Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/fd7f0796-c7f3-4fd2-adf3-d664f947da0a/0861e979-20d3-3638-8e12-4b61d4f75391.roa
File:                     0861e979-20d3-3638-8e12-4b61d4f75391.roa (raw, json)
Hash identifier:          k/c/c9PKZqdzT49VmrhWxYrZRjnKN6gW9KULgpRV4wU=
Subject key identifier:   35:D9:99:AA:A4:D2:4D:1F:C4:09:92:98:5A:21:8D:AB:43:07:CB:DA
Certificate issuer:       /CN=fd7f0796-c7f3-4fd2-adf3-d664f947da0a
Certificate serial:       010D0C9F43285841E697EB69E8FF7A18A8C99338
Authority key identifier: 8F:17:51:E1:05:94:79:65:42:59:EE:EB:01:AC:53:E4:4F:76:7A:77
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/fd7f0796-c7f3-4fd2-adf3-d664f947da0a.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/fd7f0796-c7f3-4fd2-adf3-d664f947da0a/0861e979-20d3-3638-8e12-4b61d4f75391.roa
Signing time:             Tue 16 May 2023 13:00:18 +0000
ROA not before:           Tue 16 May 2023 13:00:18 +0000
ROA not after:            Mon 14 Aug 2023 13:00:18 +0000
asID:                     16509
IP address blocks:        208.88.209.0/24 maxlen: 24
                          208.88.213.0/24 maxlen: 24
                          208.88.208.0/24 maxlen: 24
                          208.88.214.0/24 maxlen: 24
                          208.88.212.0/24 maxlen: 24
                          208.88.211.0/24 maxlen: 24
                          208.88.215.0/24 maxlen: 24
                          208.88.210.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:41:e6:97:eb:69:e8:ff:7a:18:a8:c9:93:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fd7f0796-c7f3-4fd2-adf3-d664f947da0a
        Validity
            Not Before: May 16 13:00:18 2023 GMT
            Not After : Aug 14 13:00:18 2023 GMT
        Subject: CN=3bbe964d-a3ff-4075-8cc3-9bb1f222b59e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:f7:86:a1:c9:51:15:f7:23:4b:49:9c:1a:a8:
                    96:06:d5:79:c9:1a:63:a1:30:78:b5:0b:bc:af:28:
                    16:b1:75:36:c4:9d:d4:2d:a0:2f:86:80:5c:60:bd:
                    0b:ab:0b:4e:05:c0:74:16:2d:2c:d2:f6:ae:24:88:
                    0f:92:4d:96:21:fb:37:3c:16:57:76:08:e2:31:8e:
                    a4:11:0b:bb:51:e8:8a:67:ed:e7:d7:2a:73:ab:6c:
                    b2:29:00:f2:14:57:99:32:57:4c:1a:40:da:f0:38:
                    d6:0d:9d:39:5c:43:fd:ca:ce:fb:ae:16:89:84:cd:
                    1c:95:ce:1f:81:ea:e0:02:fc:da:a9:02:b7:5d:18:
                    61:f2:9e:0c:b9:03:f6:91:e1:94:53:32:5f:a5:4a:
                    45:e1:2b:58:c6:dd:e6:d7:f9:c5:73:a3:9c:a3:b7:
                    56:a8:27:4b:a1:44:56:96:15:e8:03:39:82:3e:7e:
                    d3:c5:e8:da:f0:2f:5d:72:b5:d2:cc:a1:f6:8c:8d:
                    dd:d6:1f:f6:ca:e1:76:10:6f:19:51:8b:ce:c6:ef:
                    58:98:a2:b6:be:7b:7f:37:ad:f8:57:54:36:b0:98:
                    bb:ed:93:49:7d:84:3c:40:1e:78:1a:29:af:83:fd:
                    e9:63:a0:62:78:de:3c:a0:ff:de:5c:db:60:a6:1e:
                    f7:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:D9:99:AA:A4:D2:4D:1F:C4:09:92:98:5A:21:8D:AB:43:07:CB:DA
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/fd7f0796-c7f3-4fd2-adf3-d664f947da0a/0861e979-20d3-3638-8e12-4b61d4f75391.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/fd7f0796-c7f3-4fd2-adf3-d664f947da0a/fd7f0796-c7f3-4fd2-adf3-d664f947da0a.crl

