Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/fa106cd2-529a-3daa-87a2-c2ae1dea1c87.roa
File:                     fa106cd2-529a-3daa-87a2-c2ae1dea1c87.roa (raw, json)
Hash identifier:          2XiH7+XYLqYJpo15ZmhEFiSeYIF5BRZZ4yJPFPVT0eE=
Subject key identifier:   64:FC:52:AB:D9:87:6F:CA:28:29:89:74:C5:84:03:AB:D0:F9:D6:B7
Certificate issuer:       /CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
Certificate serial:       010D0C9F4328584553331CF980E70B6878AD3A00
Authority key identifier: 77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/fa106cd2-529a-3daa-87a2-c2ae1dea1c87.roa
Signing time:             Mon 25 Mar 2024 13:00:33 +0000
ROA not before:           Mon 25 Mar 2024 13:00:33 +0000
ROA not after:            Sun 23 Jun 2024 13:00:33 +0000
asID:                     7029
IP address blocks:        207.95.80.0/20 maxlen: 20

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:45:53:33:1c:f9:80:e7:0b:68:78:ad:3a:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49bd506e-447c-48e7-9d44-4b373b35b2d3
        Validity
            Not Before: Mar 25 13:00:33 2024 GMT
            Not After : Jun 23 13:00:33 2024 GMT
        Subject: CN=43a12bed-ab92-4423-9119-d74f7e59f0d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:b2:aa:26:65:21:ae:fb:69:bd:43:4c:70:ae:
                    c4:d6:12:20:3f:4c:ce:10:68:21:93:c5:28:03:11:
                    44:2f:9a:5f:a5:7f:2c:81:aa:2f:81:ab:76:a7:65:
                    32:8d:56:ed:3f:da:66:1d:e4:ae:e0:8e:f6:96:e7:
                    e4:ea:c9:33:d0:65:8a:dd:54:5c:b4:ac:0a:98:a3:
                    d4:68:a4:c1:82:59:b4:1e:e0:40:59:93:c0:7d:f8:
                    df:83:51:bd:06:a6:d4:cf:22:d2:8a:7c:39:26:aa:
                    1a:53:4d:47:68:c0:73:5d:9a:33:02:c0:6b:27:a2:
                    2f:e7:d4:3f:3b:1f:06:b1:f4:3a:0e:09:bf:ae:7c:
                    9b:95:e7:24:e8:d5:1e:6c:36:b5:3c:af:78:f8:15:
                    c7:b6:c3:57:06:81:12:7a:af:12:1c:89:d1:ee:de:
                    b6:71:0f:9a:0b:d9:d0:ef:49:92:d7:98:22:b8:2b:
                    b9:ee:c3:9c:6c:4a:10:88:fd:2c:ad:81:ac:c1:2e:
                    69:92:7e:ef:41:b3:42:9a:0b:03:42:8d:7f:6b:95:
                    10:da:b2:c7:96:08:7e:15:41:21:01:53:d0:58:15:
                    7b:5e:df:d0:b1:9e:94:a0:0e:9e:22:f2:db:b8:23:
                    92:4d:ab:11:bd:5b:e2:75:00:a6:0a:61:fb:d1:4c:
                    c3:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:FC:52:AB:D9:87:6F:CA:28:29:89:74:C5:84:03:AB:D0:F9:D6:B7
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/fa106cd2-529a-3daa-87a2-c2ae1dea1c87.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3/49bd506e-447c-48e7-9d44-4b373b35b2d3.crl

            X509v3 Authority Key Identifier:
                keyid:77:03:89:3B:86:32:63:FF:78:2E:87:84:0D:12:3F:C5:E7:13:68:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/49bd506e-447c-48e7-9d44-4b373b35b2d3.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  207.95.80.0/20

