Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/eb43877e-fc64-3cf0-8422-811b24f98017.roa
File:                     eb43877e-fc64-3cf0-8422-811b24f98017.roa (raw, json)
Hash identifier:          Mf0kDwrqp15RismXhTLVAPDJxGNsCUSug56RydJooaA=
Subject key identifier:   F9:FC:74:AB:49:1A:DF:31:F6:55:EA:0B:4B:DD:E2:28:AC:C3:E6:CF
Certificate issuer:       /CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
Certificate serial:       010D0C9F4328583D4FB1D431BB03FC54D44D2FC0
Authority key identifier: 77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/eb43877e-fc64-3cf0-8422-811b24f98017.roa
Signing time:             Mon 21 Mar 2022 04:00:00 +0000
ROA not before:           Mon 21 Mar 2022 04:00:00 +0000
ROA not after:            Mon 13 Mar 2028 04:00:00 +0000
asID:                     7029
IP address blocks:        216.7.0.0/19 maxlen: 19
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:3d:4f:b1:d4:31:bb:03:fc:54:d4:4d:2f:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
        Validity
            Not Before: Mar 21 04:00:00 2022 GMT
            Not After : Mar 13 04:00:00 2028 GMT
        Subject: CN=aaeb6bd4-cc7a-40c5-8fef-e8c5ef07217b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:37:6d:26:0c:8a:f4:94:c2:90:ce:12:9e:8f:
                    73:31:27:3c:4c:7e:b0:e4:e0:a0:7d:c0:6c:7d:3e:
                    07:c0:13:bf:b0:ff:52:23:f9:cb:cf:e9:1b:84:11:
                    94:c7:ed:59:9e:2f:b9:51:c4:e4:c6:22:49:84:2e:
                    19:12:47:4f:bc:35:46:27:f3:61:f9:63:e6:cf:44:
                    89:9e:62:3f:9b:1d:7b:4f:2a:b7:9c:dd:eb:e7:49:
                    a4:6a:d2:28:85:ba:4a:97:c4:b5:d1:07:bd:c3:08:
                    dc:c0:1b:d7:bc:49:d9:93:7a:d7:52:e2:bf:01:29:
                    8f:c7:ae:c9:ab:77:b0:ab:f7:10:07:62:e4:a3:ba:
                    2b:53:29:77:c0:9b:a8:fe:9c:36:d1:e5:0a:17:dd:
                    2e:24:f8:f6:88:a7:7b:1b:2d:1a:5b:1f:87:c8:86:
                    37:7f:c3:9b:9a:7d:d4:4c:d2:7f:a4:66:61:ae:3f:
                    01:b5:b8:6e:e1:55:f6:65:f1:2f:bc:b5:31:89:6e:
                    ff:f0:93:89:f4:64:af:31:60:c9:08:e9:25:f0:aa:
                    ba:f0:d3:1f:7c:07:48:47:44:31:c7:12:e5:2c:75:
                    3b:21:a0:dc:04:f1:8e:11:90:53:b1:92:73:34:2b:
                    c4:b6:1d:f8:e7:54:57:02:64:52:06:62:0e:bc:59:
                    98:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:FC:74:AB:49:1A:DF:31:F6:55:EA:0B:4B:DD:E2:28:AC:C3:E6:CF
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/eb43877e-fc64-3cf0-8422-811b24f98017.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/49bd506e-447c-48e7-9d44-4b373b35b2d3.crl

            X509v3 Authority Key Identifier:
                keyid:77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.7.0.0/19

