Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/025ec54b-e6ad-3b46-bf05-dc0fe871b754.roa
File:                     025ec54b-e6ad-3b46-bf05-dc0fe871b754.roa (raw, json)
Hash identifier:          iamuXYNUG6STwJQLZHHZ74x2tfDRrxg/tLFgmHJyNss=
Subject key identifier:   1D:E8:22:32:42:37:4A:8D:CE:EF:88:A5:E1:5D:26:D2:B0:08:50:B8
Certificate issuer:       /CN=f5a8e327-ebf4-4f4b-9073-90acd61797cc
Certificate serial:       010D0C9F4328583D10B2A0AE3385117AC2720780
Authority key identifier: 45:86:65:E2:AF:1E:64:89:10:4A:3B:83:E3:D8:7F:48:93:B5:7B:93
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/025ec54b-e6ad-3b46-bf05-dc0fe871b754.roa
Signing time:             Sun 27 Feb 2022 05:00:00 +0000
ROA not before:           Sun 27 Feb 2022 05:00:00 +0000
ROA not after:            Mon 27 Feb 2023 05:00:00 +0000
asID:                     3970
IP address blocks:        165.140.105.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:3d:10:b2:a0:ae:33:85:11:7a:c2:72:07:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f5a8e327-ebf4-4f4b-9073-90acd61797cc
        Validity
            Not Before: Feb 27 05:00:00 2022 GMT
            Not After : Feb 27 05:00:00 2023 GMT
        Subject: CN=95dfe814-c31d-4fe6-b94f-33f2315e8500
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:6a:af:e5:7d:2a:0a:24:d0:82:f1:41:35:aa:
                    26:27:3e:0b:9f:a5:99:b8:c9:02:da:aa:14:c7:a6:
                    e2:23:c5:cc:63:48:62:99:3b:d5:a4:05:74:9e:60:
                    02:e0:de:b4:78:2b:6f:39:ed:1a:51:11:c8:ca:73:
                    a5:27:01:5d:5d:08:da:72:c0:08:46:a7:87:2a:bd:
                    7e:ba:d3:71:b5:ff:83:44:fd:c7:d3:c3:b3:30:58:
                    4e:bf:b4:52:6a:7a:81:1e:e9:ba:c1:a5:08:e9:cf:
                    ef:b6:df:6d:bd:ce:ac:f0:7d:56:83:10:ce:52:96:
                    6c:fd:95:5e:b9:c0:40:d5:fc:aa:25:a8:ea:72:f9:
                    f6:7a:37:5f:21:a5:2f:07:49:9b:d8:e1:6e:b4:f3:
                    80:8a:2a:64:ae:63:41:d0:37:e0:dd:c2:a9:0b:fe:
                    ae:df:de:5c:9b:3c:56:e1:30:27:31:8e:c5:05:32:
                    25:93:2a:7b:f4:99:86:4d:7e:0d:1f:1b:22:b5:1e:
                    9c:28:e5:f1:83:fe:b7:85:5e:6e:1a:6e:d1:69:15:
                    fb:a4:85:b9:3a:f1:b2:6d:b7:61:8a:51:54:11:ff:
                    e7:dc:f7:b4:86:09:8f:de:39:7e:55:90:37:c6:5a:
                    9b:5c:6a:58:d2:75:4b:98:3d:f8:40:c6:c8:00:35:
                    9d:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:E8:22:32:42:37:4A:8D:CE:EF:88:A5:E1:5D:26:D2:B0:08:50:B8
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/025ec54b-e6ad-3b46-bf05-dc0fe871b754.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/f5a8e327-ebf4-4f4b-9073-90acd61797cc.crl

            X509v3 Authority Key Identifier:
                keyid:45:86:65:E2:AF:1E:64:89:10:4A:3B:83:E3:D8:7F:48:93:B5:7B:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  165.140.105.0/24