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         1b:34:fb:c6:00:8f:23:50:71:db:03:cd:59:ca:be:cf:8f:a5:
         d2:3b:bc:a6:4f:5d:ce:b2:ef:0d:92:0f:d5:57:dd:83:52:e7:
         06:59:75:9a:63:24:2a:b0:d5:4b:92:89:4f:74:3f:d2:f3:6a:
         50:e8:dc:e2:6b:8c:82:99:60:0b:46:8e:39:7c:0e:a1:e5:00:
         a9:12:a4:21:e4:59:de:9b:e3:ad:45:7c:f8:72:50:58:38:a9:
         cf:ea:a0:78:f6:19:75:20:19:db:bb:ae:e2:d4:55:a5:af:19:
         a1:b0:9b:aa:99:ef:a8:b6:0c:e3:59:f2:a2:86:78:cb:ba:a5:
         0c:35:d1:4d:45:a6:ad:58:e1:61:6e:8d:6f:32:28:85:89:da:
         49:d6:75:cb:62:3d:88:ec:8e:a8:49:7c:3d:57:0e:23:31:de:
         08:33:c7:fd:f7:1b:f5:36:c6:94:95:c5:e7:03:fa:5c:3c:7d:
         3c:f9:16:72:d7:1d:f3:3f:78:8e:a4:f1:96:55:85:87:f9:c7:
         3e:fa:2d:bf:a7:64:b7:80:42:8f:1d:63:03:23:cb:73:ce:04:
         82:f3:45:2f:dd:d7:a3:c6:90:88:df:33:88:49:65:71:68:e5:
         40:2b:63:8c:c4:b5:b7:f3:3b:bd:0b:89:70:f0:47:41:a9:ac:
         13:a3:7d:8f
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWEVTMxz5gOcLaHitOgAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkNDliZDUwNmUtNDQ3Yy00OGU3LTlkNDQtNGIzNzNiMzVi
MmQzMB4XDTI0MDMyNTEzMDAzM1oXDTI0MDYyMzEzMDAzM1owLzEtMCsGA1UEAxMk
NDNhMTJiZWQtYWI5Mi00NDIzLTkxMTktZDc0ZjdlNTlmMGQzMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi7KqJmUhrvtpvUNMcK7E1hIgP0zOEGghk8Uo
AxFEL5pfpX8sgaovgat2p2UyjVbtP9pmHeSu4I72lufk6skz0GWK3VRctKwKmKPU
aKTBglm0HuBAWZPAffjfg1G9BqbUzyLSinw5JqoaU01HaMBzXZozAsBrJ6Iv59Q/
Ox8GsfQ6Dgm/rnybleck6NUebDa1PK94+BXHtsNXBoESeq8SHInR7t62cQ+aC9nQ
70mS15giuCu57sOcbEoQiP0srYGswS5pkn7vQbNCmgsDQo1/a5UQ2rLHlgh+FUEh
AVPQWBV7Xt/QsZ6UoA6eIvLbuCOSTasRvVvidQCmCmH70UzDuQIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFGT8UqvZh2/KKCmJdMWEA6vQ+da3MIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy80OWJk
NTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3M2IzNWIyZDMvZmExMDZjZDItNTI5YS0z
ZGFhLTg3YTItYzJhZTFkZWExYzg3LnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy81MjFlYjMzZi05
NjcyLTRjZDktYWNjZS0xMzcyMjdlOTcxYWMvNDliZDUwNmUtNDQ3Yy00OGU3LTlk
NDQtNGIzNzNiMzViMmQzLzQ5YmQ1MDZlLTQ0N2MtNDhlNy05ZDQ0LTRiMzczYjM1
YjJkMy5jcmwwHwYDVR0jBBgwFoAUdwOJO4YyY/94LoeEDRI/xecTaOQwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzUyMWViMzNmLTk2NzItNGNk
OS1hY2NlLTEzNzIyN2U5NzFhYy80OWJkNTA2ZS00NDdjLTQ4ZTctOWQ0NC00YjM3
M2IzNWIyZDMuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEz19QMFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBABs0+8YAjyNQcdsDzVnKvs+PpdI7vKZPXc6y7w2SD9VX3YNS5wZZdZpj
JCqw1UuSiU90P9LzalDo3OJrjIKZYAtGjjl8DqHlAKkSpCHkWd6b461FfPhyUFg4
qc/qoHj2GXUgGdu7ruLUVaWvGaGwm6qZ76i2DONZ8qKGeMu6pQw10U1Fpq1Y4WFu
jW8yKIWJ2knWdctiPYjsjqhJfD1XDiMx3ggzx/33G/U2xpSVxecD+lw8fTz5FnLX
HfM/eI6k8ZZVhYf5xz76Lb+nZLeAQo8dYwMjy3POBILzRS/d16PGkIjfM4hJZXFo
5UArY4zEtbfzO70LiXDwR0GprBOjfY8=
-----END CERTIFICATE-----