Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/10c40112-bc85-4f75-9bb0-471ec84ba3fe/5703517a-33ad-36dc-90d2-8700336943f0.roa
File:                     5703517a-33ad-36dc-90d2-8700336943f0.roa (raw, json)
Hash identifier:          4NK3LdchYfgcbojK5KNYcnRHgAqMmtumMa+Gd95eTuI=
Subject key identifier:   B1:BA:43:97:88:29:D8:30:82:56:92:FD:73:56:DB:4C:43:06:37:E2
Certificate issuer:       /CN=10c40112-bc85-4f75-9bb0-471ec84ba3fe
Certificate serial:       010D0C9F4328584425CEA63CB4B39DFE85D58060
Authority key identifier: D8:E2:5C:0F:58:98:94:D9:C7:71:B2:BE:F6:62:B1:81:17:88:2A:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/10c40112-bc85-4f75-9bb0-471ec84ba3fe.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/10c40112-bc85-4f75-9bb0-471ec84ba3fe/5703517a-33ad-36dc-90d2-8700336943f0.roa
Signing time:             Fri 08 Dec 2023 14:00:20 +0000
ROA not before:           Fri 08 Dec 2023 14:00:20 +0000
ROA not after:            Thu 07 Mar 2024 14:00:20 +0000
asID:                     63436
IP address blocks:        138.43.120.0/21 maxlen: 21

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:44:25:ce:a6:3c:b4:b3:9d:fe:85:d5:80:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=10c40112-bc85-4f75-9bb0-471ec84ba3fe
        Validity
            Not Before: Dec  8 14:00:20 2023 GMT
            Not After : Mar  7 14:00:20 2024 GMT
        Subject: CN=dca212a3-4e13-4c0d-b166-41bcf003c6a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:e0:3a:3d:10:0c:78:f2:66:bd:4d:7e:66:26:
                    1d:c8:44:24:51:bb:fc:57:da:04:69:a3:89:3f:29:
                    6c:e2:78:c6:fa:98:52:f3:91:2e:c9:ed:af:fe:0c:
                    07:18:b3:4c:82:aa:86:b5:54:5c:e4:dd:15:63:fe:
                    21:70:54:0b:ee:91:74:ed:5b:9c:85:b6:6d:6b:ea:
                    b4:d9:f1:cd:af:f4:07:0c:27:09:d5:17:fe:7a:16:
                    0c:46:e9:62:49:ce:ca:a1:e8:98:aa:fa:05:8a:1c:
                    ec:84:6a:e9:e2:69:37:41:32:83:66:64:ef:14:82:
                    6e:98:dc:31:a3:28:69:85:6e:5c:ba:d8:3a:0f:d4:
                    5a:9f:09:b6:be:28:1f:b7:10:0d:21:8c:f0:91:d5:
                    d2:53:6c:8a:2e:06:08:61:27:04:63:78:c3:22:14:
                    cc:a8:54:d9:8b:96:cc:d8:f8:1e:2a:e5:d0:71:50:
                    7d:69:f4:e9:6d:3a:b4:8a:d4:0d:4f:e5:30:73:63:
                    c0:07:df:6a:c0:e2:05:52:29:91:88:88:64:70:86:
                    a4:6f:4c:2a:51:38:06:24:3e:2d:f2:83:a8:7f:0c:
                    4a:75:98:25:08:76:50:0c:0f:ce:de:ae:6d:b6:65:
                    74:01:fe:6e:69:b6:cc:45:fc:3b:45:44:e4:c8:ba:
                    64:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:BA:43:97:88:29:D8:30:82:56:92:FD:73:56:DB:4C:43:06:37:E2
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/10c40112-bc85-4f75-9bb0-471ec84ba3fe/5703517a-33ad-36dc-90d2-8700336943f0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/10c40112-bc85-4f75-9bb0-471ec84ba3fe/10c40112-bc85-4f75-9bb0-471ec84ba3fe.crl

            X509v3 Authority Key Identifier:
                keyid:D8:E2:5C:0F:58:98:94:D9:C7:71:B2:BE:F6:62:B1:81:17:88:2A:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/10c40112-bc85-4f75-9bb0-471ec84ba3fe.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  138.43.120.0/21

