Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/7929b979-2633-3829-ac1d-185f1f78526d.roa
File:                     7929b979-2633-3829-ac1d-185f1f78526d.roa (raw, json)
Hash identifier:          nCWcBnJg0G/fsjvIEuRyi+SALLYBHrcxKCOrmcgTJnc=
Subject key identifier:   7B:A9:6D:A2:FD:42:6C:2C:F6:4E:6B:D6:7C:AC:AF:23:A7:9C:5D:58
Certificate issuer:       /CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
Certificate serial:       010D0C9F4328583D551A75FC3303DE7417A08380
Authority key identifier: 77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/7929b979-2633-3829-ac1d-185f1f78526d.roa
Signing time:             Wed 23 Mar 2022 04:00:00 +0000
ROA not before:           Wed 23 Mar 2022 04:00:00 +0000
ROA not after:            Wed 15 Mar 2028 04:00:00 +0000
asID:                     27338
IP address blocks:        72.242.220.0/23 maxlen: 24
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:3d:55:1a:75:fc:33:03:de:74:17:a0:83:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
        Validity
            Not Before: Mar 23 04:00:00 2022 GMT
            Not After : Mar 15 04:00:00 2028 GMT
        Subject: CN=5dfad659-bb1e-4d62-8fef-3d792e92bf0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:fe:1e:dd:91:e4:90:02:a8:a5:58:db:b0:e7:
                    c3:91:20:76:16:fc:c8:de:c5:7a:c2:64:64:6e:4c:
                    1e:4d:93:53:ce:89:a6:af:40:0c:39:9a:22:72:f3:
                    99:1d:26:8c:1b:57:5f:0b:cb:dd:ab:d7:d8:74:40:
                    b6:58:54:ed:e6:6b:31:fd:89:fb:a3:77:b5:8f:d5:
                    eb:9b:b1:a1:4e:46:d7:74:57:10:63:69:a8:ac:86:
                    bc:f5:2e:11:ca:d2:bb:37:da:02:30:5a:56:cf:72:
                    4b:8c:21:c3:64:f2:05:51:11:f3:d6:00:58:7b:ec:
                    9b:7d:34:db:d9:3b:da:c4:8e:f0:f6:e0:02:e8:31:
                    e6:6d:b9:30:67:46:59:6b:22:ff:40:c6:4b:93:30:
                    7c:17:90:e2:06:bb:f9:8b:f7:ab:63:2e:9b:ff:46:
                    b5:7f:79:75:71:ae:68:96:17:79:51:95:5f:b0:21:
                    5f:b4:d7:3b:25:74:9e:1b:f5:9d:b8:de:a8:23:26:
                    f0:a2:47:80:25:9a:9d:92:9b:c2:d2:3a:e4:bb:a1:
                    68:4c:ac:c7:05:49:c4:be:85:ca:20:b1:8d:34:d1:
                    ba:f3:7d:37:8c:5d:0d:d1:1b:f7:15:a7:9f:8a:51:
                    af:81:05:93:be:44:0f:70:4f:dc:ec:c3:3a:4f:a8:
                    fb:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:A9:6D:A2:FD:42:6C:2C:F6:4E:6B:D6:7C:AC:AF:23:A7:9C:5D:58
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/7929b979-2633-3829-ac1d-185f1f78526d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/49bd506e-447c-48e7-9d44-4b373b35b2d3.crl

            X509v3 Authority Key Identifier:
                keyid:77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  72.242.220.0/23

