Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/8231077d-0559-4e7a-9cdf-fe00a512ab5c/9f0b1c32-912a-36aa-9371-fd80f687061c.roa
File:                     9f0b1c32-912a-36aa-9371-fd80f687061c.roa (raw, json)
Hash identifier:          aIMwcIY+19xIcYhyUFpb0mdTeteec/n5rEe825EoolI=
Subject key identifier:   C5:E4:77:B5:9B:B2:63:4B:F2:BE:50:64:F1:E3:7C:A2:BC:8B:0B:D1
Certificate issuer:       /CN=8231077d-0559-4e7a-9cdf-fe00a512ab5c
Certificate serial:       010D0C9F4328584312B489B8E4C0D24A3D0D5240
Authority key identifier: 27:57:42:AE:CA:A8:23:ED:C1:20:5C:9F:F0:23:65:5D:05:65:FB:76
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/8231077d-0559-4e7a-9cdf-fe00a512ab5c.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/8231077d-0559-4e7a-9cdf-fe00a512ab5c/9f0b1c32-912a-36aa-9371-fd80f687061c.roa
Signing time:             Fri 01 Sep 2023 01:00:22 +0000
ROA not before:           Fri 01 Sep 2023 01:00:22 +0000
ROA not after:            Thu 30 Nov 2023 02:00:22 +0000
asID:                     125
IP address blocks:        199.63.142.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:43:12:b4:89:b8:e4:c0:d2:4a:3d:0d:52:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8231077d-0559-4e7a-9cdf-fe00a512ab5c
        Validity
            Not Before: Sep  1 01:00:22 2023 GMT
            Not After : Nov 30 02:00:22 2023 GMT
        Subject: CN=e6130469-cb86-4b36-bf34-66ae40f8f919
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:d9:ff:19:3b:11:06:6f:32:e7:b5:96:40:74:
                    24:6d:4b:bf:33:76:10:75:4a:87:d0:22:c2:f2:37:
                    90:9f:80:f4:17:18:f1:1f:d5:72:cd:19:9f:8f:3c:
                    3b:1b:a2:69:39:35:82:68:ef:03:13:d6:60:48:e6:
                    e5:e9:49:71:3c:8f:63:db:1d:10:e0:ae:c3:98:b4:
                    01:c0:f2:15:ab:35:33:1f:32:49:17:c0:25:b9:d6:
                    9b:c0:7c:5f:03:90:46:c8:02:2e:13:99:33:39:82:
                    e4:23:92:9a:40:1e:4f:f3:6c:cd:20:ee:d8:fc:f3:
                    a0:28:a1:d9:26:a8:c0:2d:71:5e:a7:17:b0:c4:d1:
                    ea:7c:fd:eb:95:c8:d7:96:19:af:bd:d5:f8:83:18:
                    f9:98:ea:c5:a4:fb:42:e9:16:88:5f:65:e5:65:87:
                    e5:c8:26:0a:3d:9d:d1:c4:20:95:3f:45:8c:5e:8f:
                    ea:8a:6d:54:9c:11:b6:86:72:0e:a5:e5:79:19:59:
                    18:e5:de:c7:24:e1:87:13:29:31:5a:0e:d3:59:69:
                    69:cb:74:b2:0f:cc:b8:bd:d5:9f:0e:45:6f:1e:69:
                    45:2f:0b:5f:1b:55:bb:80:75:f7:0b:d3:11:61:ea:
                    d5:a5:f4:ed:b1:55:d1:98:d7:f6:e7:4a:bc:d1:3c:
                    6b:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:E4:77:B5:9B:B2:63:4B:F2:BE:50:64:F1:E3:7C:A2:BC:8B:0B:D1
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/8231077d-0559-4e7a-9cdf-fe00a512ab5c/9f0b1c32-912a-36aa-9371-fd80f687061c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/8231077d-0559-4e7a-9cdf-fe00a512ab5c/8231077d-0559-4e7a-9cdf-fe00a512ab5c.crl

            X509v3 Authority Key Identifier:
                keyid:27:57:42:AE:CA:A8:23:ED:C1:20:5C:9F:F0:23:65:5D:05:65:FB:76

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/8231077d-0559-4e7a-9cdf-fe00a512ab5c.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.63.142.0/24

