Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/bb02f651-ef37-31a3-84a6-901c8d8a1d3e.roa
File:                     bb02f651-ef37-31a3-84a6-901c8d8a1d3e.roa (raw, json)
Hash identifier:          K8a5/Y+QZA1Tkh8RiwKt4Iil6uOYs7nxaCBnOKtQPcc=
Subject key identifier:   AA:BC:FC:38:DB:FB:75:62:6D:63:D4:58:D0:A8:C2:8F:AF:43:0D:C6
Certificate issuer:       /CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
Certificate serial:       010D0C9F43285845533318D97F65F6BD1CD358C0
Authority key identifier: 77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/bb02f651-ef37-31a3-84a6-901c8d8a1d3e.roa
Signing time:             Mon 25 Mar 2024 13:00:33 +0000
ROA not before:           Mon 25 Mar 2024 13:00:33 +0000
ROA not after:            Sun 23 Jun 2024 13:00:33 +0000
asID:                     7029
IP address blocks:        205.147.216.0/23 maxlen: 23

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:45:53:33:18:d9:7f:65:f6:bd:1c:d3:58:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
        Validity
            Not Before: Mar 25 13:00:33 2024 GMT
            Not After : Jun 23 13:00:33 2024 GMT
        Subject: CN=0ebc005e-51d5-437c-80c8-1b3271e6ae27
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:46:b5:2b:27:f6:5c:85:4a:38:c4:63:1f:5d:
                    fd:f4:7e:eb:51:3f:ad:68:e4:58:64:0b:0b:21:c2:
                    b6:5b:df:90:96:f6:8c:14:46:4f:e8:26:82:f1:3f:
                    a2:3d:86:ce:ef:0a:c8:86:06:be:66:71:77:8a:aa:
                    3c:89:50:04:d2:85:46:23:b3:ad:e1:82:08:ad:76:
                    49:2b:ba:4d:91:b5:aa:de:d2:9b:6c:05:c6:1d:d2:
                    ed:b3:cb:6b:dd:cc:f3:ca:cf:77:8e:ed:87:76:f4:
                    3e:5b:67:9a:16:9b:50:f5:99:dd:58:75:34:c7:c4:
                    28:ce:19:49:77:f2:9e:31:57:41:19:50:ea:56:83:
                    83:4d:39:7f:2e:a2:92:b5:91:d7:b6:3b:75:33:67:
                    ce:85:f2:9a:85:5d:da:8b:bc:20:64:00:fa:ce:64:
                    25:4a:11:01:a7:81:11:eb:0f:40:11:3e:10:3e:b7:
                    08:df:ff:9b:a7:63:4e:03:70:73:d0:23:a1:c1:34:
                    e9:dc:67:c8:04:10:bd:d5:8e:c3:1a:73:31:f6:77:
                    d9:d6:1e:a3:c2:6b:60:64:38:ad:59:d2:95:15:c4:
                    9c:60:06:bd:a8:e9:f0:33:04:54:16:6f:56:b8:09:
                    ef:bb:4b:f3:1a:87:1e:a0:22:f9:a6:f0:59:7d:65:
                    69:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:BC:FC:38:DB:FB:75:62:6D:63:D4:58:D0:A8:C2:8F:AF:43:0D:C6
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/bb02f651-ef37-31a3-84a6-901c8d8a1d3e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/49bd506e-447c-48e7-9d44-4b373b35b2d3.crl

            X509v3 Authority Key Identifier:
                keyid:77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  205.147.216.0/23

