Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf7f518c5d017f949e0c8c42f5/0/3136322e3232332e36342e302f32312d3231203d3e20353434343736.roa
File:                     3136322e3232332e36342e302f32312d3231203d3e20353434343736.roa (raw, json)
Hash identifier:          TuJtCzhP24Oz9FECR7Qd2q9sI9T+HnEZdur6mUNnanE=
Subject key identifier:   CE:3A:A5:BE:3E:6D:12:45:C8:5C:AF:54:66:1E:51:36:CF:01:9F:30
Certificate issuer:       /CN=63ef6ba7c75b0732465686b4f94bffe5c8f62e466a4f048b0a
Certificate serial:       23B5677809633DD9DAEC59B2F3E01723829C46F9
Authority key identifier: E5:2C:37:7F:6C:65:01:F9:CA:9E:EB:01:8F:66:22:B1:DC:E9:86:00
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/d7e20303-2390-47a7-b89c-842367be4584/63ef6ba7c75b0732465686b4f94bffe5c8f62e466a4f048b0a.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf7f518c5d017f949e0c8c42f5/0/3136322e3232332e36342e302f32312d3231203d3e20353434343736.roa
Signing time:             Tue 11 Jul 2023 00:12:56 +0000
ROA not before:           Tue 11 Jul 2023 00:07:56 +0000
ROA not after:            Tue 09 Jul 2024 00:12:56 +0000
asID:                     544476
IP address blocks:        162.223.64.0/21 maxlen: 21

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            23:b5:67:78:09:63:3d:d9:da:ec:59:b2:f3:e0:17:23:82:9c:46:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63ef6ba7c75b0732465686b4f94bffe5c8f62e466a4f048b0a
        Validity
            Not Before: Jul 11 00:07:56 2023 GMT
            Not After : Jul  9 00:12:56 2024 GMT
        Subject: CN=CE3AA5BE3E6D1245C85CAF54661E5136CF019F30
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:78:76:47:68:fb:83:a9:59:7f:66:52:f4:dd:
                    ba:16:c1:16:5d:bb:93:bc:ed:b8:66:25:ce:76:d4:
                    c1:2e:88:3b:f8:93:cc:89:7b:ec:79:b3:4a:60:7e:
                    14:4f:43:97:5a:af:7a:37:8f:8c:00:c7:e7:85:fa:
                    ae:32:dd:84:d8:44:e5:dd:eb:98:3c:59:df:0c:ba:
                    47:c4:eb:46:be:c5:81:0c:85:17:03:10:15:e8:4e:
                    3d:47:91:f8:96:00:06:ac:e9:c2:67:41:39:4e:4c:
                    6a:86:1b:f5:fe:09:b3:07:36:2a:80:38:a9:e7:14:
                    07:72:03:78:67:57:93:80:75:1e:78:cb:c8:01:04:
                    04:f0:f3:37:1c:82:62:85:df:19:07:f6:0e:59:ba:
                    04:ac:3d:8f:fe:64:9d:db:d1:4f:06:5b:09:04:cb:
                    89:73:78:8d:a6:a6:94:9a:80:e6:43:9b:2a:9f:31:
                    3a:77:9d:8c:e7:c1:7b:34:91:d2:1d:77:16:5a:e5:
                    11:e6:08:3d:db:e0:6a:a3:6b:95:76:f2:d3:6f:24:
                    b4:cd:5e:9c:33:8a:40:69:cd:f2:e9:a2:cc:5b:a2:
                    17:81:05:da:97:c1:66:cb:d8:bf:45:0c:6a:00:57:
                    86:db:06:f1:39:57:57:99:ff:8b:69:09:5e:e7:c1:
                    b0:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:3A:A5:BE:3E:6D:12:45:C8:5C:AF:54:66:1E:51:36:CF:01:9F:30
            X509v3 Authority Key Identifier:
                keyid:E5:2C:37:7F:6C:65:01:F9:CA:9E:EB:01:8F:66:22:B1:DC:E9:86:00

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf7f518c5d017f949e0c8c42f5/0/E52C377F6C6501F9CA9EEB018F6622B1DCE98600.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/d7e20303-2390-47a7-b89c-842367be4584/63ef6ba7c75b0732465686b4f94bffe5c8f62e466a4f048b0a.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf7f518c5d017f949e0c8c42f5/0/3136322e3232332e36342e302f32312d3231203d3e20353434343736.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  162.223.64.0/21

