Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/cbaca6b9-cd7b-336e-9eab-c93d11710fec.roa
File:                     cbaca6b9-cd7b-336e-9eab-c93d11710fec.roa (raw, json)
Hash identifier:          LLjSFXyPzBDPj8JW2c7XkaLGyLahrDk4EQZBYXPJa+Q=
Subject key identifier:   98:C4:85:AF:C6:96:F9:FB:87:C1:66:08:73:05:1E:2A:79:00:53:53
Certificate issuer:       /CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
Certificate serial:       010D0C9F43285845533317E9E5846BD03CA10A80
Authority key identifier: 77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/cbaca6b9-cd7b-336e-9eab-c93d11710fec.roa
Signing time:             Mon 25 Mar 2024 13:00:33 +0000
ROA not before:           Mon 25 Mar 2024 13:00:33 +0000
ROA not after:            Sun 23 Jun 2024 13:00:33 +0000
asID:                     7029
IP address blocks:        204.31.0.0/20 maxlen: 20

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:45:53:33:17:e9:e5:84:6b:d0:3c:a1:0a:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
        Validity
            Not Before: Mar 25 13:00:33 2024 GMT
            Not After : Jun 23 13:00:33 2024 GMT
        Subject: CN=68fd3199-3546-435a-9352-512259330a62
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:25:7f:93:69:a9:98:29:0f:02:a6:dd:16:7d:
                    6e:98:a0:1a:6c:46:5e:1d:74:fc:fe:81:fd:49:16:
                    38:d5:44:a7:46:8e:93:0e:ab:35:a6:09:a4:fd:af:
                    63:e3:4d:8d:b5:a2:83:e0:7c:d9:a2:ed:21:58:d8:
                    f3:ce:23:ab:ac:3f:8a:d7:9d:34:fb:11:ee:83:c7:
                    b4:7d:01:2a:f5:fb:0e:38:74:3a:a3:6c:6a:49:63:
                    97:64:46:fc:30:e7:43:9b:bf:51:60:17:df:81:c4:
                    19:31:fe:4c:4b:4a:2d:d0:35:49:e4:39:6d:f5:dd:
                    00:b4:ca:aa:d9:39:7a:1c:7f:66:a7:a3:5d:97:38:
                    d5:5c:c9:de:92:14:28:3f:a2:c4:97:35:25:22:bd:
                    7d:c8:41:b2:55:e2:11:b3:42:8b:54:87:66:23:7d:
                    2d:a5:f6:be:82:4e:34:da:b8:1a:fa:3d:bd:54:60:
                    c1:db:fd:1a:27:6b:e5:be:50:db:f0:e5:d8:18:a4:
                    75:be:6f:80:48:72:eb:2a:60:d0:f8:b9:98:cb:92:
                    b9:49:66:c7:ec:69:50:17:34:a2:b8:fa:3e:1c:e3:
                    b7:5f:2e:c2:a4:53:12:12:2e:f4:61:e8:ec:06:94:
                    a0:ed:99:66:21:de:74:a5:9f:c1:e4:7e:3c:24:7a:
                    10:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:C4:85:AF:C6:96:F9:FB:87:C1:66:08:73:05:1E:2A:79:00:53:53
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/cbaca6b9-cd7b-336e-9eab-c93d11710fec.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/49bd506e-447c-48e7-9d44-4b373b35b2d3.crl

            X509v3 Authority Key Identifier:
                keyid:77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  204.31.0.0/20

