Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/e97da778-a1f6-4dad-9d0a-d3a070010373/bc212921-b4ee-3dcc-8e42-cb1c76aec624.roa
File:                     bc212921-b4ee-3dcc-8e42-cb1c76aec624.roa (raw, json)
Hash identifier:          28sEP/Hb7dbptXFdnEDq1r1n3RZWo479glhgCwV8eYc=
Subject key identifier:   A6:CB:5A:BC:84:B9:47:22:05:76:90:93:06:52:56:D6:60:16:0C:CE
Certificate issuer:       /CN=e97da778-a1f6-4dad-9d0a-d3a070010373
Certificate serial:       010D0C9F432858391D98219807AFA9737D38FEC0
Authority key identifier: 32:E0:B6:A6:90:69:42:21:20:40:BD:4A:90:E5:92:E0:8F:1E:7B:AA
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/e97da778-a1f6-4dad-9d0a-d3a070010373.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/e97da778-a1f6-4dad-9d0a-d3a070010373/bc212921-b4ee-3dcc-8e42-cb1c76aec624.roa
Signing time:             Mon 01 Mar 2021 05:00:00 +0000
ROA not before:           Mon 01 Mar 2021 05:00:00 +0000
ROA not after:            Sun 03 Dec 2028 05:00:00 +0000
asID:                     21538
IP address blocks:        2620:10e:d000::/40 maxlen: 40

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:39:1d:98:21:98:07:af:a9:73:7d:38:fe:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e97da778-a1f6-4dad-9d0a-d3a070010373
        Validity
            Not Before: Mar  1 05:00:00 2021 GMT
            Not After : Dec  3 05:00:00 2028 GMT
        Subject: CN=1fbd307d-28b6-4150-bac5-6ac1794462bc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:32:a0:ce:a3:ad:c3:78:01:9b:b9:91:8e:2e:
                    ed:10:c2:ef:c4:34:4d:b3:12:14:c5:90:ce:cd:91:
                    ce:bd:aa:7a:b0:df:b4:65:a8:12:62:6b:10:9e:24:
                    37:aa:d3:b5:c2:4e:eb:fc:3a:80:da:29:55:a5:37:
                    a2:65:34:21:45:03:58:c7:17:ea:13:29:bc:3d:7f:
                    2f:a1:d9:69:0f:8e:d4:6b:e7:18:2b:b5:9a:4b:38:
                    79:98:3b:6c:0e:8d:36:0a:97:75:c0:03:aa:fc:00:
                    b5:74:c4:c0:f6:ca:72:3e:a8:d7:7e:3e:0f:49:a7:
                    53:a9:71:57:1c:3f:4b:ab:6f:fe:a2:de:73:f8:85:
                    9c:aa:e1:55:0f:32:79:3d:c7:21:d3:66:79:72:a1:
                    b1:68:61:a3:61:40:8d:a0:7d:ff:93:31:02:8b:19:
                    dd:bb:58:29:f2:cd:e8:98:f6:60:41:f9:45:66:08:
                    54:8e:1f:28:89:5c:db:f5:37:ce:d7:7d:39:a9:88:
                    a3:b3:df:f4:47:69:c7:8e:89:7e:8b:5e:31:74:e5:
                    6b:9e:df:50:5d:2a:5d:81:1d:1d:bc:2d:8a:04:4d:
                    88:ad:ab:3b:c2:79:e7:72:90:7c:f1:82:57:39:07:
                    49:86:21:48:55:00:84:65:15:b8:c6:58:6b:d7:b6:
                    67:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:CB:5A:BC:84:B9:47:22:05:76:90:93:06:52:56:D6:60:16:0C:CE
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/e97da778-a1f6-4dad-9d0a-d3a070010373/bc212921-b4ee-3dcc-8e42-cb1c76aec624.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/e97da778-a1f6-4dad-9d0a-d3a070010373/e97da778-a1f6-4dad-9d0a-d3a070010373.crl

            X509v3 Authority Key Identifier:
                keyid:32:E0:B6:A6:90:69:42:21:20:40:BD:4A:90:E5:92:E0:8F:1E:7B:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/e97da778-a1f6-4dad-9d0a-d3a070010373.cer

            sbgp-ipAddrBlock: critical
                IPv6:
                  2620:10e:d000::/40

