Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/eeff816f-42ef-47a6-ba61-7075adb85329/aab09d03-ceb6-3a2f-ab4e-719194f413ea.roa
File:                     aab09d03-ceb6-3a2f-ab4e-719194f413ea.roa (raw, json)
Hash identifier:          VAXVOZMkVPMnWyNyN1S162iOqBSeULnznKDpnSOm65A=
Subject key identifier:   03:00:81:93:7A:5A:98:33:02:CF:21:B9:F9:3E:8F:73:3E:2E:12:A4
Certificate issuer:       /CN=eeff816f-42ef-47a6-ba61-7075adb85329
Certificate serial:       010D0C9F432858426868BA9ADE72977E2D16A980
Authority key identifier: EA:59:7B:F3:71:88:6F:CC:1E:CD:EA:8D:55:10:E5:3D:CB:11:F4:7D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/eeff816f-42ef-47a6-ba61-7075adb85329.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/eeff816f-42ef-47a6-ba61-7075adb85329/aab09d03-ceb6-3a2f-ab4e-719194f413ea.roa
Signing time:             Sun 02 Jul 2023 01:00:17 +0000
ROA not before:           Sun 02 Jul 2023 01:00:17 +0000
ROA not after:            Sat 30 Sep 2023 01:00:17 +0000
asID:                     393457
IP address blocks:        64.191.32.0/20 maxlen: 24
                          23.128.0.0/24 maxlen: 24
                          2605:8780::/32 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:42:68:68:ba:9a:de:72:97:7e:2d:16:a9:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eeff816f-42ef-47a6-ba61-7075adb85329
        Validity
            Not Before: Jul  2 01:00:17 2023 GMT
            Not After : Sep 30 01:00:17 2023 GMT
        Subject: CN=6ed09fd1-22bf-4ab7-929f-f6f175bf58a2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:87:bc:9f:2c:b2:58:60:eb:44:68:30:61:85:
                    9a:68:7e:31:1c:fe:b7:3c:7b:fd:42:71:de:4f:d4:
                    51:67:40:d4:26:c0:c2:37:61:9d:25:39:d3:43:42:
                    e5:5f:77:35:08:51:a7:34:db:94:e7:f0:5e:55:60:
                    e5:f1:d2:b7:93:5f:81:03:fc:a4:ac:aa:11:67:7f:
                    56:a9:48:59:b6:9c:bf:88:00:c5:de:3f:33:bb:32:
                    3e:7f:ad:e6:e9:94:e1:55:90:92:ac:23:b7:d5:79:
                    83:ee:77:44:53:27:82:d6:bb:28:1f:65:2e:ec:2a:
                    b1:13:e2:06:24:f2:30:54:91:76:66:c3:a7:e5:00:
                    ab:80:fe:52:38:f7:c5:81:dd:59:14:c4:70:5c:18:
                    59:9c:ce:52:7e:57:7a:89:55:2a:98:10:4f:91:79:
                    0b:88:3f:67:9b:c4:a1:7c:cc:da:aa:fd:4a:f5:bc:
                    85:fd:6e:fd:4b:ab:3b:2c:ba:12:7a:21:bf:6e:05:
                    f2:e4:25:95:30:b1:c8:ec:dd:5a:94:b8:d4:88:11:
                    b8:17:ba:ec:0c:ad:ee:a0:61:0a:0f:68:50:d9:77:
                    8e:b6:67:41:5a:b3:ad:a5:bd:62:03:55:c6:ee:88:
                    84:e4:10:1c:79:91:0c:36:5e:94:d6:93:11:69:e3:
                    78:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:00:81:93:7A:5A:98:33:02:CF:21:B9:F9:3E:8F:73:3E:2E:12:A4
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/eeff816f-42ef-47a6-ba61-7075adb85329/aab09d03-ceb6-3a2f-ab4e-719194f413ea.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/eeff816f-42ef-47a6-ba61-7075adb85329/eeff816f-42ef-47a6-ba61-7075adb85329.crl

            X509v3 Authority Key Identifier:
                keyid:EA:59:7B:F3:71:88:6F:CC:1E:CD:EA:8D:55:10:E5:3D:CB:11:F4:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/eeff816f-42ef-47a6-ba61-7075adb85329.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.128.0.0/24
                  64.191.32.0/20
                IPv6:
                  2605:8780::/32

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         0f:90:ed:40:e3:d4:c2:fc:77:81:fe:d8:51:82:5f:31:e9:95:
         1f:eb:27:f7:95:ed:9f:d2:2d:78:17:34:bb:bb:44:d9:b6:2d:
         53:8d:e1:dd:7a:96:44:f7:7b:1a:35:fe:40:e8:01:aa:a5:ed:
         4d:84:af:45:4b:47:e3:80:73:8f:fd:92:4f:34:0d:e4:60:e0:
         eb:86:eb:b6:22:88:10:cf:a9:38:e5:b6:39:21:f5:d7:ac:ac:
         f4:c9:05:29:07:d2:43:41:0b:37:aa:51:b8:10:58:8f:0c:3b:
         18:bb:67:a1:fa:20:9f:27:e5:f3:fc:6b:db:39:c7:cd:1a:f0:
         55:e3:69:9a:08:aa:dc:5a:50:ac:72:74:dc:53:02:c8:70:e1:
         7e:7b:63:3a:d6:1c:62:53:b0:8c:53:3a:b2:77:3f:bf:9a:29:
         cd:ad:9c:86:74:6e:3f:f8:45:fa:4f:b4:cb:51:c9:d0:47:e6:
         0a:27:e8:69:21:3e:6e:ba:65:2e:61:87:11:08:8d:11:b3:05:
         be:f5:db:d8:fc:1c:a7:37:dd:a0:26:1e:40:c6:d2:c4:66:75:
         96:82:ba:00:b1:f1:82:91:52:07:5f:ab:b1:46:2c:e1:af:92:
         42:d9:99:eb:0e:9b:5f:ec:80:fb:16:6f:b1:36:36:af:40:9f:
         22:04:36:e0
-----BEGIN CERTIFICATE-----
MIIGWDCCBUCgAwIBAgIUAQ0Mn0MoWEJoaLqa3nKXfi0WqYAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkZWVmZjgxNmYtNDJlZi00N2E2LWJhNjEtNzA3NWFkYjg1
MzI5MB4XDTIzMDcwMjAxMDAxN1oXDTIzMDkzMDAxMDAxN1owLzEtMCsGA1UEAxMk
NmVkMDlmZDEtMjJiZi00YWI3LTkyOWYtZjZmMTc1YmY1OGEyMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiIe8nyyyWGDrRGgwYYWaaH4xHP63PHv9QnHe
T9RRZ0DUJsDCN2GdJTnTQ0LlX3c1CFGnNNuU5/BeVWDl8dK3k1+BA/ykrKoRZ39W
qUhZtpy/iADF3j8zuzI+f63m6ZThVZCSrCO31XmD7ndEUyeC1rsoH2Uu7CqxE+IG
JPIwVJF2ZsOn5QCrgP5SOPfFgd1ZFMRwXBhZnM5Sfld6iVUqmBBPkXkLiD9nm8Sh
fMzaqv1K9byF/W79S6s7LLoSeiG/bgXy5CWVMLHI7N1alLjUiBG4F7rsDK3uoGEK
D2hQ2XeOtmdBWrOtpb1iA1XG7oiE5BAceZEMNl6U1pMRaeN4NwIDAQABo4IDajCC
A2YwHQYDVR0OBBYEFAMAgZN6WpgzAs8hufk+j3M+LhKkMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy9lZWZm
ODE2Zi00MmVmLTQ3YTYtYmE2MS03MDc1YWRiODUzMjkvYWFiMDlkMDMtY2ViNi0z
YTJmLWFiNGUtNzE5MTk0ZjQxM2VhLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy8wMzU3MjcyYy1h
NzlhLTQ1YmYtOTU4Ni05MmRkNDllZjMyMjMvZWVmZjgxNmYtNDJlZi00N2E2LWJh
NjEtNzA3NWFkYjg1MzI5L2VlZmY4MTZmLTQyZWYtNDdhNi1iYTYxLTcwNzVhZGI4
NTMyOS5jcmwwHwYDVR0jBBgwFoAU6ll783GIb8wezeqNVRDlPcsR9H0wDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzAzNTcyNzJjLWE3OWEtNDVi
Zi05NTg2LTkyZGQ0OWVmMzIyMy9lZWZmODE2Zi00MmVmLTQ3YTYtYmE2MS03MDc1
YWRiODUzMjkuY2VyMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAF4AAAwQE
QL8gMA0EAgACMAcDBQAmBYeAMFQGA1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4
BggrBgEFBQcCARYsaHR0cHM6Ly93d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kv
Y3BzLmh0bWwwDQYJKoZIhvcNAQELBQADggEBAA+Q7UDj1ML8d4H+2FGCXzHplR/r
J/eV7Z/SLXgXNLu7RNm2LVON4d16lkT3exo1/kDoAaql7U2Er0VLR+OAc4/9kk80
DeRg4OuG67YiiBDPqTjltjkh9desrPTJBSkH0kNBCzeqUbgQWI8MOxi7Z6H6IJ8n
5fP8a9s5x80a8FXjaZoIqtxaUKxydNxTAshw4X57YzrWHGJTsIxTOrJ3P7+aKc2t
nIZ0bj/4RfpPtMtRydBH5gon6GkhPm66ZS5hhxEIjRGzBb7129j8HKc33aAmHkDG
0sRmdZaCugCx8YKRUgdfq7FGLOGvkkLZmesOm1/sgPsWb7E2Nq9AnyIENuA=
-----END CERTIFICATE-----