Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e01856490f4453b7b/0/3230362e3230392e3231302e302f32342d3234203d3e20323035383137.roa
File:                     3230362e3230392e3231302e302f32342d3234203d3e20323035383137.roa (raw, json)
Hash identifier:          sigN4pA5uk5Y2rfjvaB6qCqOHQ2BrKL70iorAw4fkVY=
Subject key identifier:   16:D2:F1:18:27:C6:D5:88:75:3E:BF:9E:DC:B1:B0:B5:9F:68:8D:E9
Certificate issuer:       /CN=ede78162c790f7ae09c1f534cc7a2cf48471a263d94ccf7fb2
Certificate serial:       4F14077C0AF743DC4C7DCA8036455BA5DD9DC37A
Authority key identifier: D3:F9:CD:28:8A:96:34:B5:39:63:8F:E7:DF:A6:C8:54:27:C3:03:F9
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/43b7fbf4-4def-4904-87fd-e598bf9cf2e3/ede78162c790f7ae09c1f534cc7a2cf48471a263d94ccf7fb2.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e01856490f4453b7b/0/3230362e3230392e3231302e302f32342d3234203d3e20323035383137.roa
Signing time:             Fri 30 Dec 2022 19:54:22 +0000
ROA not before:           Fri 30 Dec 2022 19:49:22 +0000
ROA not after:            Fri 29 Dec 2023 19:54:22 +0000
asID:                     205817
IP address blocks:        206.209.210.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4f:14:07:7c:0a:f7:43:dc:4c:7d:ca:80:36:45:5b:a5:dd:9d:c3:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ede78162c790f7ae09c1f534cc7a2cf48471a263d94ccf7fb2
        Validity
            Not Before: Dec 30 19:49:22 2022 GMT
            Not After : Dec 29 19:54:22 2023 GMT
        Subject: CN=16D2F11827C6D588753EBF9EDCB1B0B59F688DE9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:aa:eb:d7:1d:55:a9:1d:ba:2d:48:8c:dd:09:
                    2b:c1:54:5e:46:0d:1c:97:53:2f:b6:e2:e8:3b:da:
                    63:25:4d:50:6c:aa:88:a6:8c:32:2e:b1:8a:8c:a1:
                    0a:8f:63:bd:3e:d6:3b:fa:fc:a7:b4:8a:60:11:fe:
                    96:47:20:ac:22:06:fb:e2:b0:39:db:08:ab:7a:68:
                    a1:1c:ae:a5:ba:e6:b6:17:13:f5:0b:e0:44:71:74:
                    59:d8:1d:4e:dc:55:9d:a4:99:ad:19:bc:11:49:90:
                    2b:a2:57:be:5c:bf:bd:8b:c1:e1:30:7e:92:80:50:
                    26:69:d7:4d:b6:5a:ec:c2:2d:99:d6:57:01:25:e2:
                    99:de:9f:a7:58:99:23:fe:12:e3:46:cc:08:8a:a3:
                    16:34:2f:b0:3f:b2:83:db:92:bb:00:30:52:e6:ef:
                    20:51:9c:64:f6:61:3d:62:48:22:55:f5:3f:26:0a:
                    9a:f2:e0:45:40:42:fe:30:3a:ed:90:ce:4d:ba:dd:
                    80:05:24:48:75:1d:a2:09:d2:32:ef:74:93:44:48:
                    eb:b5:23:87:45:6a:9a:72:d1:ef:7a:44:68:9f:88:
                    4c:a7:40:be:9d:ef:14:59:5b:95:c2:91:69:7a:0f:
                    b1:e8:bf:31:7b:b3:e7:7f:c8:72:cd:f2:5c:20:01:
                    c3:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:D2:F1:18:27:C6:D5:88:75:3E:BF:9E:DC:B1:B0:B5:9F:68:8D:E9
            X509v3 Authority Key Identifier:
                keyid:D3:F9:CD:28:8A:96:34:B5:39:63:8F:E7:DF:A6:C8:54:27:C3:03:F9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e01856490f4453b7b/0/D3F9CD288A9634B539638FE7DFA6C85427C303F9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/43b7fbf4-4def-4904-87fd-e598bf9cf2e3/ede78162c790f7ae09c1f534cc7a2cf48471a263d94ccf7fb2.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e01856490f4453b7b/0/3230362e3230392e3231302e302f32342d3234203d3e20323035383137.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  206.209.210.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:13:1e:e0:7e:e9:43:d9:4f:78:31:1c:b8:d9:5a:03:47:c2:
         e7:4d:41:37:75:11:2f:94:61:c6:18:02:25:51:f2:0b:0b:d2:
         21:67:00:2f:e5:2d:52:64:7c:71:d1:29:dd:56:e5:a8:0c:b6:
         47:bc:dc:95:43:72:67:51:9f:01:3c:90:f8:6d:c3:a8:d8:17:
         f4:d3:ae:4c:56:fd:e0:56:e6:ea:3a:58:a4:6d:01:58:ad:b4:
         ad:94:62:b0:c4:a8:b8:44:48:38:c6:f5:80:03:2f:d3:20:98:
         5c:f1:b1:ea:4a:a7:f7:18:b5:ff:32:14:9d:07:d0:5a:a9:8a:
         09:96:48:da:93:81:6d:39:a2:b5:38:80:3b:2f:c4:48:40:9a:
         fc:52:c1:e6:fa:da:90:c1:ba:4e:20:be:a8:f2:b8:72:e5:cb:
         24:67:d0:26:15:7d:e2:b5:3f:92:2e:eb:ee:ae:13:16:60:f2:
         79:19:6f:d9:3e:fd:f2:73:d1:12:3e:ed:aa:c9:f4:81:6f:53:
         96:9b:f9:8f:e5:bc:52:b8:6c:e4:c8:3c:9c:33:9f:90:97:91:
         66:f6:ba:16:e0:33:d0:d2:d1:b8:c1:66:55:78:9a:fc:60:06:
         56:48:89:20:38:8a:aa:0c:8c:43:53:70:eb:72:23:d7:14:a8:
         d0:e0:ea:39
-----BEGIN CERTIFICATE-----
MIIFtjCCBJ6gAwIBAgIUTxQHfAr3Q9xMfcqANkVbpd2dw3owDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZWRlNzgxNjJjNzkwZjdhZTA5YzFmNTM0Y2M3YTJjZjQ4
NDcxYTI2M2Q5NGNjZjdmYjIwHhcNMjIxMjMwMTk0OTIyWhcNMjMxMjI5MTk1NDIy
WjAzMTEwLwYDVQQDEygxNkQyRjExODI3QzZENTg4NzUzRUJGOUVEQ0IxQjBCNTlG
Njg4REU5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1arr1x1VqR26
LUiM3QkrwVReRg0cl1MvtuLoO9pjJU1QbKqIpowyLrGKjKEKj2O9PtY7+vyntIpg
Ef6WRyCsIgb74rA52wiremihHK6luua2FxP1C+BEcXRZ2B1O3FWdpJmtGbwRSZAr
ole+XL+9i8HhMH6SgFAmaddNtlrswi2Z1lcBJeKZ3p+nWJkj/hLjRswIiqMWNC+w
P7KD25K7ADBS5u8gUZxk9mE9YkgiVfU/Jgqa8uBFQEL+MDrtkM5Nut2ABSRIdR2i
CdIy73STREjrtSOHRWqactHvekRon4hMp0C+ne8UWVuVwpFpeg+x6L8xe7Pnf8hy
zfJcIAHDDQIDAQABo4ICtjCCArIwHQYDVR0OBBYEFBbS8RgnxtWIdT6/ntyxsLWf
aI3pMB8GA1UdIwQYMBaAFNP5zSiKljS1OWOP59+myFQnwwP5MA4GA1UdDwEB/wQE
AwIHgDCBhQYDVR0fBH4wfDB6oHigdoZ0cnN5bmM6Ly9ycGtpLXJwcy5hcmluLm5l
dC9yZXBvc2l0b3J5LzhhODQ4YWRmODUwZDA2M2UwMTg1NjQ5MGY0NDUzYjdiLzAv
RDNGOUNEMjg4QTk2MzRCNTM5NjM4RkU3REZBNkM4NTQyN0MzMDNGOS5jcmwwgfMG
CCsGAQUFBwEBBIHmMIHjMIHgBggrBgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmlu
Lm5ldC9yZXBvc2l0b3J5L2FyaW4tcnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2Ut
YjA4Yy0yMTcxZGEyMTU3ZDMvMDM1NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5
ZWYzMjIzLzQzYjdmYmY0LTRkZWYtNDkwNC04N2ZkLWU1OThiZjljZjJlMy9lZGU3
ODE2MmM3OTBmN2FlMDljMWY1MzRjYzdhMmNmNDg0NzFhMjYzZDk0Y2NmN2ZiMi5j
ZXIwgaYGCCsGAQUFBwELBIGZMIGWMIGTBggrBgEFBQcwC4aBhnJzeW5jOi8vcnBr
aS1ycHMuYXJpbi5uZXQvcmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTY0
OTBmNDQ1M2I3Yi8wLzMyMzAzNjJlMzIzMDM5MmUzMjMxMzAyZTMwMmYzMjM0MmQz
MjM0MjAzZDNlMjAzMjMwMzUzODMxMzcucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYB
BQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADO0dIwDQYJKoZIhvcN
AQELBQADggEBADcTHuB+6UPZT3gxHLjZWgNHwudNQTd1ES+UYcYYAiVR8gsL0iFn
AC/lLVJkfHHRKd1W5agMtke83JVDcmdRnwE8kPhtw6jYF/TTrkxW/eBW5uo6WKRt
AVittK2UYrDEqLhESDjG9YADL9MgmFzxsepKp/cYtf8yFJ0H0FqpigmWSNqTgW05
orU4gDsvxEhAmvxSweb62pDBuk4gvqjyuHLlyyRn0CYVfeK1P5Iu6+6uExZg8nkZ
b9k+/fJz0RI+7arJ9IFvU5ab+Y/lvFK4bOTIPJwzn5CXkWb2uhbgM9DS0bjBZlV4
mvxgBlZIiSA4iqoMjENTcOtyI9cUqNDg6jk=
-----END CERTIFICATE-----