Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/8adf07f8-8cbd-3eb9-a6f3-0e23b5e5a4c1.roa
File:                     8adf07f8-8cbd-3eb9-a6f3-0e23b5e5a4c1.roa (raw, json)
Hash identifier:          EW2hhwBCYLvivL0z0cvR+Qv4/zIdMDxVr1rhNYSfpLI=
Subject key identifier:   3F:A7:F4:4C:1A:F0:2C:F4:0E:DF:7E:40:67:08:59:8B:FF:A6:B1:C6
Certificate issuer:       /CN=f5a8e327-ebf4-4f4b-9073-90acd61797cc
Certificate serial:       010D0C9F4328583E9FD3F510DE5EFF799820BDA0
Authority key identifier: 45:86:65:E2:AF:1E:64:89:10:4A:3B:83:E3:D8:7F:48:93:B5:7B:93
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/8adf07f8-8cbd-3eb9-a6f3-0e23b5e5a4c1.roa
Signing time:             Tue 19 Jul 2022 12:00:00 +0000
ROA not before:           Tue 19 Jul 2022 12:00:00 +0000
ROA not after:            Thu 20 Jul 2023 04:00:00 +0000
asID:                     3970
IP address blocks:        2620:9e:6001::/48 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:3e:9f:d3:f5:10:de:5e:ff:79:98:20:bd:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f5a8e327-ebf4-4f4b-9073-90acd61797cc
        Validity
            Not Before: Jul 19 12:00:00 2022 GMT
            Not After : Jul 20 04:00:00 2023 GMT
        Subject: CN=81c65110-1004-4f9c-a929-4cb16ee03945
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:89:e3:8a:ac:63:12:ac:81:a8:d1:d5:1f:45:
                    6c:f0:56:cc:8f:12:e5:eb:b3:af:a3:36:05:db:4c:
                    d8:e7:5e:93:e3:fd:df:44:d4:66:52:6a:10:c2:44:
                    7a:ec:25:eb:0c:e4:95:bb:04:4f:2f:65:49:f0:4d:
                    72:68:bd:d9:c0:53:02:b6:fd:f9:62:9e:13:31:1d:
                    2c:5f:9d:ee:ee:d3:71:97:52:41:ea:98:50:67:e7:
                    bd:3c:a9:25:42:7f:a4:0d:02:a1:48:a9:df:9d:5f:
                    89:64:2b:50:0c:41:cb:23:f6:cb:44:95:4b:a4:9f:
                    67:65:48:49:3e:06:21:6a:b1:22:e2:b7:02:58:45:
                    f9:7b:0a:44:31:48:09:42:16:52:69:e7:aa:27:15:
                    54:3b:bf:74:74:dd:41:bb:26:9d:95:ef:e7:df:15:
                    55:3b:2b:da:dc:e3:8f:c0:bd:74:eb:13:3b:b5:98:
                    39:c6:c8:0c:45:df:26:b9:5e:c6:78:64:df:2b:9e:
                    97:8d:8c:eb:ef:1b:3a:2d:63:4e:cf:97:c7:83:a3:
                    2c:95:d5:a1:44:d8:a2:89:27:36:af:94:af:51:92:
                    cc:18:03:94:e4:61:60:c9:0a:f3:23:c4:a3:e3:ce:
                    ed:9d:29:5e:24:9c:c6:bc:2a:92:ce:99:50:84:13:
                    c2:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:A7:F4:4C:1A:F0:2C:F4:0E:DF:7E:40:67:08:59:8B:FF:A6:B1:C6
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/8adf07f8-8cbd-3eb9-a6f3-0e23b5e5a4c1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/f5a8e327-ebf4-4f4b-9073-90acd61797cc.crl

            X509v3 Authority Key Identifier:
                keyid:45:86:65:E2:AF:1E:64:89:10:4A:3B:83:E3:D8:7F:48:93:B5:7B:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc.cer

            sbgp-ipAddrBlock: critical
                IPv6:
                  2620:9e:6001::/48

