Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/a3e6b5e5-1a7d-3e9d-be33-fefafbed2e0a.roa
File:                     a3e6b5e5-1a7d-3e9d-be33-fefafbed2e0a.roa (raw, json)
Hash identifier:          rn3GszRA734w9ks6fdWDGbyaeuNh4PVzD8HshS6wrcQ=
Subject key identifier:   C3:59:F2:42:BA:BC:00:D1:F9:48:F1:A7:20:F9:DC:B4:81:A5:5B:6F
Certificate issuer:       /CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
Certificate serial:       010D0C9F4328584553331CD5297DA9EF801A604C
Authority key identifier: 77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/a3e6b5e5-1a7d-3e9d-be33-fefafbed2e0a.roa
Signing time:             Mon 25 Mar 2024 13:00:33 +0000
ROA not before:           Mon 25 Mar 2024 13:00:33 +0000
ROA not after:            Sun 23 Jun 2024 13:00:33 +0000
asID:                     7029
IP address blocks:        207.94.208.0/20 maxlen: 20

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:45:53:33:1c:d5:29:7d:a9:ef:80:1a:60:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
        Validity
            Not Before: Mar 25 13:00:33 2024 GMT
            Not After : Jun 23 13:00:33 2024 GMT
        Subject: CN=e90c3256-dc49-474b-851a-16f2568b2745
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:0d:04:6a:da:62:6d:c7:9c:e2:79:c5:ed:3a:
                    9c:0b:c6:9c:26:8f:28:c4:d2:88:a8:e1:de:88:3d:
                    b5:47:42:31:65:a4:05:2d:f1:14:2b:f3:19:23:64:
                    7f:01:65:3b:df:3b:19:cf:2e:46:3b:15:db:fd:90:
                    b0:87:f6:0e:b2:8e:bb:fb:61:0b:fd:f2:c2:ac:c2:
                    c3:21:1a:64:0e:44:e7:03:ea:e4:74:86:83:46:99:
                    ac:60:05:96:92:28:f0:92:65:92:98:de:7e:de:2f:
                    68:27:69:36:7d:a8:3a:ef:3a:05:f9:e7:50:e9:58:
                    ee:8e:6a:19:5f:3a:3a:fd:cc:73:cd:31:10:23:d5:
                    2e:ff:27:0b:88:7b:1f:61:78:13:84:82:5a:a8:fe:
                    a1:e6:cb:6a:68:fe:f1:66:0c:54:5a:64:f2:4a:e5:
                    fb:ca:64:1d:bc:bf:2c:e2:7f:c5:13:6c:9e:3b:e1:
                    bd:19:72:3f:0f:29:74:c8:a7:23:db:94:05:e0:ee:
                    5a:31:3a:45:b5:6b:85:c3:c4:a9:86:b0:a2:2d:54:
                    c5:d4:48:c2:8f:0a:2d:88:45:d1:a0:72:54:c5:d9:
                    21:e2:1d:d9:85:6e:83:a4:11:e8:8f:57:9e:13:e1:
                    ba:65:dc:1b:80:73:ce:ff:bf:15:ee:93:3e:94:ae:
                    f8:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:59:F2:42:BA:BC:00:D1:F9:48:F1:A7:20:F9:DC:B4:81:A5:5B:6F
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/a3e6b5e5-1a7d-3e9d-be33-fefafbed2e0a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/49bd506e-447c-48e7-9d44-4b373b35b2d3.crl

            X509v3 Authority Key Identifier:
                keyid:77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  207.94.208.0/20

