Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/1265cc41-1464-4ca3-818d-917a36c8afca/b016b256-b0af-39c4-b379-df9e079bbec0.roa
File:                     b016b256-b0af-39c4-b379-df9e079bbec0.roa (raw, json)
Hash identifier:          urAiXhBNctBHLm6y1Fx56q9QduYCxwb03Ts47SWmn8g=
Subject key identifier:   D2:B2:D6:D2:2B:06:C1:32:92:61:EC:13:DE:2F:7D:F6:2D:82:8A:D0
Certificate issuer:       /CN=1265cc41-1464-4ca3-818d-917a36c8afca
Certificate serial:       010D0C9F43285847537B60F7669DDFB8DE8A6D70
Authority key identifier: 33:F2:2A:43:E3:17:30:45:4E:10:FE:49:6A:9A:EC:86:29:34:ED:C3
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/1265cc41-1464-4ca3-818d-917a36c8afca.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/1265cc41-1464-4ca3-818d-917a36c8afca/b016b256-b0af-39c4-b379-df9e079bbec0.roa
Signing time:             Wed 25 Sep 2024 01:00:31 +0000
ROA not before:           Wed 25 Sep 2024 01:00:31 +0000
ROA not after:            Tue 24 Dec 2024 02:00:31 +0000
asID:                     397046
IP address blocks:        23.135.32.0/24 maxlen: 24
                          158.51.80.0/22 maxlen: 24
                          170.39.168.0/22 maxlen: 24
                          2604:b2c0::/32 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:47:53:7b:60:f7:66:9d:df:b8:de:8a:6d:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1265cc41-1464-4ca3-818d-917a36c8afca
        Validity
            Not Before: Sep 25 01:00:31 2024 GMT
            Not After : Dec 24 02:00:31 2024 GMT
        Subject: CN=8a1c3947-dac8-4be9-ba74-2b194ff1a099
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:20:03:10:88:ba:87:8e:e1:1d:98:ca:ed:b4:
                    5c:15:fc:5d:29:63:e0:52:81:97:7a:d2:c7:80:fc:
                    5d:7b:24:24:7d:6e:33:6e:43:6f:24:2a:75:9c:86:
                    08:67:5d:16:cc:42:e6:ac:5a:76:96:c6:fb:47:cd:
                    2b:ea:92:df:ba:aa:81:66:82:70:d9:c0:69:31:c2:
                    de:db:72:e6:9e:f7:3b:84:24:6c:a6:38:38:1e:dc:
                    cc:da:f9:f5:7d:6b:15:fd:ec:9d:f2:0c:4d:52:38:
                    4b:98:74:de:c7:0e:9e:aa:2b:b5:da:38:57:03:ab:
                    9d:fe:7c:48:c7:46:95:46:96:de:3c:58:31:d6:ec:
                    9a:8d:c2:b9:12:ad:e2:fc:10:96:b6:fa:49:fd:cf:
                    62:bb:99:37:65:6f:99:02:4c:d8:9b:bf:3f:4c:7a:
                    45:1a:59:b3:e0:2f:18:20:68:c3:a7:0c:ec:37:31:
                    fb:d5:46:17:1e:12:6b:70:7e:b6:06:8b:08:45:47:
                    e7:7b:41:16:e6:ee:7d:7d:8b:65:96:e3:68:5f:00:
                    c1:2d:a9:96:5b:5c:2d:15:04:b2:23:89:79:68:3e:
                    fb:07:3f:46:34:ac:22:e5:ab:8c:82:0e:8d:29:93:
                    fc:42:c5:e2:a3:35:6d:2c:16:a2:53:c0:55:82:8f:
                    b8:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:B2:D6:D2:2B:06:C1:32:92:61:EC:13:DE:2F:7D:F6:2D:82:8A:D0
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/1265cc41-1464-4ca3-818d-917a36c8afca/b016b256-b0af-39c4-b379-df9e079bbec0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/1265cc41-1464-4ca3-818d-917a36c8afca/1265cc41-1464-4ca3-818d-917a36c8afca.crl

            X509v3 Authority Key Identifier:
                keyid:33:F2:2A:43:E3:17:30:45:4E:10:FE:49:6A:9A:EC:86:29:34:ED:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/1265cc41-1464-4ca3-818d-917a36c8afca.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.135.32.0/24
                  158.51.80.0/22
                  170.39.168.0/22
                IPv6:
                  2604:b2c0::/32

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         b6:a2:36:25:f7:fe:ee:1c:8c:57:2f:45:7a:37:81:18:16:61:
         a1:5e:51:25:fe:fc:d6:5c:ce:24:f1:ab:6f:ff:f5:11:33:7d:
         9a:6f:d9:c0:7b:a5:2d:6f:bf:47:86:0b:1c:62:e4:ba:10:35:
         88:87:b0:fa:67:59:4e:5b:f2:99:eb:d6:db:d5:2e:81:0c:67:
         c8:09:5d:be:ae:ae:ee:d1:9a:08:64:74:80:0a:b6:d4:c2:c2:
         33:a2:3d:31:d7:b4:c0:ca:55:91:c8:9b:08:cc:64:ea:bd:98:
         6c:3d:79:53:55:54:e7:7f:89:38:b3:d0:c4:e1:e4:a0:60:b2:
         9c:1b:2e:91:97:33:35:2e:23:fe:35:4a:4c:f2:94:a5:5c:1f:
         95:91:98:ba:5f:39:ff:b6:41:3c:8a:9a:5e:ee:ea:ab:b7:9b:
         b5:3a:18:ae:3d:dc:88:af:77:86:42:0e:b2:8d:4d:cf:3b:14:
         5d:eb:d0:c8:e2:34:e1:fc:f1:d3:13:34:1a:50:f3:59:fc:58:
         1a:7f:7b:f6:ad:e5:72:d4:b1:c3:d6:c6:f5:d9:79:7a:34:23:
         8f:32:06:82:2e:83:b3:91:0d:1c:02:cb:ff:e2:83:8f:85:ed:
         ef:41:a7:54:f3:19:4c:b4:13:11:6f:33:1e:c0:af:90:e9:e9:
         b5:f2:5f:64
-----BEGIN CERTIFICATE-----
MIIGXjCCBUagAwIBAgIUAQ0Mn0MoWEdTe2D3Zp3fuN6KbXAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkMTI2NWNjNDEtMTQ2NC00Y2EzLTgxOGQtOTE3YTM2Yzhh
ZmNhMB4XDTI0MDkyNTAxMDAzMVoXDTI0MTIyNDAyMDAzMVowLzEtMCsGA1UEAxMk
OGExYzM5NDctZGFjOC00YmU5LWJhNzQtMmIxOTRmZjFhMDk5MIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9CADEIi6h47hHZjK7bRcFfxdKWPgUoGXetLH
gPxdeyQkfW4zbkNvJCp1nIYIZ10WzELmrFp2lsb7R80r6pLfuqqBZoJw2cBpMcLe
23Lmnvc7hCRspjg4HtzM2vn1fWsV/eyd8gxNUjhLmHTexw6eqiu12jhXA6ud/nxI
x0aVRpbePFgx1uyajcK5Eq3i/BCWtvpJ/c9iu5k3ZW+ZAkzYm78/THpFGlmz4C8Y
IGjDpwzsNzH71UYXHhJrcH62BosIRUfne0EW5u59fYtlluNoXwDBLamWW1wtFQSy
I4l5aD77Bz9GNKwi5auMgg6NKZP8QsXiozVtLBaiU8BVgo+4PQIDAQABo4IDcDCC
A2wwHQYDVR0OBBYEFNKy1tIrBsEykmHsE94vffYtgorQMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy8xMjY1
Y2M0MS0xNDY0LTRjYTMtODE4ZC05MTdhMzZjOGFmY2EvYjAxNmIyNTYtYjBhZi0z
OWM0LWIzNzktZGY5ZTA3OWJiZWMwLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy81MjFlYjMzZi05
NjcyLTRjZDktYWNjZS0xMzcyMjdlOTcxYWMvMTI2NWNjNDEtMTQ2NC00Y2EzLTgx
OGQtOTE3YTM2YzhhZmNhLzEyNjVjYzQxLTE0NjQtNGNhMy04MThkLTkxN2EzNmM4
YWZjYS5jcmwwHwYDVR0jBBgwFoAUM/IqQ+MXMEVOEP5Japrshik07cMwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzUyMWViMzNmLTk2NzItNGNk
OS1hY2NlLTEzNzIyN2U5NzFhYy8xMjY1Y2M0MS0xNDY0LTRjYTMtODE4ZC05MTdh
MzZjOGFmY2EuY2VyMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQAF4cgAwQC
njNQAwQCqieoMA0EAgACMAcDBQAmBLLAMFQGA1UdIAEB/wRKMEgwRgYIKwYBBQUH
DgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93d3cuYXJpbi5uZXQvcmVzb3VyY2Vz
L3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQELBQADggEBALaiNiX3/u4cjFcvRXo3
gRgWYaFeUSX+/NZcziTxq2//9REzfZpv2cB7pS1vv0eGCxxi5LoQNYiHsPpnWU5b
8pnr1tvVLoEMZ8gJXb6uru7RmghkdIAKttTCwjOiPTHXtMDKVZHImwjMZOq9mGw9
eVNVVOd/iTiz0MTh5KBgspwbLpGXMzUuI/41SkzylKVcH5WRmLpfOf+2QTyKml7u
6qu3m7U6GK493Iivd4ZCDrKNTc87FF3r0MjiNOH88dMTNBpQ81n8WBp/e/at5XLU
scPWxvXZeXo0I48yBoIug7ORDRwCy//ig4+F7e9Bp1TzGUy0ExFvMx7Ar5Dp6bXy
X2Q=
-----END CERTIFICATE-----