Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/ac683038-c192-4fba-ae61-c511683cdb6a/b7571c63-0ec4-3324-bfe4-7abfb2e29f47.roa
File:                     b7571c63-0ec4-3324-bfe4-7abfb2e29f47.roa (raw, json)
Hash identifier:          S/hDqbgV52G1sKOuzonVWB0rwC/1XfEijLpBOPNrg30=
Subject key identifier:   6D:32:AE:86:A3:93:B8:D5:94:1A:64:95:EF:A9:F7:75:02:28:51:9E
Certificate issuer:       /CN=ac683038-c192-4fba-ae61-c511683cdb6a
Certificate serial:       010D0C9F43285840E6DC7F4356B7A6169AEB5520
Authority key identifier: D1:F4:1D:DB:27:4E:3B:A0:A5:7B:4B:11:17:C9:16:5D:85:21:1E:11
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/ac683038-c192-4fba-ae61-c511683cdb6a.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/ac683038-c192-4fba-ae61-c511683cdb6a/b7571c63-0ec4-3324-bfe4-7abfb2e29f47.roa
Signing time:             Mon 07 Dec 2020 23:33:00 +0000
ROA not before:           Mon 07 Dec 2020 23:33:00 +0000
ROA not after:            Sun 18 May 2025 04:00:00 +0000
asID:                     13549
IP address blocks:        64.7.160.0/19 maxlen: 24
                          209.103.224.0/19 maxlen: 24
                          2604:8fc0::/32 maxlen: 34
                          2606:3d00::/32 maxlen: 34

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:40:e6:dc:7f:43:56:b7:a6:16:9a:eb:55:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ac683038-c192-4fba-ae61-c511683cdb6a
        Validity
            Not Before: Dec  7 23:33:00 2020 GMT
            Not After : May 18 04:00:00 2025 GMT
        Subject: CN=9a570159-1574-435f-b4e1-e69f8a4a04fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:5d:30:46:23:25:ff:d7:20:35:cb:3d:dc:7b:
                    13:cc:85:b5:30:f6:09:1c:7c:fc:bb:db:28:69:83:
                    81:0d:73:f8:1f:00:43:d1:63:06:cb:fb:bb:c2:45:
                    3e:3e:84:35:2e:26:b0:ad:e7:d6:68:91:e7:31:e0:
                    39:f6:28:a8:1c:eb:9b:e9:e8:e7:cf:f3:79:72:e1:
                    0f:6c:6b:a2:b0:03:2d:4c:4d:e8:5e:94:71:d8:d4:
                    8e:eb:84:a5:8b:56:76:aa:b8:fc:4d:cf:7f:1e:02:
                    ad:ee:13:03:18:eb:37:c9:46:a9:89:17:5c:3d:6e:
                    44:04:ce:69:d0:34:8a:e2:4c:77:61:13:3f:f6:31:
                    81:7c:60:32:8f:b7:4e:04:8c:b8:23:e9:9b:11:ef:
                    06:4e:dd:ce:55:c9:d1:36:ed:b0:4d:0d:d4:0e:d1:
                    72:e9:46:86:b6:da:f7:8f:ae:35:a5:68:bc:bc:91:
                    56:74:02:17:e7:f5:6a:c5:38:52:07:f4:29:01:3c:
                    7d:4d:bb:75:dd:6d:37:ce:1b:89:3f:f8:89:5d:94:
                    0c:a4:6a:91:d9:11:18:ee:44:81:7c:5b:36:15:1e:
                    00:a9:6d:01:08:21:e9:7d:6b:f1:1d:e2:73:49:21:
                    ef:a7:58:6f:f9:42:08:ca:e1:2c:fe:ba:5e:72:06:
                    15:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:32:AE:86:A3:93:B8:D5:94:1A:64:95:EF:A9:F7:75:02:28:51:9E
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/ac683038-c192-4fba-ae61-c511683cdb6a/b7571c63-0ec4-3324-bfe4-7abfb2e29f47.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/ac683038-c192-4fba-ae61-c511683cdb6a/ac683038-c192-4fba-ae61-c511683cdb6a.crl

            X509v3 Authority Key Identifier:
                keyid:D1:F4:1D:DB:27:4E:3B:A0:A5:7B:4B:11:17:C9:16:5D:85:21:1E:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/ac683038-c192-4fba-ae61-c511683cdb6a.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.7.160.0/19
                  209.103.224.0/19
                IPv6:
                  2604:8fc0::/32
                  2606:3d00::/32