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         8b:6e:29:b8:c3:f1:46:61:dd:3c:6b:d9:9c:8a:c4:58:b8:72:
         ac:08:1c:af:80:4b:c5:a7:2b:49:fe:21:77:3b:ed:62:ca:0a:
         09:1d:d4:d4:69:45:92:34:6a:fb:68:0d:87:22:b8:df:2d:f7:
         da:72:81:cf:c7:83:42:42:e9:76:b9:59:d1:ca:c5:b5:fa:a2:
         ea:b2:fe:93:e3:64:1f:11:cc:59:2c:e1:72:94:ac:4b:15:dd:
         1b:56:d8:be:62:99:8f:bd:e2:db:8f:d3:e0:4c:4a:c0:a0:0a:
         1b:1f:af:ff:c5:4a:85:3f:f3:b0:63:94:b8:22:e5:f7:d1:9b:
         63:fe:ba:9e:9c:c2:6a:4e:81:26:22:84:76:39:42:da:94:6f:
         27:ef:02:45:0e:a6:85:6d:c0:da:50:fc:80:be:b6:96:28:56:
         eb:29:e3:53:be:57:a5:0a:95:f2:2f:28:0b:7a:51:64:bd:f9:
         71:53:99:9d:55:de:70:ed:14:7a:4a:01:11:5b:00:02:0d:c9:
         43:5b:62:c1:70:ab:d9:23:a0:ab:65:a6:49:c7:62:a6:44:41:
         51:ff:81:fb:2b:df:d9:09:ad:14:0c:15:ac:d2:25:22:5b:ec:
         29:ab:21:f9:55:6f:83:8b:3a:57:61:ca:be:f5:fb:4a:1d:df:
         5c:43:3d:00
-----BEGIN CERTIFICATE-----
MIIGRTCCBS2gAwIBAgIUAQ0Mn0MoWDkdmCGYB6+pc304/sAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkZTk3ZGE3NzgtYTFmNi00ZGFkLTlkMGEtZDNhMDcwMDEw
MzczMB4XDTIxMDMwMTA1MDAwMFoXDTI4MTIwMzA1MDAwMFowLzEtMCsGA1UEAxMk
MWZiZDMwN2QtMjhiNi00MTUwLWJhYzUtNmFjMTc5NDQ2MmJjMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzTKgzqOtw3gBm7mRji7tEMLvxDRNsxIUxZDO
zZHOvap6sN+0ZagSYmsQniQ3qtO1wk7r/DqA2ilVpTeiZTQhRQNYxxfqEym8PX8v
odlpD47Ua+cYK7WaSzh5mDtsDo02Cpd1wAOq/AC1dMTA9spyPqjXfj4PSadTqXFX
HD9Lq2/+ot5z+IWcquFVDzJ5Pcch02Z5cqGxaGGjYUCNoH3/kzECixndu1gp8s3o
mPZgQflFZghUjh8oiVzb9TfO1305qYijs9/0R2nHjol+i14xdOVrnt9QXSpdgR0d
vC2KBE2Iras7wnnncpB88YJXOQdJhiFIVQCEZRW4xlhr17ZnFQIDAQABo4IDVzCC
A1MwHQYDVR0OBBYEFKbLWryEuUciBXaQkwZSVtZgFgzOMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi9lOTdk
YTc3OC1hMWY2LTRkYWQtOWQwYS1kM2EwNzAwMTAzNzMvYmMyMTI5MjEtYjRlZS0z
ZGNjLThlNDItY2IxYzc2YWVjNjI0LnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy8yYTI0Njk0Ny0y
ZDYyLTRhNmMtYmEwNS04NzE4N2YwMDk5YjIvZTk3ZGE3NzgtYTFmNi00ZGFkLTlk
MGEtZDNhMDcwMDEwMzczL2U5N2RhNzc4LWExZjYtNGRhZC05ZDBhLWQzYTA3MDAx
MDM3My5jcmwwHwYDVR0jBBgwFoAUMuC2ppBpQiEgQL1KkOWS4I8ee6owDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzJhMjQ2OTQ3LTJkNjItNGE2
Yy1iYTA1LTg3MTg3ZjAwOTliMi9lOTdkYTc3OC1hMWY2LTRkYWQtOWQwYS1kM2Ew
NzAwMTAzNzMuY2VyMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAJiABDtAw
VAYDVR0gAQH/BEowSDBGBggrBgEFBQcOAjA6MDgGCCsGAQUFBwIBFixodHRwczov
L3d3dy5hcmluLm5ldC9yZXNvdXJjZXMvcnBraS9jcHMuaHRtbDANBgkqhkiG9w0B
AQsFAAOCAQEAi24puMPxRmHdPGvZnIrEWLhyrAgcr4BLxacrSf4hdzvtYsoKCR3U
1GlFkjRq+2gNhyK43y332nKBz8eDQkLpdrlZ0crFtfqi6rL+k+NkHxHMWSzhcpSs
SxXdG1bYvmKZj73i24/T4ExKwKAKGx+v/8VKhT/zsGOUuCLl99GbY/66npzCak6B
JiKEdjlC2pRvJ+8CRQ6mhW3A2lD8gL62lihW6ynjU75XpQqV8i8oC3pRZL35cVOZ
nVXecO0UekoBEVsAAg3JQ1tiwXCr2SOgq2WmScdipkRBUf+B+yvf2QmtFAwVrNIl
IlvsKash+VVvg4s6V2HKvvX7Sh3fXEM9AA==
-----END CERTIFICATE-----