Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/c431351a-efda-3fb0-bceb-ed63e9155c2a.roa
File:                     c431351a-efda-3fb0-bceb-ed63e9155c2a.roa (raw, json)
Hash identifier:          CeMJkXJREBT31pIywC50K8j8I2LbxAc91AO2UdHg29Q=
Subject key identifier:   91:7A:51:AD:86:83:A0:E3:E7:4F:ED:2C:70:53:81:BA:86:A4:BC:F2
Certificate issuer:       /CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
Certificate serial:       010D0C9F43285845533322BD1AB3776504E7D7C0
Authority key identifier: 77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/c431351a-efda-3fb0-bceb-ed63e9155c2a.roa
Signing time:             Mon 25 Mar 2024 13:00:33 +0000
ROA not before:           Mon 25 Mar 2024 13:00:33 +0000
ROA not after:            Sun 23 Jun 2024 13:00:33 +0000
asID:                     7029
IP address blocks:        209.92.54.0/23 maxlen: 23

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:45:53:33:22:bd:1a:b3:77:65:04:e7:d7:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
        Validity
            Not Before: Mar 25 13:00:33 2024 GMT
            Not After : Jun 23 13:00:33 2024 GMT
        Subject: CN=d1c20a46-410e-43d9-9daf-98d26cea4e42
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:e4:f8:0a:a4:ea:7b:fb:ba:17:89:a4:48:21:
                    ee:38:0c:e2:93:23:7b:6e:88:35:b2:8c:82:6e:ee:
                    b8:15:24:76:ee:99:7d:42:97:5d:52:42:77:0b:96:
                    42:98:60:98:c0:f9:3e:4c:af:22:d5:05:84:3e:c9:
                    db:d0:7a:71:57:51:0e:bd:6a:45:9b:75:2f:5b:ee:
                    f6:4f:29:9d:58:e9:bc:3f:01:6f:24:f0:70:b5:65:
                    05:55:17:b1:e0:2d:2d:a8:b9:4a:83:7a:cf:ca:73:
                    a8:25:2c:7f:11:a7:9e:fd:b3:08:5a:88:39:70:ba:
                    01:e3:e4:6d:92:73:13:83:79:1e:da:d7:ab:78:7b:
                    c6:d3:9e:bc:dc:da:1a:91:f2:4f:81:fa:8a:23:24:
                    8b:10:12:a8:a1:ac:63:5c:9a:fa:86:d7:48:c5:56:
                    1e:80:b5:14:22:1f:e0:ac:38:6f:48:18:69:0b:9d:
                    00:bc:f5:24:e4:63:a0:ea:9a:ee:0f:5a:87:9d:1b:
                    fe:c9:a8:20:da:31:ff:5e:b6:1d:a8:2c:45:8a:ae:
                    d0:4a:c8:16:4e:c1:b5:a4:36:43:a2:cf:39:49:ad:
                    b9:2e:42:b3:18:c1:e2:7a:9d:28:ce:e0:1e:e8:7b:
                    69:b2:2d:d8:0b:db:e7:7a:e8:cd:23:d3:78:83:13:
                    df:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:7A:51:AD:86:83:A0:E3:E7:4F:ED:2C:70:53:81:BA:86:A4:BC:F2
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/c431351a-efda-3fb0-bceb-ed63e9155c2a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/49bd506e-447c-48e7-9d44-4b373b35b2d3.crl

            X509v3 Authority Key Identifier:
                keyid:77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  209.92.54.0/23

