Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d/bf7c43e7-0571-4d08-b71a-8b930dda9aad/47fd9335-9110-3bf4-8968-8ac063ffb56d.roa
File:                     47fd9335-9110-3bf4-8968-8ac063ffb56d.roa (raw, json)
Hash identifier:          aap0qEdFdhhP6mjxWNqmZfsTtJBKsEDScBGIJTYmmKA=
Subject key identifier:   09:FC:E4:CB:09:69:16:E0:B2:A6:FA:08:06:0C:77:EF:7F:F9:D4:87
Certificate issuer:       /CN=bf7c43e7-0571-4d08-b71a-8b930dda9aad
Certificate serial:       010D0C9F432858476B364879C8D2B0067CCCA000
Authority key identifier: 79:9A:9F:EA:8D:05:18:92:60:86:70:C3:43:10:E3:27:21:E0:14:A8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d/bf7c43e7-0571-4d08-b71a-8b930dda9aad.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d/bf7c43e7-0571-4d08-b71a-8b930dda9aad/47fd9335-9110-3bf4-8968-8ac063ffb56d.roa
Signing time:             Thu 03 Oct 2024 13:00:41 +0000
ROA not before:           Thu 03 Oct 2024 13:00:41 +0000
ROA not after:            Wed 01 Jan 2025 14:00:41 +0000
asID:                     4213
IP address blocks:        96.62.100.0/22 maxlen: 24
                          96.62.164.0/22 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:47:6b:36:48:79:c8:d2:b0:06:7c:cc:a0:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf7c43e7-0571-4d08-b71a-8b930dda9aad
        Validity
            Not Before: Oct  3 13:00:41 2024 GMT
            Not After : Jan  1 14:00:41 2025 GMT
        Subject: CN=8a86030c-945d-4737-bc49-238f8e7badb1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:50:5c:ed:8d:91:6c:7c:8a:5e:36:95:65:d5:
                    bc:75:39:f8:ac:5a:98:10:1e:c0:5e:ec:6a:c4:9d:
                    96:0a:49:1e:10:84:10:b7:8b:9a:bd:b0:d7:d0:5e:
                    dc:d2:42:f3:fa:f2:ad:ae:e8:8a:96:bb:e9:ad:18:
                    8b:f7:59:0f:ba:3b:a7:a5:d7:1c:a0:9b:c2:dc:de:
                    e3:a6:07:7a:f6:7a:37:4c:f8:0d:6c:0d:cd:fb:90:
                    0a:cc:db:28:c2:7c:e1:f3:d6:a6:15:c7:f5:d4:b9:
                    35:dd:05:c6:8b:fc:09:76:44:1e:20:96:fc:41:75:
                    34:b6:df:f3:c3:30:a7:fc:e8:3e:f1:27:55:03:a8:
                    28:62:c4:f9:6d:1c:8b:69:85:a5:e2:e1:5b:78:04:
                    33:4d:7f:9e:53:d7:cb:e0:55:6e:87:0e:30:b1:a2:
                    61:0b:5e:c9:0e:89:83:a7:5e:b6:24:66:24:04:50:
                    a2:72:35:2c:37:4c:78:51:a0:bc:94:8c:14:bc:6e:
                    76:f2:43:e2:63:f8:9e:50:08:a0:50:37:41:4a:4b:
                    53:3b:69:76:b1:d4:13:32:94:92:0d:35:82:19:10:
                    b0:9e:4e:bb:d6:04:7a:74:bc:ce:e7:16:2e:77:36:
                    68:29:cf:e8:af:19:11:9a:c8:e9:6f:70:6d:e0:f1:
                    f3:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:FC:E4:CB:09:69:16:E0:B2:A6:FA:08:06:0C:77:EF:7F:F9:D4:87
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d/bf7c43e7-0571-4d08-b71a-8b930dda9aad/47fd9335-9110-3bf4-8968-8ac063ffb56d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d/bf7c43e7-0571-4d08-b71a-8b930dda9aad/bf7c43e7-0571-4d08-b71a-8b930dda9aad.crl

            X509v3 Authority Key Identifier:
                keyid:79:9A:9F:EA:8D:05:18:92:60:86:70:C3:43:10:E3:27:21:E0:14:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/4ab7ae4d-bd7b-4b33-9a88-5b22d2a8337d/bf7c43e7-0571-4d08-b71a-8b930dda9aad.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  96.62.100.0/22
                  96.62.164.0/22

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         68:10:e9:50:5a:49:69:59:ca:22:bf:ad:52:9d:26:e2:26:68:
         08:e1:8e:46:42:a5:2b:b2:96:1c:2f:1a:99:19:a0:3d:6b:50:
         ae:95:2a:cb:b1:62:a0:2f:16:ca:d4:08:39:79:c3:d6:eb:79:
         c7:3f:9c:dc:f4:45:55:0b:70:8d:9b:bb:52:ec:2a:05:b0:80:
         e7:23:31:fe:5a:9e:fb:8f:ac:34:5e:21:42:63:ad:cc:a3:a0:
         ad:b8:1d:44:96:d3:1e:72:3a:b8:32:4e:03:89:8d:3a:d8:ea:
         45:42:e2:89:a6:aa:06:ca:a9:18:ca:dc:a2:21:cf:18:61:26:
         c1:3f:5b:44:10:77:c7:56:c2:42:1a:91:60:07:7e:c0:25:70:
         2e:3e:a0:97:33:57:9c:58:a2:32:83:30:ab:f5:39:0b:14:1b:
         dd:87:8f:9e:33:b8:90:01:f7:9c:43:16:da:7c:c7:f4:2d:f7:
         f8:ef:88:ac:bf:72:a3:ba:24:9b:09:ef:12:6e:1c:0a:db:54:
         7b:cc:df:90:ef:86:f6:52:89:fe:66:da:2c:02:65:34:3c:f6:
         4a:8a:fa:fd:d5:4b:4b:b5:2e:10:5b:bc:4c:62:cf:0f:5e:cf:
         ec:a9:a5:a3:ab:95:d8:fc:1d:10:b1:7c:b2:79:3e:c7:b2:66:
         b9:7a:81:e9
-----BEGIN CERTIFICATE-----
MIIGSTCCBTGgAwIBAgIUAQ0Mn0MoWEdrNkh5yNKwBnzMoAAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkYmY3YzQzZTctMDU3MS00ZDA4LWI3MWEtOGI5MzBkZGE5
YWFkMB4XDTI0MTAwMzEzMDA0MVoXDTI1MDEwMTE0MDA0MVowLzEtMCsGA1UEAxMk
OGE4NjAzMGMtOTQ1ZC00NzM3LWJjNDktMjM4ZjhlN2JhZGIxMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEArFBc7Y2RbHyKXjaVZdW8dTn4rFqYEB7AXuxq
xJ2WCkkeEIQQt4uavbDX0F7c0kLz+vKtruiKlrvprRiL91kPujunpdccoJvC3N7j
pgd69no3TPgNbA3N+5AKzNsownzh89amFcf11Lk13QXGi/wJdkQeIJb8QXU0tt/z
wzCn/Og+8SdVA6goYsT5bRyLaYWl4uFbeAQzTX+eU9fL4FVuhw4wsaJhC17JDomD
p162JGYkBFCicjUsN0x4UaC8lIwUvG528kPiY/ieUAigUDdBSktTO2l2sdQTMpSS
DTWCGRCwnk671gR6dLzO5xYudzZoKc/orxkRmsjpb3Bt4PHzxQIDAQABo4IDWzCC
A1cwHQYDVR0OBBYEFAn85MsJaRbgsqb6CAYMd+9/+dSHMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzRhYjdhZTRkLWJkN2ItNGIzMy05YTg4LTViMjJkMmE4MzM3ZC9iZjdj
NDNlNy0wNTcxLTRkMDgtYjcxYS04YjkzMGRkYTlhYWQvNDdmZDkzMzUtOTExMC0z
YmY0LTg5NjgtOGFjMDYzZmZiNTZkLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy80YWI3YWU0ZC1i
ZDdiLTRiMzMtOWE4OC01YjIyZDJhODMzN2QvYmY3YzQzZTctMDU3MS00ZDA4LWI3
MWEtOGI5MzBkZGE5YWFkL2JmN2M0M2U3LTA1NzEtNGQwOC1iNzFhLThiOTMwZGRh
OWFhZC5jcmwwHwYDVR0jBBgwFoAUeZqf6o0FGJJghnDDQxDjJyHgFKgwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzRhYjdhZTRkLWJkN2ItNGIz
My05YTg4LTViMjJkMmE4MzM3ZC9iZjdjNDNlNy0wNTcxLTRkMDgtYjcxYS04Yjkz
MGRkYTlhYWQuY2VyMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCYD5kAwQC
YD6kMFQGA1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0
cHM6Ly93d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZI
hvcNAQELBQADggEBAGgQ6VBaSWlZyiK/rVKdJuImaAjhjkZCpSuylhwvGpkZoD1r
UK6VKsuxYqAvFsrUCDl5w9brecc/nNz0RVULcI2bu1LsKgWwgOcjMf5anvuPrDRe
IUJjrcyjoK24HUSW0x5yOrgyTgOJjTrY6kVC4ommqgbKqRjK3KIhzxhhJsE/W0QQ
d8dWwkIakWAHfsAlcC4+oJczV5xYojKDMKv1OQsUG92Hj54zuJAB95xDFtp8x/Qt
9/jviKy/cqO6JJsJ7xJuHArbVHvM35DvhvZSif5m2iwCZTQ89kqK+v3VS0u1LhBb
vExizw9ez+yppaOrldj8HRCxfLJ5PseyZrl6gek=
-----END CERTIFICATE-----