Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/434ec6fb-f5c9-393a-871a-13125f54705e.roa
File:                     434ec6fb-f5c9-393a-871a-13125f54705e.roa (raw, json)
Hash identifier:          pPMGmeUAyotCO7FVk+K8ZL9/pl0D8E7OAq5ATOvl0T8=
Subject key identifier:   1F:AB:D9:F6:1D:87:2E:30:70:13:88:5D:23:C4:7D:B8:AF:A0:59:52
Certificate issuer:       /CN=f5a8e327-ebf4-4f4b-9073-90acd61797cc
Certificate serial:       010D0C9F4328583D6A1CBB24C4D3575165345980
Authority key identifier: 45:86:65:E2:AF:1E:64:89:10:4A:3B:83:E3:D8:7F:48:93:B5:7B:93
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/434ec6fb-f5c9-393a-871a-13125f54705e.roa
Signing time:             Thu 31 Mar 2022 04:00:00 +0000
ROA not before:           Thu 31 Mar 2022 04:00:00 +0000
ROA not after:            Fri 31 Mar 2023 04:00:00 +0000
asID:                     3970
IP address blocks:        2620:9e:6001::/48 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:3d:6a:1c:bb:24:c4:d3:57:51:65:34:59:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f5a8e327-ebf4-4f4b-9073-90acd61797cc
        Validity
            Not Before: Mar 31 04:00:00 2022 GMT
            Not After : Mar 31 04:00:00 2023 GMT
        Subject: CN=53c18d70-95e4-4eef-99dc-9ac690795d2e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:79:ec:a8:20:46:99:52:9a:b0:43:5a:3b:ca:
                    bd:c1:0b:68:b0:e5:f7:c1:b2:af:98:59:b8:0d:c3:
                    6a:a8:26:e1:cf:42:42:5d:93:2a:dc:5d:f7:0d:86:
                    c1:59:cb:95:6a:8f:a3:1d:aa:b8:3d:df:24:f5:0e:
                    d5:31:79:1e:76:f9:12:2e:67:d5:92:16:ae:70:43:
                    fb:92:21:67:27:48:ee:9b:c1:8d:04:ef:de:7d:21:
                    63:b7:f0:17:e6:bf:ed:70:2b:77:3f:e9:4d:ac:50:
                    14:44:10:23:80:f3:1d:70:2e:f1:77:8b:c2:45:c9:
                    08:ca:8d:26:36:10:8f:40:6b:76:31:60:ad:53:b1:
                    1a:1a:0b:f4:95:01:f3:cc:8f:1a:be:d8:37:0c:fa:
                    25:9c:0d:23:37:c0:06:65:14:dc:1e:b3:67:5f:7c:
                    23:3e:17:9a:3d:c4:e3:b9:02:c0:bc:55:14:aa:87:
                    fe:32:e6:e8:5a:61:88:7a:51:7f:94:94:af:ac:cf:
                    41:3c:73:06:e6:15:63:92:e7:64:a5:20:f1:f3:1a:
                    ee:da:d5:73:aa:3f:f5:78:ce:9e:5c:b6:76:a9:d7:
                    ee:c8:a5:4d:21:75:86:60:16:62:82:f5:36:8a:57:
                    ec:b2:d1:bf:cb:e8:b3:87:80:7c:aa:8d:bd:b5:ca:
                    c5:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:AB:D9:F6:1D:87:2E:30:70:13:88:5D:23:C4:7D:B8:AF:A0:59:52
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/434ec6fb-f5c9-393a-871a-13125f54705e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/f5a8e327-ebf4-4f4b-9073-90acd61797cc.crl

            X509v3 Authority Key Identifier:
                keyid:45:86:65:E2:AF:1E:64:89:10:4A:3B:83:E3:D8:7F:48:93:B5:7B:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc.cer

            sbgp-ipAddrBlock: critical
                IPv6:
                  2620:9e:6001::/48