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         03:3f:f6:08:8c:3c:43:0c:f5:33:10:a6:8d:0c:7c:b9:95:39:
         98:e4:95:8f:30:d8:b5:77:9b:52:3a:c7:f0:86:48:bc:c3:ca:
         73:e2:7c:fd:66:07:44:b6:2f:43:60:08:f6:6c:c0:f5:b7:93:
         ea:31:46:4d:4f:ed:a2:2a:70:ae:d4:64:34:8b:08:dd:3b:06:
         ff:11:41:f2:53:3a:4f:f9:bb:1c:f9:1e:0d:f7:fd:d3:cd:6a:
         5a:80:62:af:fc:3f:b2:b4:11:a7:78:28:38:ec:9e:71:9a:62:
         d9:cd:f5:8b:92:b4:5b:08:0b:8f:4a:39:bb:7a:58:2a:0c:ef:
         01:b6:d1:59:bf:40:b9:80:31:10:45:8a:9f:d6:25:97:c2:16:
         91:fe:de:4f:e3:c3:6f:b7:40:2f:4f:c5:43:09:c0:bc:ed:3b:
         2e:b4:38:99:ae:e5:a6:e0:a3:a1:03:db:27:80:42:3a:5a:54:
         4f:0f:e9:e8:13:a6:5f:48:09:78:1c:14:9e:ee:c7:93:c3:c4:
         50:5a:73:15:2c:9e:69:9a:18:59:5f:28:eb:06:a8:38:54:0f:
         77:c8:74:89:4b:f8:ed:af:63:e0:64:c5:9d:50:95:99:37:d2:
         57:bd:09:05:02:1d:9f:b4:27:2e:95:0d:37:89:b9:58:bc:14:
         74:9e:c9:8e
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWD1PsdQxuwP8VNRNL8AwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkNDliZDUwNmUtNDQ3Yy00OGU3LTlkNDQtNGIzNzNiMzVi
MmQzMB4XDTIyMDMyMTA0MDAwMFoXDTI4MDMxMzA0MDAwMFowLzEtMCsGA1UEAxMk
YWFlYjZiZDQtY2M3YS00MGM1LThmZWYtZThjNWVmMDcyMTdiMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0DdtJgyK9JTCkM4Sno9zMSc8TH6w5OCgfcBs
fT4HwBO/sP9SI/nLz+kbhBGUx+1Zni+5UcTkxiJJhC4ZEkdPvDVGJ/Nh+WPmz0SJ
nmI/mx17Tyq3nN3r50mkatIohbpKl8S10Qe9wwjcwBvXvEnZk3rXUuK/ASmPx67J
q3ewq/cQB2Lko7orUyl3wJuo/pw20eUKF90uJPj2iKd7Gy0aWx+HyIY3f8Obmn3U
TNJ/pGZhrj8Btbhu4VX2ZfEvvLUxiW7/8JOJ9GSvMWDJCOkl8Kq68NMffAdIR0Qx
xxLlLHU7IaDcBPGOEZBTsZJzNCvEth3451RXAmRSBmIOvFmYdQIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFPn8dKtJGt8x9lXqC0vd4iisw+bPMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy80OWJk
NTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3M2IzNWIyZDMvZWI0Mzg3N2UtZmM2NC0z
Y2YwLTg0MjItODExYjI0Zjk4MDE3LnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy81MjFlYjMzZi05
NjcyLTRjZDktYWNjZS0xMzcyMjdlOTcxYWMvNDliZDUwNmUtNDQ3Yy00OGU3LTlk
NDQtNGIzNzNiMzViMmQzLzQ5YmQ1MDZlLTQ0N2MtNDhlNy05ZDQ0LTRiMzczYjM1
YjJkMy5jcmwwHwYDVR0jBBgwFoAUdwOJO4YyY/94LoeEDRI/xecTaOQwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzUyMWViMzNmLTk2NzItNGNk
OS1hY2NlLTEzNzIyN2U5NzFhYy80OWJkNTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3
M2IzNWIyZDMuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQF2AcAMFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBAAM/9giMPEMM9TMQpo0MfLmVOZjklY8w2LV3m1I6x/CGSLzDynPifP1m
B0S2L0NgCPZswPW3k+oxRk1P7aIqcK7UZDSLCN07Bv8RQfJTOk/5uxz5Hg33/dPN
alqAYq/8P7K0Ead4KDjsnnGaYtnN9YuStFsIC49KObt6WCoM7wG20Vm/QLmAMRBF
ip/WJZfCFpH+3k/jw2+3QC9PxUMJwLztOy60OJmu5abgo6ED2yeAQjpaVE8P6egT
pl9ICXgcFJ7ux5PDxFBacxUsnmmaGFlfKOsGqDhUD3fIdIlL+O2vY+BkxZ1QlZk3
0le9CQUCHZ+0Jy6VDTeJuVi8FHSeyY4=
-----END CERTIFICATE-----