Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/71ea89b4-ed85-463f-83d9-8453300bf2bd/cd99ca80-68e2-346e-bd42-3873338508ca.roa
File:                     cd99ca80-68e2-346e-bd42-3873338508ca.roa (raw, json)
Hash identifier:          XVjXWARlhkQf88rQ9sZm3tzA6FCjv/Lcori7ixalHgc=
Subject key identifier:   35:EA:AA:22:20:19:F3:55:A8:DF:E5:2A:BB:B5:E0:B0:57:75:72:76
Certificate issuer:       /CN=71ea89b4-ed85-463f-83d9-8453300bf2bd
Certificate serial:       010D0C9F432858423BBDC910C058C8B2796A8D00
Authority key identifier: 00:FA:28:B0:63:5E:34:0C:5A:99:8E:4A:5A:9E:34:69:3A:5A:56:62
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/71ea89b4-ed85-463f-83d9-8453300bf2bd.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/71ea89b4-ed85-463f-83d9-8453300bf2bd/cd99ca80-68e2-346e-bd42-3873338508ca.roa
Signing time:             Fri 16 Jun 2023 01:00:16 +0000
ROA not before:           Fri 16 Jun 2023 01:00:16 +0000
ROA not after:            Thu 14 Sep 2023 01:00:16 +0000
asID:                     7862
IP address blocks:        146.23.64.0/23 maxlen: 24
                          146.23.40.0/23 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:42:3b:bd:c9:10:c0:58:c8:b2:79:6a:8d:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=71ea89b4-ed85-463f-83d9-8453300bf2bd
        Validity
            Not Before: Jun 16 01:00:16 2023 GMT
            Not After : Sep 14 01:00:16 2023 GMT
        Subject: CN=9e7675b2-5256-4a8f-8764-aea824c74815
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:ee:09:3f:a8:01:d3:23:ad:43:43:1a:c1:3c:
                    ce:61:fe:42:3e:15:88:ff:99:10:f1:b1:0c:45:3f:
                    b9:ec:f3:45:98:7c:eb:23:85:3c:2f:35:c3:34:e7:
                    7f:3d:38:6c:05:f6:64:13:d0:db:7d:e9:82:8d:1c:
                    18:20:b5:02:3d:b1:1c:7b:34:fe:af:6f:02:02:a9:
                    75:1a:6b:0c:91:15:35:93:27:ab:03:0f:58:24:72:
                    e1:8d:29:a6:3e:8a:cf:61:97:02:de:48:e0:20:fa:
                    e6:9b:a2:6c:bd:26:30:79:b1:46:7f:d8:12:45:ed:
                    a3:ad:6a:91:67:c4:1e:b9:aa:9a:c4:17:e0:33:3e:
                    27:41:ad:7b:4b:c1:f3:01:c3:33:40:f2:f1:9f:6e:
                    d6:8b:6b:0d:bf:05:c8:af:af:fe:af:c4:49:70:be:
                    6f:a0:7a:d3:b0:68:77:1d:11:c9:0e:a3:1f:b0:77:
                    bc:f5:7e:07:46:7b:36:0a:86:de:29:f1:11:d4:bc:
                    b0:c7:7b:77:46:9c:bc:c8:d3:98:4a:2f:28:12:d2:
                    9e:ed:47:ac:34:f7:62:b8:02:e3:fd:6a:68:b7:a1:
                    9d:f0:e7:a8:d0:cb:2a:5e:8d:01:d7:d5:13:27:30:
                    5b:c9:2a:03:e1:ad:3c:7d:33:b0:f4:8f:78:c2:41:
                    6e:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:EA:AA:22:20:19:F3:55:A8:DF:E5:2A:BB:B5:E0:B0:57:75:72:76
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/71ea89b4-ed85-463f-83d9-8453300bf2bd/cd99ca80-68e2-346e-bd42-3873338508ca.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/71ea89b4-ed85-463f-83d9-8453300bf2bd/71ea89b4-ed85-463f-83d9-8453300bf2bd.crl

            X509v3 Authority Key Identifier:
                keyid:00:FA:28:B0:63:5E:34:0C:5A:99:8E:4A:5A:9E:34:69:3A:5A:56:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/71ea89b4-ed85-463f-83d9-8453300bf2bd.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.23.40.0/23
                  146.23.64.0/23

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         d6:3e:da:cb:c8:b2:49:13:4c:45:88:b3:4e:68:08:0d:c0:f1:
         e6:60:66:34:b9:72:46:eb:f8:8e:dd:49:95:f0:9d:8a:6b:b7:
         95:07:78:75:de:38:fe:c2:45:cf:0e:48:ec:ab:e3:17:29:3c:
         de:e1:39:2d:3d:fc:1f:ed:5b:ea:5c:d8:e8:09:b6:9a:e6:6c:
         08:60:a7:89:0a:b9:42:04:ed:1e:af:99:12:84:03:9e:51:72:
         58:28:e7:9b:0e:b2:eb:18:59:81:b4:3b:f7:f7:7b:81:d7:14:
         b0:f8:83:3f:4b:e8:1c:03:b9:64:c7:fb:f5:ec:2e:bf:da:7b:
         60:83:34:95:30:f6:67:8f:49:ab:90:04:36:2d:83:12:08:27:
         b4:25:de:95:6f:86:26:b6:4a:5e:63:b7:12:11:d2:cb:48:0c:
         9a:be:cf:4b:3e:ec:aa:17:fc:d0:fd:e0:c3:80:4f:67:4c:fb:
         2a:b1:05:fc:84:6e:49:a8:3a:47:54:12:78:37:6b:49:59:9e:
         90:fa:d8:a4:32:2a:b6:ed:90:24:a3:8b:fe:f8:2c:6d:1e:43:
         85:dd:48:d4:e8:a5:3d:e6:29:5d:64:53:be:dd:aa:40:2c:f1:
         92:14:4a:51:43:f2:56:f7:8e:22:ce:b7:71:41:19:18:53:3c:
         ad:a3:51:0d
-----BEGIN CERTIFICATE-----
MIIGSTCCBTGgAwIBAgIUAQ0Mn0MoWEI7vckQwFjIsnlqjQAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkNzFlYTg5YjQtZWQ4NS00NjNmLTgzZDktODQ1MzMwMGJm
MmJkMB4XDTIzMDYxNjAxMDAxNloXDTIzMDkxNDAxMDAxNlowLzEtMCsGA1UEAxMk
OWU3Njc1YjItNTI1Ni00YThmLTg3NjQtYWVhODI0Yzc0ODE1MIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoO4JP6gB0yOtQ0MawTzOYf5CPhWI/5kQ8bEM
RT+57PNFmHzrI4U8LzXDNOd/PThsBfZkE9DbfemCjRwYILUCPbEcezT+r28CAql1
GmsMkRU1kyerAw9YJHLhjSmmPorPYZcC3kjgIPrmm6JsvSYwebFGf9gSRe2jrWqR
Z8QeuaqaxBfgMz4nQa17S8HzAcMzQPLxn27Wi2sNvwXIr6/+r8RJcL5voHrTsGh3
HRHJDqMfsHe89X4HRns2CobeKfER1Lywx3t3Rpy8yNOYSi8oEtKe7UesNPdiuALj
/Wpot6Gd8Oeo0MsqXo0B19UTJzBbySoD4a08fTOw9I94wkFuBwIDAQABo4IDWzCC
A1cwHQYDVR0OBBYEFDXqqiIgGfNVqN/lKru14LBXdXJ2MIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzc0NmUwMTExLWZhZmItNDMwZi1iNzc4LWQyMDRjZmNkOTlhOC83MWVh
ODliNC1lZDg1LTQ2M2YtODNkOS04NDUzMzAwYmYyYmQvY2Q5OWNhODAtNjhlMi0z
NDZlLWJkNDItMzg3MzMzODUwOGNhLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy83NDZlMDExMS1m
YWZiLTQzMGYtYjc3OC1kMjA0Y2ZjZDk5YTgvNzFlYTg5YjQtZWQ4NS00NjNmLTgz
ZDktODQ1MzMwMGJmMmJkLzcxZWE4OWI0LWVkODUtNDYzZi04M2Q5LTg0NTMzMDBi
ZjJiZC5jcmwwHwYDVR0jBBgwFoAUAPoosGNeNAxamY5KWp40aTpaVmIwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzc0NmUwMTExLWZhZmItNDMw
Zi1iNzc4LWQyMDRjZmNkOTlhOC83MWVhODliNC1lZDg1LTQ2M2YtODNkOS04NDUz
MzAwYmYyYmQuY2VyMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBkhcoAwQB
khdAMFQGA1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0
cHM6Ly93d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZI
hvcNAQELBQADggEBANY+2svIskkTTEWIs05oCA3A8eZgZjS5ckbr+I7dSZXwnYpr
t5UHeHXeOP7CRc8OSOyr4xcpPN7hOS09/B/tW+pc2OgJtprmbAhgp4kKuUIE7R6v
mRKEA55Rclgo55sOsusYWYG0O/f3e4HXFLD4gz9L6BwDuWTH+/XsLr/ae2CDNJUw
9mePSauQBDYtgxIIJ7Ql3pVvhia2Sl5jtxIR0stIDJq+z0s+7KoX/ND94MOAT2dM
+yqxBfyEbkmoOkdUEng3a0lZnpD62KQyKrbtkCSji/74LG0eQ4XdSNTopT3mKV1k
U77dqkAs8ZIUSlFD8lb3jiLOt3FBGRhTPK2jUQ0=
-----END CERTIFICATE-----