Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/a73420cb-b3cc-4b03-bda7-1be204933ae5/8bd5bc1a-5f48-4ce7-b952-b94b8ece87ff/af787902-d8e7-3c70-8f62-feef7966c356.roa
File:                     af787902-d8e7-3c70-8f62-feef7966c356.roa (raw, json)
Hash identifier:          g6jIXKrYhZM+lNmG6cVK3gwf1skREiq2vt2WrYS7X2I=
Subject key identifier:   0F:70:3D:51:2D:CF:CE:E4:2A:03:65:EC:95:2F:A0:A5:AE:25:24:F0
Certificate issuer:       /CN=8bd5bc1a-5f48-4ce7-b952-b94b8ece87ff
Certificate serial:       010D0C9F432858433C94C9C2C806B719040C35C0
Authority key identifier: 61:A2:CD:53:94:CD:6E:75:69:56:72:39:F6:0B:34:15:6C:1C:75:87
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/a73420cb-b3cc-4b03-bda7-1be204933ae5/8bd5bc1a-5f48-4ce7-b952-b94b8ece87ff.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/a73420cb-b3cc-4b03-bda7-1be204933ae5/8bd5bc1a-5f48-4ce7-b952-b94b8ece87ff/af787902-d8e7-3c70-8f62-feef7966c356.roa
Signing time:             Sat 16 Sep 2023 01:00:22 +0000
ROA not before:           Sat 16 Sep 2023 01:00:22 +0000
ROA not after:            Fri 15 Dec 2023 02:00:22 +0000
asID:                     16509
IP address blocks:        207.223.180.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:43:3c:94:c9:c2:c8:06:b7:19:04:0c:35:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bd5bc1a-5f48-4ce7-b952-b94b8ece87ff
        Validity
            Not Before: Sep 16 01:00:22 2023 GMT
            Not After : Dec 15 02:00:22 2023 GMT
        Subject: CN=d3c6e164-fb57-4fdf-910e-20b002540eca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:e9:8d:52:ee:34:db:63:2d:32:28:9f:1c:50:
                    a1:b8:26:5a:3c:d7:16:47:9a:23:2e:25:fc:77:48:
                    f9:d7:c0:22:d9:35:99:75:77:e7:17:38:f8:14:bc:
                    3b:16:23:2e:34:e5:d1:2d:95:f6:e4:58:fd:33:4b:
                    b1:c6:48:a4:3d:ba:3d:51:c9:16:39:d4:d8:1d:c9:
                    b4:30:0f:cb:3f:b9:dd:07:b5:75:96:c5:2b:e8:0a:
                    15:a8:c9:91:ab:fa:50:98:da:ed:bd:4e:65:8c:6e:
                    9d:18:7a:8c:a0:53:a7:3f:8f:cf:5d:46:0f:0c:7e:
                    0b:2c:eb:61:56:d6:96:6b:86:3d:b7:ae:cd:71:20:
                    9a:7f:e4:56:70:58:cb:96:03:6a:2f:e8:0e:3c:55:
                    76:8e:4c:56:5a:9e:86:b0:2a:a1:4e:f8:1c:2f:d3:
                    75:6c:6a:0d:79:31:c4:60:a0:bb:13:52:6b:c4:e8:
                    ad:7a:2c:23:50:52:4d:17:3b:7a:bf:c8:83:a1:5c:
                    cf:27:e6:54:fb:bb:57:f7:f8:f5:f6:51:66:9c:ed:
                    9d:0b:d7:38:72:b5:35:8a:bb:f6:2c:13:4a:8c:8e:
                    4a:bb:c3:e2:1f:51:c4:13:ef:73:08:49:c8:a2:7a:
                    eb:21:b6:85:a1:70:74:fd:40:b1:8c:ee:ba:c6:1f:
                    5b:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:70:3D:51:2D:CF:CE:E4:2A:03:65:EC:95:2F:A0:A5:AE:25:24:F0
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/a73420cb-b3cc-4b03-bda7-1be204933ae5/8bd5bc1a-5f48-4ce7-b952-b94b8ece87ff/af787902-d8e7-3c70-8f62-feef7966c356.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/a73420cb-b3cc-4b03-bda7-1be204933ae5/8bd5bc1a-5f48-4ce7-b952-b94b8ece87ff/8bd5bc1a-5f48-4ce7-b952-b94b8ece87ff.crl

            X509v3 Authority Key Identifier:
                keyid:61:A2:CD:53:94:CD:6E:75:69:56:72:39:F6:0B:34:15:6C:1C:75:87

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/a73420cb-b3cc-4b03-bda7-1be204933ae5/8bd5bc1a-5f48-4ce7-b952-b94b8ece87ff.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  207.223.180.0/24