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         7c:31:35:61:f2:0f:b1:0f:0d:75:cd:1c:76:c9:d0:c6:1d:1f:
         79:52:16:34:5f:19:99:12:74:81:e3:ed:65:89:8b:49:57:c1:
         97:8f:04:4f:35:c9:d3:e9:77:c3:bf:35:15:c8:02:f3:a9:c4:
         e5:91:65:1c:96:d0:13:21:dd:30:27:77:fa:ba:00:f5:2c:4e:
         70:43:9e:04:d2:7f:fb:1d:df:cd:26:cb:20:5b:be:6f:3f:26:
         00:37:bf:9e:c9:20:36:34:10:9a:0b:8e:bd:a5:ae:a3:52:c8:
         c9:10:a9:11:c9:40:a3:41:8c:af:d3:2a:17:07:d5:c4:ef:48:
         33:01:8e:26:c7:26:49:ca:58:fb:1f:d1:10:83:62:9e:9c:f3:
         eb:cc:8a:37:63:2a:7a:0b:06:fd:a0:b7:73:f0:8b:9d:c6:05:
         a0:a1:4c:48:b0:d9:ae:71:79:d5:da:97:75:15:ac:50:92:9d:
         01:6b:17:13:a3:4b:2c:77:d8:1c:51:24:00:ec:a9:fa:8f:9a:
         10:98:25:84:f3:30:5f:95:ef:13:60:8a:4a:6e:72:ed:a6:81:
         3f:bf:46:48:72:f5:c2:cf:f6:41:77:72:65:9e:35:23:ca:ab:
         ca:bd:7e:5c:22:e3:6c:9d:0a:20:65:98:48:9e:d6:03:ec:cc:
         66:d3:39:d1
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWEVTMxjZf2X2vRzTWMAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkNDliZDUwNmUtNDQ3Yy00OGU3LTlkNDQtNGIzNzNiMzVi
MmQzMB4XDTI0MDMyNTEzMDAzM1oXDTI0MDYyMzEzMDAzM1owLzEtMCsGA1UEAxMk
MGViYzAwNWUtNTFkNS00MzdjLTgwYzgtMWIzMjcxZTZhZTI3MIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj0a1Kyf2XIVKOMRjH1399H7rUT+taORYZAsL
IcK2W9+QlvaMFEZP6CaC8T+iPYbO7wrIhga+ZnF3iqo8iVAE0oVGI7Ot4YIIrXZJ
K7pNkbWq3tKbbAXGHdLts8tr3czzys93ju2HdvQ+W2eaFptQ9ZndWHU0x8QozhlJ
d/KeMVdBGVDqVoODTTl/LqKStZHXtjt1M2fOhfKahV3ai7wgZAD6zmQlShEBp4ER
6w9AET4QPrcI3/+bp2NOA3Bz0COhwTTp3GfIBBC91Y7DGnMx9nfZ1h6jwmtgZDit
WdKVFcScYAa9qOnwMwRUFm9WuAnvu0vzGoceoCL5pvBZfWVp1wIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFKq8/Djb+3VibWPUWNCowo+vQw3GMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy80OWJk
NTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3M2IzNWIyZDMvYmIwMmY2NTEtZWYzNy0z
MWEzLTg0YTYtOTAxYzhkOGExZDNlLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy81MjFlYjMzZi05
NjcyLTRjZDktYWNjZS0xMzcyMjdlOTcxYWMvNDliZDUwNmUtNDQ3Yy00OGU3LTlk
NDQtNGIzNzNiMzViMmQzLzQ5YmQ1MDZlLTQ0N2MtNDhlNy05ZDQ0LTRiMzczYjM1
YjJkMy5jcmwwHwYDVR0jBBgwFoAUdwOJO4YyY/94LoeEDRI/xecTaOQwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzUyMWViMzNmLTk2NzItNGNk
OS1hY2NlLTEzNzIyN2U5NzFhYy80OWJkNTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3
M2IzNWIyZDMuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBzZPYMFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBAHwxNWHyD7EPDXXNHHbJ0MYdH3lSFjRfGZkSdIHj7WWJi0lXwZePBE81
ydPpd8O/NRXIAvOpxOWRZRyW0BMh3TAnd/q6APUsTnBDngTSf/sd380myyBbvm8/
JgA3v57JIDY0EJoLjr2lrqNSyMkQqRHJQKNBjK/TKhcH1cTvSDMBjibHJknKWPsf
0RCDYp6c8+vMijdjKnoLBv2gt3Pwi53GBaChTEiw2a5xedXal3UVrFCSnQFrFxOj
Syx32BxRJADsqfqPmhCYJYTzMF+V7xNgikpucu2mgT+/Rkhy9cLP9kF3cmWeNSPK
q8q9flwi42ydCiBlmEie1gPszGbTOdE=
-----END CERTIFICATE-----