Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/71405d05-c1b0-3630-a59a-0478d57b42a4.roa
File:                     71405d05-c1b0-3630-a59a-0478d57b42a4.roa (raw, json)
Hash identifier:          b3HBhvtXP0gI6ZGD5WaC8qpn1Mtt0SqUPxLJeMT9PLo=
Subject key identifier:   88:42:8C:7A:4E:57:26:E4:15:B2:24:53:A5:F5:8D:5D:79:8D:78:E8
Certificate issuer:       /CN=f5a8e327-ebf4-4f4b-9073-90acd61797cc
Certificate serial:       010D0C9F43285840085300A4D1DFE416CA3BF340
Authority key identifier: 45:86:65:E2:AF:1E:64:89:10:4A:3B:83:E3:D8:7F:48:93:B5:7B:93
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/71405d05-c1b0-3630-a59a-0478d57b42a4.roa
Signing time:             Fri 25 Nov 2022 12:00:00 +0000
ROA not before:           Fri 25 Nov 2022 12:00:00 +0000
ROA not after:            Sun 26 Nov 2023 05:00:00 +0000
asID:                     3970
IP address blocks:        2620:9e:6001::/48 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:40:08:53:00:a4:d1:df:e4:16:ca:3b:f3:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f5a8e327-ebf4-4f4b-9073-90acd61797cc
        Validity
            Not Before: Nov 25 12:00:00 2022 GMT
            Not After : Nov 26 05:00:00 2023 GMT
        Subject: CN=dd80f92e-1131-467e-b5b5-7a10dd2a7c8a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:dc:4c:51:6c:ce:5e:a4:91:b8:92:2e:3e:a2:
                    c9:1e:97:8f:cb:09:09:d1:f3:a8:d7:49:76:4f:1f:
                    a9:d7:1d:db:1f:51:bd:cb:a2:91:55:de:11:a2:ae:
                    20:01:12:cf:5a:bb:8b:7e:1d:cd:69:5b:7f:c0:e4:
                    7c:9e:83:bf:f3:f3:fc:0f:ef:7c:0c:82:fe:81:33:
                    0f:83:d0:a5:75:d5:80:39:2f:c6:45:ee:c9:ad:6d:
                    b0:d5:81:6e:45:e9:5a:b3:07:8b:f9:fc:7b:04:99:
                    4a:0e:1c:18:35:fd:a7:e0:64:22:89:35:48:c4:7c:
                    c1:11:ef:db:7d:ef:76:d6:85:f5:2a:11:15:18:a7:
                    aa:b0:50:64:42:11:9a:77:0c:ef:cc:b8:a4:e8:64:
                    14:06:e7:ff:e9:8d:6d:f8:f3:7f:97:66:97:50:aa:
                    b1:30:e8:ca:93:b5:04:d8:f1:06:90:6e:b1:2e:77:
                    75:89:07:b1:62:a4:7c:17:0f:74:a0:51:73:37:c7:
                    f7:a2:07:f1:50:21:fc:02:1e:57:52:60:32:92:62:
                    fd:d3:95:4f:c6:80:06:66:a7:ba:43:18:49:37:17:
                    6c:ac:22:4e:9f:b5:96:d8:eb:9c:08:2f:9d:44:ee:
                    de:f6:06:ea:99:29:eb:2c:23:92:7e:69:41:b5:20:
                    04:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:42:8C:7A:4E:57:26:E4:15:B2:24:53:A5:F5:8D:5D:79:8D:78:E8
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/71405d05-c1b0-3630-a59a-0478d57b42a4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/f5a8e327-ebf4-4f4b-9073-90acd61797cc.crl

            X509v3 Authority Key Identifier:
                keyid:45:86:65:E2:AF:1E:64:89:10:4A:3B:83:E3:D8:7F:48:93:B5:7B:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc.cer

            sbgp-ipAddrBlock: critical
                IPv6:
                  2620:9e:6001::/48

