Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/417c06d0-3203-44fd-b164-0aed50f5638b/480fe976-f82d-32c4-841b-a1f3452d74d6.roa
File:                     480fe976-f82d-32c4-841b-a1f3452d74d6.roa (raw, json)
Hash identifier:          i09q8fMfNEusNLP31d6Sk5ca1m+fHZYO4TUxQCEB35c=
Subject key identifier:   57:C3:1A:72:C5:0A:5D:37:15:94:6A:A9:12:14:97:CC:03:5D:E5:63
Certificate issuer:       /CN=417c06d0-3203-44fd-b164-0aed50f5638b
Certificate serial:       010D0C9F4328584301F464C4F0BB08C1A9093F80
Authority key identifier: 00:CE:A0:C5:4C:5A:68:B3:D1:09:2A:66:78:F3:83:C9:42:07:C5:FD
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/417c06d0-3203-44fd-b164-0aed50f5638b.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/417c06d0-3203-44fd-b164-0aed50f5638b/480fe976-f82d-32c4-841b-a1f3452d74d6.roa
Signing time:             Sat 26 Aug 2023 01:00:21 +0000
ROA not before:           Sat 26 Aug 2023 01:00:21 +0000
ROA not after:            Fri 24 Nov 2023 02:00:21 +0000
asID:                     47869
IP address blocks:        69.7.66.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:43:01:f4:64:c4:f0:bb:08:c1:a9:09:3f:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=417c06d0-3203-44fd-b164-0aed50f5638b
        Validity
            Not Before: Aug 26 01:00:21 2023 GMT
            Not After : Nov 24 02:00:21 2023 GMT
        Subject: CN=b1aa380c-527b-44e0-81b7-3b912efe56e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:be:7f:94:e4:80:f8:7d:64:20:d1:6e:3f:53:
                    61:0e:51:d4:c7:97:1d:cd:51:58:b7:e3:c2:cf:fe:
                    6a:2b:9e:82:41:db:80:87:b2:81:27:e9:b4:3d:cd:
                    d2:0e:3a:ee:2a:13:75:ce:a3:c3:6d:3f:5e:9f:82:
                    c1:28:bc:d1:ac:95:35:73:d0:0b:79:31:c2:3f:96:
                    9b:14:d8:2e:ab:55:b9:23:98:7a:f4:c4:3e:39:0b:
                    1b:cc:37:21:68:25:9d:fe:5e:cc:96:36:63:47:75:
                    54:8d:8b:67:9f:27:a2:32:dc:9d:04:9f:b7:3c:65:
                    df:a8:9e:aa:3f:f5:45:23:ea:99:da:c7:86:de:02:
                    6c:fa:aa:94:16:ad:b6:d3:8c:48:86:09:66:5e:63:
                    83:3a:11:e6:90:db:7a:a5:83:9d:f1:18:5b:f3:5a:
                    2a:09:30:a8:ec:ed:33:a9:f1:bf:8e:cd:a9:26:31:
                    1f:35:15:a5:5c:00:cc:61:9d:1c:7b:65:ef:02:7f:
                    f2:aa:c5:53:5e:c1:bd:32:b1:fb:6f:c4:c9:41:2d:
                    27:5f:95:e4:3e:d9:c4:c2:25:47:72:dd:17:95:e4:
                    1f:16:63:48:8d:66:0b:9f:37:40:58:eb:21:c6:dd:
                    37:80:e3:42:ef:77:f6:de:40:4d:e6:7c:ff:36:b3:
                    c3:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:C3:1A:72:C5:0A:5D:37:15:94:6A:A9:12:14:97:CC:03:5D:E5:63
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/417c06d0-3203-44fd-b164-0aed50f5638b/480fe976-f82d-32c4-841b-a1f3452d74d6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/417c06d0-3203-44fd-b164-0aed50f5638b/417c06d0-3203-44fd-b164-0aed50f5638b.crl

            X509v3 Authority Key Identifier:
                keyid:00:CE:A0:C5:4C:5A:68:B3:D1:09:2A:66:78:F3:83:C9:42:07:C5:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/417c06d0-3203-44fd-b164-0aed50f5638b.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  69.7.66.0/24

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         4d:a7:f6:11:40:87:b7:0a:f1:38:b6:17:4a:29:39:27:35:d3:
         94:af:5d:dd:c1:69:fd:e0:8c:2b:15:d8:ec:09:b1:84:cf:75:
         81:07:64:ca:54:c3:6e:6a:f7:97:d0:eb:e5:04:bb:06:0f:e0:
         4d:08:41:d7:10:25:01:b0:52:b7:ba:bf:e0:fc:84:5e:72:08:
         35:7a:eb:1d:03:0f:2b:ba:bb:36:6b:f5:5f:f3:26:b2:78:d3:
         a0:88:42:2b:01:eb:46:ed:ab:fa:78:30:ac:17:46:51:7d:88:
         4b:90:02:06:dc:26:e4:57:02:a2:4d:c3:b7:e2:b2:e7:f4:97:
         f3:46:07:8a:b0:1e:a3:dc:7b:50:b0:81:3c:b4:ff:66:b0:0f:
         fb:b0:53:10:bf:fc:16:9e:f8:cc:55:6b:88:51:d3:99:d8:ae:
         79:41:f1:8b:c4:22:aa:ed:c2:5a:94:c8:b2:83:5c:96:56:37:
         af:ca:03:67:92:87:50:a2:96:2d:6d:a2:31:01:5a:09:54:29:
         47:7e:25:bd:33:95:6d:38:f4:32:4d:74:f3:2b:5d:4c:1b:c1:
         e0:ff:f9:c2:7b:b9:9a:9e:c4:e4:60:14:45:bb:5e:21:ec:5b:
         7e:aa:fe:a6:d6:6b:1a:f5:73:de:88:7c:18:0a:d7:e7:aa:2a:
         8e:02:69:e1
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWEMB9GTE8LsIwakJP4AwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkNDE3YzA2ZDAtMzIwMy00NGZkLWIxNjQtMGFlZDUwZjU2
MzhiMB4XDTIzMDgyNjAxMDAyMVoXDTIzMTEyNDAyMDAyMVowLzEtMCsGA1UEAxMk
YjFhYTM4MGMtNTI3Yi00NGUwLTgxYjctM2I5MTJlZmU1NmUyMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnr5/lOSA+H1kINFuP1NhDlHUx5cdzVFYt+PC
z/5qK56CQduAh7KBJ+m0Pc3SDjruKhN1zqPDbT9en4LBKLzRrJU1c9ALeTHCP5ab
FNguq1W5I5h69MQ+OQsbzDchaCWd/l7MljZjR3VUjYtnnyeiMtydBJ+3PGXfqJ6q
P/VFI+qZ2seG3gJs+qqUFq2204xIhglmXmODOhHmkNt6pYOd8Rhb81oqCTCo7O0z
qfG/js2pJjEfNRWlXADMYZ0ce2XvAn/yqsVTXsG9MrH7b8TJQS0nX5XkPtnEwiVH
ct0XleQfFmNIjWYLnzdAWOshxt03gONC73f23kBN5nz/NrPDBQIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFFfDGnLFCl03FZRqqRIUl8wDXeVjMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy80MTdj
MDZkMC0zMjAzLTQ0ZmQtYjE2NC0wYWVkNTBmNTYzOGIvNDgwZmU5NzYtZjgyZC0z
MmM0LTg0MWItYTFmMzQ1MmQ3NGQ2LnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy81MjFlYjMzZi05
NjcyLTRjZDktYWNjZS0xMzcyMjdlOTcxYWMvNDE3YzA2ZDAtMzIwMy00NGZkLWIx
NjQtMGFlZDUwZjU2MzhiLzQxN2MwNmQwLTMyMDMtNDRmZC1iMTY0LTBhZWQ1MGY1
NjM4Yi5jcmwwHwYDVR0jBBgwFoAUAM6gxUxaaLPRCSpmePODyUIHxf0wDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzUyMWViMzNmLTk2NzItNGNk
OS1hY2NlLTEzNzIyN2U5NzFhYy80MTdjMDZkMC0zMjAzLTQ0ZmQtYjE2NC0wYWVk
NTBmNTYzOGIuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQARQdCMFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBAE2n9hFAh7cK8Ti2F0opOSc105SvXd3Baf3gjCsV2OwJsYTPdYEHZMpU
w25q95fQ6+UEuwYP4E0IQdcQJQGwUre6v+D8hF5yCDV66x0DDyu6uzZr9V/zJrJ4
06CIQisB60btq/p4MKwXRlF9iEuQAgbcJuRXAqJNw7fisuf0l/NGB4qwHqPce1Cw
gTy0/2awD/uwUxC//Bae+MxVa4hR05nYrnlB8YvEIqrtwlqUyLKDXJZWN6/KA2eS
h1Cili1tojEBWglUKUd+Jb0zlW049DJNdPMrXUwbweD/+cJ7uZqexORgFEW7XiHs
W36q/qbWaxr1c96IfBgK1+eqKo4CaeE=
-----END CERTIFICATE-----