Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/2f95f897-71c2-360f-8615-6dda1393a32d.roa
File:                     2f95f897-71c2-360f-8615-6dda1393a32d.roa (raw, json)
Hash identifier:          WoT6TzniTDE9jO4FC4iR1bTdn74ir34evEMWKIVgew8=
Subject key identifier:   F0:F8:57:16:F6:67:28:DB:8E:DB:E1:3A:57:48:AD:1F:01:FA:F4:39
Certificate issuer:       /CN=f5a8e327-ebf4-4f4b-9073-90acd61797cc
Certificate serial:       010D0C9F4328583F49FD31D8E5A183E8E042E240
Authority key identifier: 45:86:65:E2:AF:1E:64:89:10:4A:3B:83:E3:D8:7F:48:93:B5:7B:93
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/2f95f897-71c2-360f-8615-6dda1393a32d.roa
Signing time:             Sun 18 Sep 2022 12:00:00 +0000
ROA not before:           Sun 18 Sep 2022 12:00:00 +0000
ROA not after:            Tue 19 Sep 2023 04:00:00 +0000
asID:                     3970
IP address blocks:        2620:9e:6001::/48 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:3f:49:fd:31:d8:e5:a1:83:e8:e0:42:e2:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f5a8e327-ebf4-4f4b-9073-90acd61797cc
        Validity
            Not Before: Sep 18 12:00:00 2022 GMT
            Not After : Sep 19 04:00:00 2023 GMT
        Subject: CN=de49c472-011b-4a4a-998e-37e683773b25
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:05:68:1f:11:ad:d5:7b:25:41:af:a6:ce:36:
                    65:fd:0b:1b:b9:0b:72:31:e9:57:0f:a0:58:41:3d:
                    e2:0b:1c:75:ec:32:66:72:a4:c4:f5:51:f5:a7:50:
                    f2:c6:21:83:7e:68:dc:f2:4f:dc:9a:3d:69:cf:a3:
                    85:2b:26:b3:4d:93:aa:c9:6a:9d:ba:2f:1d:d7:42:
                    6c:32:97:f4:b8:f0:4d:ac:77:6f:2b:73:92:a5:d4:
                    cb:6e:31:01:a5:8b:2f:0b:99:20:e2:76:91:d0:16:
                    bf:1e:8c:98:66:3f:40:74:c5:2e:34:31:55:b7:75:
                    59:6f:41:84:7f:cd:82:c8:9d:a6:36:21:ea:cb:6c:
                    bd:ff:f4:75:96:59:b6:63:3d:96:e0:fb:f6:d4:87:
                    4d:ff:25:1d:37:57:29:74:94:f2:5e:c5:23:d1:94:
                    f7:5d:ff:61:fc:36:3d:3d:0d:91:10:10:91:df:81:
                    4d:ae:a8:a0:db:b6:2c:38:0d:f6:e3:09:aa:ca:a2:
                    a3:80:a8:3f:35:50:c2:12:e4:8c:7a:d4:79:40:49:
                    53:a5:eb:fe:08:78:99:03:c4:3b:ab:6c:06:29:c4:
                    b9:86:5e:6f:d2:41:8a:0d:47:eb:6c:fc:03:a2:16:
                    aa:23:81:40:24:89:a7:77:96:29:a0:9c:4b:84:cb:
                    cf:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:F8:57:16:F6:67:28:DB:8E:DB:E1:3A:57:48:AD:1F:01:FA:F4:39
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/2f95f897-71c2-360f-8615-6dda1393a32d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/f5a8e327-ebf4-4f4b-9073-90acd61797cc.crl

            X509v3 Authority Key Identifier:
                keyid:45:86:65:E2:AF:1E:64:89:10:4A:3B:83:E3:D8:7F:48:93:B5:7B:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc.cer

            sbgp-ipAddrBlock: critical
                IPv6:
                  2620:9e:6001::/48