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         08:e4:22:93:0f:96:4e:70:57:cf:ff:7c:e4:86:41:ae:45:22:
         47:ff:65:c4:89:9a:11:3e:34:83:7c:58:94:6d:67:95:cd:57:
         e6:ad:a8:31:a6:8b:23:1d:41:2d:f6:55:77:3f:0e:ad:58:0b:
         f9:cd:64:ec:b3:6f:f9:a6:2a:6f:e4:16:8b:56:83:bf:6b:c6:
         5b:e6:31:49:1b:ce:93:66:6f:8a:10:89:fc:2d:6b:79:59:64:
         3b:1c:35:f5:00:45:b9:7f:f0:26:f0:9a:ab:10:80:b4:e7:10:
         22:28:9c:24:49:2a:8d:a6:cb:bf:82:e3:9a:c2:65:f1:c7:b8:
         eb:ff:a0:3b:6a:18:6d:de:cd:b3:22:b3:1b:d8:9b:ce:ca:fd:
         61:f0:b7:83:00:b8:fd:2b:bb:24:b3:78:cc:74:01:67:fa:d5:
         72:b7:14:79:4e:46:64:8b:83:32:2e:c2:8d:66:e6:dc:c7:fe:
         41:e6:b6:5e:cc:63:ad:b9:ed:b2:3c:1e:f8:dd:bd:4c:a3:90:
         7e:3e:73:48:02:b8:47:fe:14:6b:b8:1c:e8:f6:34:ae:9b:a6:
         0f:79:8e:6e:92:a9:77:57:c5:53:8e:65:7a:7d:69:0e:f0:e2:
         28:a4:e9:d4:ac:52:4e:78:16:ff:fb:fd:1c:91:b0:87:3f:05:
         d6:65:0a:d7
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWEQlzqY8tLOd/oXVgGAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkMTBjNDAxMTItYmM4NS00Zjc1LTliYjAtNDcxZWM4NGJh
M2ZlMB4XDTIzMTIwODE0MDAyMFoXDTI0MDMwNzE0MDAyMFowLzEtMCsGA1UEAxMk
ZGNhMjEyYTMtNGUxMy00YzBkLWIxNjYtNDFiY2YwMDNjNmE5MIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8eA6PRAMePJmvU1+ZiYdyEQkUbv8V9oEaaOJ
Pyls4njG+phS85Euye2v/gwHGLNMgqqGtVRc5N0VY/4hcFQL7pF07VuchbZta+q0
2fHNr/QHDCcJ1Rf+ehYMRuliSc7KoeiYqvoFihzshGrp4mk3QTKDZmTvFIJumNwx
oyhphW5cutg6D9Ranwm2vigftxANIYzwkdXSU2yKLgYIYScEY3jDIhTMqFTZi5bM
2PgeKuXQcVB9afTpbTq0itQNT+Uwc2PAB99qwOIFUimRiIhkcIakb0wqUTgGJD4t
8oOofwxKdZglCHZQDA/O3q5ttmV0Af5uabbMRfw7RUTkyLpkNQIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFLG6Q5eIKdgwglaS/XNW20xDBjfiMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xMGM0
MDExMi1iYzg1LTRmNzUtOWJiMC00NzFlYzg0YmEzZmUvNTcwMzUxN2EtMzNhZC0z
NmRjLTkwZDItODcwMDMzNjk0M2YwLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy8wMzU3MjcyYy1h
NzlhLTQ1YmYtOTU4Ni05MmRkNDllZjMyMjMvMTBjNDAxMTItYmM4NS00Zjc1LTli
YjAtNDcxZWM4NGJhM2ZlLzEwYzQwMTEyLWJjODUtNGY3NS05YmIwLTQ3MWVjODRi
YTNmZS5jcmwwHwYDVR0jBBgwFoAU2OJcD1iYlNnHcbK+9mKxgReIKrgwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzAzNTcyNzJjLWE3OWEtNDVi
Zi05NTg2LTkyZGQ0OWVmMzIyMy8xMGM0MDExMi1iYzg1LTRmNzUtOWJiMC00NzFl
Yzg0YmEzZmUuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDiit4MFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBAAjkIpMPlk5wV8//fOSGQa5FIkf/ZcSJmhE+NIN8WJRtZ5XNV+atqDGm
iyMdQS32VXc/Dq1YC/nNZOyzb/mmKm/kFotWg79rxlvmMUkbzpNmb4oQifwta3lZ
ZDscNfUARbl/8CbwmqsQgLTnECIonCRJKo2my7+C45rCZfHHuOv/oDtqGG3ezbMi
sxvYm87K/WHwt4MAuP0ruySzeMx0AWf61XK3FHlORmSLgzIuwo1m5tzH/kHmtl7M
Y6257bI8HvjdvUyjkH4+c0gCuEf+FGu4HOj2NK6bpg95jm6SqXdXxVOOZXp9aQ7w
4iik6dSsUk54Fv/7/RyRsIc/BdZlCtc=
-----END CERTIFICATE-----