Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/e97da778-a1f6-4dad-9d0a-d3a070010373/ef74e485-b72a-3e9c-a060-15f38fadcdc5.roa
File:                     ef74e485-b72a-3e9c-a060-15f38fadcdc5.roa (raw, json)
Hash identifier:          ho7aPEbW6MBeyfqU87BveDf2s0tAwdAbdPgUuqC8ElI=
Subject key identifier:   99:FA:56:46:E2:79:CF:C9:DE:06:13:AC:BF:84:FD:32:6E:66:E3:5E
Certificate issuer:       /CN=e97da778-a1f6-4dad-9d0a-d3a070010373
Certificate serial:       010D0C9F4328583B2483A945460020EF38BB8800
Authority key identifier: 32:E0:B6:A6:90:69:42:21:20:40:BD:4A:90:E5:92:E0:8F:1E:7B:AA
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/e97da778-a1f6-4dad-9d0a-d3a070010373.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/e97da778-a1f6-4dad-9d0a-d3a070010373/ef74e485-b72a-3e9c-a060-15f38fadcdc5.roa
Signing time:             Tue 31 Aug 2021 04:00:00 +0000
ROA not before:           Tue 31 Aug 2021 04:00:00 +0000
ROA not after:            Sun 03 Dec 2028 05:00:00 +0000
asID:                     21538
IP address blocks:        2620:10e:d040::/42 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:3b:24:83:a9:45:46:00:20:ef:38:bb:88:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e97da778-a1f6-4dad-9d0a-d3a070010373
        Validity
            Not Before: Aug 31 04:00:00 2021 GMT
            Not After : Dec  3 05:00:00 2028 GMT
        Subject: CN=26b2e38b-da14-46af-a7e6-c1219fbd99c6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:48:8d:c9:dc:9b:98:79:e7:4c:c8:0d:d7:36:
                    4b:56:0f:9f:6f:07:70:77:39:1e:b2:44:5b:2b:dd:
                    5a:91:f0:c0:a9:58:63:53:0e:14:6c:40:6d:14:60:
                    c7:1e:fa:c8:a4:69:24:1e:76:31:ee:85:5c:6b:fd:
                    f1:69:5f:af:84:41:40:98:76:ad:2e:f1:3a:17:92:
                    d6:50:76:d0:f5:9e:01:c1:24:1c:a3:e7:91:37:bc:
                    06:cd:29:9d:68:8c:01:db:60:07:69:ce:d7:03:09:
                    f6:e3:36:ea:a6:84:5a:00:fc:f3:ac:d3:46:d0:a2:
                    d9:7b:65:73:38:33:70:b6:f2:30:0a:c1:bf:8f:5f:
                    4b:3e:7e:e9:3f:02:8a:ed:f6:85:7c:60:4a:a1:1f:
                    97:72:e7:60:05:45:d8:2c:8d:7e:1f:5e:f0:06:57:
                    a1:b1:8c:74:c1:21:c7:4b:98:f1:9f:f9:d3:f2:57:
                    88:36:08:bb:26:1d:b8:2e:d2:f3:74:ec:ab:81:38:
                    9a:61:a0:e5:79:0c:10:65:c3:4e:f3:8f:d5:b3:c9:
                    59:c4:cc:fa:0d:59:e4:4d:cb:08:ea:ad:61:57:88:
                    c3:79:f4:fd:4d:26:19:af:b8:d8:54:fe:1f:e3:28:
                    c9:a2:de:5f:48:7b:49:81:5c:d8:aa:96:c7:cf:d0:
                    ca:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:FA:56:46:E2:79:CF:C9:DE:06:13:AC:BF:84:FD:32:6E:66:E3:5E
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/e97da778-a1f6-4dad-9d0a-d3a070010373/ef74e485-b72a-3e9c-a060-15f38fadcdc5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/e97da778-a1f6-4dad-9d0a-d3a070010373/e97da778-a1f6-4dad-9d0a-d3a070010373.crl

            X509v3 Authority Key Identifier:
                keyid:32:E0:B6:A6:90:69:42:21:20:40:BD:4A:90:E5:92:E0:8F:1E:7B:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/e97da778-a1f6-4dad-9d0a-d3a070010373.cer

            sbgp-ipAddrBlock: critical
                IPv6:
                  2620:10e:d040::/42

