Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/cfa59136-8c61-3bf4-bf3b-247c4824eb2f.roa
File:                     cfa59136-8c61-3bf4-bf3b-247c4824eb2f.roa (raw, json)
Hash identifier:          mGk+UF6OBKbnWXR40dArOzK3oaELmaJ8Zrdw/rDRz5c=
Subject key identifier:   C4:2B:09:88:61:8C:E8:A1:B1:4F:CB:48:C5:9A:A2:75:09:9F:CC:9D
Certificate issuer:       /CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
Certificate serial:       010D0C9F43285845533325B634DFC37FD1246700
Authority key identifier: 77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/cfa59136-8c61-3bf4-bf3b-247c4824eb2f.roa
Signing time:             Mon 25 Mar 2024 13:00:33 +0000
ROA not before:           Mon 25 Mar 2024 13:00:33 +0000
ROA not after:            Sun 23 Jun 2024 13:00:33 +0000
asID:                     7029
IP address blocks:        209.128.128.0/18 maxlen: 18

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:45:53:33:25:b6:34:df:c3:7f:d1:24:67:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
        Validity
            Not Before: Mar 25 13:00:33 2024 GMT
            Not After : Jun 23 13:00:33 2024 GMT
        Subject: CN=99d80d51-32c8-4406-bd75-ca147f54d51f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:5f:8e:aa:6d:9c:4b:29:f3:22:87:02:87:44:
                    7c:6e:86:de:31:42:cf:e4:cb:60:f8:a8:50:00:8a:
                    c0:b2:02:57:a1:b9:7d:b8:1e:65:20:42:09:ab:6c:
                    5e:38:5e:84:09:66:3f:1c:c1:80:d3:15:57:23:bf:
                    43:ed:b1:98:7e:be:46:d3:07:de:24:7c:4e:fe:4c:
                    21:26:a2:a4:01:77:8d:45:eb:97:81:a8:71:e6:1b:
                    db:40:04:d2:e2:d4:77:6d:3f:50:a5:1a:86:fb:51:
                    50:a3:3e:5d:0a:cf:d9:14:d1:0b:a0:da:11:b8:b5:
                    58:0d:f7:c4:26:59:97:35:8d:56:e9:ea:aa:94:95:
                    41:44:0c:5e:b1:b4:92:95:f8:d8:86:f8:4f:63:12:
                    8f:1e:e2:08:f6:d1:dc:0d:26:4b:58:8f:04:8d:31:
                    7b:2d:ab:56:dd:8b:b8:82:bb:ac:43:a3:be:8f:09:
                    b3:1f:99:a2:10:5e:b5:d6:39:4c:ab:1c:cc:40:66:
                    aa:65:10:d5:fa:ca:59:02:b6:a7:87:f7:e2:39:55:
                    57:93:44:8f:bb:0f:c1:f9:1e:7c:64:d3:33:77:d7:
                    3a:23:4e:8a:63:7f:cb:a2:a7:32:af:3b:c3:6b:eb:
                    59:4e:39:fd:67:72:59:e3:b1:cc:6d:1c:47:22:a0:
                    5a:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:2B:09:88:61:8C:E8:A1:B1:4F:CB:48:C5:9A:A2:75:09:9F:CC:9D
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/cfa59136-8c61-3bf4-bf3b-247c4824eb2f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/49bd506e-447c-48e7-9d44-4b373b35b2d3.crl

            X509v3 Authority Key Identifier:
                keyid:77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  209.128.128.0/18