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         51:86:5e:bb:47:89:9a:51:03:1b:c6:fa:b0:14:bf:d9:ed:da:
         1f:7d:9e:88:6d:42:6e:27:ea:69:b8:34:52:32:1f:2d:f3:4a:
         74:d1:20:8b:02:cb:65:55:d7:f1:15:f3:09:2d:62:3d:73:e7:
         c1:cb:ad:60:0a:6a:12:bd:3e:68:cd:87:6b:87:e2:ff:85:59:
         0d:5e:83:81:3e:9b:8d:70:71:8a:cb:44:24:e2:1b:13:93:04:
         bd:8f:87:d5:b7:de:cd:28:51:b9:c1:5e:ce:5b:b7:e1:98:7b:
         51:53:14:94:e7:9c:b6:da:e1:a6:fd:ba:f6:1a:ae:8e:fb:9d:
         81:22:77:6f:b5:d8:b7:d4:c9:a0:50:7d:75:d9:2a:79:cd:dc:
         3f:40:7d:88:97:5e:98:0a:b3:80:c2:d5:15:f1:26:96:76:99:
         e0:9c:9f:b1:f3:c4:1c:02:50:7f:09:a7:5b:46:c4:dc:d2:dc:
         6a:98:2d:d0:f2:03:a9:a9:38:0f:39:1f:be:4c:ba:b2:aa:8d:
         3a:e0:4e:8e:a0:ae:60:0b:6e:35:1f:8c:e4:71:8e:0d:7a:dd:
         0c:ea:2d:f7:5b:76:7c:1e:d1:fc:69:22:d1:f9:1c:b2:43:1d:
         52:04:56:42:7a:7c:12:fa:e7:ff:4e:09:69:5c:62:e5:2d:e8:
         dc:74:c4:26
-----BEGIN CERTIFICATE-----
MIIGRjCCBS6gAwIBAgIUAQ0Mn0MoWD6f0/UQ3l7/eZggvaAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkZjVhOGUzMjctZWJmNC00ZjRiLTkwNzMtOTBhY2Q2MTc5
N2NjMB4XDTIyMDcxOTEyMDAwMFoXDTIzMDcyMDA0MDAwMFowLzEtMCsGA1UEAxMk
ODFjNjUxMTAtMTAwNC00ZjljLWE5MjktNGNiMTZlZTAzOTQ1MIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkonjiqxjEqyBqNHVH0Vs8FbMjxLl67OvozYF
20zY516T4/3fRNRmUmoQwkR67CXrDOSVuwRPL2VJ8E1yaL3ZwFMCtv35Yp4TMR0s
X53u7tNxl1JB6phQZ+e9PKklQn+kDQKhSKnfnV+JZCtQDEHLI/bLRJVLpJ9nZUhJ
PgYharEi4rcCWEX5ewpEMUgJQhZSaeeqJxVUO790dN1Buyadle/n3xVVOyva3OOP
wL106xM7tZg5xsgMRd8muV7GeGTfK56XjYzr7xs6LWNOz5fHg6MsldWhRNiiiSc2
r5SvUZLMGAOU5GFgyQrzI8Sj487tnSleJJzGvCqSzplQhBPCnwIDAQABo4IDWDCC
A1QwHQYDVR0OBBYEFD+n9Ewa8Cz0Dt9+QGcIWYv/prHGMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy9mNWE4
ZTMyNy1lYmY0LTRmNGItOTA3My05MGFjZDYxNzk3Y2MvOGFkZjA3ZjgtOGNiZC0z
ZWI5LWE2ZjMtMGUyM2I1ZTVhNGMxLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy81MjFlYjMzZi05
NjcyLTRjZDktYWNjZS0xMzcyMjdlOTcxYWMvZjVhOGUzMjctZWJmNC00ZjRiLTkw
NzMtOTBhY2Q2MTc5N2NjL2Y1YThlMzI3LWViZjQtNGY0Yi05MDczLTkwYWNkNjE3
OTdjYy5jcmwwHwYDVR0jBBgwFoAURYZl4q8eZIkQSjuD49h/SJO1e5MwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzUyMWViMzNmLTk2NzItNGNk
OS1hY2NlLTEzNzIyN2U5NzFhYy9mNWE4ZTMyNy1lYmY0LTRmNGItOTA3My05MGFj
ZDYxNzk3Y2MuY2VyMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAJiAAnmAB
MFQGA1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6
Ly93d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcN
AQELBQADggEBAFGGXrtHiZpRAxvG+rAUv9nt2h99nohtQm4n6mm4NFIyHy3zSnTR
IIsCy2VV1/EV8wktYj1z58HLrWAKahK9PmjNh2uH4v+FWQ1eg4E+m41wcYrLRCTi
GxOTBL2Ph9W33s0oUbnBXs5bt+GYe1FTFJTnnLba4ab9uvYaro77nYEid2+12LfU
yaBQfXXZKnnN3D9AfYiXXpgKs4DC1RXxJpZ2meCcn7HzxBwCUH8Jp1tGxNzS3GqY
LdDyA6mpOA85H75MurKqjTrgTo6grmALbjUfjORxjg163QzqLfdbdnwe0fxpItH5
HLJDHVIEVkJ6fBL65/9OCWlcYuUt6Nx0xCY=
-----END CERTIFICATE-----