            X509v3 Authority Key Identifier:
                keyid:8F:17:51:E1:05:94:79:65:42:59:EE:EB:01:AC:53:E4:4F:76:7A:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/fd7f0796-c7f3-4fd2-adf3-d664f947da0a.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  208.88.208.0/21

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         3e:21:74:62:c0:ec:d8:b6:1a:8e:c5:c1:e3:58:1a:5b:e9:ca:
         41:83:44:95:49:d8:24:66:c3:53:e2:06:3f:a3:10:33:3e:5b:
         56:57:b9:0a:d4:00:b1:24:0c:03:06:3d:29:10:d4:c2:f5:8c:
         f9:31:d1:d4:ed:91:05:47:1c:1e:42:d5:59:bf:fe:d4:09:8c:
         b4:58:71:a2:01:c3:47:3f:4b:dd:28:60:35:e4:18:97:36:bd:
         df:8b:7b:81:f5:52:27:81:95:c7:a2:80:96:1f:8b:4c:d6:53:
         ec:29:4f:11:85:fb:ee:0c:9b:f0:01:61:07:06:f6:af:a2:40:
         b1:8d:13:21:aa:0c:72:5e:89:4c:aa:96:64:20:cf:37:e0:49:
         9a:c1:e8:1e:e8:00:bc:5b:33:4a:8e:3e:15:c6:40:ed:e0:af:
         03:68:20:9d:3a:80:7b:4f:35:26:f7:21:e9:82:0d:4c:59:c4:
         96:f7:76:ca:d9:aa:57:10:d2:2d:f0:03:3c:a3:0d:95:b8:2b:
         ef:ef:29:e8:4d:36:32:af:28:a2:6a:7e:04:01:5d:03:87:4c:
         c4:40:32:fd:2f:b2:61:3c:e7:e4:4a:8c:ae:b9:9a:d1:f7:c2:
         fe:01:a0:0e:c4:a3:e6:a8:98:0a:62:44:1c:1e:b0:d4:23:b5:
         70:db:6e:19
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWEHml+tp6P96GKjJkzgwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkZmQ3ZjA3OTYtYzdmMy00ZmQyLWFkZjMtZDY2NGY5NDdk
YTBhMB4XDTIzMDUxNjEzMDAxOFoXDTIzMDgxNDEzMDAxOFowLzEtMCsGA1UEAxMk
M2JiZTk2NGQtYTNmZi00MDc1LThjYzMtOWJiMWYyMjJiNTllMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEApveGoclRFfcjS0mcGqiWBtV5yRpjoTB4tQu8
rygWsXU2xJ3ULaAvhoBcYL0LqwtOBcB0Fi0s0vauJIgPkk2WIfs3PBZXdgjiMY6k
EQu7UeiKZ+3n1ypzq2yyKQDyFFeZMldMGkDa8DjWDZ05XEP9ys77rhaJhM0clc4f
gergAvzaqQK3XRhh8p4MuQP2keGUUzJfpUpF4StYxt3m1/nFc6Oco7dWqCdLoURW
lhXoAzmCPn7Txeja8C9dcrXSzKH2jI3d1h/2yuF2EG8ZUYvOxu9YmKK2vnt/N634
V1Q2sJi77ZNJfYQ8QB54Gimvg/3pY6BieN48oP/eXNtgph73QwIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFDXZmaqk0k0fxAmSmFohjatDB8vaMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi9mZDdm
MDc5Ni1jN2YzLTRmZDItYWRmMy1kNjY0Zjk0N2RhMGEvMDg2MWU5NzktMjBkMy0z
NjM4LThlMTItNGI2MWQ0Zjc1MzkxLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy8yYTI0Njk0Ny0y
ZDYyLTRhNmMtYmEwNS04NzE4N2YwMDk5YjIvZmQ3ZjA3OTYtYzdmMy00ZmQyLWFk
ZjMtZDY2NGY5NDdkYTBhL2ZkN2YwNzk2LWM3ZjMtNGZkMi1hZGYzLWQ2NjRmOTQ3
ZGEwYS5jcmwwHwYDVR0jBBgwFoAUjxdR4QWUeWVCWe7rAaxT5E92encwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzJhMjQ2OTQ3LTJkNjItNGE2
Yy1iYTA1LTg3MTg3ZjAwOTliMi9mZDdmMDc5Ni1jN2YzLTRmZDItYWRmMy1kNjY0
Zjk0N2RhMGEuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQD0FjQMFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBAD4hdGLA7Ni2Go7FweNYGlvpykGDRJVJ2CRmw1PiBj+jEDM+W1ZXuQrU
ALEkDAMGPSkQ1ML1jPkx0dTtkQVHHB5C1Vm//tQJjLRYcaIBw0c/S90oYDXkGJc2
vd+Le4H1UieBlceigJYfi0zWU+wpTxGF++4Mm/ABYQcG9q+iQLGNEyGqDHJeiUyq
lmQgzzfgSZrB6B7oALxbM0qOPhXGQO3grwNoIJ06gHtPNSb3IemCDUxZxJb3dsrZ
qlcQ0i3wAzyjDZW4K+/vKehNNjKvKKJqfgQBXQOHTMRAMv0vsmE85+RKjK65mtH3
wv4BoA7Eo+aomApiRBwesNQjtXDbbhk=
-----END CERTIFICATE-----