Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/371ed152-cbef-30b5-a30e-887004242ad4.roa
File:                     371ed152-cbef-30b5-a30e-887004242ad4.roa (raw, json)
Hash identifier:          IhTw6nDch54UMWU/EqQyAfO1oHs/VRtHGSAeMwG2aW4=
Subject key identifier:   68:2E:BB:20:DE:4B:29:0E:7D:B0:68:AB:7D:42:2C:44:29:82:35:12
Certificate issuer:       /CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
Certificate serial:       010D0C9F4328584553331A18CDC2933DBE694B00
Authority key identifier: 77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/371ed152-cbef-30b5-a30e-887004242ad4.roa
Signing time:             Mon 25 Mar 2024 13:00:33 +0000
ROA not before:           Mon 25 Mar 2024 13:00:33 +0000
ROA not after:            Sun 23 Jun 2024 13:00:33 +0000
asID:                     7029
IP address blocks:        205.187.160.0/20 maxlen: 20

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:45:53:33:1a:18:cd:c2:93:3d:be:69:4b:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
        Validity
            Not Before: Mar 25 13:00:33 2024 GMT
            Not After : Jun 23 13:00:33 2024 GMT
        Subject: CN=6b522c8e-d588-4e43-a066-966feb015be1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:ca:dd:66:e2:3c:16:7c:c7:82:96:89:48:fc:
                    23:8b:55:83:b9:d6:0a:63:83:08:01:eb:67:04:0e:
                    5f:1c:1b:80:e1:0a:59:fd:d5:95:96:3a:95:5a:92:
                    76:dc:cc:bb:b9:59:7f:6a:6d:8c:17:96:e9:2b:d9:
                    38:82:d3:36:e8:70:57:b2:13:88:75:1b:bc:95:90:
                    6f:36:a7:34:1e:ec:f2:df:2b:9d:96:70:23:e9:0a:
                    44:11:da:0c:c0:c9:9d:27:4e:23:2d:1d:82:80:e9:
                    8a:3a:85:7c:9a:92:9b:f5:6b:e2:cf:a9:72:c5:e9:
                    79:8d:6b:b6:4d:30:67:3b:43:1d:09:70:e4:33:b6:
                    06:42:66:1b:14:6c:87:63:47:fc:eb:11:f2:87:63:
                    64:e9:81:b2:d8:a5:43:98:9b:d1:bc:39:4f:75:00:
                    0f:c5:b6:42:e6:e2:c2:08:36:5c:59:f7:13:c1:d7:
                    28:d7:b3:4b:1a:2f:8f:07:b7:71:9b:21:83:e2:d9:
                    e1:4c:01:17:32:9f:dc:b3:02:ce:62:d3:e3:15:34:
                    9e:53:99:99:51:78:be:20:41:90:92:16:67:1a:46:
                    52:a7:2a:6e:77:d6:3a:c5:98:36:e6:99:aa:f3:7d:
                    54:4c:98:1d:ef:38:49:e9:80:62:0b:3d:52:ff:22:
                    35:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:2E:BB:20:DE:4B:29:0E:7D:B0:68:AB:7D:42:2C:44:29:82:35:12
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/371ed152-cbef-30b5-a30e-887004242ad4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/49bd506e-447c-48e7-9d44-4b373b35b2d3.crl

            X509v3 Authority Key Identifier:
                keyid:77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  205.187.160.0/20