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         0a:46:e4:8e:d7:19:f0:41:57:4a:d7:7f:43:f8:c8:e0:91:6c:
         92:bf:67:59:22:80:bf:b9:d2:13:48:5f:5b:d8:80:0f:b5:c8:
         54:ec:0f:dc:e6:d6:8f:9e:55:df:65:7d:33:2f:62:2b:95:af:
         7f:64:d0:84:af:44:2e:84:4a:eb:bf:2f:eb:da:32:90:f0:2a:
         2c:5a:45:be:17:63:e7:53:0a:87:f5:59:ac:32:0d:23:9b:d1:
         2d:39:30:80:20:30:4e:ae:2f:c1:0c:98:39:55:50:db:f3:c8:
         9f:d9:97:4a:53:0f:5c:86:f8:d5:64:0d:e4:89:bd:b3:89:58:
         4a:fc:92:cd:7c:82:67:71:5c:d2:26:ac:82:35:05:7d:6c:03:
         d1:8e:31:1e:6c:84:3f:63:dc:7e:86:2d:b4:ca:9d:fc:28:ec:
         9b:fd:ac:cd:f1:b6:1c:bd:49:a2:13:67:eb:ee:f6:57:f7:2a:
         b8:a1:d7:16:6a:95:11:a1:2c:13:b6:69:46:86:42:08:8b:a3:
         c7:e4:41:4e:48:b7:90:b8:91:71:76:77:f6:db:ae:74:c2:16:
         e4:ad:a5:ab:55:a8:58:5e:64:49:d0:3b:81:c3:7d:73:fd:1d:
         e6:e0:9b:66:45:18:36:69:6f:4b:a5:bf:8a:14:72:88:a3:57:
         26:6b:ec:c4
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWEVTMyW2NN/Df9EkZwAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkNDliZDUwNmUtNDQ3Yy00OGU3LTlkNDQtNGIzNzNiMzVi
MmQzMB4XDTI0MDMyNTEzMDAzM1oXDTI0MDYyMzEzMDAzM1owLzEtMCsGA1UEAxMk
OTlkODBkNTEtMzJjOC00NDA2LWJkNzUtY2ExNDdmNTRkNTFmMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmF+Oqm2cSynzIocCh0R8bobeMULP5Mtg+KhQ
AIrAsgJXobl9uB5lIEIJq2xeOF6ECWY/HMGA0xVXI79D7bGYfr5G0wfeJHxO/kwh
JqKkAXeNReuXgahx5hvbQATS4tR3bT9QpRqG+1FQoz5dCs/ZFNELoNoRuLVYDffE
JlmXNY1W6eqqlJVBRAxesbSSlfjYhvhPYxKPHuII9tHcDSZLWI8EjTF7LatW3Yu4
grusQ6O+jwmzH5miEF611jlMqxzMQGaqZRDV+spZAranh/fiOVVXk0SPuw/B+R58
ZNMzd9c6I06KY3/LoqcyrzvDa+tZTjn9Z3JZ47HMbRxHIqBavwIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFMQrCYhhjOihsU/LSMWaonUJn8ydMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy80OWJk
NTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3M2IzNWIyZDMvY2ZhNTkxMzYtOGM2MS0z
YmY0LWJmM2ItMjQ3YzQ4MjRlYjJmLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy81MjFlYjMzZi05
NjcyLTRjZDktYWNjZS0xMzcyMjdlOTcxYWMvNDliZDUwNmUtNDQ3Yy00OGU3LTlk
NDQtNGIzNzNiMzViMmQzLzQ5YmQ1MDZlLTQ0N2MtNDhlNy05ZDQ0LTRiMzczYjM1
YjJkMy5jcmwwHwYDVR0jBBgwFoAUdwOJO4YyY/94LoeEDRI/xecTaOQwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzUyMWViMzNmLTk2NzItNGNk
OS1hY2NlLTEzNzIyN2U5NzFhYy80OWJkNTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3
M2IzNWIyZDMuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQG0YCAMFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBAApG5I7XGfBBV0rXf0P4yOCRbJK/Z1kigL+50hNIX1vYgA+1yFTsD9zm
1o+eVd9lfTMvYiuVr39k0ISvRC6ESuu/L+vaMpDwKixaRb4XY+dTCof1WawyDSOb
0S05MIAgME6uL8EMmDlVUNvzyJ/Zl0pTD1yG+NVkDeSJvbOJWEr8ks18gmdxXNIm
rII1BX1sA9GOMR5shD9j3H6GLbTKnfwo7Jv9rM3xthy9SaITZ+vu9lf3Krih1xZq
lRGhLBO2aUaGQgiLo8fkQU5It5C4kXF2d/bbrnTCFuStpatVqFheZEnQO4HDfXP9
Hebgm2ZFGDZpb0ulv4oUcoijVyZr7MQ=
-----END CERTIFICATE-----