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         0f:91:26:f9:ca:26:22:e6:2c:cb:66:49:ee:13:d6:f8:72:9b:
         ff:f6:99:08:d6:5c:37:e9:b9:de:3f:f6:ca:e2:6e:0e:87:c3:
         29:83:12:1e:61:58:c6:22:f5:cf:a9:75:ed:6e:8f:f7:7b:d9:
         be:d3:f3:81:b3:a2:7c:e7:7b:54:87:66:34:5f:e1:2e:f3:4c:
         38:07:4e:30:8a:e7:09:a7:5e:8a:cb:12:d0:38:02:32:12:65:
         c3:ac:22:c4:3b:16:92:ed:7e:60:ec:22:bb:68:ff:93:25:a9:
         88:92:b3:31:43:29:8e:80:b7:23:b8:8e:c8:97:90:61:49:02:
         3a:17:00:24:37:9e:42:ac:d4:b0:96:36:11:6d:28:25:86:53:
         cd:8f:8f:3f:23:db:16:f1:60:f4:0b:86:86:4e:20:d6:b0:61:
         c9:66:24:2c:a9:bc:e5:4e:67:2d:92:07:6e:ed:c4:53:27:9d:
         c8:cb:48:84:f3:ac:b6:02:69:31:23:0c:79:f4:84:0e:04:54:
         e5:41:80:7d:41:29:2d:4a:19:49:7b:2a:25:35:07:74:35:75:
         f2:7f:2e:c1:f1:f3:11:f6:a8:6e:a2:e3:fd:08:20:7b:76:40:
         b1:86:be:1a:a9:19:45:48:30:53:c2:b0:70:04:df:49:bf:05:
         ea:ae:60:91
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWEVTMyK9GrN3ZQTn18AwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkNDliZDUwNmUtNDQ3Yy00OGU3LTlkNDQtNGIzNzNiMzVi
MmQzMB4XDTI0MDMyNTEzMDAzM1oXDTI0MDYyMzEzMDAzM1owLzEtMCsGA1UEAxMk
ZDFjMjBhNDYtNDEwZS00M2Q5LTlkYWYtOThkMjZjZWE0ZTQyMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0eT4CqTqe/u6F4mkSCHuOAzikyN7bog1soyC
bu64FSR27pl9QpddUkJ3C5ZCmGCYwPk+TK8i1QWEPsnb0HpxV1EOvWpFm3UvW+72
TymdWOm8PwFvJPBwtWUFVRex4C0tqLlKg3rPynOoJSx/Eaee/bMIWog5cLoB4+Rt
knMTg3ke2tereHvG05683NoakfJPgfqKIySLEBKooaxjXJr6htdIxVYegLUUIh/g
rDhvSBhpC50AvPUk5GOg6pruD1qHnRv+yagg2jH/XrYdqCxFiq7QSsgWTsG1pDZD
os85Sa25LkKzGMHiep0ozuAe6Htpsi3YC9vneujNI9N4gxPfgwIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFJF6Ua2Gg6Dj50/tLHBTgbqGpLzyMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy80OWJk
NTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3M2IzNWIyZDMvYzQzMTM1MWEtZWZkYS0z
ZmIwLWJjZWItZWQ2M2U5MTU1YzJhLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy81MjFlYjMzZi05
NjcyLTRjZDktYWNjZS0xMzcyMjdlOTcxYWMvNDliZDUwNmUtNDQ3Yy00OGU3LTlk
NDQtNGIzNzNiMzViMmQzLzQ5YmQ1MDZlLTQ0N2MtNDhlNy05ZDQ0LTRiMzczYjM1
YjJkMy5jcmwwHwYDVR0jBBgwFoAUdwOJO4YyY/94LoeEDRI/xecTaOQwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzUyMWViMzNmLTk2NzItNGNk
OS1hY2NlLTEzNzIyN2U5NzFhYy80OWJkNTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3
M2IzNWIyZDMuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB0Vw2MFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBAA+RJvnKJiLmLMtmSe4T1vhym//2mQjWXDfpud4/9sribg6HwymDEh5h
WMYi9c+pde1uj/d72b7T84Gzonzne1SHZjRf4S7zTDgHTjCK5wmnXorLEtA4AjIS
ZcOsIsQ7FpLtfmDsIrto/5MlqYiSszFDKY6AtyO4jsiXkGFJAjoXACQ3nkKs1LCW
NhFtKCWGU82Pjz8j2xbxYPQLhoZOINawYclmJCypvOVOZy2SB27txFMnncjLSITz
rLYCaTEjDHn0hA4EVOVBgH1BKS1KGUl7KiU1B3Q1dfJ/LsHx8xH2qG6i4/0IIHt2
QLGGvhqpGUVIMFPCsHAE30m/BequYJE=
-----END CERTIFICATE-----