Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/7f94e9e6-ab8e-3eb1-bf56-b4e3b2d51357.roa
File:                     7f94e9e6-ab8e-3eb1-bf56-b4e3b2d51357.roa (raw, json)
Hash identifier:          wa0i+p6JugBtJfpofcCexRRSpyKd/o0B1qTNogKHRQ0=
Subject key identifier:   68:58:0C:55:CB:3B:D0:F9:8E:64:9A:2E:6D:16:60:58:0F:9D:10:2E
Certificate issuer:       /CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
Certificate serial:       010D0C9F4328584553331CB41C70EEAD1E22D040
Authority key identifier: 77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/7f94e9e6-ab8e-3eb1-bf56-b4e3b2d51357.roa
Signing time:             Mon 25 Mar 2024 13:00:33 +0000
ROA not before:           Mon 25 Mar 2024 13:00:33 +0000
ROA not after:            Sun 23 Jun 2024 13:00:33 +0000
asID:                     7029
IP address blocks:        207.94.128.0/20 maxlen: 20

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:45:53:33:1c:b4:1c:70:ee:ad:1e:22:d0:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
        Validity
            Not Before: Mar 25 13:00:33 2024 GMT
            Not After : Jun 23 13:00:33 2024 GMT
        Subject: CN=b77233a7-102b-46e0-b5df-45868ec65bcb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:07:eb:91:80:6c:6a:a9:94:40:43:4b:3a:48:
                    32:e2:a0:ec:e3:63:b2:ea:44:58:d2:ee:64:fb:e4:
                    77:b5:52:b9:c7:9f:3e:01:44:0e:b8:fb:71:30:a6:
                    8e:ea:e2:dc:ad:07:c1:1c:00:d9:c2:27:31:b8:05:
                    23:5c:bd:0f:a2:75:94:ed:43:5b:d9:53:c1:d3:82:
                    a1:de:42:41:b5:59:91:9e:04:0e:9a:d9:f7:2a:ec:
                    92:d6:84:0f:4a:d8:5e:f4:41:ad:9c:75:20:8e:a4:
                    5c:9b:5d:10:a3:e1:c4:c6:72:8a:59:70:a7:2a:50:
                    7c:64:b8:ec:ee:b9:c8:a0:a8:e2:72:eb:62:e5:9d:
                    c0:dc:ca:ff:f1:ea:a7:61:8b:31:9d:0d:cc:46:db:
                    01:0c:ae:a3:bc:74:27:f7:7a:8a:9e:44:c3:cd:33:
                    3b:34:b4:48:07:b7:b1:6c:53:93:83:55:f1:8a:fd:
                    11:36:24:bb:47:b1:d6:27:ec:a4:4a:94:0d:37:a1:
                    2c:2d:f1:6b:49:f4:7e:2a:25:07:03:38:ff:10:df:
                    bf:56:b0:85:e2:13:3d:ca:b9:54:c2:86:14:83:f7:
                    20:60:18:2c:ba:b5:12:fb:7f:2e:4a:56:85:48:aa:
                    ec:e1:15:3a:11:d4:96:e8:de:01:53:2a:24:55:8b:
                    ef:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:58:0C:55:CB:3B:D0:F9:8E:64:9A:2E:6D:16:60:58:0F:9D:10:2E
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/7f94e9e6-ab8e-3eb1-bf56-b4e3b2d51357.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/49bd506e-447c-48e7-9d44-4b373b35b2d3.crl

            X509v3 Authority Key Identifier:
                keyid:77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  207.94.128.0/20