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         7d:69:83:f8:27:fd:45:69:4e:02:a2:9b:cc:0b:0e:d5:02:08:
         7b:9a:62:b5:71:1c:fb:bc:e0:5f:46:1c:51:f8:fa:72:da:14:
         5c:74:17:06:7c:9f:8d:fc:9b:89:a6:42:de:f7:1f:5a:c8:be:
         53:fa:15:4f:c3:9c:0a:f9:9f:29:21:3b:77:bb:97:2d:81:d3:
         18:09:98:20:7c:1f:7a:2a:aa:29:85:3c:eb:c4:c8:36:c1:80:
         f8:c2:42:e5:fd:75:6c:10:33:f7:48:1b:64:a1:c9:d5:56:22:
         f5:03:01:24:fc:2c:9f:cd:66:ac:58:19:2a:83:fb:2b:98:cd:
         29:93:a7:e5:0b:5f:18:89:e8:3a:e5:53:11:1b:a2:18:9a:78:
         21:64:4a:f1:27:f1:aa:89:1b:46:bb:be:99:7c:56:eb:30:f0:
         d8:43:d5:c9:a9:31:1f:4b:89:bf:04:01:74:5a:58:17:31:3a:
         45:61:78:8b:2d:ae:fc:25:fb:77:af:fc:36:c6:f5:2f:ae:fd:
         32:9c:46:3e:ed:ae:37:f7:4c:5f:14:d8:09:af:27:e4:48:58:
         ad:61:9c:c2:7e:17:ff:7d:a3:86:c0:fe:af:1e:dc:e7:28:57:
         19:66:99:2e:45:40:b7:8d:93:0d:09:55:42:4e:c4:e4:b1:ec:
         ae:b0:0b:e7
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWD1VGnX8MwPedBegg4AwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkNDliZDUwNmUtNDQ3Yy00OGU3LTlkNDQtNGIzNzNiMzVi
MmQzMB4XDTIyMDMyMzA0MDAwMFoXDTI4MDMxNTA0MDAwMFowLzEtMCsGA1UEAxMk
NWRmYWQ2NTktYmIxZS00ZDYyLThmZWYtM2Q3OTJlOTJiZjBlMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlv4e3ZHkkAKopVjbsOfDkSB2FvzI3sV6wmRk
bkweTZNTzommr0AMOZoicvOZHSaMG1dfC8vdq9fYdEC2WFTt5msx/Yn7o3e1j9Xr
m7GhTkbXdFcQY2morIa89S4RytK7N9oCMFpWz3JLjCHDZPIFURHz1gBYe+ybfTTb
2TvaxI7w9uAC6DHmbbkwZ0ZZayL/QMZLkzB8F5DiBrv5i/erYy6b/0a1f3l1ca5o
lhd5UZVfsCFftNc7JXSeG/WduN6oIybwokeAJZqdkpvC0jrku6FoTKzHBUnEvoXK
ILGNNNG68303jF0N0Rv3FaefilGvgQWTvkQPcE/c7MM6T6j7/QIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFHupbaL9Qmws9k5r1nysryOnnF1YMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy80OWJk
NTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3M2IzNWIyZDMvNzkyOWI5NzktMjYzMy0z
ODI5LWFjMWQtMTg1ZjFmNzg1MjZkLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy81MjFlYjMzZi05
NjcyLTRjZDktYWNjZS0xMzcyMjdlOTcxYWMvNDliZDUwNmUtNDQ3Yy00OGU3LTlk
NDQtNGIzNzNiMzViMmQzLzQ5YmQ1MDZlLTQ0N2MtNDhlNy05ZDQ0LTRiMzczYjM1
YjJkMy5jcmwwHwYDVR0jBBgwFoAUdwOJO4YyY/94LoeEDRI/xecTaOQwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzUyMWViMzNmLTk2NzItNGNk
OS1hY2NlLTEzNzIyN2U5NzFhYy80OWJkNTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3
M2IzNWIyZDMuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBSPLcMFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBAH1pg/gn/UVpTgKim8wLDtUCCHuaYrVxHPu84F9GHFH4+nLaFFx0FwZ8
n438m4mmQt73H1rIvlP6FU/DnAr5nykhO3e7ly2B0xgJmCB8H3oqqimFPOvEyDbB
gPjCQuX9dWwQM/dIG2ShydVWIvUDAST8LJ/NZqxYGSqD+yuYzSmTp+ULXxiJ6Drl
UxEbohiaeCFkSvEn8aqJG0a7vpl8Vusw8NhD1cmpMR9Lib8EAXRaWBcxOkVheIst
rvwl+3ev/DbG9S+u/TKcRj7trjf3TF8U2AmvJ+RIWK1hnMJ+F/99o4bA/q8e3Oco
VxlmmS5FQLeNkw0JVUJOxOSx7K6wC+c=
-----END CERTIFICATE-----