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         2f:85:7e:5a:e5:7f:42:45:fc:84:04:de:dd:f8:49:82:e3:74:
         e5:db:d2:21:2e:4e:04:0d:35:4b:91:61:94:17:8d:76:24:3b:
         04:ae:df:0f:ab:a5:f0:75:e6:85:b8:1d:13:a8:bd:7e:f8:6a:
         78:75:b2:b1:91:2c:28:4a:e4:0e:21:f8:e3:1d:e3:aa:ca:19:
         87:4f:52:15:cb:64:40:c5:3c:8a:da:a2:14:74:b0:73:d9:4e:
         0d:97:5b:2f:66:94:bd:34:f2:98:e1:1c:16:15:75:45:15:1e:
         76:94:d3:ed:2b:ad:c1:e8:e6:0d:2b:56:a0:2b:80:b7:14:46:
         42:3e:03:69:f5:91:45:f1:7c:79:96:1e:23:34:c8:7a:16:27:
         6a:12:cd:58:44:29:04:d3:f8:54:f1:45:86:68:9d:53:de:7d:
         61:fd:cf:bc:d3:fd:03:f9:0f:ee:f0:38:df:6d:40:aa:54:ae:
         55:dd:dd:95:ed:4f:10:b8:f4:f1:96:f8:49:eb:90:34:a9:3e:
         9d:14:7a:fb:42:dd:13:5b:c2:b8:ae:3c:ee:93:c4:a1:e2:84:
         24:2c:85:c5:cd:08:38:d9:53:a7:a9:ba:83:23:66:14:07:2e:
         93:06:a8:7e:1f:b7:18:c3:5f:00:15:a1:f5:aa:4b:f0:d8:9b:
         8f:6f:04:3b
-----BEGIN CERTIFICATE-----
MIIGRjCCBS6gAwIBAgIUAQ0Mn0MoWD9J/THY5aGD6OBC4kAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkZjVhOGUzMjctZWJmNC00ZjRiLTkwNzMtOTBhY2Q2MTc5
N2NjMB4XDTIyMDkxODEyMDAwMFoXDTIzMDkxOTA0MDAwMFowLzEtMCsGA1UEAxMk
ZGU0OWM0NzItMDExYi00YTRhLTk5OGUtMzdlNjgzNzczYjI1MIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEArwVoHxGt1XslQa+mzjZl/QsbuQtyMelXD6BY
QT3iCxx17DJmcqTE9VH1p1DyxiGDfmjc8k/cmj1pz6OFKyazTZOqyWqdui8d10Js
Mpf0uPBNrHdvK3OSpdTLbjEBpYsvC5kg4naR0Ba/HoyYZj9AdMUuNDFVt3VZb0GE
f82CyJ2mNiHqy2y9//R1llm2Yz2W4Pv21IdN/yUdN1cpdJTyXsUj0ZT3Xf9h/DY9
PQ2REBCR34FNrqig27YsOA324wmqyqKjgKg/NVDCEuSMetR5QElTpev+CHiZA8Q7
q2wGKcS5hl5v0kGKDUfrbPwDohaqI4FAJImnd5YpoJxLhMvPVQIDAQABo4IDWDCC
A1QwHQYDVR0OBBYEFPD4Vxb2ZyjbjtvhOldIrR8B+vQ5MIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy9mNWE4
ZTMyNy1lYmY0LTRmNGItOTA3My05MGFjZDYxNzk3Y2MvMmY5NWY4OTctNzFjMi0z
NjBmLTg2MTUtNmRkYTEzOTNhMzJkLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy81MjFlYjMzZi05
NjcyLTRjZDktYWNjZS0xMzcyMjdlOTcxYWMvZjVhOGUzMjctZWJmNC00ZjRiLTkw
NzMtOTBhY2Q2MTc5N2NjL2Y1YThlMzI3LWViZjQtNGY0Yi05MDczLTkwYWNkNjE3
OTdjYy5jcmwwHwYDVR0jBBgwFoAURYZl4q8eZIkQSjuD49h/SJO1e5MwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzUyMWViMzNmLTk2NzItNGNk
OS1hY2NlLTEzNzIyN2U5NzFhYy9mNWE4ZTMyNy1lYmY0LTRmNGItOTA3My05MGFj
ZDYxNzk3Y2MuY2VyMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAJiAAnmAB
MFQGA1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6
Ly93d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcN
AQELBQADggEBAC+Fflrlf0JF/IQE3t34SYLjdOXb0iEuTgQNNUuRYZQXjXYkOwSu
3w+rpfB15oW4HROovX74anh1srGRLChK5A4h+OMd46rKGYdPUhXLZEDFPIraohR0
sHPZTg2XWy9mlL008pjhHBYVdUUVHnaU0+0rrcHo5g0rVqArgLcURkI+A2n1kUXx
fHmWHiM0yHoWJ2oSzVhEKQTT+FTxRYZonVPefWH9z7zT/QP5D+7wON9tQKpUrlXd
3ZXtTxC49PGW+EnrkDSpPp0UevtC3RNbwriuPO6TxKHihCQshcXNCDjZU6epuoMj
ZhQHLpMGqH4ftxjDXwAVofWqS/DYm49vBDs=
-----END CERTIFICATE-----