Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/7aebef14-d943-3e98-821c-d397883d8db3.roa
File:                     7aebef14-d943-3e98-821c-d397883d8db3.roa (raw, json)
Hash identifier:          /jfw8d+hZ5ed1IJHLm6PDHcgcF7GgWe7YRH7pFkFglg=
Subject key identifier:   27:52:1A:A3:C3:76:0E:38:A8:AD:FF:FF:F7:42:09:BF:FC:CD:02:4A
Certificate issuer:       /CN=f5a8e327-ebf4-4f4b-9073-90acd61797cc
Certificate serial:       010D0C9F4328583E578E967218C1A240A8055DC0
Authority key identifier: 45:86:65:E2:AF:1E:64:89:10:4A:3B:83:E3:D8:7F:48:93:B5:7B:93
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/7aebef14-d943-3e98-821c-d397883d8db3.roa
Signing time:             Thu 23 Jun 2022 12:00:00 +0000
ROA not before:           Thu 23 Jun 2022 12:00:00 +0000
ROA not after:            Sat 24 Jun 2023 04:00:00 +0000
asID:                     3970
IP address blocks:        2620:9e:6001::/48 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:3e:57:8e:96:72:18:c1:a2:40:a8:05:5d:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f5a8e327-ebf4-4f4b-9073-90acd61797cc
        Validity
            Not Before: Jun 23 12:00:00 2022 GMT
            Not After : Jun 24 04:00:00 2023 GMT
        Subject: CN=1415e1ba-22e0-4bc8-8453-cb1ccf4e6b0f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:1f:37:3b:e1:a8:d8:b8:aa:91:3a:69:42:29:
                    0d:a3:b0:68:73:ac:5b:61:3a:5d:a5:41:4b:76:e9:
                    d2:46:43:51:81:32:89:16:50:bc:05:9a:21:31:10:
                    b3:04:a4:12:f0:4d:58:c9:d9:97:c0:ff:51:ec:40:
                    45:6f:2f:de:ad:3e:a0:ca:0a:7c:b1:da:59:96:c1:
                    f9:81:c2:02:f4:9f:46:17:bb:2a:e0:77:91:ef:a3:
                    69:de:94:0e:b6:55:43:9a:54:ee:e2:2f:51:e5:45:
                    9a:de:10:78:d7:15:f6:ac:e8:12:63:c6:30:02:04:
                    73:2d:ba:a6:a9:76:f0:3b:53:65:24:4f:f7:a9:c5:
                    42:f8:73:82:98:04:f2:68:d2:8c:1c:c2:17:65:81:
                    2a:cf:e2:45:e6:75:6e:15:c0:f5:4b:ce:bf:eb:53:
                    02:01:5e:81:9a:86:12:83:f3:45:63:3b:06:da:b1:
                    5a:c0:43:b5:47:3f:09:d8:74:64:c5:3e:68:57:5d:
                    89:ba:04:fa:0e:cb:e8:0c:f4:51:83:e8:c9:8f:3c:
                    a8:08:69:a2:93:33:d0:6e:2f:e5:b0:a1:df:03:57:
                    3d:57:89:57:75:e0:c9:47:af:94:4f:a9:2c:d5:f8:
                    54:7c:85:ee:f3:fb:a6:d0:ba:b8:76:7f:79:ca:eb:
                    c1:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:52:1A:A3:C3:76:0E:38:A8:AD:FF:FF:F7:42:09:BF:FC:CD:02:4A
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/7aebef14-d943-3e98-821c-d397883d8db3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/f5a8e327-ebf4-4f4b-9073-90acd61797cc.crl

            X509v3 Authority Key Identifier:
                keyid:45:86:65:E2:AF:1E:64:89:10:4A:3B:83:E3:D8:7F:48:93:B5:7B:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc.cer

            sbgp-ipAddrBlock: critical
                IPv6:
                  2620:9e:6001::/48