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         24:57:6f:e0:ec:8e:e3:80:28:1e:c5:9b:6d:31:54:d2:4d:d9:
         bd:1d:1a:e0:c2:57:f6:38:fd:61:b0:f9:52:a6:42:1e:c1:41:
         8d:19:11:85:b1:9d:e8:66:c1:5f:04:94:d9:75:78:6b:29:71:
         de:4f:38:78:42:6d:bd:a9:da:72:e3:75:d7:a8:86:d1:f5:9c:
         82:c3:d8:0d:47:42:e7:f8:be:b5:66:5d:4c:5f:24:3a:f5:55:
         7e:3c:92:09:45:16:4b:48:c3:8f:db:cc:39:2e:48:fc:c1:c7:
         8c:a2:62:b7:1a:43:f7:e8:eb:4f:f7:7c:10:60:1c:68:e4:2b:
         99:71:8c:21:6b:52:e9:d1:46:a7:60:9b:b8:a6:e7:11:98:25:
         db:5c:3b:ee:3d:c2:7e:cd:3d:da:f5:22:4f:8d:5f:ad:34:1b:
         37:aa:cd:24:f2:84:64:f9:7c:9d:da:5f:83:8b:5a:7d:ce:26:
         be:13:79:05:56:36:88:77:1a:0f:6f:c7:ec:73:bd:e2:93:a2:
         a1:90:9a:7d:d1:76:f5:cf:cb:53:b2:86:d1:23:0a:31:a5:1b:
         d0:ee:b1:11:91:f0:30:dc:fc:4f:ce:72:4f:b5:2c:ad:e3:10:
         a6:70:ce:1f:e1:cd:33:c5:54:0b:18:ac:48:ea:1b:fe:d4:4b:
         a2:47:41:6f
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWEVTMxzVKX2p74AaYEwwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkNDliZDUwNmUtNDQ3Yy00OGU3LTlkNDQtNGIzNzNiMzVi
MmQzMB4XDTI0MDMyNTEzMDAzM1oXDTI0MDYyMzEzMDAzM1owLzEtMCsGA1UEAxMk
ZTkwYzMyNTYtZGM0OS00NzRiLTg1MWEtMTZmMjU2OGIyNzQ1MIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnw0Eatpibcec4nnF7TqcC8acJo8oxNKIqOHe
iD21R0IxZaQFLfEUK/MZI2R/AWU73zsZzy5GOxXb/ZCwh/YOso67+2EL/fLCrMLD
IRpkDkTnA+rkdIaDRpmsYAWWkijwkmWSmN5+3i9oJ2k2fag67zoF+edQ6VjujmoZ
Xzo6/cxzzTEQI9Uu/ycLiHsfYXgThIJaqP6h5stqaP7xZgxUWmTySuX7ymQdvL8s
4n/FE2yeO+G9GXI/Dyl0yKcj25QF4O5aMTpFtWuFw8SphrCiLVTF1EjCjwotiEXR
oHJUxdkh4h3ZhW6DpBHoj1eeE+G6ZdwbgHPO/78V7pM+lK741wIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFMNZ8kK6vADR+UjxpyD53LSBpVtvMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy80OWJk
NTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3M2IzNWIyZDMvYTNlNmI1ZTUtMWE3ZC0z
ZTlkLWJlMzMtZmVmYWZiZWQyZTBhLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy81MjFlYjMzZi05
NjcyLTRjZDktYWNjZS0xMzcyMjdlOTcxYWMvNDliZDUwNmUtNDQ3Yy00OGU3LTlk
NDQtNGIzNzNiMzViMmQzLzQ5YmQ1MDZlLTQ0N2MtNDhlNy05ZDQ0LTRiMzczYjM1
YjJkMy5jcmwwHwYDVR0jBBgwFoAUdwOJO4YyY/94LoeEDRI/xecTaOQwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzUyMWViMzNmLTk2NzItNGNk
OS1hY2NlLTEzNzIyN2U5NzFhYy80OWJkNTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3
M2IzNWIyZDMuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEz17QMFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBACRXb+DsjuOAKB7Fm20xVNJN2b0dGuDCV/Y4/WGw+VKmQh7BQY0ZEYWx
nehmwV8ElNl1eGspcd5POHhCbb2p2nLjddeohtH1nILD2A1HQuf4vrVmXUxfJDr1
VX48kglFFktIw4/bzDkuSPzBx4yiYrcaQ/fo60/3fBBgHGjkK5lxjCFrUunRRqdg
m7im5xGYJdtcO+49wn7NPdr1Ik+NX600GzeqzSTyhGT5fJ3aX4OLWn3OJr4TeQVW
Noh3Gg9vx+xzveKToqGQmn3RdvXPy1OyhtEjCjGlG9DusRGR8DDc/E/Ock+1LK3j
EKZwzh/hzTPFVAsYrEjqG/7US6JHQW8=
-----END CERTIFICATE-----