Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/3efe5e34-41f4-3125-a3c6-846779136d99.roa
File:                     3efe5e34-41f4-3125-a3c6-846779136d99.roa (raw, json)
Hash identifier:          Z1ocPTX6sledd2iphHIX2sHyt+ZO9op5tyi4F09M4lg=
Subject key identifier:   0C:6C:40:A1:09:BA:D9:7E:C5:9E:C2:99:82:B6:2C:FE:E3:FF:DF:2E
Certificate issuer:       /CN=f5a8e327-ebf4-4f4b-9073-90acd61797cc
Certificate serial:       010D0C9F4328583FF9EA59B1B4C2A4AD0DCB3AB8
Authority key identifier: 45:86:65:E2:AF:1E:64:89:10:4A:3B:83:E3:D8:7F:48:93:B5:7B:93
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/3efe5e34-41f4-3125-a3c6-846779136d99.roa
Signing time:             Sun 20 Nov 2022 12:00:00 +0000
ROA not before:           Sun 20 Nov 2022 12:00:00 +0000
ROA not after:            Tue 21 Nov 2023 05:00:00 +0000
asID:                     3970
IP address blocks:        2620:9e:6001::/48 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:3f:f9:ea:59:b1:b4:c2:a4:ad:0d:cb:3a:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f5a8e327-ebf4-4f4b-9073-90acd61797cc
        Validity
            Not Before: Nov 20 12:00:00 2022 GMT
            Not After : Nov 21 05:00:00 2023 GMT
        Subject: CN=ad1dfd1c-66d5-4e96-9466-a90c44bef10f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:04:30:b5:c6:3e:a5:13:2a:eb:cd:1f:c5:29:
                    3a:a6:69:e1:6d:59:98:df:e0:9b:a0:a3:9f:f2:fb:
                    a5:f3:e7:bf:41:9d:fb:c1:29:16:74:e3:9d:9c:46:
                    ec:be:90:8e:39:37:af:83:24:bd:fb:c3:ec:e4:e4:
                    3d:48:58:eb:cc:b3:7d:78:3d:a6:91:16:77:d9:0c:
                    a1:ff:9b:f3:c5:a7:ea:aa:22:2f:0a:8e:b9:c9:df:
                    87:89:7e:5b:67:f2:83:0f:d2:2e:11:09:5c:c0:2a:
                    70:a4:a3:cc:07:7d:84:64:83:03:66:b8:a7:43:01:
                    ac:52:a6:83:ba:be:88:5b:a1:a7:fd:53:ea:49:f8:
                    55:4c:19:be:bc:ba:43:ff:99:f0:08:2c:30:aa:d2:
                    a0:c1:ab:4a:ab:a9:5a:ae:81:0a:f5:df:21:81:a7:
                    d8:03:ae:17:e7:bf:79:dc:3e:a3:e1:31:49:bc:5e:
                    8c:cf:06:bd:92:8a:61:8c:fd:51:b1:83:78:dc:e7:
                    9e:2d:9e:1b:89:50:3d:23:c0:a2:a7:44:18:d8:eb:
                    26:5d:d2:4e:e5:10:fd:e0:27:a6:41:8e:8e:d7:6f:
                    bc:94:9c:fb:e8:02:c6:3d:a9:a5:be:a5:33:03:8d:
                    10:ab:54:20:39:4e:59:cb:09:c6:40:12:49:8b:f6:
                    c6:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:6C:40:A1:09:BA:D9:7E:C5:9E:C2:99:82:B6:2C:FE:E3:FF:DF:2E
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/3efe5e34-41f4-3125-a3c6-846779136d99.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/f5a8e327-ebf4-4f4b-9073-90acd61797cc.crl

            X509v3 Authority Key Identifier:
                keyid:45:86:65:E2:AF:1E:64:89:10:4A:3B:83:E3:D8:7F:48:93:B5:7B:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc.cer

            sbgp-ipAddrBlock: critical
                IPv6:
                  2620:9e:6001::/48

