Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/3/3130332e3231342e36382e302f32322d3234203d3e203631313338.roa
File:                     3130332e3231342e36382e302f32322d3234203d3e203631313338.roa (raw, json)
Hash identifier:          dGbIOvcRNHTA7hG1uAWdopvMJ48C6qJsCcPcvrmxo9w=
Subject key identifier:   AF:A6:3B:F8:B5:C3:67:74:A4:24:EA:57:60:21:EB:A6:27:51:4F:68
Certificate issuer:       /CN=A91115900000/serialNumber=5953AC0A64BF9656B442D3C32313435ECB495F68
Certificate serial:       28EC2AEB64622F8F8BB01C4571DAB0E0BBD9034C
Authority key identifier: 59:53:AC:0A:64:BF:96:56:B4:42:D3:C3:23:13:43:5E:CB:49:5F:68
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/WVOsCmS_lla0QtPDIxNDXstJX2g.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/3/3130332e3231342e36382e302f32322d3234203d3e203631313338.roa
Signing time:             Tue 03 Jan 2023 02:07:02 +0000
ROA not before:           Tue 03 Jan 2023 02:02:02 +0000
ROA not after:            Tue 02 Jan 2024 02:07:02 +0000
asID:                     61138
IP address blocks:        103.214.68.0/22 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:ec:2a:eb:64:62:2f:8f:8b:b0:1c:45:71:da:b0:e0:bb:d9:03:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91115900000/serialNumber=5953AC0A64BF9656B442D3C32313435ECB495F68
        Validity
            Not Before: Jan  3 02:02:02 2023 GMT
            Not After : Jan  2 02:07:02 2024 GMT
        Subject: CN=AFA63BF8B5C36774A424EA576021EBA627514F68
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:c1:d6:1f:06:ff:0a:8c:53:fb:34:2a:29:38:
                    de:be:a5:8e:00:27:aa:26:c4:78:01:a9:d4:0c:14:
                    52:01:65:7c:33:24:fe:d8:79:7f:62:88:68:51:a3:
                    da:73:a4:24:c0:c3:c7:e0:9f:39:f3:1c:79:4f:06:
                    a1:ba:d6:8d:b3:ed:1b:3c:a8:85:98:c7:1f:77:7f:
                    92:44:8c:3b:53:29:04:7d:c4:1c:6a:80:94:73:84:
                    7e:08:18:0e:29:d1:26:a3:07:0a:89:d6:c1:47:3b:
                    50:72:f0:88:64:ee:27:17:f5:7c:26:49:4c:b6:24:
                    b8:65:59:04:d2:97:09:f9:e8:70:8d:d7:fc:9f:55:
                    3e:d5:20:ca:60:42:b7:66:dc:ad:2d:b0:b0:1e:6c:
                    17:ba:31:01:da:31:0a:22:f0:b2:35:37:51:56:93:
                    49:ef:c8:85:c0:dd:58:f2:eb:52:d6:94:03:c9:13:
                    3d:f6:b1:5d:13:d1:ef:e0:ea:f7:3b:ff:17:d4:c2:
                    e3:95:10:18:4d:49:b5:29:df:43:fd:04:0a:e4:42:
                    c0:0a:c9:eb:99:bc:f3:e0:aa:0e:53:c7:43:34:78:
                    c8:70:11:76:23:b6:a9:48:05:8e:75:03:38:54:ac:
                    49:a6:e6:f4:7a:fa:a2:bc:83:14:aa:0b:c6:e7:83:
                    13:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:A6:3B:F8:B5:C3:67:74:A4:24:EA:57:60:21:EB:A6:27:51:4F:68
            X509v3 Authority Key Identifier:
                keyid:59:53:AC:0A:64:BF:96:56:B4:42:D3:C3:23:13:43:5E:CB:49:5F:68

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/3/5953AC0A64BF9656B442D3C32313435ECB495F68.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/WVOsCmS_lla0QtPDIxNDXstJX2g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/3/3130332e3231342e36382e302f32322d3234203d3e203631313338.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.214.68.0/22

