Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/98f3f7fc-6ef4-30f6-845b-897349d30739.roa
File:                     98f3f7fc-6ef4-30f6-845b-897349d30739.roa (raw, json)
Hash identifier:          vgntDkUKD6f3gDItmax0SeeA+BG10plw7snoixvZhRA=
Subject key identifier:   32:10:C8:54:56:76:50:24:50:F1:BF:F2:D1:DA:29:37:8A:9A:AA:BE
Certificate issuer:       /CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
Certificate serial:       010D0C9F432858455332E3A6D84CBAA2A54C3480
Authority key identifier: 77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/98f3f7fc-6ef4-30f6-845b-897349d30739.roa
Signing time:             Mon 25 Mar 2024 13:00:33 +0000
ROA not before:           Mon 25 Mar 2024 13:00:33 +0000
ROA not after:            Sun 23 Jun 2024 13:00:33 +0000
asID:                     7029
IP address blocks:        66.149.0.0/16 maxlen: 16

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:45:53:32:e3:a6:d8:4c:ba:a2:a5:4c:34:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
        Validity
            Not Before: Mar 25 13:00:33 2024 GMT
            Not After : Jun 23 13:00:33 2024 GMT
        Subject: CN=6b44ffc1-9e78-42ed-984b-1aeb8fb143b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:5b:99:51:fe:9c:f5:bc:86:24:12:2e:41:3d:
                    12:0d:69:bc:53:c5:b1:fa:29:76:df:a6:a7:53:8b:
                    bf:1a:ee:ab:4e:4b:55:67:7c:84:26:03:e3:c7:8a:
                    ea:1c:c5:f3:0d:80:fe:a9:fe:4f:76:f1:a0:c8:75:
                    4e:21:fd:b1:eb:99:80:e8:cc:f1:e6:76:26:7b:af:
                    16:a2:e3:62:86:c0:72:3e:04:85:c6:25:cf:43:79:
                    b2:aa:4c:d3:d3:85:11:dc:ca:50:54:70:8d:af:a8:
                    25:1a:5a:8e:a6:b5:e8:1b:4f:f9:7c:82:cf:e8:41:
                    04:2e:0a:45:d8:0b:56:32:b4:63:43:68:87:fc:66:
                    c0:94:d9:f8:c8:ed:a3:8d:91:cb:dd:30:7e:84:84:
                    cb:cd:fb:23:a5:b9:c5:fe:e7:0a:76:69:1c:ff:1d:
                    9c:6a:10:22:cb:3e:6c:02:ae:11:79:6b:3a:70:de:
                    5c:f2:31:60:a1:89:a7:f9:ef:77:6e:e9:39:16:5b:
                    e4:d3:e5:09:f0:69:19:b6:bd:49:d5:4a:5a:03:fe:
                    21:fe:88:59:53:10:8b:9a:d1:d4:44:9f:16:ca:68:
                    fe:3f:08:52:a8:7b:3a:f9:55:79:00:02:08:2d:30:
                    98:70:3f:f4:97:70:2c:c6:7d:96:bf:3e:d2:86:be:
                    cb:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:10:C8:54:56:76:50:24:50:F1:BF:F2:D1:DA:29:37:8A:9A:AA:BE
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/98f3f7fc-6ef4-30f6-845b-897349d30739.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/49bd506e-447c-48e7-9d44-4b373b35b2d3.crl

            X509v3 Authority Key Identifier:
                keyid:77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  66.149.0.0/16

