Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/678a00c3-dd71-3038-be4e-f142557f0850.roa
File:                     678a00c3-dd71-3038-be4e-f142557f0850.roa (raw, json)
Hash identifier:          ZjmY/X9F8RDAqSTpivKfFunwzOtvjzEAbmbpdw+a5ek=
Subject key identifier:   6D:F0:A9:4F:53:B0:DF:7A:B5:43:63:03:9D:F6:89:56:35:B6:04:45
Certificate issuer:       /CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
Certificate serial:       010D0C9F43285845533323DFB0F239BA4C60E980
Authority key identifier: 77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/678a00c3-dd71-3038-be4e-f142557f0850.roa
Signing time:             Mon 25 Mar 2024 13:00:33 +0000
ROA not before:           Mon 25 Mar 2024 13:00:33 +0000
ROA not after:            Sun 23 Jun 2024 13:00:33 +0000
asID:                     7029
IP address blocks:        209.92.138.0/23 maxlen: 23

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:45:53:33:23:df:b0:f2:39:ba:4c:60:e9:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
        Validity
            Not Before: Mar 25 13:00:33 2024 GMT
            Not After : Jun 23 13:00:33 2024 GMT
        Subject: CN=6a4ed440-ad2d-4937-bc9e-b739e56189c5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:89:b5:34:66:20:c6:95:bd:94:00:a9:10:92:
                    6c:c2:68:8a:25:4d:2c:33:13:41:f7:51:c4:0a:dd:
                    58:8f:d5:2c:e7:29:68:4a:7f:19:d3:28:fa:e9:4f:
                    f5:5a:bc:7b:8a:49:73:5b:1f:86:93:72:c6:23:3f:
                    34:a6:56:da:73:9c:cd:b9:5a:c3:5d:c6:48:6a:cc:
                    ca:b3:57:f2:6c:09:d8:90:c0:53:c2:09:48:3a:71:
                    fa:af:8d:17:2e:22:08:61:0d:0f:2d:b4:92:00:e8:
                    f4:a3:79:5c:93:ce:d6:a1:70:76:ac:6c:b5:2e:0f:
                    75:d2:1b:69:63:b7:06:00:ce:7d:ef:42:73:cb:6f:
                    17:d7:d2:3e:de:05:d5:38:58:41:8c:aa:d9:81:22:
                    57:70:99:d6:25:03:61:b8:42:ad:62:e4:01:ff:f6:
                    e2:5f:79:75:75:7e:59:78:0e:5a:7f:ff:08:ad:10:
                    84:ac:1e:1a:1e:e6:a8:da:f7:9e:4c:0c:ab:f1:7b:
                    99:36:09:03:b4:24:1b:ff:db:78:b9:83:6e:57:92:
                    3b:de:a4:9a:31:f1:35:5b:f8:dd:6e:5e:f9:ac:0f:
                    66:eb:19:dd:a1:ec:7e:b1:d5:32:71:44:1e:0e:59:
                    aa:70:57:7b:e7:8f:b3:89:d6:88:c7:0a:aa:bb:dc:
                    c3:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:F0:A9:4F:53:B0:DF:7A:B5:43:63:03:9D:F6:89:56:35:B6:04:45
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/678a00c3-dd71-3038-be4e-f142557f0850.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/49bd506e-447c-48e7-9d44-4b373b35b2d3.crl

            X509v3 Authority Key Identifier:
                keyid:77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  209.92.138.0/23