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         2c:2f:e0:ce:26:c6:11:4f:39:26:d3:62:ec:a0:8f:97:4b:be:
         dd:d1:d4:0a:33:e9:08:92:07:a7:ee:8f:98:89:1c:8e:aa:a4:
         4a:a7:2a:ec:ec:7d:86:99:16:05:15:2a:a2:bf:80:34:e8:56:
         39:80:87:9a:b9:38:0d:91:20:88:36:9d:63:f7:b9:b1:e5:66:
         1e:91:7e:e1:14:ae:5d:5b:c1:83:26:d6:84:3b:af:3c:b2:c4:
         64:45:06:47:9d:cb:17:05:1b:55:c6:33:8c:5d:2b:79:fb:45:
         a7:46:91:f3:d5:7c:c7:6a:dd:e5:08:59:84:00:7a:17:56:22:
         d3:26:7b:29:12:f1:06:b6:d9:ec:cf:93:6b:6a:cf:ca:47:a4:
         17:87:66:1c:b8:d6:66:9e:e5:d4:10:8c:3e:31:b2:57:aa:f4:
         02:d3:52:aa:a1:a0:00:0c:cd:9d:ec:65:49:14:66:76:bc:e4:
         e6:93:73:f1:50:c8:85:4d:87:ff:aa:f3:25:7d:44:4c:bd:db:
         30:45:12:33:08:3e:99:68:bb:94:74:81:5b:3d:f8:9a:7f:05:
         95:f0:e2:d5:04:d4:f0:1f:f1:2b:16:fc:33:38:15:1b:d4:df:
         0f:bf:9f:51:ce:a5:e1:31:81:2f:68:7f:22:74:e5:ca:d2:a0:
         88:be:d5:6a
-----BEGIN CERTIFICATE-----
MIIGRjCCBS6gAwIBAgIUAQ0Mn0MoWD1qHLskxNNXUWU0WYAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkZjVhOGUzMjctZWJmNC00ZjRiLTkwNzMtOTBhY2Q2MTc5
N2NjMB4XDTIyMDMzMTA0MDAwMFoXDTIzMDMzMTA0MDAwMFowLzEtMCsGA1UEAxMk
NTNjMThkNzAtOTVlNC00ZWVmLTk5ZGMtOWFjNjkwNzk1ZDJlMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiXnsqCBGmVKasENaO8q9wQtosOX3wbKvmFm4
DcNqqCbhz0JCXZMq3F33DYbBWcuVao+jHaq4Pd8k9Q7VMXkedvkSLmfVkhaucEP7
kiFnJ0jum8GNBO/efSFjt/AX5r/tcCt3P+lNrFAURBAjgPMdcC7xd4vCRckIyo0m
NhCPQGt2MWCtU7EaGgv0lQHzzI8avtg3DPolnA0jN8AGZRTcHrNnX3wjPheaPcTj
uQLAvFUUqof+MuboWmGIelF/lJSvrM9BPHMG5hVjkudkpSDx8xru2tVzqj/1eM6e
XLZ2qdfuyKVNIXWGYBZigvU2ilfsstG/y+izh4B8qo29tcrFiQIDAQABo4IDWDCC
A1QwHQYDVR0OBBYEFB+r2fYdhy4wcBOIXSPEfbivoFlSMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy9mNWE4
ZTMyNy1lYmY0LTRmNGItOTA3My05MGFjZDYxNzk3Y2MvNDM0ZWM2ZmItZjVjOS0z
OTNhLTg3MWEtMTMxMjVmNTQ3MDVlLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy81MjFlYjMzZi05
NjcyLTRjZDktYWNjZS0xMzcyMjdlOTcxYWMvZjVhOGUzMjctZWJmNC00ZjRiLTkw
NzMtOTBhY2Q2MTc5N2NjL2Y1YThlMzI3LWViZjQtNGY0Yi05MDczLTkwYWNkNjE3
OTdjYy5jcmwwHwYDVR0jBBgwFoAURYZl4q8eZIkQSjuD49h/SJO1e5MwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzUyMWViMzNmLTk2NzItNGNk
OS1hY2NlLTEzNzIyN2U5NzFhYy9mNWE4ZTMyNy1lYmY0LTRmNGItOTA3My05MGFj
ZDYxNzk3Y2MuY2VyMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAJiAAnmAB
MFQGA1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6
Ly93d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcN
AQELBQADggEBACwv4M4mxhFPOSbTYuygj5dLvt3R1Aoz6QiSB6fuj5iJHI6qpEqn
KuzsfYaZFgUVKqK/gDToVjmAh5q5OA2RIIg2nWP3ubHlZh6RfuEUrl1bwYMm1oQ7
rzyyxGRFBkedyxcFG1XGM4xdK3n7RadGkfPVfMdq3eUIWYQAehdWItMmeykS8Qa2
2ezPk2tqz8pHpBeHZhy41mae5dQQjD4xsleq9ALTUqqhoAAMzZ3sZUkUZna85OaT
c/FQyIVNh/+q8yV9REy92zBFEjMIPplou5R0gVs9+Jp/BZXw4tUE1PAf8SsW/DM4
FRvU3w+/n1HOpeExgS9ofyJ05crSoIi+1Wo=
-----END CERTIFICATE-----