    Signature Algorithm: sha256WithRSAEncryption
         bf:7b:0b:61:0f:65:94:31:85:4d:03:a6:30:a9:87:e3:71:5e:
         5b:23:61:be:a2:df:7c:79:2d:9c:c5:ec:9b:f5:08:63:7d:17:
         61:26:23:63:d4:25:aa:a1:a4:f6:ca:26:97:7a:6e:6f:68:5c:
         6e:c8:e3:69:13:3b:f7:f3:2f:5d:7d:b4:59:d1:95:79:bb:43:
         92:09:89:96:29:f7:c6:df:83:0b:3c:c8:97:db:94:d5:4e:48:
         ff:3a:44:f6:6f:19:60:26:3c:6e:6b:f5:40:a0:c3:bd:77:06:
         98:81:02:ab:84:3a:5a:2c:c1:c6:06:b5:3c:57:d1:f9:bd:d7:
         42:34:6a:fa:db:21:39:2f:fa:02:e4:e5:39:6f:0f:dd:18:21:
         b7:a4:e3:e2:65:26:b0:f8:8f:50:c5:b3:01:cf:87:94:73:84:
         63:e1:a3:35:9f:bb:bb:97:a1:ee:26:59:3e:bf:be:db:b9:a7:
         26:e7:fe:8e:d9:f4:d3:a9:60:fd:15:f1:7c:67:a8:b1:a6:d3:
         13:92:72:bb:46:21:da:70:0d:1f:fc:e7:54:f7:1e:d3:52:ae:
         86:d9:9e:2c:ab:8d:d6:17:6e:dd:20:8d:06:e8:44:9a:21:40:
         6a:87:68:a9:ef:cf:ac:b5:3a:12:2c:d2:ac:51:8a:6f:a6:06:
         58:f2:d2:d2
-----BEGIN CERTIFICATE-----
MIIFtDCCBJygAwIBAgIUI7VneAljPdna7Fmy8+AXI4KcRvkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNjNlZjZiYTdjNzViMDczMjQ2NTY4NmI0Zjk0YmZmZTVj
OGY2MmU0NjZhNGYwNDhiMGEwHhcNMjMwNzExMDAwNzU2WhcNMjQwNzA5MDAxMjU2
WjAzMTEwLwYDVQQDEyhDRTNBQTVCRTNFNkQxMjQ1Qzg1Q0FGNTQ2NjFFNTEzNkNG
MDE5RjMwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7Xh2R2j7g6lZ
f2ZS9N26FsEWXbuTvO24ZiXOdtTBLog7+JPMiXvsebNKYH4UT0OXWq96N4+MAMfn
hfquMt2E2ETl3euYPFnfDLpHxOtGvsWBDIUXAxAV6E49R5H4lgAGrOnCZ0E5Tkxq
hhv1/gmzBzYqgDip5xQHcgN4Z1eTgHUeeMvIAQQE8PM3HIJihd8ZB/YOWboErD2P
/mSd29FPBlsJBMuJc3iNpqaUmoDmQ5sqnzE6d52M58F7NJHSHXcWWuUR5gg92+Bq
o2uVdvLTbyS0zV6cM4pAac3y6aLMW6IXgQXal8Fmy9i/RQxqAFeG2wbxOVdXmf+L
aQle58GwpQIDAQABo4ICtDCCArAwHQYDVR0OBBYEFM46pb4+bRJFyFyvVGYeUTbP
AZ8wMB8GA1UdIwQYMBaAFOUsN39sZQH5yp7rAY9mIrHc6YYAMA4GA1UdDwEB/wQE
AwIHgDCBhQYDVR0fBH4wfDB6oHigdoZ0cnN5bmM6Ly9ycGtpLXJwcy5hcmluLm5l
dC9yZXBvc2l0b3J5LzhhODQ4YWRmN2Y1MThjNWQwMTdmOTQ5ZTBjOGM0MmY1LzAv
RTUyQzM3N0Y2QzY1MDFGOUNBOUVFQjAxOEY2NjIyQjFEQ0U5ODYwMC5jcmwwgfMG
CCsGAQUFBwEBBIHmMIHjMIHgBggrBgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmlu
Lm5ldC9yZXBvc2l0b3J5L2FyaW4tcnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2Ut
YjA4Yy0yMTcxZGEyMTU3ZDMvNTIxZWIzM2YtOTY3Mi00Y2Q5LWFjY2UtMTM3MjI3
ZTk3MWFjL2Q3ZTIwMzAzLTIzOTAtNDdhNy1iODljLTg0MjM2N2JlNDU4NC82M2Vm
NmJhN2M3NWIwNzMyNDY1Njg2YjRmOTRiZmZlNWM4ZjYyZTQ2NmE0ZjA0OGIwYS5j
ZXIwgaQGCCsGAQUFBwELBIGXMIGUMIGRBggrBgEFBQcwC4aBhHJzeW5jOi8vcnBr
aS1ycHMuYXJpbi5uZXQvcmVwb3NpdG9yeS84YTg0OGFkZjdmNTE4YzVkMDE3Zjk0
OWUwYzhjNDJmNS8wLzMxMzYzMjJlMzIzMjMzMmUzNjM0MmUzMDJmMzIzMTJkMzIz
MTIwM2QzZTIwMzUzNDM0MzQzNzM2LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUF
Bw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDot9AMA0GCSqGSIb3DQEB
CwUAA4IBAQC/ewthD2WUMYVNA6YwqYfjcV5bI2G+ot98eS2cxeyb9QhjfRdhJiNj
1CWqoaT2yiaXem5vaFxuyONpEzv38y9dfbRZ0ZV5u0OSCYmWKffG34MLPMiX25TV
Tkj/OkT2bxlgJjxua/VAoMO9dwaYgQKrhDpaLMHGBrU8V9H5vddCNGr62yE5L/oC
5OU5bw/dGCG3pOPiZSaw+I9QxbMBz4eUc4Rj4aM1n7u7l6HuJlk+v77buacm5/6O
2fTTqWD9FfF8Z6ixptMTknK7RiHacA0f/OdU9x7TUq6G2Z4sq43WF27dII0G6ESa
IUBqh2ip78+stToSLNKsUYpvpgZY8tLS
-----END CERTIFICATE-----