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         6d:7b:81:c0:a3:00:8f:09:ed:96:1f:79:ef:36:79:f9:a8:a5:
         56:18:62:76:7d:a3:a9:b2:42:b8:75:0c:c9:5f:c5:0f:b0:54:
         65:29:fc:9a:b7:26:37:b8:27:a6:5f:d7:c5:f3:50:29:1c:66:
         58:18:4b:27:ca:da:ad:ee:dd:e5:6e:05:cb:4a:84:34:a0:2a:
         99:04:d2:e1:5e:6c:89:d3:01:b0:f5:53:62:bb:4d:bc:77:75:
         24:c4:0e:7b:b3:28:cb:59:bd:b9:e0:b0:b8:88:de:80:09:81:
         17:99:c6:1a:b8:5c:3f:59:dd:c1:ad:f7:19:db:10:bf:c1:a8:
         d0:21:0e:f5:57:d6:a9:f8:cd:44:c8:0b:e2:ae:c1:f4:c3:51:
         07:e6:aa:91:28:83:b7:ce:d7:27:2d:e1:3d:6b:f3:e1:12:cd:
         d4:aa:83:41:68:75:cb:b9:9e:ae:81:39:78:87:24:09:32:f6:
         ba:d1:3d:88:3e:ae:85:a2:b6:23:f9:76:a2:ca:7a:b8:f2:75:
         d0:0b:19:2b:de:a4:84:4d:23:cd:3f:29:ea:4d:8e:d5:12:19:
         6b:9d:39:be:fb:e7:be:22:33:67:57:ce:57:42:14:5e:ca:2a:
         06:46:b9:66:f6:b6:9b:93:01:ea:68:83:79:cb:3e:3a:83:56:
         58:3f:a4:b2
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWEM8lMnCyAa3GQQMNcAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkOGJkNWJjMWEtNWY0OC00Y2U3LWI5NTItYjk0YjhlY2U4
N2ZmMB4XDTIzMDkxNjAxMDAyMloXDTIzMTIxNTAyMDAyMlowLzEtMCsGA1UEAxMk
ZDNjNmUxNjQtZmI1Ny00ZmRmLTkxMGUtMjBiMDAyNTQwZWNhMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp+mNUu4022MtMiifHFChuCZaPNcWR5ojLiX8
d0j518Ai2TWZdXfnFzj4FLw7FiMuNOXRLZX25Fj9M0uxxkikPbo9UckWOdTYHcm0
MA/LP7ndB7V1lsUr6AoVqMmRq/pQmNrtvU5ljG6dGHqMoFOnP4/PXUYPDH4LLOth
VtaWa4Y9t67NcSCaf+RWcFjLlgNqL+gOPFV2jkxWWp6GsCqhTvgcL9N1bGoNeTHE
YKC7E1JrxOiteiwjUFJNFzt6v8iDoVzPJ+ZU+7tX9/j19lFmnO2dC9c4crU1irv2
LBNKjI5Ku8PiH1HEE+9zCEnIonrrIbaFoXB0/UCxjO66xh9bXQIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFA9wPVEtz87kKgNl7JUvoKWuJSTwMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzL2E3MzQyMGNiLWIzY2MtNGIwMy1iZGE3LTFiZTIwNDkzM2FlNS84YmQ1
YmMxYS01ZjQ4LTRjZTctYjk1Mi1iOTRiOGVjZTg3ZmYvYWY3ODc5MDItZDhlNy0z
YzcwLThmNjItZmVlZjc5NjZjMzU2LnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy9hNzM0MjBjYi1i
M2NjLTRiMDMtYmRhNy0xYmUyMDQ5MzNhZTUvOGJkNWJjMWEtNWY0OC00Y2U3LWI5
NTItYjk0YjhlY2U4N2ZmLzhiZDViYzFhLTVmNDgtNGNlNy1iOTUyLWI5NGI4ZWNl
ODdmZi5jcmwwHwYDVR0jBBgwFoAUYaLNU5TNbnVpVnI59gs0FWwcdYcwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzL2E3MzQyMGNiLWIzY2MtNGIw
My1iZGE3LTFiZTIwNDkzM2FlNS84YmQ1YmMxYS01ZjQ4LTRjZTctYjk1Mi1iOTRi
OGVjZTg3ZmYuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAz9+0MFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBAG17gcCjAI8J7ZYfee82efmopVYYYnZ9o6myQrh1DMlfxQ+wVGUp/Jq3
Jje4J6Zf18XzUCkcZlgYSyfK2q3u3eVuBctKhDSgKpkE0uFebInTAbD1U2K7Tbx3
dSTEDnuzKMtZvbngsLiI3oAJgReZxhq4XD9Z3cGt9xnbEL/BqNAhDvVX1qn4zUTI
C+KuwfTDUQfmqpEog7fO1yct4T1r8+ESzdSqg0Fodcu5nq6BOXiHJAky9rrRPYg+
roWitiP5dqLKerjyddALGSvepIRNI80/KepNjtUSGWudOb77574iM2dXzldCFF7K
KgZGuWb2tpuTAepog3nLPjqDVlg/pLI=
-----END CERTIFICATE-----