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         29:49:fc:b9:68:9e:51:98:0c:08:d6:dc:f3:f0:d4:e2:d1:63:
         eb:fc:94:d3:71:e7:d0:9d:3f:f9:08:d9:14:f4:71:5d:0b:bb:
         a7:20:f4:f2:14:b5:b9:0b:a7:0f:84:c0:24:50:1b:14:97:84:
         d2:f2:d9:c6:72:03:d0:8d:94:f3:05:d5:b5:23:1b:53:10:ba:
         b1:06:28:5f:67:88:04:cd:4b:45:b9:4b:46:60:a3:63:62:00:
         43:5a:17:58:f6:fa:c8:cb:2d:a8:eb:43:a6:ed:90:c1:e2:1a:
         89:0a:e1:ab:57:6d:58:fe:8c:f1:59:b0:56:4d:45:d5:34:f5:
         66:98:c2:60:7b:d5:e4:5c:f0:91:d7:e2:2b:72:ed:14:9b:ba:
         79:49:64:12:ca:f0:1c:76:fe:08:66:66:07:22:61:24:78:06:
         19:80:9b:00:14:9e:71:c1:48:d7:3c:55:27:07:2c:29:c7:de:
         36:fd:b7:81:9f:58:c0:d0:14:24:7c:8d:a7:8d:0b:ad:be:cd:
         d9:e8:ac:33:7a:31:fa:33:dd:93:81:da:9a:10:3b:f2:ec:b2:
         b6:37:d9:90:d6:47:34:03:c2:0b:1e:63:4c:50:d1:f4:29:1b:
         e5:d8:8e:2e:a9:b1:1a:bd:0d:a8:dc:fb:29:f9:79:b8:f5:be:
         65:b7:3c:c5
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWEVTMxfp5YRr0DyhCoAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkNDliZDUwNmUtNDQ3Yy00OGU3LTlkNDQtNGIzNzNiMzVi
MmQzMB4XDTI0MDMyNTEzMDAzM1oXDTI0MDYyMzEzMDAzM1owLzEtMCsGA1UEAxMk
NjhmZDMxOTktMzU0Ni00MzVhLTkzNTItNTEyMjU5MzMwYTYyMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnSV/k2mpmCkPAqbdFn1umKAabEZeHXT8/oH9
SRY41USnRo6TDqs1pgmk/a9j402NtaKD4HzZou0hWNjzziOrrD+K1500+xHug8e0
fQEq9fsOOHQ6o2xqSWOXZEb8MOdDm79RYBffgcQZMf5MS0ot0DVJ5Dlt9d0AtMqq
2Tl6HH9mp6NdlzjVXMnekhQoP6LElzUlIr19yEGyVeIRs0KLVIdmI30tpfa+gk40
2rga+j29VGDB2/0aJ2vlvlDb8OXYGKR1vm+ASHLrKmDQ+LmYy5K5SWbH7GlQFzSi
uPo+HOO3Xy7CpFMSEi70YejsBpSg7ZlmId50pZ/B5H48JHoQjwIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFJjEha/Glvn7h8FmCHMFHip5AFNTMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy80OWJk
NTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3M2IzNWIyZDMvY2JhY2E2YjktY2Q3Yi0z
MzZlLTllYWItYzkzZDExNzEwZmVjLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy81MjFlYjMzZi05
NjcyLTRjZDktYWNjZS0xMzcyMjdlOTcxYWMvNDliZDUwNmUtNDQ3Yy00OGU3LTlk
NDQtNGIzNzNiMzViMmQzLzQ5YmQ1MDZlLTQ0N2MtNDhlNy05ZDQ0LTRiMzczYjM1
YjJkMy5jcmwwHwYDVR0jBBgwFoAUdwOJO4YyY/94LoeEDRI/xecTaOQwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzUyMWViMzNmLTk2NzItNGNk
OS1hY2NlLTEzNzIyN2U5NzFhYy80OWJkNTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3
M2IzNWIyZDMuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEzB8AMFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBAClJ/LlonlGYDAjW3PPw1OLRY+v8lNNx59CdP/kI2RT0cV0Lu6cg9PIU
tbkLpw+EwCRQGxSXhNLy2cZyA9CNlPMF1bUjG1MQurEGKF9niATNS0W5S0Zgo2Ni
AENaF1j2+sjLLajrQ6btkMHiGokK4atXbVj+jPFZsFZNRdU09WaYwmB71eRc8JHX
4ity7RSbunlJZBLK8Bx2/ghmZgciYSR4BhmAmwAUnnHBSNc8VScHLCnH3jb9t4Gf
WMDQFCR8jaeNC62+zdnorDN6Mfoz3ZOB2poQO/LssrY32ZDWRzQDwgseY0xQ0fQp
G+XYji6psRq9Dajc+yn5ebj1vmW3PMU=
-----END CERTIFICATE-----