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         32:90:bd:7e:17:63:af:b1:ff:d6:e3:61:09:f0:1a:7f:a3:b7:
         67:69:0d:c3:4a:47:aa:4d:96:66:43:79:35:16:47:14:af:f8:
         3d:2c:b1:84:81:f4:71:65:d8:b0:12:91:42:7f:ba:17:d9:0e:
         a7:64:2b:b9:8d:5c:6d:ad:be:90:ad:3b:4b:96:93:7e:df:61:
         44:93:1a:c0:79:cd:57:82:f1:4d:17:96:dd:4b:00:23:05:8d:
         d3:a4:91:8d:3a:fa:10:93:a7:17:b0:6d:69:d3:19:f3:3f:0f:
         f0:c6:78:5c:25:66:da:83:2f:66:ea:f9:71:86:05:18:c7:33:
         d4:3d:19:b5:36:27:4c:4b:63:7b:fd:b8:96:d5:53:39:02:1f:
         85:a2:16:70:5e:e1:b0:f5:23:bd:29:7a:32:d9:e2:0d:d7:95:
         f3:71:9d:8f:8a:29:c4:0e:38:6d:ae:94:32:70:45:47:a8:86:
         8e:e4:20:0b:d9:da:66:85:41:91:d6:14:fc:1e:6f:9c:c2:98:
         59:c3:5a:f1:ce:14:10:a5:54:00:eb:de:91:c9:4d:04:e1:3c:
         49:77:ed:5d:e7:ef:7b:ca:7a:93:f3:e6:f7:6c:73:97:c4:a0:
         5f:ef:02:cd:21:47:a9:2f:ef:12:da:51:d5:00:cb:e2:6d:d3:
         ae:04:c7:30
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWEMStIm45MDSSj0NUkAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkODIzMTA3N2QtMDU1OS00ZTdhLTljZGYtZmUwMGE1MTJh
YjVjMB4XDTIzMDkwMTAxMDAyMloXDTIzMTEzMDAyMDAyMlowLzEtMCsGA1UEAxMk
ZTYxMzA0NjktY2I4Ni00YjM2LWJmMzQtNjZhZTQwZjhmOTE5MIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Nn/GTsRBm8y57WWQHQkbUu/M3YQdUqH0CLC
8jeQn4D0FxjxH9VyzRmfjzw7G6JpOTWCaO8DE9ZgSObl6UlxPI9j2x0Q4K7DmLQB
wPIVqzUzHzJJF8AludabwHxfA5BGyAIuE5kzOYLkI5KaQB5P82zNIO7Y/POgKKHZ
JqjALXFepxewxNHqfP3rlcjXlhmvvdX4gxj5mOrFpPtC6RaIX2XlZYflyCYKPZ3R
xCCVP0WMXo/qim1UnBG2hnIOpeV5GVkY5d7HJOGHEykxWg7TWWlpy3SyD8y4vdWf
DkVvHmlFLwtfG1W7gHX3C9MRYerVpfTtsVXRmNf250q80TxrCQIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFMXkd7WbsmNL8r5QZPHjfKK8iwvRMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy84MjMx
MDc3ZC0wNTU5LTRlN2EtOWNkZi1mZTAwYTUxMmFiNWMvOWYwYjFjMzItOTEyYS0z
NmFhLTkzNzEtZmQ4MGY2ODcwNjFjLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy81MjFlYjMzZi05
NjcyLTRjZDktYWNjZS0xMzcyMjdlOTcxYWMvODIzMTA3N2QtMDU1OS00ZTdhLTlj
ZGYtZmUwMGE1MTJhYjVjLzgyMzEwNzdkLTA1NTktNGU3YS05Y2RmLWZlMDBhNTEy
YWI1Yy5jcmwwHwYDVR0jBBgwFoAUJ1dCrsqoI+3BIFyf8CNlXQVl+3YwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzUyMWViMzNmLTk2NzItNGNk
OS1hY2NlLTEzNzIyN2U5NzFhYy84MjMxMDc3ZC0wNTU5LTRlN2EtOWNkZi1mZTAw
YTUxMmFiNWMuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAxz+OMFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBADKQvX4XY6+x/9bjYQnwGn+jt2dpDcNKR6pNlmZDeTUWRxSv+D0ssYSB
9HFl2LASkUJ/uhfZDqdkK7mNXG2tvpCtO0uWk37fYUSTGsB5zVeC8U0Xlt1LACMF
jdOkkY06+hCTpxewbWnTGfM/D/DGeFwlZtqDL2bq+XGGBRjHM9Q9GbU2J0xLY3v9
uJbVUzkCH4WiFnBe4bD1I70pejLZ4g3XlfNxnY+KKcQOOG2ulDJwRUeoho7kIAvZ
2maFQZHWFPweb5zCmFnDWvHOFBClVADr3pHJTQThPEl37V3n73vKepPz5vdsc5fE
oF/vAs0hR6kv7xLaUdUAy+Jt064ExzA=
-----END CERTIFICATE-----