Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/21d7298a-4568-38f2-aa58-c3365c5cd359.roa
File:                     21d7298a-4568-38f2-aa58-c3365c5cd359.roa (raw, json)
Hash identifier:          nkSVIZuw1aqSVq6w0ke9TsqFfoJs4b5/3p6FGZQ7VLc=
Subject key identifier:   FF:71:FB:82:50:CC:DC:10:E4:A5:7D:7B:74:85:BC:C8:D8:36:0A:D2
Certificate issuer:       /CN=f5a8e327-ebf4-4f4b-9073-90acd61797cc
Certificate serial:       010D0C9F4328583E00D2D8B09C9C1DFED406AB80
Authority key identifier: 45:86:65:E2:AF:1E:64:89:10:4A:3B:83:E3:D8:7F:48:93:B5:7B:93
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/21d7298a-4568-38f2-aa58-c3365c5cd359.roa
Signing time:             Mon 23 May 2022 12:00:00 +0000
ROA not before:           Mon 23 May 2022 12:00:00 +0000
ROA not after:            Wed 24 May 2023 04:00:00 +0000
asID:                     3970
IP address blocks:        2620:9e:6001::/48 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:3e:00:d2:d8:b0:9c:9c:1d:fe:d4:06:ab:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f5a8e327-ebf4-4f4b-9073-90acd61797cc
        Validity
            Not Before: May 23 12:00:00 2022 GMT
            Not After : May 24 04:00:00 2023 GMT
        Subject: CN=68cffe53-42cc-404e-a1f6-27971de3ced5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:52:18:bf:fa:88:2c:38:18:4f:f4:16:69:d4:
                    fb:9a:7e:23:21:98:ff:0d:83:8f:29:e4:32:a1:43:
                    76:5c:ce:19:ea:85:81:2f:9f:b4:c4:e4:26:c1:0e:
                    8f:ed:f0:4e:a3:fe:0e:5c:80:89:90:9f:54:5a:e1:
                    3d:b9:43:52:c9:30:cb:a5:82:34:0d:c0:9c:23:93:
                    7e:f1:05:12:d8:64:9d:ec:60:21:34:69:49:b9:e2:
                    50:a6:82:bf:ff:01:5c:f9:1c:d4:44:ad:53:1f:98:
                    58:d5:41:2f:03:15:b4:58:d9:e8:d7:f6:08:63:21:
                    22:f7:87:05:e6:ac:ad:3f:53:66:a2:dc:68:df:66:
                    10:05:89:c8:1f:28:1d:90:7c:3b:7c:74:3f:64:7d:
                    a3:7e:42:13:9e:7a:ac:77:59:37:7c:60:f9:a2:4d:
                    e6:68:88:0d:2b:09:52:25:1b:3c:61:05:36:36:cf:
                    81:64:eb:10:31:f8:c5:65:f8:3d:82:3f:b7:c5:6a:
                    85:3e:6f:05:8e:bd:f1:05:26:05:8d:f9:0a:f6:13:
                    7e:1f:60:25:b0:73:1e:ce:9c:62:1c:13:b1:3d:66:
                    5a:7e:a2:cf:10:f7:f8:f3:1b:8b:fa:25:79:2f:d2:
                    f6:34:57:f7:50:7c:b9:6a:de:c7:41:14:bc:41:5d:
                    28:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:71:FB:82:50:CC:DC:10:E4:A5:7D:7B:74:85:BC:C8:D8:36:0A:D2
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/21d7298a-4568-38f2-aa58-c3365c5cd359.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/f5a8e327-ebf4-4f4b-9073-90acd61797cc.crl

            X509v3 Authority Key Identifier:
                keyid:45:86:65:E2:AF:1E:64:89:10:4A:3B:83:E3:D8:7F:48:93:B5:7B:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc.cer

            sbgp-ipAddrBlock: critical
                IPv6:
                  2620:9e:6001::/48

