Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/23ddb57b-8888-40f4-bf17-518b6a50512d/65064b9e-2e62-38c2-be5d-3c09c566d4bb.roa
File:                     65064b9e-2e62-38c2-be5d-3c09c566d4bb.roa (raw, json)
Hash identifier:          wmQPmo7cuJgvjFWvOXO1l43prbu60igVQZMFCbQG0sQ=
Subject key identifier:   C5:93:3D:A6:A0:0A:2E:5D:92:C8:B8:8A:C3:DA:96:5E:76:58:D3:92
Certificate issuer:       /CN=23ddb57b-8888-40f4-bf17-518b6a50512d
Certificate serial:       010D0C9F432858383359AFFC42AFEBC2F39D4DC0
Authority key identifier: 17:88:7D:65:E8:CC:18:17:F2:EC:48:B8:91:53:8B:39:B3:F2:2D:74
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/23ddb57b-8888-40f4-bf17-518b6a50512d.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/23ddb57b-8888-40f4-bf17-518b6a50512d/65064b9e-2e62-38c2-be5d-3c09c566d4bb.roa
Signing time:             Thu 10 Jan 2019 05:00:00 +0000
ROA not before:           Thu 10 Jan 2019 05:00:00 +0000
ROA not after:            Tue 12 Mar 2024 04:00:00 +0000
asID:                     52468
IP address blocks:        204.199.151.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:38:33:59:af:fc:42:af:eb:c2:f3:9d:4d:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=23ddb57b-8888-40f4-bf17-518b6a50512d
        Validity
            Not Before: Jan 10 05:00:00 2019 GMT
            Not After : Mar 12 04:00:00 2024 GMT
        Subject: CN=060d7d42-b66a-4547-8efa-a824e3c0f5c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:3a:6a:6a:e7:e6:3a:03:b4:f8:1d:73:04:ba:
                    bb:95:b6:95:d8:87:cf:05:85:16:aa:dd:ee:f2:27:
                    76:dc:a2:8e:9f:45:c8:f5:a7:84:6b:fd:80:41:76:
                    9b:86:6b:56:26:ea:7d:d1:ba:86:26:e9:52:b5:1c:
                    de:8e:42:f8:24:66:1a:03:20:19:f8:18:be:1b:22:
                    d4:ad:c5:73:b2:a5:4a:3e:d1:5b:32:e0:51:cb:2a:
                    08:13:55:ba:ba:1b:d5:89:c1:69:36:ba:95:f9:a7:
                    0c:39:88:29:ad:66:b5:b5:e3:cb:8d:98:1c:c9:cd:
                    7c:61:91:a0:bf:a6:3a:80:5e:7d:b0:aa:16:0b:17:
                    d3:49:10:2c:5d:d8:51:fb:d1:9c:a6:80:31:cc:6a:
                    02:8f:14:32:f7:b9:ca:36:7c:27:19:ce:76:02:2c:
                    b9:9f:1f:7d:48:3d:ba:76:9f:2d:e3:43:84:a9:76:
                    a5:16:04:2d:85:94:25:38:ba:ca:07:ff:6c:f9:8e:
                    d0:67:03:46:f6:63:4e:54:6e:ec:93:e1:ef:d4:58:
                    b8:14:ef:37:08:bb:52:c2:38:9c:7b:18:70:57:86:
                    ea:86:a6:0a:9d:ec:29:df:af:cc:ef:eb:1a:19:9d:
                    f2:4b:e2:2c:de:a1:0d:f8:94:a9:64:a1:a7:d1:00:
                    56:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:93:3D:A6:A0:0A:2E:5D:92:C8:B8:8A:C3:DA:96:5E:76:58:D3:92
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/23ddb57b-8888-40f4-bf17-518b6a50512d/65064b9e-2e62-38c2-be5d-3c09c566d4bb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/23ddb57b-8888-40f4-bf17-518b6a50512d/23ddb57b-8888-40f4-bf17-518b6a50512d.crl

            X509v3 Authority Key Identifier:
                keyid:17:88:7D:65:E8:CC:18:17:F2:EC:48:B8:91:53:8B:39:B3:F2:2D:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/23ddb57b-8888-40f4-bf17-518b6a50512d.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  204.199.151.0/24

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         13:d0:96:28:97:ac:72:74:60:1a:c3:3a:c1:b5:78:74:a3:92:
         b2:96:1d:fe:8f:89:bc:af:2e:44:2f:13:9f:a0:d1:5a:7e:db:
         1d:5d:a0:0e:e0:30:05:d5:59:05:4b:74:34:ee:ee:c9:c8:6b:
         9e:bd:7c:91:2f:71:fc:f6:5b:87:d6:80:e4:32:6b:e2:09:87:
         d8:67:89:2f:60:9f:ba:13:ee:82:9a:a9:68:61:08:9e:4b:90:
         b2:4a:a0:64:2c:24:be:19:97:dc:84:ac:58:d8:60:03:0f:bb:
         2c:a0:b3:06:f2:90:79:6e:5a:72:43:04:60:5c:63:e1:74:36:
         c5:98:79:6a:83:10:9f:5e:74:1d:b5:16:f4:2a:2b:67:d2:68:
         8b:4c:d9:53:54:53:95:89:78:9c:a3:11:86:5f:f1:00:7f:5a:
         4e:c8:6e:69:7b:67:12:ea:36:ea:c3:32:de:a0:b0:5a:11:cf:
         6d:1c:3c:ec:df:0b:11:d5:61:0c:db:62:9b:71:48:ea:4d:47:
         cf:d8:3c:90:16:c5:95:db:91:85:ec:4f:87:2f:8d:21:a9:91:
         02:51:3b:0b:90:de:b4:ed:e6:30:dc:87:7b:22:9a:be:c0:6f:
         28:af:6c:a1:18:c0:de:d2:64:69:12:42:bb:38:13:60:01:45:
         3f:2d:f1:08
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWDgzWa/8Qq/rwvOdTcAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkMjNkZGI1N2ItODg4OC00MGY0LWJmMTctNTE4YjZhNTA1
MTJkMB4XDTE5MDExMDA1MDAwMFoXDTI0MDMxMjA0MDAwMFowLzEtMCsGA1UEAxMk
MDYwZDdkNDItYjY2YS00NTQ3LThlZmEtYTgyNGUzYzBmNWMyMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxzpqaufmOgO0+B1zBLq7lbaV2IfPBYUWqt3u
8id23KKOn0XI9aeEa/2AQXabhmtWJup90bqGJulStRzejkL4JGYaAyAZ+Bi+GyLU
rcVzsqVKPtFbMuBRyyoIE1W6uhvVicFpNrqV+acMOYgprWa1tePLjZgcyc18YZGg
v6Y6gF59sKoWCxfTSRAsXdhR+9GcpoAxzGoCjxQy97nKNnwnGc52Aiy5nx99SD26
dp8t40OEqXalFgQthZQlOLrKB/9s+Y7QZwNG9mNOVG7sk+Hv1Fi4FO83CLtSwjic
exhwV4bqhqYKnewp36/M7+saGZ3yS+Is3qEN+JSpZKGn0QBW2wIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFMWTPaagCi5dksi4isPall52WNOSMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8yM2Rk
YjU3Yi04ODg4LTQwZjQtYmYxNy01MThiNmE1MDUxMmQvNjUwNjRiOWUtMmU2Mi0z
OGMyLWJlNWQtM2MwOWM1NjZkNGJiLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy8yYTI0Njk0Ny0y
ZDYyLTRhNmMtYmEwNS04NzE4N2YwMDk5YjIvMjNkZGI1N2ItODg4OC00MGY0LWJm
MTctNTE4YjZhNTA1MTJkLzIzZGRiNTdiLTg4ODgtNDBmNC1iZjE3LTUxOGI2YTUw
NTEyZC5jcmwwHwYDVR0jBBgwFoAUF4h9ZejMGBfy7Ei4kVOLObPyLXQwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzJhMjQ2OTQ3LTJkNjItNGE2
Yy1iYTA1LTg3MTg3ZjAwOTliMi8yM2RkYjU3Yi04ODg4LTQwZjQtYmYxNy01MThi
NmE1MDUxMmQuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAzMeXMFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBABPQliiXrHJ0YBrDOsG1eHSjkrKWHf6PibyvLkQvE5+g0Vp+2x1doA7g
MAXVWQVLdDTu7snIa569fJEvcfz2W4fWgOQya+IJh9hniS9gn7oT7oKaqWhhCJ5L
kLJKoGQsJL4Zl9yErFjYYAMPuyygswbykHluWnJDBGBcY+F0NsWYeWqDEJ9edB21
FvQqK2fSaItM2VNUU5WJeJyjEYZf8QB/Wk7Ibml7ZxLqNurDMt6gsFoRz20cPOzf
CxHVYQzbYptxSOpNR8/YPJAWxZXbkYXsT4cvjSGpkQJROwuQ3rTt5jDch3simr7A
byivbKEYwN7SZGkSQrs4E2ABRT8t8Qg=
-----END CERTIFICATE-----