Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/a28397ea-107a-3e6c-b323-ad676aa6ec49.roa
File:                     a28397ea-107a-3e6c-b323-ad676aa6ec49.roa (raw, json)
Hash identifier:          Tfr+I/S+fKwuvWCRs1RuRr2mhkztOg7InxtgKk9lrmQ=
Subject key identifier:   87:38:15:F0:78:DF:D4:D9:DF:4B:A7:72:1E:70:F0:66:34:33:8B:42
Certificate issuer:       /CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
Certificate serial:       010D0C9F43285845533317459BC9BA2F00120430
Authority key identifier: 77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/a28397ea-107a-3e6c-b323-ad676aa6ec49.roa
Signing time:             Mon 25 Mar 2024 13:00:33 +0000
ROA not before:           Mon 25 Mar 2024 13:00:33 +0000
ROA not after:            Sun 23 Jun 2024 13:00:33 +0000
asID:                     7029
IP address blocks:        199.183.144.0/20 maxlen: 20

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:45:53:33:17:45:9b:c9:ba:2f:00:12:04:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
        Validity
            Not Before: Mar 25 13:00:33 2024 GMT
            Not After : Jun 23 13:00:33 2024 GMT
        Subject: CN=3e132fdb-b1cf-4266-a756-9b99ba6d15d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:86:6c:4b:ee:2e:97:d4:eb:f7:aa:e6:02:de:
                    e9:d4:57:f9:94:fb:fa:91:57:4c:ac:d4:30:41:9e:
                    6e:ae:fa:ad:c0:57:72:1b:b2:94:0d:d7:07:08:37:
                    a3:e1:a8:d1:c1:84:ad:07:bb:68:e5:59:88:26:09:
                    c0:55:d9:11:84:04:0a:19:c3:53:61:0b:ff:2e:ca:
                    c2:38:01:6c:6a:38:51:d1:1f:72:01:56:13:42:ec:
                    d2:55:d5:9c:b7:88:0a:07:2b:1a:9b:5a:c3:f7:d1:
                    e0:18:21:da:7a:f3:da:5a:69:2a:80:88:dc:6b:f3:
                    52:0f:3d:73:e6:02:91:75:b5:a1:db:1d:ab:79:89:
                    53:d4:e0:b0:23:57:a4:42:72:48:b6:ad:0a:7d:c6:
                    67:e5:4e:17:22:32:11:ad:a5:a9:56:be:a7:9a:29:
                    de:10:1f:c7:05:27:a7:ab:6b:cf:22:d0:2e:25:35:
                    c3:02:35:a5:e2:5b:df:e9:c6:8a:7d:ff:aa:c1:4b:
                    cc:a2:6d:a1:c0:cc:20:32:17:5e:6e:3b:27:d2:e8:
                    fe:0a:1d:2a:c5:cd:5b:c6:81:c3:eb:93:bf:cc:62:
                    1e:7a:dd:ef:44:cd:b7:10:b9:95:fb:18:06:a4:bb:
                    c9:26:d3:b6:79:7b:a1:e4:6a:36:50:19:98:34:89:
                    4a:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:38:15:F0:78:DF:D4:D9:DF:4B:A7:72:1E:70:F0:66:34:33:8B:42
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/a28397ea-107a-3e6c-b323-ad676aa6ec49.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/49bd506e-447c-48e7-9d44-4b373b35b2d3.crl

            X509v3 Authority Key Identifier:
                keyid:77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.183.144.0/20

