Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/8322c61d-99cf-48fc-b867-b2c2cce4d324/420f426b-69a6-31af-8f0e-3adfbe35c7e4.roa
File:                     420f426b-69a6-31af-8f0e-3adfbe35c7e4.roa (raw, json)
Hash identifier:          wi+m5ZdM8zXkDtA0sDR2pEWSPjnJcnpUqzM2CelB5j0=
Subject key identifier:   78:CF:04:93:4C:84:F1:A0:A5:37:5E:D4:98:6F:B2:9B:1D:A1:22:CB
Certificate issuer:       /CN=8322c61d-99cf-48fc-b867-b2c2cce4d324
Certificate serial:       010D0C9F4328583D6BAF748BF2060C81DD6C1600
Authority key identifier: 23:EC:CD:25:07:2E:B6:D8:45:A9:F0:04:86:BA:91:6D:90:8F:B8:FA
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/8322c61d-99cf-48fc-b867-b2c2cce4d324.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/8322c61d-99cf-48fc-b867-b2c2cce4d324/420f426b-69a6-31af-8f0e-3adfbe35c7e4.roa
Signing time:             Fri 25 Mar 2022 04:00:00 +0000
ROA not before:           Fri 25 Mar 2022 04:00:00 +0000
ROA not after:            Thu 25 Mar 2032 04:00:00 +0000
asID:                     40382
IP address blocks:        2620:117:9000::/40 maxlen: 64

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:3d:6b:af:74:8b:f2:06:0c:81:dd:6c:16:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8322c61d-99cf-48fc-b867-b2c2cce4d324
        Validity
            Not Before: Mar 25 04:00:00 2022 GMT
            Not After : Mar 25 04:00:00 2032 GMT
        Subject: CN=f86d5cae-1b22-4443-9f26-568632e68382
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:69:4a:0f:8b:71:41:3a:75:c9:65:ac:d1:04:
                    c7:33:dd:94:f1:58:05:fb:de:39:e5:f8:c8:ee:7c:
                    d2:26:ba:61:53:eb:e6:b2:35:eb:1d:84:cb:e1:61:
                    22:15:1d:fe:fd:2c:57:61:a3:4e:09:c2:63:68:81:
                    17:dc:76:cc:f3:f9:58:b6:a9:a8:6e:c0:a4:4a:e1:
                    30:8e:c3:68:cd:8a:4e:47:d5:50:69:33:bc:9c:c7:
                    f5:c0:ca:3e:c8:90:91:52:a1:6e:13:88:e1:69:80:
                    e3:99:b3:55:e4:67:d8:80:85:d5:37:cd:52:37:4c:
                    1b:21:b7:05:b1:6b:15:a1:c4:6e:4a:cf:2f:77:d3:
                    bc:fc:22:e4:c8:ae:e3:6d:ef:3d:2e:a1:c0:fb:9c:
                    d8:46:c4:44:c7:63:f8:49:c2:1c:12:b0:75:7a:90:
                    d2:4a:b7:5e:08:02:25:d1:23:af:90:14:af:67:fa:
                    35:63:0f:a4:28:ae:e7:80:8d:c2:b8:e3:31:f1:e0:
                    89:ec:98:a1:5d:3c:1d:94:15:e4:72:1a:82:ea:72:
                    0a:72:08:fb:dd:c5:df:85:35:fa:25:89:1a:66:ac:
                    82:d1:e5:41:e9:cd:6b:3a:93:1c:b7:80:ca:12:cf:
                    47:87:a4:f3:34:07:c4:84:ff:25:dd:f3:c2:e9:6d:
                    e8:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:CF:04:93:4C:84:F1:A0:A5:37:5E:D4:98:6F:B2:9B:1D:A1:22:CB
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/8322c61d-99cf-48fc-b867-b2c2cce4d324/420f426b-69a6-31af-8f0e-3adfbe35c7e4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/8322c61d-99cf-48fc-b867-b2c2cce4d324/8322c61d-99cf-48fc-b867-b2c2cce4d324.crl

            X509v3 Authority Key Identifier:
                keyid:23:EC:CD:25:07:2E:B6:D8:45:A9:F0:04:86:BA:91:6D:90:8F:B8:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/8322c61d-99cf-48fc-b867-b2c2cce4d324.cer

            sbgp-ipAddrBlock: critical
                IPv6:
                  2620:117:9000::/40

