Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/ff9fa84e-9783-4a0b-a58d-6dc8e2433d33/a19802a2-c74d-44f8-b237-0dd4b946d6c1.roa
File:                     a19802a2-c74d-44f8-b237-0dd4b946d6c1.roa (raw, json)
Hash identifier:          3OO31wDT0ltM1wnZnEf/wMXVFl/WqjJVPWH7CK2ARxI=
Subject key identifier:   20:F9:80:C6:39:C6:A0:CA:75:3B:C7:32:A6:4A:88:59:12:F6:4A:1A
Certificate issuer:       /CN=1b1fe67321cf669f9c2b75369cc0fdd38c163c58b1d42d0107
Certificate serial:       24EC6F8C2A717FC9F24A725825A3F2933799C614
Authority key identifier: 15:F4:EF:04:F5:AF:23:96:C9:5F:16:42:E3:79:07:8B:48:8C:16:0B
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5b7fb122-dfdf-4c0c-b90d-3bc7a5feb82b/aaa76394-48fc-4ff3-b6aa-0693c55d758f/1b1fe67321cf669f9c2b75369cc0fdd38c163c58b1d42d0107.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/ff9fa84e-9783-4a0b-a58d-6dc8e2433d33/a19802a2-c74d-44f8-b237-0dd4b946d6c1.roa
Signing time:             Mon 22 Apr 2024 00:00:00 +0000
ROA not before:           Mon 22 Apr 2024 00:00:00 +0000
ROA not after:            Mon 27 May 2024 23:59:59 +0000
asID:                     35916
IP address blocks:        173.82.137.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            24:ec:6f:8c:2a:71:7f:c9:f2:4a:72:58:25:a3:f2:93:37:99:c6:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b1fe67321cf669f9c2b75369cc0fdd38c163c58b1d42d0107
        Validity
            Not Before: Apr 22 00:00:00 2024 GMT
            Not After : May 27 23:59:59 2024 GMT
        Subject: serialNumber=3f03d4b73d1faf15397a3a08fc5d5ca59687662c529d74f108de5d5922851091, CN=35095e3e-84cb-4ad0-bda1-6c6f8da69f61
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:56:ce:0f:ef:f7:73:94:19:f7:7d:15:63:12:
                    08:80:03:10:f9:9d:50:e0:ea:a6:9e:f2:0c:6f:a3:
                    3b:1e:31:93:06:79:a4:96:d4:7b:0e:3c:6f:09:06:
                    2f:6c:c6:94:ef:e7:fd:25:6e:3e:f3:38:71:36:65:
                    97:5a:6e:bb:7b:03:e1:a0:73:24:9a:d8:b3:1a:d5:
                    38:2a:ce:0e:66:52:a2:98:78:15:4c:11:b6:5c:8b:
                    74:47:ba:2a:5b:bf:f4:25:56:6a:b5:64:ea:1e:cc:
                    c9:2d:cb:5d:53:48:53:32:0c:bf:a4:82:50:66:c9:
                    0f:99:9d:1e:25:98:c9:6d:16:a3:07:47:dc:73:89:
                    a4:00:fd:cc:70:f9:d9:b3:3e:0c:18:69:de:24:dc:
                    83:de:7c:ed:63:d4:fa:ca:00:11:1a:21:41:e1:5f:
                    4d:ec:d5:53:15:96:b3:72:1d:96:ce:b1:94:25:8c:
                    84:a8:a4:54:69:19:1b:ed:9f:26:dc:f4:a3:dd:44:
                    49:cf:13:b1:af:33:19:c7:70:4d:04:ed:03:09:5a:
                    22:c7:35:c1:5b:e4:0a:9a:09:f6:f8:4b:c4:75:53:
                    bb:bf:59:df:42:3b:da:fc:c7:cc:df:24:d8:ba:da:
                    31:eb:05:01:df:ae:83:f2:32:e6:b2:7c:f0:c2:c3:
                    62:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:F9:80:C6:39:C6:A0:CA:75:3B:C7:32:A6:4A:88:59:12:F6:4A:1A
            X509v3 Authority Key Identifier:
                keyid:15:F4:EF:04:F5:AF:23:96:C9:5F:16:42:E3:79:07:8B:48:8C:16:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5b7fb122-dfdf-4c0c-b90d-3bc7a5feb82b/aaa76394-48fc-4ff3-b6aa-0693c55d758f/1b1fe67321cf669f9c2b75369cc0fdd38c163c58b1d42d0107.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/ff9fa84e-9783-4a0b-a58d-6dc8e2433d33/a19802a2-c74d-44f8-b237-0dd4b946d6c1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/ff9fa84e-9783-4a0b-a58d-6dc8e2433d33/z2afnCt1NpzA_dOMFjxYsdQtAQc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  173.82.137.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:c8:03:59:b3:9e:ab:20:a0:f5:99:55:17:87:af:19:d0:26:
         6f:8d:93:5b:46:c6:17:6b:6f:d6:ad:a4:33:12:d7:ab:b6:28:
         c3:64:dd:99:d2:89:7a:1c:06:cb:bc:5a:cc:d3:ef:96:cf:45:
         eb:87:1e:ad:54:18:36:2c:e5:92:ab:d0:63:cd:fc:ed:ff:f2:
         63:2f:29:14:34:bf:aa:2d:7d:6e:36:93:5c:14:df:3a:88:52:
         32:70:bf:0a:15:28:a3:5b:b9:f0:10:f4:e7:0c:7e:2e:01:60:
         68:bc:63:ec:84:2d:84:b6:b4:73:85:a4:e8:c1:fd:f6:b1:c6:
         85:50:82:c1:42:97:17:cc:e4:ac:67:22:91:ab:5e:f2:5c:28:
         3e:fa:36:b5:59:dd:eb:c0:33:1e:a0:d6:d9:20:6a:61:58:89:
         4f:74:c9:40:13:f3:89:4f:4f:1c:b4:cd:98:c4:6f:71:e8:aa:
         7d:6a:54:12:08:86:6b:2d:5c:dd:ff:56:ed:25:b7:46:7e:1e:
         d0:42:92:65:93:12:59:03:0b:57:9d:c6:4b:5e:60:f5:f9:7d:
         8c:6e:d0:82:95:4d:22:66:7d:23:23:24:b3:2d:a6:51:f6:80:
         20:a1:7c:0e:2e:50:20:69:6b:7e:fc:f2:1d:cf:28:a8:e1:4f:
         71:d0:0c:90
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUJOxvjCpxf8nySnJYJaPykzeZxhQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMWIxZmU2NzMyMWNmNjY5ZjljMmI3NTM2OWNjMGZkZDM4
YzE2M2M1OGIxZDQyZDAxMDcwHhcNMjQwNDIyMDAwMDAwWhcNMjQwNTI3MjM1OTU5
WjB6MUkwRwYDVQQFE0AzZjAzZDRiNzNkMWZhZjE1Mzk3YTNhMDhmYzVkNWNhNTk2
ODc2NjJjNTI5ZDc0ZjEwOGRlNWQ1OTIyODUxMDkxMS0wKwYDVQQDEyQzNTA5NWUz
ZS04NGNiLTRhZDAtYmRhMS02YzZmOGRhNjlmNjEwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCcVs4P7/dzlBn3fRVjEgiAAxD5nVDg6qae8gxvozseMZMG
eaSW1HsOPG8JBi9sxpTv5/0lbj7zOHE2ZZdabrt7A+GgcySa2LMa1Tgqzg5mUqKY
eBVMEbZci3RHuipbv/QlVmq1ZOoezMkty11TSFMyDL+kglBmyQ+ZnR4lmMltFqMH
R9xziaQA/cxw+dmzPgwYad4k3IPefO1j1PrKABEaIUHhX03s1VMVlrNyHZbOsZQl
jISopFRpGRvtnybc9KPdREnPE7GvMxnHcE0E7QMJWiLHNcFb5AqaCfb4S8R1U7u/
Wd9CO9r8x8zfJNi62jHrBQHfroPyMuayfPDCw2L5AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUIPmAxjnGoMp1O8cypkqIWRL2ShowHwYDVR0jBBgwFoAUFfTvBPWvI5bJ
XxZC43kHi0iMFgswDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzViN2ZiMTIyLWRmZGYtNGMwYy1iOTBkLTNiYzdhNWZlYjgyYi9hYWE3NjM5NC00
OGZjLTRmZjMtYjZhYS0wNjkzYzU1ZDc1OGYvMWIxZmU2NzMyMWNmNjY5ZjljMmI3
NTM2OWNjMGZkZDM4YzE2M2M1OGIxZDQyZDAxMDcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZmY5ZmE4NGUtOTc4My00YTBiLWE1OGQtNmRj
OGUyNDMzZDMzL2ExOTgwMmEyLWM3NGQtNDRmOC1iMjM3LTBkZDRiOTQ2ZDZjMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2ZmOWZhODRlLTk3ODMtNGEwYi1hNThk
LTZkYzhlMjQzM2QzMy96MmFmbkN0MU5wekFfZE9NRmp4WXNkUXRBUWMuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBACtUokwDQYJKoZIhvcNAQELBQADggEBAB/IA1mznqsgoPWZVReHrxnQJm+N
k1tGxhdrb9atpDMS16u2KMNk3ZnSiXocBsu8WszT75bPReuHHq1UGDYs5ZKr0GPN
/O3/8mMvKRQ0v6otfW42k1wU3zqIUjJwvwoVKKNbufAQ9OcMfi4BYGi8Y+yELYS2
tHOFpOjB/faxxoVQgsFClxfM5KxnIpGrXvJcKD76NrVZ3evAMx6g1tkgamFYiU90
yUAT84lPTxy0zZjEb3Hoqn1qVBIIhmstXN3/Vu0lt0Z+HtBCkmWTElkDC1edxkte
YPX5fYxu0IKVTSJmfSMjJLMtplH2gCChfA4uUCBpa3788h3PKKjhT3HQDJA=
-----END CERTIFICATE-----