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         43:db:81:39:56:cb:af:7f:d4:d4:2d:b6:32:5a:44:82:b5:7a:
         f1:48:d0:fc:96:61:5e:2c:65:d4:68:e5:cb:0c:2a:3c:42:bd:
         cd:33:54:bb:20:f9:c1:c6:1b:78:5a:88:36:cd:d0:1a:b6:27:
         bf:a9:64:cc:f4:48:f3:05:0e:22:c9:0b:6d:51:f3:7a:9a:1f:
         74:62:ba:f5:aa:74:e4:5f:ec:50:8d:32:69:9c:6f:7c:b6:cf:
         fa:c0:86:0e:b8:fb:9f:64:af:2b:fa:9b:15:eb:93:d7:fd:b1:
         45:9f:ec:86:08:68:ea:10:a0:88:36:ab:12:64:1a:6a:cf:c6:
         62:cb:87:a8:87:67:6f:5c:92:c0:99:0e:b0:e3:ae:7e:b2:4a:
         23:39:3d:86:b0:ef:59:90:45:75:67:71:e5:6f:27:0d:43:3d:
         cb:3f:ed:e3:31:40:50:7f:73:9d:bf:99:b7:c6:ef:75:da:46:
         0c:80:90:ec:18:bf:b6:c6:af:18:fc:e9:c7:af:70:ab:a9:9f:
         27:e9:ae:c4:38:92:c2:6f:90:cf:26:17:39:16:a1:d9:4a:b3:
         df:d6:9f:a4:8d:67:0d:54:1b:5b:78:66:5b:eb:8e:54:7d:ee:
         cb:96:bc:63:94:61:44:61:1d:b3:3c:89:bf:97:2c:98:fc:f7:
         3e:f1:68:70
-----BEGIN CERTIFICATE-----
MIIGRjCCBS6gAwIBAgIUAQ0Mn0MoWD/56lmxtMKkrQ3LOrgwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkZjVhOGUzMjctZWJmNC00ZjRiLTkwNzMtOTBhY2Q2MTc5
N2NjMB4XDTIyMTEyMDEyMDAwMFoXDTIzMTEyMTA1MDAwMFowLzEtMCsGA1UEAxMk
YWQxZGZkMWMtNjZkNS00ZTk2LTk0NjYtYTkwYzQ0YmVmMTBmMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiQQwtcY+pRMq680fxSk6pmnhbVmY3+CboKOf
8vul8+e/QZ37wSkWdOOdnEbsvpCOOTevgyS9+8Ps5OQ9SFjrzLN9eD2mkRZ32Qyh
/5vzxafqqiIvCo65yd+HiX5bZ/KDD9IuEQlcwCpwpKPMB32EZIMDZrinQwGsUqaD
ur6IW6Gn/VPqSfhVTBm+vLpD/5nwCCwwqtKgwatKq6laroEK9d8hgafYA64X5795
3D6j4TFJvF6Mzwa9kophjP1RsYN43OeeLZ4biVA9I8Cip0QY2OsmXdJO5RD94Cem
QY6O12+8lJz76ALGPamlvqUzA40Qq1QgOU5ZywnGQBJJi/bGOwIDAQABo4IDWDCC
A1QwHQYDVR0OBBYEFAxsQKEJutl+xZ7CmYK2LP7j/98uMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy9mNWE4
ZTMyNy1lYmY0LTRmNGItOTA3My05MGFjZDYxNzk3Y2MvM2VmZTVlMzQtNDFmNC0z
MTI1LWEzYzYtODQ2Nzc5MTM2ZDk5LnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy81MjFlYjMzZi05
NjcyLTRjZDktYWNjZS0xMzcyMjdlOTcxYWMvZjVhOGUzMjctZWJmNC00ZjRiLTkw
NzMtOTBhY2Q2MTc5N2NjL2Y1YThlMzI3LWViZjQtNGY0Yi05MDczLTkwYWNkNjE3
OTdjYy5jcmwwHwYDVR0jBBgwFoAURYZl4q8eZIkQSjuD49h/SJO1e5MwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzUyMWViMzNmLTk2NzItNGNk
OS1hY2NlLTEzNzIyN2U5NzFhYy9mNWE4ZTMyNy1lYmY0LTRmNGItOTA3My05MGFj
ZDYxNzk3Y2MuY2VyMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAJiAAnmAB
MFQGA1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6
Ly93d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcN
AQELBQADggEBAEPbgTlWy69/1NQttjJaRIK1evFI0PyWYV4sZdRo5csMKjxCvc0z
VLsg+cHGG3haiDbN0Bq2J7+pZMz0SPMFDiLJC21R83qaH3RiuvWqdORf7FCNMmmc
b3y2z/rAhg64+59kryv6mxXrk9f9sUWf7IYIaOoQoIg2qxJkGmrPxmLLh6iHZ29c
ksCZDrDjrn6ySiM5PYaw71mQRXVnceVvJw1DPcs/7eMxQFB/c52/mbfG73XaRgyA
kOwYv7bGrxj86cevcKupnyfprsQ4ksJvkM8mFzkWodlKs9/Wn6SNZw1UG1t4Zlvr
jlR97suWvGOUYURhHbM8ib+XLJj89z7xaHA=
-----END CERTIFICATE-----