Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/5e86d499-1d16-389c-8f47-118267ec9206.roa
File:                     5e86d499-1d16-389c-8f47-118267ec9206.roa (raw, json)
Hash identifier:          kDQM50+4ldONBTo60T2m1G/rwMdOR4Iv/AxaugJxefU=
Subject key identifier:   BC:72:44:AF:D0:E2:66:22:7F:A4:5F:DD:F4:22:C6:9A:88:4C:5A:07
Certificate issuer:       /CN=f5a8e327-ebf4-4f4b-9073-90acd61797cc
Certificate serial:       010D0C9F4328583EE8589B20B8FBB20F420C2E80
Authority key identifier: 45:86:65:E2:AF:1E:64:89:10:4A:3B:83:E3:D8:7F:48:93:B5:7B:93
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/5e86d499-1d16-389c-8f47-118267ec9206.roa
Signing time:             Sun 14 Aug 2022 12:00:00 +0000
ROA not before:           Sun 14 Aug 2022 12:00:00 +0000
ROA not after:            Tue 15 Aug 2023 04:00:00 +0000
asID:                     3970
IP address blocks:        2620:9e:6001::/48 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:3e:e8:58:9b:20:b8:fb:b2:0f:42:0c:2e:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f5a8e327-ebf4-4f4b-9073-90acd61797cc
        Validity
            Not Before: Aug 14 12:00:00 2022 GMT
            Not After : Aug 15 04:00:00 2023 GMT
        Subject: CN=d3d8e67a-bd47-421c-a977-436bff820365
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:1c:0d:96:10:60:da:4b:81:fd:1e:ec:cd:08:
                    2f:bd:b5:6a:d2:5d:76:11:3d:24:19:78:ee:52:91:
                    ce:f7:5d:42:72:25:25:6d:85:9f:3f:bb:59:b7:55:
                    87:65:93:75:7e:7f:2f:7c:3c:00:15:fe:d9:bb:d8:
                    63:ab:06:bc:e7:f6:16:fe:be:b7:c9:0f:db:14:b2:
                    04:2b:af:8e:13:bc:e6:98:06:71:46:b9:45:da:cf:
                    25:d2:d1:ec:d3:d2:80:2f:92:10:ec:74:aa:ba:c7:
                    c4:33:25:08:45:d4:17:3b:e8:ec:ce:ab:9a:f0:cf:
                    fb:ff:a8:1b:74:b3:f6:e7:0d:af:c9:ab:b0:37:7a:
                    d8:0d:58:76:da:12:b0:7f:dc:05:e6:94:00:cb:54:
                    5b:f4:92:8e:76:be:54:93:d4:c4:b7:85:df:68:0e:
                    0c:ab:0d:72:0d:bd:f2:98:6c:39:e7:40:e7:b7:39:
                    b0:b4:b7:82:f6:f2:27:da:90:18:1d:30:a6:ae:f4:
                    04:36:82:ce:c4:14:fb:29:17:19:27:0e:57:8d:af:
                    16:0c:c4:c8:fc:3d:34:71:f5:75:90:e0:f1:d3:58:
                    36:71:15:57:d8:86:ec:5c:8f:a7:c1:9f:13:91:88:
                    93:f6:65:b8:17:92:e5:fe:f6:a2:8b:57:ec:16:85:
                    50:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:72:44:AF:D0:E2:66:22:7F:A4:5F:DD:F4:22:C6:9A:88:4C:5A:07
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/5e86d499-1d16-389c-8f47-118267ec9206.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/f5a8e327-ebf4-4f4b-9073-90acd61797cc.crl

            X509v3 Authority Key Identifier:
                keyid:45:86:65:E2:AF:1E:64:89:10:4A:3B:83:E3:D8:7F:48:93:B5:7B:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc.cer

            sbgp-ipAddrBlock: critical
                IPv6:
                  2620:9e:6001::/48

