Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/de1fa60c-18a9-45f9-b9b5-c12bcb7b3b23/d153676f-891a-3e60-9d9f-b17065ff68d7.roa
File:                     d153676f-891a-3e60-9d9f-b17065ff68d7.roa (raw, json)
Hash identifier:          qYnHTSSSpb62kOuHzOaaahlh3zWZDkXYLl1y8XhjEE8=
Subject key identifier:   CA:31:2C:91:A0:8B:D7:8A:34:87:AD:95:32:7C:99:A6:0E:8E:EC:8E
Certificate issuer:       /CN=de1fa60c-18a9-45f9-b9b5-c12bcb7b3b23
Certificate serial:       010D0C9F4328576D51CC73C042CFC173F05A9615
Authority key identifier: DD:9D:1E:7F:57:25:F9:08:65:37:77:F7:D6:04:19:BA:5E:CB:7B:FE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/de1fa60c-18a9-45f9-b9b5-c12bcb7b3b23.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/de1fa60c-18a9-45f9-b9b5-c12bcb7b3b23/d153676f-891a-3e60-9d9f-b17065ff68d7.roa
Signing time:             Thu 13 Aug 2020 04:00:00 +0000
ROA not before:           Thu 13 Aug 2020 04:00:00 +0000
ROA not after:            Tue 13 Aug 2030 04:00:00 +0000
asID:                     32205
IP address blocks:        204.8.16.0/22 maxlen: 24
                          204.10.168.0/21 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:57:6d:51:cc:73:c0:42:cf:c1:73:f0:5a:96:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=de1fa60c-18a9-45f9-b9b5-c12bcb7b3b23
        Validity
            Not Before: Aug 13 04:00:00 2020 GMT
            Not After : Aug 13 04:00:00 2030 GMT
        Subject: CN=0505639c-08be-4dd1-bcdf-1e98cd45ad43
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:bd:67:7b:12:77:b8:51:07:3b:01:37:e7:c6:
                    fc:c6:d7:88:a0:a0:b9:b2:55:73:98:08:fe:5b:82:
                    43:a6:43:7c:f9:d9:91:21:bb:f1:35:a9:52:ea:23:
                    e9:79:21:b3:1b:dd:e8:0f:77:b9:98:c1:90:e9:82:
                    47:ec:9d:d6:9a:9d:b0:16:34:69:19:7a:3c:53:38:
                    5e:0b:d6:08:dc:94:8f:f5:78:ac:d2:23:c0:4f:48:
                    96:12:2f:a8:45:78:94:c3:5c:6b:ab:a2:93:22:c7:
                    c6:81:89:b8:ba:2d:b0:c6:d1:df:be:64:3f:5d:fb:
                    d5:f2:17:47:ed:55:60:d4:14:84:ce:af:32:d3:ed:
                    20:d9:66:a9:84:65:37:b3:c4:b7:7c:22:ac:50:e2:
                    46:04:1f:13:00:fd:3a:f0:1f:38:ed:6a:a8:b4:e1:
                    f5:1b:27:77:c4:7c:ea:24:4f:2a:4e:40:7d:fc:eb:
                    70:ce:3c:68:7c:6f:32:5b:6d:11:f2:fb:2d:85:92:
                    20:04:4b:65:64:7e:91:76:20:32:2b:18:8b:dd:c6:
                    53:42:58:0b:5d:74:89:58:6b:a2:99:0b:62:14:4b:
                    54:31:37:1d:de:fd:ee:99:b1:29:07:08:af:c7:f7:
                    0c:2f:1d:5b:5d:a5:9d:c9:2a:88:f2:6e:6e:c1:0a:
                    a7:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:31:2C:91:A0:8B:D7:8A:34:87:AD:95:32:7C:99:A6:0E:8E:EC:8E
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/de1fa60c-18a9-45f9-b9b5-c12bcb7b3b23/d153676f-891a-3e60-9d9f-b17065ff68d7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/de1fa60c-18a9-45f9-b9b5-c12bcb7b3b23/de1fa60c-18a9-45f9-b9b5-c12bcb7b3b23.crl

            X509v3 Authority Key Identifier:
                keyid:DD:9D:1E:7F:57:25:F9:08:65:37:77:F7:D6:04:19:BA:5E:CB:7B:FE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/de1fa60c-18a9-45f9-b9b5-c12bcb7b3b23.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  204.8.16.0/22
                  204.10.168.0/21

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         87:3b:19:a6:1f:38:98:29:b8:6a:9f:a3:1d:d0:fd:77:6f:32:
         a2:de:25:9b:5d:af:65:77:fb:fd:0c:10:c8:63:0c:06:d7:6b:
         09:19:06:e9:f6:5c:cf:dc:62:16:e9:cc:c4:01:4e:d8:ea:5f:
         18:88:67:1e:a7:76:1b:08:be:9a:85:84:22:9d:d5:20:11:75:
         c2:b2:a6:19:59:22:bd:24:91:31:76:2f:55:06:ef:83:98:e9:
         83:17:e2:a3:1f:b0:62:ce:24:81:8a:97:f5:57:df:d9:9e:f0:
         71:8a:7a:0f:c2:34:97:53:cf:55:19:c7:45:4c:32:75:90:2f:
         25:76:67:d7:d8:5b:89:1c:48:3e:c0:ed:53:90:de:c6:75:d6:
         84:69:78:da:d1:59:9e:ff:7e:64:e0:44:48:df:63:2f:08:5a:
         94:b6:67:dd:fc:83:be:15:8d:4b:ce:53:6a:58:90:67:91:c8:
         f5:cf:7e:d9:73:ce:27:9b:35:3b:33:2a:6d:8d:1a:d0:ae:66:
         74:b6:1b:45:19:e7:cd:aa:73:32:13:e4:2c:1e:40:e1:eb:0f:
         5c:17:86:cd:9e:41:e7:b3:67:be:dc:c1:20:ba:22:59:bf:07:
         22:69:3d:c0:3b:eb:01:69:25:68:63:2f:42:55:f1:5c:3f:ee:
         d3:df:03:98
-----BEGIN CERTIFICATE-----
MIIGSTCCBTGgAwIBAgIUAQ0Mn0MoV21RzHPAQs/Bc/BalhUwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkZGUxZmE2MGMtMThhOS00NWY5LWI5YjUtYzEyYmNiN2Iz
YjIzMB4XDTIwMDgxMzA0MDAwMFoXDTMwMDgxMzA0MDAwMFowLzEtMCsGA1UEAxMk
MDUwNTYzOWMtMDhiZS00ZGQxLWJjZGYtMWU5OGNkNDVhZDQzMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnr1nexJ3uFEHOwE358b8xteIoKC5slVzmAj+
W4JDpkN8+dmRIbvxNalS6iPpeSGzG93oD3e5mMGQ6YJH7J3Wmp2wFjRpGXo8Uzhe
C9YI3JSP9Xis0iPAT0iWEi+oRXiUw1xrq6KTIsfGgYm4ui2wxtHfvmQ/XfvV8hdH
7VVg1BSEzq8y0+0g2WaphGU3s8S3fCKsUOJGBB8TAP068B847WqotOH1Gyd3xHzq
JE8qTkB9/OtwzjxofG8yW20R8vsthZIgBEtlZH6RdiAyKxiL3cZTQlgLXXSJWGui
mQtiFEtUMTcd3v3umbEpBwivx/cMLx1bXaWdySqI8m5uwQqnNwIDAQABo4IDWzCC
A1cwHQYDVR0OBBYEFMoxLJGgi9eKNIetlTJ8maYOjuyOMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzc0NmUwMTExLWZhZmItNDMwZi1iNzc4LWQyMDRjZmNkOTlhOC9kZTFm
YTYwYy0xOGE5LTQ1ZjktYjliNS1jMTJiY2I3YjNiMjMvZDE1MzY3NmYtODkxYS0z
ZTYwLTlkOWYtYjE3MDY1ZmY2OGQ3LnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy83NDZlMDExMS1m
YWZiLTQzMGYtYjc3OC1kMjA0Y2ZjZDk5YTgvZGUxZmE2MGMtMThhOS00NWY5LWI5
YjUtYzEyYmNiN2IzYjIzL2RlMWZhNjBjLTE4YTktNDVmOS1iOWI1LWMxMmJjYjdi
M2IyMy5jcmwwHwYDVR0jBBgwFoAU3Z0ef1cl+QhlN3f31gQZul7Le/4wDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzc0NmUwMTExLWZhZmItNDMw
Zi1iNzc4LWQyMDRjZmNkOTlhOC9kZTFmYTYwYy0xOGE5LTQ1ZjktYjliNS1jMTJi
Y2I3YjNiMjMuY2VyMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCzAgQAwQD
zAqoMFQGA1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0
cHM6Ly93d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZI
hvcNAQELBQADggEBAIc7GaYfOJgpuGqfox3Q/XdvMqLeJZtdr2V3+/0MEMhjDAbX
awkZBun2XM/cYhbpzMQBTtjqXxiIZx6ndhsIvpqFhCKd1SARdcKyphlZIr0kkTF2
L1UG74OY6YMX4qMfsGLOJIGKl/VX39me8HGKeg/CNJdTz1UZx0VMMnWQLyV2Z9fY
W4kcSD7A7VOQ3sZ11oRpeNrRWZ7/fmTgREjfYy8IWpS2Z938g74VjUvOU2pYkGeR
yPXPftlzziebNTszKm2NGtCuZnS2G0UZ582qczIT5CweQOHrD1wXhs2eQeezZ77c
wSC6Ilm/ByJpPcA76wFpJWhjL0JV8Vw/7tPfA5g=
-----END CERTIFICATE-----