    Signature Algorithm: sha256WithRSAEncryption
         53:86:3c:e0:bc:da:b1:3f:81:b2:4c:ce:fa:46:4f:b8:74:bd:
         f7:e6:37:c0:66:9a:a4:5e:7b:e0:72:d6:fc:3d:d1:53:7b:bd:
         b5:1c:8a:9f:c0:d1:35:63:fa:51:79:83:ff:9d:d8:ae:4e:53:
         e6:bf:23:82:e4:8d:5f:d5:fe:2a:82:32:8e:1e:44:10:f7:d4:
         e8:29:f1:84:e9:83:72:4b:d5:d3:68:0c:62:6f:37:5c:ea:e2:
         d9:cd:e6:e1:6b:c8:6f:ff:25:66:56:a5:2c:6c:3b:b2:2b:b2:
         e2:91:93:ae:11:53:da:00:fa:aa:db:8c:47:d0:1b:58:82:a5:
         3c:9e:5a:cd:6d:93:d9:36:6f:f5:9e:71:24:82:03:f8:be:3c:
         33:3b:fb:e3:be:98:83:e8:f6:17:5f:27:bb:8b:cb:7f:f5:ba:
         30:d3:e3:d5:99:fd:ea:2c:29:47:42:a7:b4:63:0c:ec:b8:74:
         a2:80:c8:93:93:29:04:50:11:50:4b:2c:36:b9:7e:c8:ef:ca:
         20:80:b3:77:c8:81:f2:68:4d:a4:38:d8:59:42:5e:87:fc:3e:
         0f:dc:14:48:0a:7f:d1:e5:51:e1:1f:16:d2:40:1a:d0:5b:26:
         5c:64:a7:9d:96:11:39:f6:32:23:1c:19:1d:5e:1e:1b:88:6b:
         53:2e:ff:09
-----BEGIN CERTIFICATE-----
MIIFSTCCBDGgAwIBAgIUKOwq62RiL4+LsBxFcdqw4LvZA0wwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxMTE1OTAwMDAwMTEwLwYDVQQFEyg1OTUzQUMwQTY0
QkY5NjU2QjQ0MkQzQzMyMzEzNDM1RUNCNDk1RjY4MB4XDTIzMDEwMzAyMDIwMloX
DTI0MDEwMjAyMDcwMlowMzExMC8GA1UEAxMoQUZBNjNCRjhCNUMzNjc3NEE0MjRF
QTU3NjAyMUVCQTYyNzUxNEY2ODCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANjB1h8G/wqMU/s0Kik43r6ljgAnqibEeAGp1AwUUgFlfDMk/th5f2KIaFGj
2nOkJMDDx+CfOfMceU8GobrWjbPtGzyohZjHH3d/kkSMO1MpBH3EHGqAlHOEfggY
DinRJqMHConWwUc7UHLwiGTuJxf1fCZJTLYkuGVZBNKXCfnocI3X/J9VPtUgymBC
t2bcrS2wsB5sF7oxAdoxCiLwsjU3UVaTSe/IhcDdWPLrUtaUA8kTPfaxXRPR7+Dq
9zv/F9TC45UQGE1JtSnfQ/0ECuRCwArJ65m88+CqDlPHQzR4yHARdiO2qUgFjnUD
OFSsSabm9Hr6oryDFKoLxueDEwcCAwEAAaOCAjwwggI4MB0GA1UdDgQWBBSvpjv4
tcNndKQk6ldgIeumJ1FPaDAfBgNVHSMEGDAWgBRZU6wKZL+WVrRC08MjE0Ney0lf
aDAOBgNVHQ8BAf8EBAMCB4AwgYUGA1UdHwR+MHwweqB4oHaGdHJzeW5jOi8vcnBr
aS1ycHMuYXJpbi5uZXQvcmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1
NWM5MWJlM2Y5ZC8zLzU5NTNBQzBBNjRCRjk2NTZCNDQyRDNDMzIzMTM0MzVFQ0I0
OTVGNjguY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9y
cGtpLmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3
QzcyRkQxRkYyL1dWT3NDbVNfbGxhMFF0UERJeE5EWHN0SlgyZy5jZXIwgaIGCCsG
AQUFBwELBIGVMIGSMIGPBggrBgEFBQcwC4aBgnJzeW5jOi8vcnBraS1ycHMuYXJp
bi5uZXQvcmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5
ZC8zLzMxMzAzMzJlMzIzMTM0MmUzNjM4MmUzMDJmMzIzMjJkMzIzNDIwM2QzZTIw
MzYzMTMxMzMzOC5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEF
BQcBBwEB/wQQMA4wDAQCAAEwBgMEAmfWRDANBgkqhkiG9w0BAQsFAAOCAQEAU4Y8
4LzasT+BskzO+kZPuHS99+Y3wGaapF574HLW/D3RU3u9tRyKn8DRNWP6UXmD/53Y
rk5T5r8jguSNX9X+KoIyjh5EEPfU6CnxhOmDckvV02gMYm83XOri2c3m4WvIb/8l
ZlalLGw7siuy4pGTrhFT2gD6qtuMR9AbWIKlPJ5azW2T2TZv9Z5xJIID+L48Mzv7
476Yg+j2F18nu4vLf/W6MNPj1Zn96iwpR0KntGMM7Lh0ooDIk5MpBFARUEssNrl+
yO/KIICzd8iB8mhNpDjYWUJeh/w+D9wUSAp/0eVR4R8W0kAa0FsmXGSnnZYROfYy
IxwZHV4eG4hrUy7/CQ==
-----END CERTIFICATE-----
Generated at Mon Sep 18 19:45:06 2023 by rpki-client on console-ams.rpki-client.org