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         20:87:f1:a7:6e:87:96:2b:ec:2a:6a:41:a5:bc:96:ed:5f:a7:
         35:ba:ee:ca:ef:d7:ab:06:c9:c3:1f:4f:b5:d6:ad:7a:d9:33:
         14:51:95:d8:98:92:02:db:7a:06:44:ba:ce:c7:34:4b:6f:99:
         02:ce:8c:31:52:ee:8f:1b:8d:44:05:87:d6:19:63:4f:4f:dd:
         76:29:6e:66:5a:6a:ed:c1:d5:eb:cb:9a:ce:a5:ac:43:e9:d5:
         c2:8f:ea:1a:3b:83:c6:21:c0:f7:7a:f9:8e:fc:3e:93:e6:d5:
         1f:b9:1e:71:5d:e5:a6:f8:b9:e2:8a:25:20:91:17:a0:9d:8d:
         50:e8:95:2e:51:47:35:f7:73:4f:eb:88:58:4f:3c:20:f7:2c:
         50:b8:27:cf:93:22:28:32:ce:13:02:f3:2e:18:48:2b:dd:3a:
         dd:c3:46:d5:6f:5c:a6:12:77:09:58:ab:a2:c0:a4:b3:55:9f:
         4e:04:4d:b3:c0:f4:03:fa:ca:a9:02:09:1a:d9:30:43:58:b8:
         01:92:0c:30:e1:85:97:12:f4:d4:eb:f1:e5:44:af:72:ea:bc:
         f9:1a:f9:cd:ed:9f:6a:db:31:47:cd:89:5b:af:73:91:0f:fa:
         7a:4c:d0:27:28:07:03:b2:0e:27:82:0e:4d:2b:c6:58:b5:51:
         c1:61:d6:18
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWEVTMxy0HHDurR4i0EAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkNDliZDUwNmUtNDQ3Yy00OGU3LTlkNDQtNGIzNzNiMzVi
MmQzMB4XDTI0MDMyNTEzMDAzM1oXDTI0MDYyMzEzMDAzM1owLzEtMCsGA1UEAxMk
Yjc3MjMzYTctMTAyYi00NmUwLWI1ZGYtNDU4NjhlYzY1YmNiMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAowfrkYBsaqmUQENLOkgy4qDs42Oy6kRY0u5k
++R3tVK5x58+AUQOuPtxMKaO6uLcrQfBHADZwicxuAUjXL0PonWU7UNb2VPB04Kh
3kJBtVmRngQOmtn3KuyS1oQPSthe9EGtnHUgjqRcm10Qo+HExnKKWXCnKlB8ZLjs
7rnIoKjicuti5Z3A3Mr/8eqnYYsxnQ3MRtsBDK6jvHQn93qKnkTDzTM7NLRIB7ex
bFOTg1Xxiv0RNiS7R7HWJ+ykSpQNN6EsLfFrSfR+KiUHAzj/EN+/VrCF4hM9yrlU
woYUg/cgYBgsurUS+38uSlaFSKrs4RU6EdSW6N4BUyokVYvv1wIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFGhYDFXLO9D5jmSaLm0WYFgPnRAuMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy80OWJk
NTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3M2IzNWIyZDMvN2Y5NGU5ZTYtYWI4ZS0z
ZWIxLWJmNTYtYjRlM2IyZDUxMzU3LnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy81MjFlYjMzZi05
NjcyLTRjZDktYWNjZS0xMzcyMjdlOTcxYWMvNDliZDUwNmUtNDQ3Yy00OGU3LTlk
NDQtNGIzNzNiMzViMmQzLzQ5YmQ1MDZlLTQ0N2MtNDhlNy05ZDQ0LTRiMzczYjM1
YjJkMy5jcmwwHwYDVR0jBBgwFoAUdwOJO4YyY/94LoeEDRI/xecTaOQwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzUyMWViMzNmLTk2NzItNGNk
OS1hY2NlLTEzNzIyN2U5NzFhYy80OWJkNTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3
M2IzNWIyZDMuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEz16AMFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBACCH8aduh5Yr7CpqQaW8lu1fpzW67srv16sGycMfT7XWrXrZMxRRldiY
kgLbegZEus7HNEtvmQLOjDFS7o8bjUQFh9YZY09P3XYpbmZaau3B1evLms6lrEPp
1cKP6ho7g8YhwPd6+Y78PpPm1R+5HnFd5ab4ueKKJSCRF6CdjVDolS5RRzX3c0/r
iFhPPCD3LFC4J8+TIigyzhMC8y4YSCvdOt3DRtVvXKYSdwlYq6LApLNVn04ETbPA
9AP6yqkCCRrZMENYuAGSDDDhhZcS9NTr8eVEr3LqvPka+c3tn2rbMUfNiVuvc5EP
+npM0CcoBwOyDieCDk0rxli1UcFh1hg=
-----END CERTIFICATE-----