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         6f:d8:7b:de:ed:13:9f:5b:cf:5c:36:67:89:45:8a:19:2d:f4:
         14:5e:b9:a3:0c:d8:9a:0e:2b:7d:e8:34:7e:93:42:56:84:38:
         e8:a5:92:3b:d9:6e:c1:d4:1e:1f:30:35:b5:53:2c:18:31:98:
         f4:3f:3e:87:d2:e0:19:f7:2c:a5:3c:ac:3f:e7:bd:3c:c9:c8:
         9b:d6:04:7b:b1:5e:8f:c7:75:46:4b:4d:69:a4:2d:23:dd:fe:
         cf:9f:17:15:8a:3e:22:95:1f:31:7e:89:47:50:c8:32:c5:37:
         9d:40:58:82:fb:30:f2:2c:fe:bc:49:f2:30:b3:1e:80:12:ea:
         3b:a2:51:3e:77:9d:94:d0:d0:27:bc:80:7c:99:fe:15:77:28:
         43:e0:b1:ca:f1:bb:57:32:da:eb:7c:b0:49:23:ac:87:5c:50:
         56:a9:1a:d5:dd:3a:52:aa:bc:e4:92:91:69:7e:fc:69:d9:1b:
         24:5f:7a:58:48:c4:47:c0:76:19:a5:e8:b6:53:6c:03:9e:78:
         f8:c0:9c:c9:c2:94:38:f6:44:5a:80:df:9e:25:31:21:aa:51:
         c4:b4:de:33:74:30:41:e0:e9:40:48:ea:f6:85:83:4e:52:cf:
         9f:48:c8:64:64:49:3a:5b:43:1b:3a:ad:3e:72:47:97:f6:c4:
         c9:b7:84:24
-----BEGIN CERTIFICATE-----
MIIGRTCCBS2gAwIBAgIUAQ0Mn0MoWD1rr3SL8gYMgd1sFgAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkODMyMmM2MWQtOTljZi00OGZjLWI4NjctYjJjMmNjZTRk
MzI0MB4XDTIyMDMyNTA0MDAwMFoXDTMyMDMyNTA0MDAwMFowLzEtMCsGA1UEAxMk
Zjg2ZDVjYWUtMWIyMi00NDQzLTlmMjYtNTY4NjMyZTY4MzgyMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyGlKD4txQTp1yWWs0QTHM92U8VgF+9455fjI
7nzSJrphU+vmsjXrHYTL4WEiFR3+/SxXYaNOCcJjaIEX3HbM8/lYtqmobsCkSuEw
jsNozYpOR9VQaTO8nMf1wMo+yJCRUqFuE4jhaYDjmbNV5GfYgIXVN81SN0wbIbcF
sWsVocRuSs8vd9O8/CLkyK7jbe89LqHA+5zYRsREx2P4ScIcErB1epDSSrdeCAIl
0SOvkBSvZ/o1Yw+kKK7ngI3CuOMx8eCJ7JihXTwdlBXkchqC6nIKcgj73cXfhTX6
JYkaZqyC0eVB6c1rOpMct4DKEs9Hh6TzNAfEhP8l3fPC6W3o7wIDAQABo4IDVzCC
A1MwHQYDVR0OBBYEFHjPBJNMhPGgpTde1JhvspsdoSLLMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy84MzIy
YzYxZC05OWNmLTQ4ZmMtYjg2Ny1iMmMyY2NlNGQzMjQvNDIwZjQyNmItNjlhNi0z
MWFmLThmMGUtM2FkZmJlMzVjN2U0LnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy81MjFlYjMzZi05
NjcyLTRjZDktYWNjZS0xMzcyMjdlOTcxYWMvODMyMmM2MWQtOTljZi00OGZjLWI4
NjctYjJjMmNjZTRkMzI0LzgzMjJjNjFkLTk5Y2YtNDhmYy1iODY3LWIyYzJjY2U0
ZDMyNC5jcmwwHwYDVR0jBBgwFoAUI+zNJQcutthFqfAEhrqRbZCPuPowDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzUyMWViMzNmLTk2NzItNGNk
OS1hY2NlLTEzNzIyN2U5NzFhYy84MzIyYzYxZC05OWNmLTQ4ZmMtYjg2Ny1iMmMy
Y2NlNGQzMjQuY2VyMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAJiABF5Aw
VAYDVR0gAQH/BEowSDBGBggrBgEFBQcOAjA6MDgGCCsGAQUFBwIBFixodHRwczov
L3d3dy5hcmluLm5ldC9yZXNvdXJjZXMvcnBraS9jcHMuaHRtbDANBgkqhkiG9w0B
AQsFAAOCAQEAb9h73u0Tn1vPXDZniUWKGS30FF65owzYmg4rfeg0fpNCVoQ46KWS
O9luwdQeHzA1tVMsGDGY9D8+h9LgGfcspTysP+e9PMnIm9YEe7Fej8d1RktNaaQt
I93+z58XFYo+IpUfMX6JR1DIMsU3nUBYgvsw8iz+vEnyMLMegBLqO6JRPnedlNDQ
J7yAfJn+FXcoQ+CxyvG7VzLa63ywSSOsh1xQVqka1d06Uqq85JKRaX78adkbJF96
WEjER8B2GaXotlNsA554+MCcycKUOPZEWoDfniUxIapRxLTeM3QwQeDpQEjq9oWD
TlLPn0jIZGRJOltDGzqtPnJHl/bEybeEJA==
-----END CERTIFICATE-----