Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/8322c61d-99cf-48fc-b867-b2c2cce4d324/436840ad-e642-3675-9138-04a113e45065.roa
File:                     436840ad-e642-3675-9138-04a113e45065.roa (raw, json)
Hash identifier:          hq5iSoUi16Us5fbSeKmPI6c4UDDAUtIvs4HZj2LxOFQ=
Subject key identifier:   5A:9E:B1:6C:C1:FC:00:9A:A3:B9:99:91:C1:78:72:4D:7D:E9:6E:6B
Certificate issuer:       /CN=8322c61d-99cf-48fc-b867-b2c2cce4d324
Certificate serial:       010D0C9F4328583D6BCFF1F134D8AA14AC053600
Authority key identifier: 23:EC:CD:25:07:2E:B6:D8:45:A9:F0:04:86:BA:91:6D:90:8F:B8:FA
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/8322c61d-99cf-48fc-b867-b2c2cce4d324.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/8322c61d-99cf-48fc-b867-b2c2cce4d324/436840ad-e642-3675-9138-04a113e45065.roa
Signing time:             Fri 25 Mar 2022 04:00:00 +0000
ROA not before:           Fri 25 Mar 2022 04:00:00 +0000
ROA not after:            Thu 25 Mar 2032 04:00:00 +0000
asID:                     40382
IP address blocks:        2620:117:9000::/40 maxlen: 64

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:3d:6b:cf:f1:f1:34:d8:aa:14:ac:05:36:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8322c61d-99cf-48fc-b867-b2c2cce4d324
        Validity
            Not Before: Mar 25 04:00:00 2022 GMT
            Not After : Mar 25 04:00:00 2032 GMT
        Subject: CN=17030dbe-ea1e-489a-987c-162c5dfc7118
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:d7:03:b4:3e:b4:dd:e5:3d:48:35:a1:0c:f0:
                    b8:95:ee:21:91:c5:9a:71:cd:2f:10:88:f0:61:0d:
                    ff:26:58:a4:94:13:ad:fa:4a:9b:ce:32:e9:64:2b:
                    3f:52:39:d5:e5:73:e4:4f:0c:74:34:2f:35:24:16:
                    87:ca:8c:5c:10:ab:35:d7:1e:f0:94:00:c3:4c:df:
                    5c:6c:21:90:06:b1:12:b2:a9:c3:45:d7:4f:17:64:
                    d6:24:80:8a:c4:ca:7a:0d:60:c4:65:77:c1:c0:ea:
                    34:66:12:9a:e2:ce:fc:7b:5f:74:6a:42:da:e7:9c:
                    bf:b2:c0:72:d3:18:f0:a9:3c:9b:00:47:a0:0f:90:
                    34:3f:a1:36:69:5e:ff:76:be:d9:7f:4d:03:0b:88:
                    f9:6d:68:32:3a:96:5c:de:17:a8:ff:7a:1c:27:e6:
                    31:8c:02:20:b2:51:50:a3:ce:de:59:4b:a3:0f:c8:
                    6e:04:e7:32:ff:7d:01:03:c2:99:93:04:b5:9c:b0:
                    7a:6b:3f:d4:cd:04:82:57:ed:19:5e:b2:99:08:32:
                    a6:59:e8:4f:90:19:8c:73:9e:51:d8:38:14:ee:c9:
                    f2:53:4e:a0:53:10:2e:ec:2e:8e:d1:d5:8b:9b:c1:
                    33:68:11:03:93:bf:e0:ad:5b:bb:b2:6e:2c:e9:77:
                    b5:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:9E:B1:6C:C1:FC:00:9A:A3:B9:99:91:C1:78:72:4D:7D:E9:6E:6B
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/8322c61d-99cf-48fc-b867-b2c2cce4d324/436840ad-e642-3675-9138-04a113e45065.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/8322c61d-99cf-48fc-b867-b2c2cce4d324/8322c61d-99cf-48fc-b867-b2c2cce4d324.crl

            X509v3 Authority Key Identifier:
                keyid:23:EC:CD:25:07:2E:B6:D8:45:A9:F0:04:86:BA:91:6D:90:8F:B8:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/8322c61d-99cf-48fc-b867-b2c2cce4d324.cer

            sbgp-ipAddrBlock: critical
                IPv6:
                  2620:117:9000::/40