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         6b:47:a8:5a:18:d0:34:e2:1d:78:5c:82:c4:1d:0f:fe:61:28:
         1c:a7:c0:05:36:49:df:5f:d5:72:8f:64:b0:35:9a:b9:78:6b:
         7f:e1:09:84:8b:38:c7:2d:03:79:00:bf:37:98:00:ac:44:bd:
         c8:cf:b2:fb:9c:00:ef:d3:87:51:a1:15:3d:6f:57:88:11:53:
         6a:c7:aa:4a:32:03:ef:ba:f7:a6:86:bd:21:20:ff:1f:55:74:
         e1:54:2d:7c:2a:3a:72:ee:c4:04:c0:c4:d3:4d:ce:52:cb:4c:
         d9:7f:37:fc:6f:e6:9b:ec:aa:3c:ba:94:65:a2:68:ae:85:a0:
         8b:46:ab:64:eb:80:de:59:40:74:be:45:cd:f6:de:1a:f6:ea:
         79:1b:2e:f3:c6:6f:88:4f:6e:14:d0:98:7d:25:33:57:a3:ab:
         f2:e1:e1:61:d3:99:21:39:0e:34:8b:99:4f:8f:c6:e0:5e:a9:
         fc:73:7d:91:84:85:0d:ac:60:dc:07:cf:15:0e:50:0a:09:77:
         6d:46:46:f5:c1:a9:61:0e:33:80:bf:e8:71:69:c5:7f:0e:5d:
         ca:4a:a5:dd:c6:72:f5:9e:8b:55:71:d2:7b:f0:19:31:1c:bc:
         b3:75:5c:0e:87:d2:aa:0c:8d:ea:ca:c3:18:c9:b7:f0:17:b2:
         07:9f:dd:2f
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWEVTMxoYzcKTPb5pSwAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkNDliZDUwNmUtNDQ3Yy00OGU3LTlkNDQtNGIzNzNiMzVi
MmQzMB4XDTI0MDMyNTEzMDAzM1oXDTI0MDYyMzEzMDAzM1owLzEtMCsGA1UEAxMk
NmI1MjJjOGUtZDU4OC00ZTQzLWEwNjYtOTY2ZmViMDE1YmUxMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqMrdZuI8FnzHgpaJSPwji1WDudYKY4MIAetn
BA5fHBuA4QpZ/dWVljqVWpJ23My7uVl/am2MF5bpK9k4gtM26HBXshOIdRu8lZBv
Nqc0Huzy3yudlnAj6QpEEdoMwMmdJ04jLR2CgOmKOoV8mpKb9Wviz6lyxel5jWu2
TTBnO0MdCXDkM7YGQmYbFGyHY0f86xHyh2Nk6YGy2KVDmJvRvDlPdQAPxbZC5uLC
CDZcWfcTwdco17NLGi+PB7dxmyGD4tnhTAEXMp/cswLOYtPjFTSeU5mZUXi+IEGQ
khZnGkZSpypud9Y6xZg25pmq831UTJgd7zhJ6YBiCz1S/yI1kQIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFGguuyDeSykOfbBoq31CLEQpgjUSMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy80OWJk
NTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3M2IzNWIyZDMvMzcxZWQxNTItY2JlZi0z
MGI1LWEzMGUtODg3MDA0MjQyYWQ0LnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy81MjFlYjMzZi05
NjcyLTRjZDktYWNjZS0xMzcyMjdlOTcxYWMvNDliZDUwNmUtNDQ3Yy00OGU3LTlk
NDQtNGIzNzNiMzViMmQzLzQ5YmQ1MDZlLTQ0N2MtNDhlNy05ZDQ0LTRiMzczYjM1
YjJkMy5jcmwwHwYDVR0jBBgwFoAUdwOJO4YyY/94LoeEDRI/xecTaOQwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzUyMWViMzNmLTk2NzItNGNk
OS1hY2NlLTEzNzIyN2U5NzFhYy80OWJkNTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3
M2IzNWIyZDMuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEzbugMFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBAGtHqFoY0DTiHXhcgsQdD/5hKBynwAU2Sd9f1XKPZLA1mrl4a3/hCYSL
OMctA3kAvzeYAKxEvcjPsvucAO/Th1GhFT1vV4gRU2rHqkoyA++696aGvSEg/x9V
dOFULXwqOnLuxATAxNNNzlLLTNl/N/xv5pvsqjy6lGWiaK6FoItGq2TrgN5ZQHS+
Rc323hr26nkbLvPGb4hPbhTQmH0lM1ejq/Lh4WHTmSE5DjSLmU+PxuBeqfxzfZGE
hQ2sYNwHzxUOUAoJd21GRvXBqWEOM4C/6HFpxX8OXcpKpd3GcvWei1Vx0nvwGTEc
vLN1XA6H0qoMjerKwxjJt/AXsgef3S8=
-----END CERTIFICATE-----