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         27:ba:27:a6:62:8c:09:14:8f:be:42:6b:7c:68:cc:6d:a6:56:
         2c:c7:c3:04:a2:4f:51:ff:5c:9c:d4:9f:a3:01:7b:d1:eb:86:
         cf:01:5e:55:39:3e:67:91:dd:a6:49:f4:67:85:41:a5:52:cd:
         94:b6:6f:69:2e:a0:bd:49:75:12:b5:44:15:e7:a6:40:11:3e:
         a9:99:8a:ce:4e:35:2c:9d:fa:0e:e6:39:9f:83:d5:fa:8d:a0:
         9b:07:98:6f:6f:a8:02:fa:ea:56:d4:ee:22:c0:07:ba:99:c5:
         7a:22:e5:65:a4:fb:73:f7:6e:38:2e:be:8b:a3:c6:d0:c6:46:
         06:7e:0f:bb:8d:e4:3f:b9:70:59:66:4e:1a:cf:3d:2c:de:de:
         2a:e5:d6:b0:fc:9d:bb:1a:b5:09:e6:e9:b7:7d:32:a4:bf:45:
         30:3a:ec:45:c8:73:a2:1c:bf:a2:b0:77:b1:1e:d9:30:f7:86:
         32:85:b9:72:0a:7b:7e:a6:f5:67:7f:5e:47:b9:a5:f4:eb:2e:
         3f:c6:1a:5f:ca:7a:0d:2b:de:90:f5:c9:32:45:bf:fe:79:c3:
         f8:57:90:c0:8c:7d:aa:5d:7a:0f:59:17:3c:49:3b:28:33:2c:
         a5:55:3b:74:d7:f5:e7:13:5f:ce:a1:e8:32:e6:53:b5:03:2b:
         46:b9:e7:21
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWD0QsqCuM4UResJyB4AwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkZjVhOGUzMjctZWJmNC00ZjRiLTkwNzMtOTBhY2Q2MTc5
N2NjMB4XDTIyMDIyNzA1MDAwMFoXDTIzMDIyNzA1MDAwMFowLzEtMCsGA1UEAxMk
OTVkZmU4MTQtYzMxZC00ZmU2LWI5NGYtMzNmMjMxNWU4NTAwMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEA42qv5X0qCiTQgvFBNaomJz4Ln6WZuMkC2qoU
x6biI8XMY0himTvVpAV0nmAC4N60eCtvOe0aURHIynOlJwFdXQjacsAIRqeHKr1+
utNxtf+DRP3H08OzMFhOv7RSanqBHum6waUI6c/vtt9tvc6s8H1WgxDOUpZs/ZVe
ucBA1fyqJajqcvn2ejdfIaUvB0mb2OFutPOAiipkrmNB0Dfg3cKpC/6u395cmzxW
4TAnMY7FBTIlkyp79JmGTX4NHxsitR6cKOXxg/63hV5uGm7RaRX7pIW5OvGybbdh
ilFUEf/n3Pe0hgmP3jl+VZA3xlqbXGpY0nVLmD34QMbIADWdswIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFB3oIjJCN0qNzu+IpeFdJtKwCFC4MIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy9mNWE4
ZTMyNy1lYmY0LTRmNGItOTA3My05MGFjZDYxNzk3Y2MvMDI1ZWM1NGItZTZhZC0z
YjQ2LWJmMDUtZGMwZmU4NzFiNzU0LnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy81MjFlYjMzZi05
NjcyLTRjZDktYWNjZS0xMzcyMjdlOTcxYWMvZjVhOGUzMjctZWJmNC00ZjRiLTkw
NzMtOTBhY2Q2MTc5N2NjL2Y1YThlMzI3LWViZjQtNGY0Yi05MDczLTkwYWNkNjE3
OTdjYy5jcmwwHwYDVR0jBBgwFoAURYZl4q8eZIkQSjuD49h/SJO1e5MwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzUyMWViMzNmLTk2NzItNGNk
OS1hY2NlLTEzNzIyN2U5NzFhYy9mNWE4ZTMyNy1lYmY0LTRmNGItOTA3My05MGFj
ZDYxNzk3Y2MuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQApYxpMFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBACe6J6ZijAkUj75Ca3xozG2mVizHwwSiT1H/XJzUn6MBe9Hrhs8BXlU5
PmeR3aZJ9GeFQaVSzZS2b2kuoL1JdRK1RBXnpkARPqmZis5ONSyd+g7mOZ+D1fqN
oJsHmG9vqAL66lbU7iLAB7qZxXoi5WWk+3P3bjguvoujxtDGRgZ+D7uN5D+5cFlm
ThrPPSze3irl1rD8nbsatQnm6bd9MqS/RTA67EXIc6Icv6Kwd7Ee2TD3hjKFuXIK
e36m9Wd/Xke5pfTrLj/GGl/Keg0r3pD1yTJFv/55w/hXkMCMfapdeg9ZFzxJOygz
LKVVO3TX9ecTX86h6DLmU7UDK0a55yE=
-----END CERTIFICATE-----