Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/bfe4a2ef-0374-3d5d-b432-17a26ae2a919.roa
File:                     bfe4a2ef-0374-3d5d-b432-17a26ae2a919.roa (raw, json)
Hash identifier:          Mpb0mRZ5dd2PQg0uWiR7rfpuI8UFpdknVAGrLfzSEUs=
Subject key identifier:   5D:75:5F:75:D8:47:E8:55:89:B3:5F:58:64:45:E3:D5:7D:0B:B0:90
Certificate issuer:       /CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
Certificate serial:       010D0C9F43285845533324E83C7A9B0EF6892580
Authority key identifier: 77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/bfe4a2ef-0374-3d5d-b432-17a26ae2a919.roa
Signing time:             Mon 25 Mar 2024 13:00:33 +0000
ROA not before:           Mon 25 Mar 2024 13:00:33 +0000
ROA not after:            Sun 23 Jun 2024 13:00:33 +0000
asID:                     7029
IP address blocks:        209.109.64.0/19 maxlen: 19

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:45:53:33:24:e8:3c:7a:9b:0e:f6:89:25:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
        Validity
            Not Before: Mar 25 13:00:33 2024 GMT
            Not After : Jun 23 13:00:33 2024 GMT
        Subject: CN=58a74cb3-b92e-42f5-a8f3-2a4b8eab5673
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:a5:a5:ee:bd:ad:8d:e3:e2:2a:96:03:95:00:
                    1c:1f:33:c0:19:f3:9e:49:09:e8:e9:38:8d:3c:4e:
                    75:57:4c:c4:df:fb:ca:cc:f5:8b:cf:4a:2c:92:16:
                    7e:a2:7c:22:fc:bd:3a:f4:f4:c0:fe:ba:43:29:61:
                    ae:37:4d:94:47:db:0e:18:fd:09:10:25:4b:0a:68:
                    2a:36:24:87:f2:4e:98:d7:95:ad:6a:9c:11:23:fe:
                    49:16:23:6a:81:f5:e4:53:5b:31:64:ec:43:c7:f3:
                    7e:32:b1:a4:dc:89:e1:10:24:fc:61:0d:fa:84:3d:
                    c5:ab:15:06:1a:ed:a1:a4:3f:da:64:ef:fb:ba:26:
                    d2:6c:55:80:0d:af:a5:29:90:09:7c:92:32:8a:2a:
                    d0:74:a6:87:ee:0b:df:8e:38:d5:05:58:71:51:ea:
                    ce:72:21:b3:bc:6d:bf:60:cb:e7:0b:d9:c8:b6:98:
                    58:4d:3d:1f:c0:f4:be:90:4e:5d:02:12:ae:55:ba:
                    1d:93:3a:bf:af:9e:bf:72:d9:f8:36:5e:70:7d:0d:
                    19:73:e9:65:62:a8:a7:d5:e5:fd:eb:24:17:5d:08:
                    fc:ab:67:f8:39:1f:12:7a:86:6f:33:f4:e4:43:d2:
                    40:d2:be:d4:a6:c0:ef:ca:f7:d4:8b:b3:c6:df:8f:
                    0f:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:75:5F:75:D8:47:E8:55:89:B3:5F:58:64:45:E3:D5:7D:0B:B0:90
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/bfe4a2ef-0374-3d5d-b432-17a26ae2a919.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/49bd506e-447c-48e7-9d44-4b373b35b2d3.crl

            X509v3 Authority Key Identifier:
                keyid:77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  209.109.64.0/19

