX4SJoCFfsK570hhbu2/eggZUjNLoCuKga2CzZ
QMG0voQoTTcHSTyzNCimgZbcXWFrBNURfz6N1tyP9eBLwUdgkMFuCiRiIRIbUEqZ
VIQzi6twGTCUyCVlzveabsOBEGicBVB29/oEx8kB7sd5Sxw=
-----END CERTIFICATE-----