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         0a:92:1e:de:01:ae:f3:cf:0c:ec:7b:2b:f9:9d:26:71:eb:8d:
         03:0f:d1:4a:93:60:aa:4b:92:ab:2e:b5:9e:69:b7:0d:7c:bb:
         c5:08:8f:84:e9:41:b6:55:2f:06:62:eb:e7:c7:3c:d9:a6:d3:
         ab:74:ad:14:45:17:11:0e:c7:b5:b3:ff:4f:dd:6d:ca:a1:3c:
         50:af:97:84:5e:c4:a9:c2:41:05:40:c9:e6:83:19:e7:ba:26:
         ff:ba:6c:f1:ed:65:d9:73:5f:f7:15:f0:1c:2e:ef:e6:cd:07:
         0b:ca:b1:70:3e:6c:7b:65:24:d4:e4:fe:08:ea:60:59:66:84:
         a8:6d:52:85:b9:2b:86:8d:a5:89:ee:3a:0b:75:30:39:91:8c:
         f7:77:4a:a0:32:9c:cd:80:2f:38:d3:98:a7:15:e9:8d:5d:f4:
         27:db:b7:58:44:b8:42:5b:fa:54:e0:93:52:8d:41:f9:f4:db:
         12:c6:c1:70:07:a3:ac:5a:3b:08:73:cc:95:fc:27:a3:27:08:
         36:8f:92:a0:cb:81:ea:1d:c5:32:5b:e5:04:df:29:0c:d1:bf:
         80:74:9f:dc:26:bd:43:b8:de:40:aa:43:68:ff:89:2a:bb:da:
         6c:84:b7:96:df:14:dd:c8:82:fd:15:16:54:37:43:74:91:64:
         59:cd:1b:0f
-----BEGIN CERTIFICATE-----
MIIGRjCCBS6gAwIBAgIUAQ0Mn0MoWD7oWJsguPuyD0IMLoAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkZjVhOGUzMjctZWJmNC00ZjRiLTkwNzMtOTBhY2Q2MTc5
N2NjMB4XDTIyMDgxNDEyMDAwMFoXDTIzMDgxNTA0MDAwMFowLzEtMCsGA1UEAxMk
ZDNkOGU2N2EtYmQ0Ny00MjFjLWE5NzctNDM2YmZmODIwMzY1MIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgxwNlhBg2kuB/R7szQgvvbVq0l12ET0kGXju
UpHO911CciUlbYWfP7tZt1WHZZN1fn8vfDwAFf7Zu9hjqwa85/YW/r63yQ/bFLIE
K6+OE7zmmAZxRrlF2s8l0tHs09KAL5IQ7HSqusfEMyUIRdQXO+jszqua8M/7/6gb
dLP25w2vyauwN3rYDVh22hKwf9wF5pQAy1Rb9JKOdr5Uk9TEt4XfaA4Mqw1yDb3y
mGw550DntzmwtLeC9vIn2pAYHTCmrvQENoLOxBT7KRcZJw5Xja8WDMTI/D00cfV1
kODx01g2cRVX2IbsXI+nwZ8TkYiT9mW4F5Ll/vaii1fsFoVQnQIDAQABo4IDWDCC
A1QwHQYDVR0OBBYEFLxyRK/Q4mYif6Rf3fQixpqITFoHMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy9mNWE4
ZTMyNy1lYmY0LTRmNGItOTA3My05MGFjZDYxNzk3Y2MvNWU4NmQ0OTktMWQxNi0z
ODljLThmNDctMTE4MjY3ZWM5MjA2LnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy81MjFlYjMzZi05
NjcyLTRjZDktYWNjZS0xMzcyMjdlOTcxYWMvZjVhOGUzMjctZWJmNC00ZjRiLTkw
NzMtOTBhY2Q2MTc5N2NjL2Y1YThlMzI3LWViZjQtNGY0Yi05MDczLTkwYWNkNjE3
OTdjYy5jcmwwHwYDVR0jBBgwFoAURYZl4q8eZIkQSjuD49h/SJO1e5MwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzUyMWViMzNmLTk2NzItNGNk
OS1hY2NlLTEzNzIyN2U5NzFhYy9mNWE4ZTMyNy1lYmY0LTRmNGItOTA3My05MGFj
ZDYxNzk3Y2MuY2VyMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAJiAAnmAB
MFQGA1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6
Ly93d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcN
AQELBQADggEBAAqSHt4BrvPPDOx7K/mdJnHrjQMP0UqTYKpLkqsutZ5ptw18u8UI
j4TpQbZVLwZi6+fHPNmm06t0rRRFFxEOx7Wz/0/dbcqhPFCvl4RexKnCQQVAyeaD
Gee6Jv+6bPHtZdlzX/cV8Bwu7+bNBwvKsXA+bHtlJNTk/gjqYFlmhKhtUoW5K4aN
pYnuOgt1MDmRjPd3SqAynM2ALzjTmKcV6Y1d9Cfbt1hEuEJb+lTgk1KNQfn02xLG
wXAHo6xaOwhzzJX8J6MnCDaPkqDLgeodxTJb5QTfKQzRv4B0n9wmvUO43kCqQ2j/
iSq72myEt5bfFN3Igv0VFlQ3Q3SRZFnNGw8=
-----END CERTIFICATE-----