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         34:a5:66:4f:b1:32:b3:3c:f3:c0:99:74:9d:1a:0f:71:b4:45:
         c6:1d:95:54:b7:1a:b3:90:df:c8:82:cb:e9:19:6e:82:33:46:
         a7:1a:7f:a8:88:d4:db:a0:40:9b:16:55:cf:b9:47:0e:41:58:
         ea:4b:d2:33:42:9a:ba:03:29:92:f9:bf:fc:7f:4e:85:bf:fa:
         a7:5b:f8:cd:3d:55:9b:a4:ab:c8:ee:ee:e9:18:89:6b:2d:56:
         54:8f:45:a4:ec:0d:a7:bd:53:ea:ab:03:ab:32:e8:09:ac:94:
         50:ae:2e:5a:2c:a1:fc:7b:f7:82:c0:9a:37:34:cf:43:d4:5e:
         50:2e:d9:f1:e7:a3:eb:80:21:17:9d:75:a4:f3:65:84:d4:f3:
         fa:65:6f:c3:49:ed:ae:80:65:1c:b5:92:71:ba:2e:2f:97:28:
         26:3d:c8:ea:b2:ba:1e:b7:31:5f:20:f5:74:59:60:e1:d1:82:
         6b:14:1b:be:b8:ef:8d:89:3a:e9:68:6b:96:09:93:84:0c:08:
         14:4a:d9:f1:2d:bd:88:ae:c3:ab:02:43:4f:ce:6b:6e:ce:80:
         e9:b1:e7:11:35:ec:ef:fc:f3:2e:10:78:4b:cd:f3:1e:80:c0:
         64:b7:b8:44:38:94:e0:f1:00:34:d0:d3:a6:5d:21:fe:39:3f:
         81:b1:6c:f9
-----BEGIN CERTIFICATE-----
MIIGRTCCBS2gAwIBAgIUAQ0Mn0MoWD1rz/HxNNiqFKwFNgAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkODMyMmM2MWQtOTljZi00OGZjLWI4NjctYjJjMmNjZTRk
MzI0MB4XDTIyMDMyNTA0MDAwMFoXDTMyMDMyNTA0MDAwMFowLzEtMCsGA1UEAxMk
MTcwMzBkYmUtZWExZS00ODlhLTk4N2MtMTYyYzVkZmM3MTE4MIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi9cDtD603eU9SDWhDPC4le4hkcWacc0vEIjw
YQ3/JliklBOt+kqbzjLpZCs/UjnV5XPkTwx0NC81JBaHyoxcEKs11x7wlADDTN9c
bCGQBrESsqnDRddPF2TWJICKxMp6DWDEZXfBwOo0ZhKa4s78e190akLa55y/ssBy
0xjwqTybAEegD5A0P6E2aV7/dr7Zf00DC4j5bWgyOpZc3heo/3ocJ+YxjAIgslFQ
o87eWUujD8huBOcy/30BA8KZkwS1nLB6az/UzQSCV+0ZXrKZCDKmWehPkBmMc55R
2DgU7snyU06gUxAu7C6O0dWLm8EzaBEDk7/grVu7sm4s6Xe1DQIDAQABo4IDVzCC
A1MwHQYDVR0OBBYEFFqesWzB/ACao7mZkcF4ck196W5rMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy84MzIy
YzYxZC05OWNmLTQ4ZmMtYjg2Ny1iMmMyY2NlNGQzMjQvNDM2ODQwYWQtZTY0Mi0z
Njc1LTkxMzgtMDRhMTEzZTQ1MDY1LnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy81MjFlYjMzZi05
NjcyLTRjZDktYWNjZS0xMzcyMjdlOTcxYWMvODMyMmM2MWQtOTljZi00OGZjLWI4
NjctYjJjMmNjZTRkMzI0LzgzMjJjNjFkLTk5Y2YtNDhmYy1iODY3LWIyYzJjY2U0
ZDMyNC5jcmwwHwYDVR0jBBgwFoAUI+zNJQcutthFqfAEhrqRbZCPuPowDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzUyMWViMzNmLTk2NzItNGNk
OS1hY2NlLTEzNzIyN2U5NzFhYy84MzIyYzYxZC05OWNmLTQ4ZmMtYjg2Ny1iMmMy
Y2NlNGQzMjQuY2VyMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAJiABF5Aw
VAYDVR0gAQH/BEowSDBGBggrBgEFBQcOAjA6MDgGCCsGAQUFBwIBFixodHRwczov
L3d3dy5hcmluLm5ldC9yZXNvdXJjZXMvcnBraS9jcHMuaHRtbDANBgkqhkiG9w0B
AQsFAAOCAQEANKVmT7EyszzzwJl0nRoPcbRFxh2VVLcas5DfyILL6RlugjNGpxp/
qIjU26BAmxZVz7lHDkFY6kvSM0KaugMpkvm//H9Ohb/6p1v4zT1Vm6SryO7u6RiJ
ay1WVI9FpOwNp71T6qsDqzLoCayUUK4uWiyh/Hv3gsCaNzTPQ9ReUC7Z8eej64Ah
F511pPNlhNTz+mVvw0ntroBlHLWScbouL5coJj3I6rK6HrcxXyD1dFlg4dGCaxQb
vrjvjYk66WhrlgmThAwIFErZ8S29iK7DqwJDT85rbs6A6bHnETXs7/zzLhB4S83z
HoDAZLe4RDiU4PEANNDTpl0h/jk/gbFs+Q==
-----END CERTIFICATE-----