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         74:f1:2e:50:7b:2d:33:eb:c6:94:97:15:a0:27:e8:cc:7c:7b:
         f5:1f:fd:e6:bf:0d:80:b5:ab:48:90:30:6f:e4:1f:be:78:5d:
         9f:ca:92:89:a7:32:b6:7b:81:f6:8d:cb:98:4a:9c:c8:75:41:
         43:63:68:f2:32:6f:ca:87:f3:cf:e9:be:12:ae:fd:cd:2f:89:
         92:ef:fc:c3:32:1b:ca:21:b9:31:9d:1f:46:26:07:cd:85:fd:
         f2:f5:71:45:6d:81:aa:58:4b:85:d5:90:73:f8:8c:c3:33:fb:
         98:b4:6a:9b:8d:99:ae:e9:fe:8f:f8:f0:b0:50:ef:d4:00:c1:
         41:43:68:11:bf:1c:57:64:fb:63:7f:16:e1:c8:98:ff:60:a0:
         85:de:2e:d0:c9:03:2a:19:ae:0c:4e:0b:e2:25:f4:57:cc:67:
         38:8e:50:d1:95:ff:a8:1e:9b:97:41:2f:59:fd:6b:8f:fd:ea:
         8a:65:fb:95:e9:0e:8c:45:19:db:38:2f:01:6f:01:d9:fd:49:
         88:0b:6a:52:b8:35:08:f8:0c:67:57:9b:84:e7:78:ee:21:ee:
         c3:08:74:e4:ff:c3:4f:f1:cd:bf:32:10:ba:2f:73:39:a4:aa:
         05:8a:b4:d3:a1:50:c7:ab:fb:ba:fd:82:39:93:6a:eb:09:3f:
         9a:d3:8a:cd
-----BEGIN CERTIFICATE-----
MIIGRjCCBS6gAwIBAgIUAQ0Mn0MoWDskg6lFRgAg7zi7iAAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkZTk3ZGE3NzgtYTFmNi00ZGFkLTlkMGEtZDNhMDcwMDEw
MzczMB4XDTIxMDgzMTA0MDAwMFoXDTI4MTIwMzA1MDAwMFowLzEtMCsGA1UEAxMk
MjZiMmUzOGItZGExNC00NmFmLWE3ZTYtYzEyMTlmYmQ5OWM2MIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjkiNydybmHnnTMgN1zZLVg+fbwdwdzkeskRb
K91akfDAqVhjUw4UbEBtFGDHHvrIpGkkHnYx7oVca/3xaV+vhEFAmHatLvE6F5LW
UHbQ9Z4BwSQco+eRN7wGzSmdaIwB22AHac7XAwn24zbqpoRaAPzzrNNG0KLZe2Vz
ODNwtvIwCsG/j19LPn7pPwKK7faFfGBKoR+XcudgBUXYLI1+H17wBlehsYx0wSHH
S5jxn/nT8leINgi7Jh24LtLzdOyrgTiaYaDleQwQZcNO84/Vs8lZxMz6DVnkTcsI
6q1hV4jDefT9TSYZr7jYVP4f4yjJot5fSHtJgVzYqpbHz9DK4QIDAQABo4IDWDCC
A1QwHQYDVR0OBBYEFJn6Vkbiec/J3gYTrL+E/TJuZuNeMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi9lOTdk
YTc3OC1hMWY2LTRkYWQtOWQwYS1kM2EwNzAwMTAzNzMvZWY3NGU0ODUtYjcyYS0z
ZTljLWEwNjAtMTVmMzhmYWRjZGM1LnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy8yYTI0Njk0Ny0y
ZDYyLTRhNmMtYmEwNS04NzE4N2YwMDk5YjIvZTk3ZGE3NzgtYTFmNi00ZGFkLTlk
MGEtZDNhMDcwMDEwMzczL2U5N2RhNzc4LWExZjYtNGRhZC05ZDBhLWQzYTA3MDAx
MDM3My5jcmwwHwYDVR0jBBgwFoAUMuC2ppBpQiEgQL1KkOWS4I8ee6owDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzJhMjQ2OTQ3LTJkNjItNGE2
Yy1iYTA1LTg3MTg3ZjAwOTliMi9lOTdkYTc3OC1hMWY2LTRkYWQtOWQwYS1kM2Ew
NzAwMTAzNzMuY2VyMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcGJiABDtBA
MFQGA1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6
Ly93d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcN
AQELBQADggEBAHTxLlB7LTPrxpSXFaAn6Mx8e/Uf/ea/DYC1q0iQMG/kH754XZ/K
komnMrZ7gfaNy5hKnMh1QUNjaPIyb8qH88/pvhKu/c0viZLv/MMyG8ohuTGdH0Ym
B82F/fL1cUVtgapYS4XVkHP4jMMz+5i0apuNma7p/o/48LBQ79QAwUFDaBG/HFdk
+2N/FuHImP9goIXeLtDJAyoZrgxOC+Il9FfMZziOUNGV/6gem5dBL1n9a4/96opl
+5XpDoxFGds4LwFvAdn9SYgLalK4NQj4DGdXm4TneO4h7sMIdOT/w0/xzb8yELov
czmkqgWKtNOhUMer+7r9gjmTausJP5rTis0=
-----END CERTIFICATE-----