Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/49594667-0065-32ea-8368-cb00437d927f.roa
File:                     49594667-0065-32ea-8368-cb00437d927f.roa (raw, json)
Hash identifier:          hZ3Qw1pvjtp71A7DpEnXHE0bbs6Qx0PrzGcPwTjkHwg=
Subject key identifier:   CC:4C:7E:1A:9F:67:CC:77:81:17:F1:6D:55:91:4D:CD:14:BA:74:3E
Certificate issuer:       /CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
Certificate serial:       010D0C9F432858455332E23F6A9669EE24114600
Authority key identifier: 77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/49594667-0065-32ea-8368-cb00437d927f.roa
Signing time:             Mon 25 Mar 2024 13:00:33 +0000
ROA not before:           Mon 25 Mar 2024 13:00:33 +0000
ROA not after:            Sun 23 Jun 2024 13:00:33 +0000
asID:                     7029
IP address blocks:        66.36.0.0/20 maxlen: 20
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:45:53:32:e2:3f:6a:96:69:ee:24:11:46:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
        Validity
            Not Before: Mar 25 13:00:33 2024 GMT
            Not After : Jun 23 13:00:33 2024 GMT
        Subject: CN=ddcaa4ee-3f1f-4ca4-8300-549b23b15398
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:7f:0b:a7:02:67:00:4a:c0:98:e8:b7:cc:9b:
                    dc:fe:ab:26:fc:3e:b4:26:0f:43:2b:46:1a:90:57:
                    e4:9d:aa:1b:fb:03:91:25:7c:72:75:4f:a3:69:f4:
                    9c:d5:15:e9:5f:c7:5e:62:ee:43:f2:61:bb:64:fc:
                    bc:ee:04:39:7d:06:c5:df:ec:6c:18:b0:75:43:ec:
                    f1:ba:57:ef:07:09:44:df:82:95:e8:15:d0:51:0c:
                    bf:b3:38:85:ae:c2:fb:07:6d:31:eb:b4:21:74:88:
                    42:29:5f:e9:d0:71:bc:9f:c9:56:2a:9f:e6:ce:cf:
                    86:e8:53:b0:86:45:b9:5f:36:33:91:13:fe:2c:c3:
                    6b:e5:b2:d0:01:59:4c:79:7b:ad:ee:92:b9:b5:a9:
                    64:76:f8:fd:ac:b8:71:f7:86:a0:ef:f1:04:93:a2:
                    8d:80:ff:17:2c:01:8b:23:b9:9a:13:32:21:ee:d7:
                    f2:75:f2:7e:5f:40:91:71:78:22:5c:47:09:50:64:
                    c4:6d:38:ef:ba:8c:66:e7:1b:86:f4:f8:d3:f0:fd:
                    4f:c5:78:e1:8d:0c:37:7f:78:13:72:12:ee:fd:c4:
                    b4:0f:b0:f0:97:58:9d:a4:dd:e1:d9:46:93:56:ce:
                    d6:aa:0f:71:ab:c5:5c:79:fc:3c:13:fb:85:77:dc:
                    11:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:4C:7E:1A:9F:67:CC:77:81:17:F1:6D:55:91:4D:CD:14:BA:74:3E
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/49594667-0065-32ea-8368-cb00437d927f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/49bd506e-447c-48e7-9d44-4b373b35b2d3.crl

            X509v3 Authority Key Identifier:
                keyid:77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  66.36.0.0/20

