Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/5fc5383f-34e2-3006-a253-ad67956291f7.roa
File:                     5fc5383f-34e2-3006-a253-ad67956291f7.roa (raw, json)
Hash identifier:          BrMnGYB8lV/JSGUJRnjFYqIhB7SyukfO/zgx6053174=
Subject key identifier:   04:55:D2:B6:56:10:68:28:2E:67:41:0E:B0:26:CB:E6:10:7B:DA:A9
Certificate issuer:       /CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
Certificate serial:       010D0C9F43285845533318117AFD1062B8457A00
Authority key identifier: 77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/5fc5383f-34e2-3006-a253-ad67956291f7.roa
Signing time:             Mon 25 Mar 2024 13:00:33 +0000
ROA not before:           Mon 25 Mar 2024 13:00:33 +0000
ROA not after:            Sun 23 Jun 2024 13:00:33 +0000
asID:                     7029
IP address blocks:        204.32.128.0/20 maxlen: 20

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:45:53:33:18:11:7a:fd:10:62:b8:45:7a:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
        Validity
            Not Before: Mar 25 13:00:33 2024 GMT
            Not After : Jun 23 13:00:33 2024 GMT
        Subject: CN=3cb770c1-1874-47c1-ac08-24408ede3b59
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:c9:ee:8a:5a:41:2a:e9:ad:f5:78:e1:7f:e5:
                    15:94:91:ae:b5:82:84:71:8f:b8:7a:f2:e8:42:f9:
                    54:b0:3a:30:ce:1a:eb:73:89:f4:7b:ef:81:14:9f:
                    fc:bd:65:ad:4a:0e:98:e5:49:a2:f6:b7:32:60:e5:
                    3d:18:8a:60:64:d9:5c:2f:d2:b7:12:d9:05:f8:63:
                    2f:18:4e:7a:4d:5f:f3:8d:41:f5:e3:14:c5:2f:3d:
                    4e:b4:46:46:1b:b6:5e:df:b5:ff:7e:14:38:6d:6d:
                    d8:4f:19:bc:0a:fd:c2:73:d1:dc:9e:f6:a2:1e:1c:
                    83:26:50:12:d1:d6:d0:7f:24:ce:28:c7:4a:f7:48:
                    fc:e7:02:e4:39:ca:5d:83:6f:98:a2:90:c8:69:c7:
                    f1:24:7a:83:a3:66:36:99:78:15:2a:b5:de:af:a6:
                    9a:b0:ce:6e:78:6a:8a:6b:91:e6:ec:1e:7c:68:bf:
                    c8:de:c4:5d:c0:0d:e6:ea:b5:0e:fe:f1:1f:1a:4c:
                    0a:44:7a:79:2d:8a:68:07:6c:85:b2:85:b6:db:3e:
                    23:f5:b0:e4:7c:fe:a4:74:46:1f:c1:7f:1a:5c:9c:
                    65:19:e9:32:6a:db:c9:38:2b:0b:fb:54:b2:34:47:
                    0d:7d:b1:e4:db:a2:12:d1:93:a4:46:df:34:0f:c7:
                    a9:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:55:D2:B6:56:10:68:28:2E:67:41:0E:B0:26:CB:E6:10:7B:DA:A9
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/5fc5383f-34e2-3006-a253-ad67956291f7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/49bd506e-447c-48e7-9d44-4b373b35b2d3.crl

            X509v3 Authority Key Identifier:
                keyid:77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  204.32.128.0/20