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         69:b3:67:f9:cc:ab:31:eb:0e:f5:2d:3a:c8:42:f2:0e:41:0d:
         1d:0f:65:ba:5d:10:f5:47:9f:da:05:a5:31:11:81:6a:da:2a:
         fe:82:d7:c4:0c:fa:1f:1a:e1:5f:25:db:d7:a8:72:5a:d7:4e:
         31:41:97:5f:e5:7f:da:08:9f:bb:c7:9c:50:82:94:bb:c6:94:
         ac:53:0a:7c:a0:2c:31:bb:05:90:26:7c:6a:88:74:4a:63:0d:
         dc:78:fa:bc:08:a5:a4:3d:5a:6b:07:08:d0:c5:7a:d2:80:76:
         bf:84:5b:b7:e3:65:80:2b:11:79:58:3a:a2:f6:af:49:68:76:
         d8:d9:a4:69:b6:d2:3e:01:c6:62:6e:70:50:8f:3a:d1:1b:10:
         83:d2:b8:07:d1:c0:5b:c8:84:3f:69:09:32:75:78:9d:68:7e:
         e1:ca:0a:07:0e:63:07:ef:43:75:6c:92:03:8b:8c:1c:94:82:
         24:d1:e7:33:4a:0e:65:a3:73:e1:57:df:6f:c7:96:92:f4:32:
         6b:e6:35:f0:d3:19:13:0e:f2:0d:eb:3d:90:ab:20:0d:60:e8:
         ba:b0:95:9a:e9:90:cc:f9:4e:9b:bf:b5:6f:04:74:2a:35:5c:
         35:69:e6:e0:cd:76:74:94:93:4d:3e:5f:ff:6a:fa:2c:8f:4d:
         dc:fa:fc:e6
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWEVTMxdFm8m6LwASBDAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkNDliZDUwNmUtNDQ3Yy00OGU3LTlkNDQtNGIzNzNiMzVi
MmQzMB4XDTI0MDMyNTEzMDAzM1oXDTI0MDYyMzEzMDAzM1owLzEtMCsGA1UEAxMk
M2UxMzJmZGItYjFjZi00MjY2LWE3NTYtOWI5OWJhNmQxNWQxMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh4ZsS+4ul9Tr96rmAt7p1Ff5lPv6kVdMrNQw
QZ5urvqtwFdyG7KUDdcHCDej4ajRwYStB7to5VmIJgnAVdkRhAQKGcNTYQv/LsrC
OAFsajhR0R9yAVYTQuzSVdWct4gKBysam1rD99HgGCHaevPaWmkqgIjca/NSDz1z
5gKRdbWh2x2reYlT1OCwI1ekQnJItq0KfcZn5U4XIjIRraWpVr6nmineEB/HBSen
q2vPItAuJTXDAjWl4lvf6caKff+qwUvMom2hwMwgMhdebjsn0uj+Ch0qxc1bxoHD
65O/zGIeet3vRM23ELmV+xgGpLvJJtO2eXuh5Go2UBmYNIlKnQIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFIc4FfB439TZ30unch5w8GY0M4tCMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy80OWJk
NTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3M2IzNWIyZDMvYTI4Mzk3ZWEtMTA3YS0z
ZTZjLWIzMjMtYWQ2NzZhYTZlYzQ5LnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy81MjFlYjMzZi05
NjcyLTRjZDktYWNjZS0xMzcyMjdlOTcxYWMvNDliZDUwNmUtNDQ3Yy00OGU3LTlk
NDQtNGIzNzNiMzViMmQzLzQ5YmQ1MDZlLTQ0N2MtNDhlNy05ZDQ0LTRiMzczYjM1
YjJkMy5jcmwwHwYDVR0jBBgwFoAUdwOJO4YyY/94LoeEDRI/xecTaOQwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzUyMWViMzNmLTk2NzItNGNk
OS1hY2NlLTEzNzIyN2U5NzFhYy80OWJkNTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3
M2IzNWIyZDMuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEx7eQMFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBAGmzZ/nMqzHrDvUtOshC8g5BDR0PZbpdEPVHn9oFpTERgWraKv6C18QM
+h8a4V8l29eoclrXTjFBl1/lf9oIn7vHnFCClLvGlKxTCnygLDG7BZAmfGqIdEpj
Ddx4+rwIpaQ9WmsHCNDFetKAdr+EW7fjZYArEXlYOqL2r0lodtjZpGm20j4BxmJu
cFCPOtEbEIPSuAfRwFvIhD9pCTJ1eJ1ofuHKCgcOYwfvQ3VskgOLjByUgiTR5zNK
DmWjc+FX32/HlpL0MmvmNfDTGRMO8g3rPZCrIA1g6LqwlZrpkMz5Tpu/tW8EdCo1
XDVp5uDNdnSUk00+X/9q+iyPTdz6/OY=
-----END CERTIFICATE-----