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         8d:e6:4e:46:af:60:87:65:bd:78:de:f0:8c:eb:0a:9f:6a:72:
         d9:0a:fe:c2:1b:84:a8:7f:81:f3:a8:92:f5:cc:56:68:36:a9:
         17:93:ac:31:d4:8c:73:f4:7d:78:49:a7:a9:bc:4f:b8:8f:e9:
         c9:27:6f:24:f9:cd:e3:8d:d6:65:17:19:e4:99:cb:5c:27:c3:
         c2:7f:a8:1f:ab:37:bb:d9:4c:9c:1f:98:95:0f:13:a3:c0:d4:
         fe:ab:d1:d1:27:34:10:a9:dc:d0:b2:cc:ba:a4:74:83:f8:d2:
         42:94:d2:da:71:8e:30:6f:1b:eb:72:ba:93:d3:fe:52:2c:15:
         ff:a8:40:1c:f9:10:0f:b0:c7:94:46:10:ac:53:74:69:e4:8b:
         1f:e1:72:8e:62:92:06:1b:d4:64:81:1f:c6:d0:39:4b:21:ac:
         50:30:72:24:df:eb:96:83:3a:a6:b0:7d:9c:73:80:76:59:bc:
         38:42:d1:d8:e8:55:de:73:ff:2f:d5:af:ca:1a:3c:9f:39:d7:
         51:70:52:9e:0d:55:fc:c6:a5:ff:91:36:1b:2f:70:f6:39:20:
         d3:0e:b6:9f:fa:cd:e9:1d:85:df:7f:da:ae:9c:20:8d:70:e8:
         ec:1a:6f:ff:e0:f9:e1:21:2a:96:93:1b:48:63:8d:f3:e0:76:
         53:65:1c:8a
-----BEGIN CERTIFICATE-----
MIIGRjCCBS6gAwIBAgIUAQ0Mn0MoWEAIUwCk0d/kFso780AwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkZjVhOGUzMjctZWJmNC00ZjRiLTkwNzMtOTBhY2Q2MTc5
N2NjMB4XDTIyMTEyNTEyMDAwMFoXDTIzMTEyNjA1MDAwMFowLzEtMCsGA1UEAxMk
ZGQ4MGY5MmUtMTEzMS00NjdlLWI1YjUtN2ExMGRkMmE3YzhhMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj9xMUWzOXqSRuJIuPqLJHpePywkJ0fOo10l2
Tx+p1x3bH1G9y6KRVd4Roq4gARLPWruLfh3NaVt/wOR8noO/8/P8D+98DIL+gTMP
g9ClddWAOS/GRe7JrW2w1YFuRelasweL+fx7BJlKDhwYNf2n4GQiiTVIxHzBEe/b
fe921oX1KhEVGKeqsFBkQhGadwzvzLik6GQUBuf/6Y1t+PN/l2aXUKqxMOjKk7UE
2PEGkG6xLnd1iQexYqR8Fw90oFFzN8f3ogfxUCH8Ah5XUmAykmL905VPxoAGZqe6
QxhJNxdsrCJOn7WW2OucCC+dRO7e9gbqmSnrLCOSfmlBtSAEsQIDAQABo4IDWDCC
A1QwHQYDVR0OBBYEFIhCjHpOVybkFbIkU6X1jV15jXjoMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy9mNWE4
ZTMyNy1lYmY0LTRmNGItOTA3My05MGFjZDYxNzk3Y2MvNzE0MDVkMDUtYzFiMC0z
NjMwLWE1OWEtMDQ3OGQ1N2I0MmE0LnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy81MjFlYjMzZi05
NjcyLTRjZDktYWNjZS0xMzcyMjdlOTcxYWMvZjVhOGUzMjctZWJmNC00ZjRiLTkw
NzMtOTBhY2Q2MTc5N2NjL2Y1YThlMzI3LWViZjQtNGY0Yi05MDczLTkwYWNkNjE3
OTdjYy5jcmwwHwYDVR0jBBgwFoAURYZl4q8eZIkQSjuD49h/SJO1e5MwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzUyMWViMzNmLTk2NzItNGNk
OS1hY2NlLTEzNzIyN2U5NzFhYy9mNWE4ZTMyNy1lYmY0LTRmNGItOTA3My05MGFj
ZDYxNzk3Y2MuY2VyMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAJiAAnmAB
MFQGA1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6
Ly93d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcN
AQELBQADggEBAI3mTkavYIdlvXje8IzrCp9qctkK/sIbhKh/gfOokvXMVmg2qReT
rDHUjHP0fXhJp6m8T7iP6cknbyT5zeON1mUXGeSZy1wnw8J/qB+rN7vZTJwfmJUP
E6PA1P6r0dEnNBCp3NCyzLqkdIP40kKU0tpxjjBvG+tyupPT/lIsFf+oQBz5EA+w
x5RGEKxTdGnkix/hco5ikgYb1GSBH8bQOUshrFAwciTf65aDOqawfZxzgHZZvDhC
0djoVd5z/y/Vr8oaPJ8511FwUp4NVfzGpf+RNhsvcPY5INMOtp/6zekdhd9/2q6c
II1w6Owab//g+eEhKpaTG0hjjfPgdlNlHIo=
-----END CERTIFICATE-----