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         20:2a:fe:9c:e7:f5:e0:27:79:b9:6b:55:2a:c8:7b:a2:29:3d:
         ac:c2:e7:72:c3:a6:0d:03:27:6c:64:be:da:e3:e8:7c:25:b9:
         00:69:b1:cd:3f:20:4f:71:ca:cc:ab:de:87:56:bb:c0:3b:87:
         63:2a:62:3b:ce:c9:7c:ae:a7:27:8a:3f:f1:7f:93:bc:3a:1a:
         1e:6b:4e:e9:30:09:7f:a8:28:24:cd:fc:3c:31:a0:55:8b:47:
         93:b4:0c:be:aa:f0:e8:43:74:35:db:53:dc:15:50:ea:cc:24:
         b2:d9:73:78:2d:98:60:75:a0:0a:cd:7a:74:dc:e8:97:c6:c2:
         99:89:29:da:58:b1:d7:f2:f2:68:4c:aa:61:b0:6e:2b:24:ed:
         73:e8:2b:e3:4c:5d:de:08:25:7b:33:1b:9b:e8:35:6e:59:4a:
         12:8a:27:e1:94:d3:65:c2:b5:8c:de:11:55:a8:74:31:d6:9f:
         b1:a6:2c:9f:4c:a3:d8:f2:16:c1:6e:1b:96:37:96:7b:88:dc:
         0f:30:af:1b:2c:60:59:38:b0:74:45:ea:57:4b:fe:e0:a4:6a:
         c3:52:cf:18:2d:cb:3e:1d:0f:21:7f:72:6d:73:ae:f2:2b:1a:
         37:a6:d7:2b:4d:c9:84:13:77:4c:c7:f3:51:62:ef:c8:b8:10:
         34:1d:68:5a
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWEVTMxgRev0QYrhFegAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkNDliZDUwNmUtNDQ3Yy00OGU3LTlkNDQtNGIzNzNiMzVi
MmQzMB4XDTI0MDMyNTEzMDAzM1oXDTI0MDYyMzEzMDAzM1owLzEtMCsGA1UEAxMk
M2NiNzcwYzEtMTg3NC00N2MxLWFjMDgtMjQ0MDhlZGUzYjU5MIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvcnuilpBKumt9Xjhf+UVlJGutYKEcY+4evLo
QvlUsDowzhrrc4n0e++BFJ/8vWWtSg6Y5Umi9rcyYOU9GIpgZNlcL9K3EtkF+GMv
GE56TV/zjUH14xTFLz1OtEZGG7Ze37X/fhQ4bW3YTxm8Cv3Cc9HcnvaiHhyDJlAS
0dbQfyTOKMdK90j85wLkOcpdg2+YopDIacfxJHqDo2Y2mXgVKrXer6aasM5ueGqK
a5Hm7B58aL/I3sRdwA3m6rUO/vEfGkwKRHp5LYpoB2yFsoW22z4j9bDkfP6kdEYf
wX8aXJxlGekyatvJOCsL+1SyNEcNfbHk26IS0ZOkRt80D8epHwIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFARV0rZWEGgoLmdBDrAmy+YQe9qpMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy80OWJk
NTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3M2IzNWIyZDMvNWZjNTM4M2YtMzRlMi0z
MDA2LWEyNTMtYWQ2Nzk1NjI5MWY3LnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy81MjFlYjMzZi05
NjcyLTRjZDktYWNjZS0xMzcyMjdlOTcxYWMvNDliZDUwNmUtNDQ3Yy00OGU3LTlk
NDQtNGIzNzNiMzViMmQzLzQ5YmQ1MDZlLTQ0N2MtNDhlNy05ZDQ0LTRiMzczYjM1
YjJkMy5jcmwwHwYDVR0jBBgwFoAUdwOJO4YyY/94LoeEDRI/xecTaOQwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzUyMWViMzNmLTk2NzItNGNk
OS1hY2NlLTEzNzIyN2U5NzFhYy80OWJkNTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3
M2IzNWIyZDMuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEzCCAMFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBACAq/pzn9eAneblrVSrIe6IpPazC53LDpg0DJ2xkvtrj6HwluQBpsc0/
IE9xysyr3odWu8A7h2MqYjvOyXyupyeKP/F/k7w6Gh5rTukwCX+oKCTN/DwxoFWL
R5O0DL6q8OhDdDXbU9wVUOrMJLLZc3gtmGB1oArNenTc6JfGwpmJKdpYsdfy8mhM
qmGwbisk7XPoK+NMXd4IJXszG5voNW5ZShKKJ+GU02XCtYzeEVWodDHWn7GmLJ9M
o9jyFsFuG5Y3lnuI3A8wrxssYFk4sHRF6ldL/uCkasNSzxgtyz4dDyF/cm1zrvIr
Gjem1ytNyYQTd0zH81Fi78i4EDQdaFo=
-----END CERTIFICATE-----