Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/7a399323-7b1b-4575-b54c-0fca76ac3dfa/6142b9c4-71ab-37d3-b2ac-fcc3e4d3054b.roa
File:                     6142b9c4-71ab-37d3-b2ac-fcc3e4d3054b.roa (raw, json)
Hash identifier:          xa09TIwhPQ4fTuPyl5e+dymw5muWkVZLDVbPbTj4EJY=
Subject key identifier:   41:AC:27:B4:2C:8C:63:22:3E:4C:6F:30:CA:EF:57:14:88:A3:BB:60
Certificate issuer:       /CN=7a399323-7b1b-4575-b54c-0fca76ac3dfa
Certificate serial:       010D0C9F4328584484BA04FCF800982F121C8C20
Authority key identifier: CE:AB:69:B8:E4:70:3B:19:7D:E7:C2:E9:8A:3E:57:6E:3D:7C:1E:83
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/7a399323-7b1b-4575-b54c-0fca76ac3dfa.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/7a399323-7b1b-4575-b54c-0fca76ac3dfa/6142b9c4-71ab-37d3-b2ac-fcc3e4d3054b.roa
Signing time:             Thu 11 Jan 2024 14:00:29 +0000
ROA not before:           Thu 11 Jan 2024 14:00:29 +0000
ROA not after:            Wed 10 Apr 2024 13:00:29 +0000
asID:                     62744
IP address blocks:        199.249.223.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:44:84:ba:04:fc:f8:00:98:2f:12:1c:8c:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7a399323-7b1b-4575-b54c-0fca76ac3dfa
        Validity
            Not Before: Jan 11 14:00:29 2024 GMT
            Not After : Apr 10 13:00:29 2024 GMT
        Subject: CN=af368dc6-6b78-4c3e-b1d6-a6b3e1071bb4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:15:89:e0:eb:12:fe:24:67:4d:da:bb:b5:24:
                    83:3c:dc:f8:44:24:05:f8:72:b7:39:d2:78:a5:df:
                    cc:89:7e:4b:a8:4b:e8:c4:7b:00:0a:e4:50:b5:96:
                    c3:5f:8e:70:8b:3c:74:69:09:70:e3:c1:36:e6:9c:
                    cc:fd:33:bb:ef:9c:ba:a2:66:3d:8e:31:96:76:fa:
                    91:62:bc:3d:1e:a1:e6:ec:fa:0f:e6:c5:79:4e:86:
                    c2:10:38:d8:fa:92:58:2b:cd:b5:4d:e1:6a:59:7f:
                    44:35:fa:d7:c1:87:74:04:4a:25:52:b4:5e:53:d9:
                    1c:24:b3:c1:c1:f9:9a:0b:bb:e1:2f:39:59:54:70:
                    e0:d8:31:70:e6:a1:35:40:eb:db:1f:b0:83:c2:4c:
                    5a:d3:c7:5b:24:94:16:4b:70:6f:b3:75:97:84:eb:
                    c6:68:c6:2b:af:f2:fa:08:c3:d8:66:4c:28:40:dd:
                    9e:53:07:0e:0d:3c:f7:4d:fc:6b:75:c2:1e:98:c7:
                    fa:9c:c7:88:b6:ab:02:10:7c:02:28:ed:03:6f:48:
                    54:c5:24:ea:f6:50:8f:2e:e7:92:05:58:0b:90:64:
                    21:9f:40:0b:7a:ad:63:f8:f0:a3:4e:d9:f3:6a:65:
                    67:4e:f2:a4:a1:7b:e3:6b:8f:be:d0:11:1b:0a:5e:
                    ba:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:AC:27:B4:2C:8C:63:22:3E:4C:6F:30:CA:EF:57:14:88:A3:BB:60
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/7a399323-7b1b-4575-b54c-0fca76ac3dfa/6142b9c4-71ab-37d3-b2ac-fcc3e4d3054b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/7a399323-7b1b-4575-b54c-0fca76ac3dfa/7a399323-7b1b-4575-b54c-0fca76ac3dfa.crl

            X509v3 Authority Key Identifier:
                keyid:CE:AB:69:B8:E4:70:3B:19:7D:E7:C2:E9:8A:3E:57:6E:3D:7C:1E:83

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/7a399323-7b1b-4575-b54c-0fca76ac3dfa.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.249.223.0/24