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         b7:71:10:e8:7b:78:9e:e5:d7:5d:fd:a7:5a:59:6d:2c:55:fc:
         60:7e:b5:a3:66:cf:23:4d:0f:51:da:74:05:3e:b6:e9:a4:f4:
         d4:37:f4:45:9a:a4:09:93:bf:59:0f:5e:a0:6f:75:89:e5:8c:
         5b:f6:56:5b:12:8d:ce:9c:48:c2:08:75:4a:98:01:bc:a2:df:
         36:ad:58:87:a8:b6:26:b0:28:64:30:6e:e6:f9:6b:2e:a3:ff:
         72:d5:27:9b:6b:17:01:71:c8:d3:d0:ff:a7:8a:ac:a7:d1:e3:
         1f:b9:27:36:64:7c:b0:ba:db:0f:f8:3a:31:1a:c6:c2:9c:bc:
         84:68:7d:15:59:6d:fd:22:82:b9:e5:a7:09:f3:ca:08:c0:de:
         f1:43:1c:86:01:7b:3d:17:bf:65:1a:75:f6:b9:9a:d7:5d:24:
         f1:23:6a:f3:52:ce:60:ba:bd:3a:09:25:0f:6f:e7:fc:b1:e2:
         0d:19:6f:5f:1a:44:5d:1d:b6:aa:b7:a0:c2:60:2b:97:ec:6c:
         18:44:6b:8e:32:f9:33:53:78:da:ad:e3:a7:58:eb:82:26:a9:
         b4:a7:42:20:81:34:0b:6b:47:8c:47:15:a4:1c:49:68:da:cf:
         fd:9b:13:92:d5:74:d4:a0:1e:ad:84:a9:f8:ea:e1:e0:af:96:
         86:f3:63:64
-----BEGIN CERTIFICATE-----
MIIGXzCCBUegAwIBAgIUAQ0Mn0MoWEDm3H9DVremFprrVSAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkYWM2ODMwMzgtYzE5Mi00ZmJhLWFlNjEtYzUxMTY4M2Nk
YjZhMB4XDTIwMTIwNzIzMzMwMFoXDTI1MDUxODA0MDAwMFowLzEtMCsGA1UEAxMk
OWE1NzAxNTktMTU3NC00MzVmLWI0ZTEtZTY5ZjhhNGEwNGZiMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp10wRiMl/9cgNcs93HsTzIW1MPYJHHz8u9so
aYOBDXP4HwBD0WMGy/u7wkU+PoQ1LiawrefWaJHnMeA59iioHOub6ejnz/N5cuEP
bGuisAMtTE3oXpRx2NSO64Sli1Z2qrj8Tc9/HgKt7hMDGOs3yUapiRdcPW5EBM5p
0DSK4kx3YRM/9jGBfGAyj7dOBIy4I+mbEe8GTt3OVcnRNu2wTQ3UDtFy6UaGttr3
j641pWi8vJFWdAIX5/VqxThSB/QpATx9Tbt13W03zhuJP/iJXZQMpGqR2REY7kSB
fFs2FR4AqW0BCCHpfWvxHeJzSSHvp1hv+UIIyuEs/rpecgYVbQIDAQABo4IDcTCC
A20wHQYDVR0OBBYEFG0yroajk7jVlBpkle+p93UCKFGeMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzc0NmUwMTExLWZhZmItNDMwZi1iNzc4LWQyMDRjZmNkOTlhOC9hYzY4
MzAzOC1jMTkyLTRmYmEtYWU2MS1jNTExNjgzY2RiNmEvYjc1NzFjNjMtMGVjNC0z
MzI0LWJmZTQtN2FiZmIyZTI5ZjQ3LnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy83NDZlMDExMS1m
YWZiLTQzMGYtYjc3OC1kMjA0Y2ZjZDk5YTgvYWM2ODMwMzgtYzE5Mi00ZmJhLWFl
NjEtYzUxMTY4M2NkYjZhL2FjNjgzMDM4LWMxOTItNGZiYS1hZTYxLWM1MTE2ODNj
ZGI2YS5jcmwwHwYDVR0jBBgwFoAU0fQd2ydOO6Cle0sRF8kWXYUhHhEwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzc0NmUwMTExLWZhZmItNDMw
Zi1iNzc4LWQyMDRjZmNkOTlhOC9hYzY4MzAzOC1jMTkyLTRmYmEtYWU2MS1jNTEx
NjgzY2RiNmEuY2VyMDsGCCsGAQUFBwEHAQH/BCwwKjASBAIAATAMAwQFQAegAwQF
0WfgMBQEAgACMA4DBQAmBI/AAwUAJgY9ADBUBgNVHSABAf8ESjBIMEYGCCsGAQUF
Bw4CMDowOAYIKwYBBQUHAgEWLGh0dHBzOi8vd3d3LmFyaW4ubmV0L3Jlc291cmNl
cy9ycGtpL2Nwcy5odG1sMA0GCSqGSIb3DQEBCwUAA4IBAQC3cRDoe3ie5ddd/ada
WW0sVfxgfrWjZs8jTQ9R2nQFPrbppPTUN/RFmqQJk79ZD16gb3WJ5Yxb9lZbEo3O
nEjCCHVKmAG8ot82rViHqLYmsChkMG7m+Wsuo/9y1SebaxcBccjT0P+niqyn0eMf
uSc2ZHywutsP+DoxGsbCnLyEaH0VWW39IoK55acJ88oIwN7xQxyGAXs9F79lGnX2
uZrXXSTxI2rzUs5gur06CSUPb+f8seINGW9fGkRdHbaqt6DCYCuX7GwYRGuOMvkz
U3jareOnWOuCJqm0p0IggTQLa0eMRxWkHElo2s/9mxOS1XTUoB6thKn46uHgr5aG
82Nk
-----END CERTIFICATE-----