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         23:03:ad:9a:6d:b3:3f:bb:04:1c:11:d3:4e:e6:34:ce:ce:be:
         25:d3:a6:ed:71:3b:df:fc:b8:5e:58:20:12:1f:cd:d1:3a:31:
         1d:69:92:b7:c3:e9:57:86:fd:af:5b:57:e9:4f:a6:af:5b:da:
         7a:c9:90:19:64:4b:c9:59:8b:86:ba:d2:22:ea:13:1f:e1:cd:
         54:df:08:de:8b:41:b8:27:a0:a9:d2:6f:12:36:1f:7a:99:78:
         31:cd:1a:df:80:18:5e:6a:71:57:80:39:4b:bf:02:ca:fa:40:
         e3:ee:81:9e:1d:84:a0:1d:1e:ac:87:c5:c3:82:01:26:df:60:
         ce:89:15:67:f9:31:21:24:01:ec:6d:6d:0c:44:fc:86:7f:97:
         48:4f:66:64:6e:f5:20:3f:82:fd:fa:15:8a:4d:6f:1c:62:81:
         9f:7f:00:6c:d2:4d:ec:03:30:02:bd:2b:07:ef:46:0f:8d:37:
         03:e4:f6:a1:c3:45:ae:02:8d:e6:8e:ce:62:3d:f5:ee:f8:fd:
         3b:87:ed:4a:35:5e:b3:3d:b5:90:5a:23:65:e1:df:47:de:0c:
         80:67:db:97:12:8c:67:54:fe:55:cb:79:4d:c3:d3:ab:0d:38:
         fa:52:51:5e:fe:03:e9:11:f3:76:df:9d:fe:b8:26:2e:9d:04:
         3a:f2:68:5d
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWEVTMuI/apZp7iQRRgAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkNDliZDUwNmUtNDQ3Yy00OGU3LTlkNDQtNGIzNzNiMzVi
MmQzMB4XDTI0MDMyNTEzMDAzM1oXDTI0MDYyMzEzMDAzM1owLzEtMCsGA1UEAxMk
ZGRjYWE0ZWUtM2YxZi00Y2E0LTgzMDAtNTQ5YjIzYjE1Mzk4MIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhn8LpwJnAErAmOi3zJvc/qsm/D60Jg9DK0Ya
kFfknaob+wORJXxydU+jafSc1RXpX8deYu5D8mG7ZPy87gQ5fQbF3+xsGLB1Q+zx
ulfvBwlE34KV6BXQUQy/sziFrsL7B20x67QhdIhCKV/p0HG8n8lWKp/mzs+G6FOw
hkW5XzYzkRP+LMNr5bLQAVlMeXut7pK5talkdvj9rLhx94ag7/EEk6KNgP8XLAGL
I7maEzIh7tfydfJ+X0CRcXgiXEcJUGTEbTjvuoxm5xuG9PjT8P1PxXjhjQw3f3gT
chLu/cS0D7Dwl1idpN3h2UaTVs7Wqg9xq8Vcefw8E/uFd9wR9wIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFMxMfhqfZ8x3gRfxbVWRTc0UunQ+MIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy80OWJk
NTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3M2IzNWIyZDMvNDk1OTQ2NjctMDA2NS0z
MmVhLTgzNjgtY2IwMDQzN2Q5MjdmLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy81MjFlYjMzZi05
NjcyLTRjZDktYWNjZS0xMzcyMjdlOTcxYWMvNDliZDUwNmUtNDQ3Yy00OGU3LTlk
NDQtNGIzNzNiMzViMmQzLzQ5YmQ1MDZlLTQ0N2MtNDhlNy05ZDQ0LTRiMzczYjM1
YjJkMy5jcmwwHwYDVR0jBBgwFoAUdwOJO4YyY/94LoeEDRI/xecTaOQwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzUyMWViMzNmLTk2NzItNGNk
OS1hY2NlLTEzNzIyN2U5NzFhYy80OWJkNTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3
M2IzNWIyZDMuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEQiQAMFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBACMDrZptsz+7BBwR007mNM7OviXTpu1xO9/8uF5YIBIfzdE6MR1pkrfD
6VeG/a9bV+lPpq9b2nrJkBlkS8lZi4a60iLqEx/hzVTfCN6LQbgnoKnSbxI2H3qZ
eDHNGt+AGF5qcVeAOUu/Asr6QOPugZ4dhKAdHqyHxcOCASbfYM6JFWf5MSEkAext
bQxE/IZ/l0hPZmRu9SA/gv36FYpNbxxigZ9/AGzSTewDMAK9KwfvRg+NNwPk9qHD
Ra4CjeaOzmI99e74/TuH7Uo1XrM9tZBaI2Xh30feDIBn25cSjGdU/lXLeU3D06sN
OPpSUV7+A+kR83bfnf64Ji6dBDryaF0=
-----END CERTIFICATE-----