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         35:1d:8b:c9:95:74:36:23:7a:db:e3:9c:44:3b:2a:e3:f9:f8:
         ed:55:3e:90:ce:e5:ad:7a:c3:97:a8:da:c7:24:4a:5e:6c:e6:
         51:db:ce:0e:ac:89:39:07:fa:61:d3:97:c8:c0:51:1b:3e:c9:
         bc:0d:47:1f:a2:13:7e:3f:c0:31:cd:ae:7d:0b:eb:f4:4b:3a:
         8b:9e:62:06:46:f7:22:06:63:4a:b8:32:03:ff:8a:6b:a5:9c:
         8e:0e:91:06:c6:06:cb:d4:39:79:72:31:e3:f0:28:99:d1:79:
         d5:70:9f:0c:03:a5:d7:c2:18:c4:ae:59:99:af:84:07:76:ce:
         8a:30:95:17:1a:2e:69:de:01:48:58:b9:57:0c:e3:88:11:4e:
         96:91:3b:b2:96:07:9f:9a:81:22:bd:1d:cb:74:c9:d9:5a:0f:
         75:5d:bd:cb:bb:a3:b3:42:71:9f:3e:9c:17:64:d5:2c:bb:b7:
         55:13:70:6b:ad:a5:a1:6c:95:94:d2:9c:2d:ba:fd:38:51:d3:
         46:9d:f7:76:f9:7e:8b:5a:71:8f:68:34:80:ce:cb:63:b5:09:
         54:af:a6:bf:03:9b:66:42:18:93:44:fd:41:1b:11:03:d0:3f:
         64:a2:81:dd:19:31:d9:d7:8f:24:5d:2a:99:6c:da:03:4b:ed:
         c9:73:a8:51
-----BEGIN CERTIFICATE-----
MIIGRjCCBS6gAwIBAgIUAQ0Mn0MoWD5XjpZyGMGiQKgFXcAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkZjVhOGUzMjctZWJmNC00ZjRiLTkwNzMtOTBhY2Q2MTc5
N2NjMB4XDTIyMDYyMzEyMDAwMFoXDTIzMDYyNDA0MDAwMFowLzEtMCsGA1UEAxMk
MTQxNWUxYmEtMjJlMC00YmM4LTg0NTMtY2IxY2NmNGU2YjBmMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmB83O+Go2LiqkTppQikNo7Boc6xbYTpdpUFL
dunSRkNRgTKJFlC8BZohMRCzBKQS8E1YydmXwP9R7EBFby/erT6gygp8sdpZlsH5
gcIC9J9GF7sq4HeR76Np3pQOtlVDmlTu4i9R5UWa3hB41xX2rOgSY8YwAgRzLbqm
qXbwO1NlJE/3qcVC+HOCmATyaNKMHMIXZYEqz+JF5nVuFcD1S86/61MCAV6BmoYS
g/NFYzsG2rFawEO1Rz8J2HRkxT5oV12JugT6DsvoDPRRg+jJjzyoCGmikzPQbi/l
sKHfA1c9V4lXdeDJR6+UT6ks1fhUfIXu8/um0Lq4dn95yuvBkwIDAQABo4IDWDCC
A1QwHQYDVR0OBBYEFCdSGqPDdg44qK3///dCCb/8zQJKMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy9mNWE4
ZTMyNy1lYmY0LTRmNGItOTA3My05MGFjZDYxNzk3Y2MvN2FlYmVmMTQtZDk0My0z
ZTk4LTgyMWMtZDM5Nzg4M2Q4ZGIzLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy81MjFlYjMzZi05
NjcyLTRjZDktYWNjZS0xMzcyMjdlOTcxYWMvZjVhOGUzMjctZWJmNC00ZjRiLTkw
NzMtOTBhY2Q2MTc5N2NjL2Y1YThlMzI3LWViZjQtNGY0Yi05MDczLTkwYWNkNjE3
OTdjYy5jcmwwHwYDVR0jBBgwFoAURYZl4q8eZIkQSjuD49h/SJO1e5MwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzUyMWViMzNmLTk2NzItNGNk
OS1hY2NlLTEzNzIyN2U5NzFhYy9mNWE4ZTMyNy1lYmY0LTRmNGItOTA3My05MGFj
ZDYxNzk3Y2MuY2VyMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAJiAAnmAB
MFQGA1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6
Ly93d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcN
AQELBQADggEBADUdi8mVdDYjetvjnEQ7KuP5+O1VPpDO5a16w5eo2sckSl5s5lHb
zg6siTkH+mHTl8jAURs+ybwNRx+iE34/wDHNrn0L6/RLOoueYgZG9yIGY0q4MgP/
imulnI4OkQbGBsvUOXlyMePwKJnRedVwnwwDpdfCGMSuWZmvhAd2zoowlRcaLmne
AUhYuVcM44gRTpaRO7KWB5+agSK9Hct0ydlaD3Vdvcu7o7NCcZ8+nBdk1Sy7t1UT
cGutpaFslZTSnC26/ThR00ad93b5fotacY9oNIDOy2O1CVSvpr8Dm2ZCGJNE/UEb
EQPQP2Sigd0ZMdnXjyRdKpls2gNL7clzqFE=
-----END CERTIFICATE-----