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         79:28:f5:eb:c6:de:15:f4:d8:c6:a1:e9:4b:a2:95:a8:42:ec:
         f9:23:17:a9:6a:f9:86:34:a7:7d:a7:e6:d4:5c:68:fc:41:2e:
         fc:88:02:e0:bf:69:55:f1:e1:3c:62:0e:f9:d3:bb:8c:f9:66:
         93:e8:1e:91:14:7f:54:0b:e4:ed:1b:3e:62:52:d0:0b:89:7a:
         7e:41:7a:63:c9:c3:5a:75:ff:dd:8f:69:3f:96:35:12:ca:7d:
         60:fc:39:ba:22:dc:7b:2d:04:08:0d:22:cd:7f:4a:e0:4d:5a:
         dc:3e:a4:fb:dd:c2:0e:9b:be:a3:c7:cc:61:c3:1f:35:c4:44:
         27:8e:00:5c:f6:35:2f:d5:3a:61:b6:41:6c:55:8d:2d:aa:25:
         97:79:66:9c:dc:89:22:8c:fc:e9:5a:13:b3:f6:4b:a8:27:2a:
         cc:a3:6a:c9:d0:d9:b5:ce:db:4f:1a:83:db:c3:e9:65:fc:c4:
         2c:23:44:94:c3:cd:65:a4:f3:9d:13:4f:a1:fa:ca:67:66:2c:
         05:4f:54:7a:a5:d9:af:7e:18:40:26:dc:00:0c:47:d7:2d:e5:
         b6:1e:12:a1:b8:c1:4d:60:04:18:75:9a:16:96:e2:e6:03:fd:
         02:9d:21:58:53:e2:30:dd:8a:63:aa:4f:29:33:1b:32:6a:78:
         03:48:a0:6d
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWEVTMyPfsPI5ukxg6YAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkNDliZDUwNmUtNDQ3Yy00OGU3LTlkNDQtNGIzNzNiMzVi
MmQzMB4XDTI0MDMyNTEzMDAzM1oXDTI0MDYyMzEzMDAzM1owLzEtMCsGA1UEAxMk
NmE0ZWQ0NDAtYWQyZC00OTM3LWJjOWUtYjczOWU1NjE4OWM1MIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEArYm1NGYgxpW9lACpEJJswmiKJU0sMxNB91HE
Ct1Yj9Us5yloSn8Z0yj66U/1Wrx7iklzWx+Gk3LGIz80plbac5zNuVrDXcZIaszK
s1fybAnYkMBTwglIOnH6r40XLiIIYQ0PLbSSAOj0o3lck87WoXB2rGy1Lg910htp
Y7cGAM5970Jzy28X19I+3gXVOFhBjKrZgSJXcJnWJQNhuEKtYuQB//biX3l1dX5Z
eA5af/8IrRCErB4aHuao2veeTAyr8XuZNgkDtCQb/9t4uYNuV5I73qSaMfE1W/jd
bl75rA9m6xndoex+sdUycUQeDlmqcFd754+zidaIxwqqu9zDawIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFG3wqU9TsN96tUNjA532iVY1tgRFMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy80OWJk
NTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3M2IzNWIyZDMvNjc4YTAwYzMtZGQ3MS0z
MDM4LWJlNGUtZjE0MjU1N2YwODUwLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy81MjFlYjMzZi05
NjcyLTRjZDktYWNjZS0xMzcyMjdlOTcxYWMvNDliZDUwNmUtNDQ3Yy00OGU3LTlk
NDQtNGIzNzNiMzViMmQzLzQ5YmQ1MDZlLTQ0N2MtNDhlNy05ZDQ0LTRiMzczYjM1
YjJkMy5jcmwwHwYDVR0jBBgwFoAUdwOJO4YyY/94LoeEDRI/xecTaOQwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzUyMWViMzNmLTk2NzItNGNk
OS1hY2NlLTEzNzIyN2U5NzFhYy80OWJkNTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3
M2IzNWIyZDMuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB0VyKMFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBAHko9evG3hX02Mah6UuilahC7PkjF6lq+YY0p32n5tRcaPxBLvyIAuC/
aVXx4TxiDvnTu4z5ZpPoHpEUf1QL5O0bPmJS0AuJen5BemPJw1p1/92PaT+WNRLK
fWD8Oboi3HstBAgNIs1/SuBNWtw+pPvdwg6bvqPHzGHDHzXERCeOAFz2NS/VOmG2
QWxVjS2qJZd5ZpzciSKM/OlaE7P2S6gnKsyjasnQ2bXO208ag9vD6WX8xCwjRJTD
zWWk850TT6H6ymdmLAVPVHql2a9+GEAm3AAMR9ct5bYeEqG4wU1gBBh1mhaW4uYD
/QKdIVhT4jDdimOqTykzGzJqeANIoG0=
-----END CERTIFICATE-----