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         17:d7:68:3d:dd:35:d0:e6:63:55:f4:e8:2a:21:34:80:c0:39:
         e0:0e:d0:d8:c6:1b:d3:b4:8f:38:3b:02:ae:85:86:e6:96:23:
         ac:42:e8:0c:d4:b1:16:98:16:75:48:fc:fa:21:b5:5b:b2:fa:
         18:e9:bb:78:88:0b:7c:c2:ec:71:5a:e9:60:86:dc:59:c7:b8:
         d8:f9:0b:62:5a:ef:30:cb:16:29:a5:44:b7:2d:b8:56:22:c5:
         f1:ff:44:99:cd:9f:8f:6c:fc:4f:bc:d2:52:08:da:25:2d:d2:
         60:8b:47:46:f6:c9:c3:2f:40:64:dd:2d:cc:11:fb:0f:a0:55:
         69:b3:4c:c5:cc:30:0c:b0:d1:4d:e1:bf:3d:44:1f:15:34:1b:
         de:39:d0:5a:27:72:e9:8b:53:13:61:14:1e:19:8f:d4:9f:81:
         fa:9c:47:26:83:46:ec:bb:ab:b4:fa:c9:65:94:61:b6:a4:45:
         eb:37:9f:05:72:5f:bd:f9:f1:ac:77:c3:4f:cf:63:64:ad:33:
         9e:0c:53:9a:03:f8:b1:cc:7b:10:86:aa:ac:52:1c:c7:af:14:
         27:e0:71:0b:4c:14:21:f6:ef:d2:95:36:5d:f4:76:7c:2f:7f:
         af:bd:fc:39:6f:aa:84:d7:82:30:2c:c6:59:1b:9c:a6:88:a7:
         62:7c:8a:a0
-----BEGIN CERTIFICATE-----
MIIGRjCCBS6gAwIBAgIUAQ0Mn0MoWD4A0tiwnJwd/tQGq4AwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkZjVhOGUzMjctZWJmNC00ZjRiLTkwNzMtOTBhY2Q2MTc5
N2NjMB4XDTIyMDUyMzEyMDAwMFoXDTIzMDUyNDA0MDAwMFowLzEtMCsGA1UEAxMk
NjhjZmZlNTMtNDJjYy00MDRlLWExZjYtMjc5NzFkZTNjZWQ1MIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu1IYv/qILDgYT/QWadT7mn4jIZj/DYOPKeQy
oUN2XM4Z6oWBL5+0xOQmwQ6P7fBOo/4OXICJkJ9UWuE9uUNSyTDLpYI0DcCcI5N+
8QUS2GSd7GAhNGlJueJQpoK//wFc+RzURK1TH5hY1UEvAxW0WNno1/YIYyEi94cF
5qytP1Nmotxo32YQBYnIHygdkHw7fHQ/ZH2jfkITnnqsd1k3fGD5ok3maIgNKwlS
JRs8YQU2Ns+BZOsQMfjFZfg9gj+3xWqFPm8Fjr3xBSYFjfkK9hN+H2AlsHMezpxi
HBOxPWZafqLPEPf48xuL+iV5L9L2NFf3UHy5at7HQRS8QV0o2wIDAQABo4IDWDCC
A1QwHQYDVR0OBBYEFP9x+4JQzNwQ5KV9e3SFvMjYNgrSMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy9mNWE4
ZTMyNy1lYmY0LTRmNGItOTA3My05MGFjZDYxNzk3Y2MvMjFkNzI5OGEtNDU2OC0z
OGYyLWFhNTgtYzMzNjVjNWNkMzU5LnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy81MjFlYjMzZi05
NjcyLTRjZDktYWNjZS0xMzcyMjdlOTcxYWMvZjVhOGUzMjctZWJmNC00ZjRiLTkw
NzMtOTBhY2Q2MTc5N2NjL2Y1YThlMzI3LWViZjQtNGY0Yi05MDczLTkwYWNkNjE3
OTdjYy5jcmwwHwYDVR0jBBgwFoAURYZl4q8eZIkQSjuD49h/SJO1e5MwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzUyMWViMzNmLTk2NzItNGNk
OS1hY2NlLTEzNzIyN2U5NzFhYy9mNWE4ZTMyNy1lYmY0LTRmNGItOTA3My05MGFj
ZDYxNzk3Y2MuY2VyMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAJiAAnmAB
MFQGA1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6
Ly93d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcN
AQELBQADggEBABfXaD3dNdDmY1X06CohNIDAOeAO0NjGG9O0jzg7Aq6FhuaWI6xC
6AzUsRaYFnVI/PohtVuy+hjpu3iIC3zC7HFa6WCG3FnHuNj5C2Ja7zDLFimlRLct
uFYixfH/RJnNn49s/E+80lII2iUt0mCLR0b2ycMvQGTdLcwR+w+gVWmzTMXMMAyw
0U3hvz1EHxU0G9450FoncumLUxNhFB4Zj9SfgfqcRyaDRuy7q7T6yWWUYbakRes3
nwVyX7358ax3w0/PY2StM54MU5oD+LHMexCGqqxSHMevFCfgcQtMFCH279KVNl30
dnwvf6+9/DlvqoTXgjAsxlkbnKaIp2J8iqA=
-----END CERTIFICATE-----