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         24:92:ac:84:d6:3d:11:38:fc:32:8f:9d:c2:fd:b0:6f:6d:db:
         72:4a:96:c8:74:79:02:07:46:5e:44:9c:79:13:14:5c:ba:8b:
         df:c1:58:48:88:a3:5b:6a:a6:6d:85:b2:97:1f:49:2b:1e:73:
         a0:80:7b:15:52:c5:ca:2b:28:94:7a:a2:69:5f:2a:f5:41:38:
         52:0f:90:51:b9:58:cf:fd:7d:23:53:ef:64:26:f7:5d:89:e0:
         2f:fa:3a:1b:18:51:0f:1a:fb:9d:3c:c3:95:99:7f:95:43:57:
         31:1f:94:b0:c8:5e:97:a9:ca:62:29:20:59:fa:26:0b:13:b6:
         9d:9c:cd:3e:cd:79:57:21:71:88:4f:af:49:94:84:6a:6d:6e:
         61:31:66:8a:a6:fc:17:fa:9e:33:0e:eb:e4:35:63:93:b8:87:
         2e:2d:cd:32:88:4e:3e:8d:84:df:65:f8:44:40:b1:a2:7d:60:
         48:25:37:5c:73:b5:43:73:b7:56:e5:30:47:39:a4:4f:f6:ca:
         c9:c6:22:9b:f5:a5:c8:aa:7a:83:18:e0:57:f9:7d:d9:1d:d5:
         f9:93:bd:10:0b:d2:b4:1b:cb:25:22:20:bd:bf:25:89:99:0e:
         97:d8:ea:bc:08:27:63:3c:97:79:6a:af:0a:f6:9e:f1:a5:92:
         50:dd:9c:5c
-----BEGIN CERTIFICATE-----
MIIGQjCCBSqgAwIBAgIUAQ0Mn0MoWEVTMuOm2Ey6oqVMNIAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkNDliZDUwNmUtNDQ3Yy00OGU3LTlkNDQtNGIzNzNiMzVi
MmQzMB4XDTI0MDMyNTEzMDAzM1oXDTI0MDYyMzEzMDAzM1owLzEtMCsGA1UEAxMk
NmI0NGZmYzEtOWU3OC00MmVkLTk4NGItMWFlYjhmYjE0M2I5MIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy1uZUf6c9byGJBIuQT0SDWm8U8Wx+il236an
U4u/Gu6rTktVZ3yEJgPjx4rqHMXzDYD+qf5PdvGgyHVOIf2x65mA6Mzx5nYme68W
ouNihsByPgSFxiXPQ3myqkzT04UR3MpQVHCNr6glGlqOprXoG0/5fILP6EEELgpF
2AtWMrRjQ2iH/GbAlNn4yO2jjZHL3TB+hITLzfsjpbnF/ucKdmkc/x2cahAiyz5s
Aq4ReWs6cN5c8jFgoYmn+e93buk5Flvk0+UJ8GkZtr1J1UpaA/4h/ohZUxCLmtHU
RJ8Wymj+PwhSqHs6+VV5AAIILTCYcD/0l3Asxn2Wvz7Shr7LmQIDAQABo4IDVDCC
A1AwHQYDVR0OBBYEFDIQyFRWdlAkUPG/8tHaKTeKmqq+MIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy80OWJk
NTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3M2IzNWIyZDMvOThmM2Y3ZmMtNmVmNC0z
MGY2LTg0NWItODk3MzQ5ZDMwNzM5LnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy81MjFlYjMzZi05
NjcyLTRjZDktYWNjZS0xMzcyMjdlOTcxYWMvNDliZDUwNmUtNDQ3Yy00OGU3LTlk
NDQtNGIzNzNiMzViMmQzLzQ5YmQ1MDZlLTQ0N2MtNDhlNy05ZDQ0LTRiMzczYjM1
YjJkMy5jcmwwHwYDVR0jBBgwFoAUdwOJO4YyY/94LoeEDRI/xecTaOQwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzUyMWViMzNmLTk2NzItNGNk
OS1hY2NlLTEzNzIyN2U5NzFhYy80OWJkNTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3
M2IzNWIyZDMuY2VyMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAQpUwVAYD
VR0gAQH/BEowSDBGBggrBgEFBQcOAjA6MDgGCCsGAQUFBwIBFixodHRwczovL3d3
dy5hcmluLm5ldC9yZXNvdXJjZXMvcnBraS9jcHMuaHRtbDANBgkqhkiG9w0BAQsF
AAOCAQEAJJKshNY9ETj8Mo+dwv2wb23bckqWyHR5AgdGXkSceRMUXLqL38FYSIij
W2qmbYWylx9JKx5zoIB7FVLFyisolHqiaV8q9UE4Ug+QUblYz/19I1PvZCb3XYng
L/o6GxhRDxr7nTzDlZl/lUNXMR+UsMhel6nKYikgWfomCxO2nZzNPs15VyFxiE+v
SZSEam1uYTFmiqb8F/qeMw7r5DVjk7iHLi3NMohOPo2E32X4RECxon1gSCU3XHO1
Q3O3VuUwRzmkT/bKycYim/WlyKp6gxjgV/l92R3V+ZO9EAvStBvLJSIgvb8liZkO
l9jqvAgnYzyXeWqvCvae8aWSUN2cXA==
-----END CERTIFICATE-----