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         42:1f:f2:9a:27:ca:ba:72:7d:a9:7e:6d:a7:e8:a9:54:5e:65:
         12:66:9c:01:c1:fd:89:99:35:44:27:18:b0:05:e5:35:93:7b:
         4d:f6:03:22:ea:26:17:0f:cc:d2:c9:7e:6b:fe:03:3f:52:f6:
         dc:71:87:79:b1:84:8d:31:33:bf:91:7a:57:85:45:0b:c8:3d:
         e7:b0:7d:08:01:29:7a:9b:12:93:07:66:b7:e9:14:ae:49:54:
         e6:96:ab:88:82:2e:7b:61:b1:5c:fd:ac:02:f5:49:7b:e3:5b:
         7d:65:62:05:b3:1d:10:56:76:99:69:7e:a0:a0:e6:20:d8:91:
         aa:66:8a:da:dd:00:4e:ce:09:e2:ca:82:c3:30:83:bb:90:ce:
         bb:08:27:e7:b0:3f:ad:d5:6c:9d:0b:d1:4a:38:5a:b5:cd:6e:
         45:0a:db:1e:36:48:8f:6b:03:a6:fb:46:d9:bd:c1:9d:73:db:
         cb:88:10:61:df:fd:b4:b4:b5:17:36:6f:75:61:30:7a:46:69:
         6c:d5:a4:9f:1e:99:59:ed:83:1c:5c:4b:43:05:b6:cf:f8:72:
         9a:99:92:e2:44:20:8f:37:46:5a:2d:45:d7:0b:f4:f3:15:9d:
         d8:4a:e2:f7:4f:61:7e:1a:c0:2d:1d:a4:a4:41:76:27:b9:97:
         23:3b:5b:9c
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWESEugT8+ACYLxIcjCAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkN2EzOTkzMjMtN2IxYi00NTc1LWI1NGMtMGZjYTc2YWMz
ZGZhMB4XDTI0MDExMTE0MDAyOVoXDTI0MDQxMDEzMDAyOVowLzEtMCsGA1UEAxMk
YWYzNjhkYzYtNmI3OC00YzNlLWIxZDYtYTZiM2UxMDcxYmI0MIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0hWJ4OsS/iRnTdq7tSSDPNz4RCQF+HK3OdJ4
pd/MiX5LqEvoxHsACuRQtZbDX45wizx0aQlw48E25pzM/TO775y6omY9jjGWdvqR
Yrw9HqHm7PoP5sV5TobCEDjY+pJYK821TeFqWX9ENfrXwYd0BEolUrReU9kcJLPB
wfmaC7vhLzlZVHDg2DFw5qE1QOvbH7CDwkxa08dbJJQWS3Bvs3WXhOvGaMYrr/L6
CMPYZkwoQN2eUwcODTz3TfxrdcIemMf6nMeItqsCEHwCKO0Db0hUxSTq9lCPLueS
BVgLkGQhn0ALeq1j+PCjTtnzamVnTvKkoXvja4++0BEbCl66fwIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFEGsJ7QsjGMiPkxvMMrvVxSIo7tgMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi83YTM5
OTMyMy03YjFiLTQ1NzUtYjU0Yy0wZmNhNzZhYzNkZmEvNjE0MmI5YzQtNzFhYi0z
N2QzLWIyYWMtZmNjM2U0ZDMwNTRiLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy8yYTI0Njk0Ny0y
ZDYyLTRhNmMtYmEwNS04NzE4N2YwMDk5YjIvN2EzOTkzMjMtN2IxYi00NTc1LWI1
NGMtMGZjYTc2YWMzZGZhLzdhMzk5MzIzLTdiMWItNDU3NS1iNTRjLTBmY2E3NmFj
M2RmYS5jcmwwHwYDVR0jBBgwFoAUzqtpuORwOxl958Lpij5Xbj18HoMwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzJhMjQ2OTQ3LTJkNjItNGE2
Yy1iYTA1LTg3MTg3ZjAwOTliMi83YTM5OTMyMy03YjFiLTQ1NzUtYjU0Yy0wZmNh
NzZhYzNkZmEuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAx/nfMFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBAEIf8ponyrpyfal+bafoqVReZRJmnAHB/YmZNUQnGLAF5TWTe032AyLq
JhcPzNLJfmv+Az9S9txxh3mxhI0xM7+ReleFRQvIPeewfQgBKXqbEpMHZrfpFK5J
VOaWq4iCLnthsVz9rAL1SXvjW31lYgWzHRBWdplpfqCg5iDYkapmitrdAE7OCeLK
gsMwg7uQzrsIJ+ewP63VbJ0L0Uo4WrXNbkUK2x42SI9rA6b7Rtm9wZ1z28uIEGHf
/bS0tRc2b3VhMHpGaWzVpJ8emVntgxxcS0MFts/4cpqZkuJEII83RlotRdcL9PMV
ndhK4vdPYX4awC0dpKRBdie5lyM7W5w=
-----END CERTIFICATE-----