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         2b:e0:a9:2d:12:25:b5:c7:19:74:08:89:a5:a5:bf:30:3c:32:
         24:e5:93:fd:94:15:9d:b2:ec:6a:86:a8:00:90:42:01:f1:2d:
         88:a5:c0:12:1b:d9:21:3b:da:28:bd:d5:5c:e7:f9:e2:23:18:
         45:8d:88:38:43:63:ba:41:e9:70:56:c6:77:42:8c:f8:61:64:
         45:6c:f5:d9:f4:f5:f5:b3:57:3f:8f:2a:5f:0b:30:4d:d9:e1:
         68:3b:34:bb:b7:54:ca:1b:1e:7e:45:fd:d8:ae:b5:f4:c0:fd:
         87:2e:3b:5f:cc:ee:86:2b:06:2f:19:46:79:14:79:65:e8:c7:
         42:c4:9b:66:44:f3:ce:1e:c6:96:a4:7c:35:5c:38:f9:dd:57:
         90:98:19:56:b2:5e:af:14:5b:65:f0:ea:ed:a6:10:03:1a:c5:
         97:99:e2:59:2f:ff:b7:5d:9b:21:30:b0:a4:4e:2c:d4:53:81:
         7d:2b:0b:1a:8a:da:90:9c:56:95:7d:e7:7e:1a:db:a8:ce:b5:
         bc:72:cb:f4:57:76:78:85:b7:ce:c7:e4:a7:fb:17:bf:c4:91:
         d5:b9:41:66:85:e9:e9:04:68:97:eb:8d:1b:a8:c4:07:19:db:
         b3:33:0d:45:a1:c7:9d:2a:1f:cf:c1:f6:89:03:dd:ce:1a:cb:
         fd:f2:1a:df
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWEVTMyToPHqbDvaJJYAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkNDliZDUwNmUtNDQ3Yy00OGU3LTlkNDQtNGIzNzNiMzVi
MmQzMB4XDTI0MDMyNTEzMDAzM1oXDTI0MDYyMzEzMDAzM1owLzEtMCsGA1UEAxMk
NThhNzRjYjMtYjkyZS00MmY1LWE4ZjMtMmE0YjhlYWI1NjczMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgqWl7r2tjePiKpYDlQAcHzPAGfOeSQno6TiN
PE51V0zE3/vKzPWLz0oskhZ+onwi/L069PTA/rpDKWGuN02UR9sOGP0JECVLCmgq
NiSH8k6Y15WtapwRI/5JFiNqgfXkU1sxZOxDx/N+MrGk3InhECT8YQ36hD3FqxUG
Gu2hpD/aZO/7uibSbFWADa+lKZAJfJIyiirQdKaH7gvfjjjVBVhxUerOciGzvG2/
YMvnC9nItphYTT0fwPS+kE5dAhKuVbodkzq/r56/ctn4Nl5wfQ0Zc+llYqin1eX9
6yQXXQj8q2f4OR8SeoZvM/TkQ9JA0r7UpsDvyvfUi7PG348PTQIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFF11X3XYR+hVibNfWGRF49V9C7CQMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy80OWJk
NTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3M2IzNWIyZDMvYmZlNGEyZWYtMDM3NC0z
ZDVkLWI0MzItMTdhMjZhZTJhOTE5LnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy81MjFlYjMzZi05
NjcyLTRjZDktYWNjZS0xMzcyMjdlOTcxYWMvNDliZDUwNmUtNDQ3Yy00OGU3LTlk
NDQtNGIzNzNiMzViMmQzLzQ5YmQ1MDZlLTQ0N2MtNDhlNy05ZDQ0LTRiMzczYjM1
YjJkMy5jcmwwHwYDVR0jBBgwFoAUdwOJO4YyY/94LoeEDRI/xecTaOQwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzUyMWViMzNmLTk2NzItNGNk
OS1hY2NlLTEzNzIyN2U5NzFhYy80OWJkNTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3
M2IzNWIyZDMuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQF0W1AMFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBACvgqS0SJbXHGXQIiaWlvzA8MiTlk/2UFZ2y7GqGqACQQgHxLYilwBIb
2SE72ii91Vzn+eIjGEWNiDhDY7pB6XBWxndCjPhhZEVs9dn09fWzVz+PKl8LME3Z
4Wg7NLu3VMobHn5F/diutfTA/YcuO1/M7oYrBi8ZRnkUeWXox0LEm2ZE884expak
fDVcOPndV5CYGVayXq8UW2Xw6u2mEAMaxZeZ4lkv/7ddmyEwsKROLNRTgX0rCxqK
2pCcVpV9534a26jOtbxyy/RXdniFt87H5Kf7F7/EkdW5QWaF6ekEaJfrjRuoxAcZ
27MzDUWhx50qH8/B9okD3c4ay/3yGt8=
-----END CERTIFICATE-----