Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/9eb2ed59-aa97-3609-8b7a-f782b14a1069.roa
File:                     9eb2ed59-aa97-3609-8b7a-f782b14a1069.roa (raw, json)
Hash identifier:          xjJvqClI5qqzpSDbhkUWv5wG65Yt9N3tHNR7hbywVp0=
Subject key identifier:   9B:74:C3:C4:A7:F5:A6:95:10:0D:77:5F:D9:F8:30:CB:6D:C6:E0:C1
Certificate issuer:       /CN=f5a8e327-ebf4-4f4b-9073-90acd61797cc
Certificate serial:       010D0C9F4328583FF1B85D65466CDCB130767450
Authority key identifier: 45:86:65:E2:AF:1E:64:89:10:4A:3B:83:E3:D8:7F:48:93:B5:7B:93
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/9eb2ed59-aa97-3609-8b7a-f782b14a1069.roa
Signing time:             Thu 17 Nov 2022 12:00:00 +0000
ROA not before:           Thu 17 Nov 2022 12:00:00 +0000
ROA not after:            Sat 18 Nov 2023 05:00:00 +0000
asID:                     3970
IP address blocks:        2620:9e:6001::/48 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:3f:f1:b8:5d:65:46:6c:dc:b1:30:76:74:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f5a8e327-ebf4-4f4b-9073-90acd61797cc
        Validity
            Not Before: Nov 17 12:00:00 2022 GMT
            Not After : Nov 18 05:00:00 2023 GMT
        Subject: CN=5a0848f8-61be-43e2-b11e-7fc76310b769
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:bc:5b:88:68:a1:b9:c4:d2:53:49:4f:fe:66:
                    9f:9f:58:fc:c0:67:cc:34:92:53:2e:a6:1d:ba:98:
                    55:04:0f:66:97:2f:5c:a8:1a:42:d9:c3:18:06:3b:
                    57:6e:2f:3a:ec:bf:8c:f1:2d:a4:9f:3a:fd:bf:26:
                    82:e2:19:4f:76:20:de:83:78:3b:23:b3:50:46:96:
                    f8:ef:12:46:e0:17:72:13:11:9c:10:0d:35:72:6d:
                    7a:b7:9a:f7:58:bc:18:4c:14:b8:46:31:7f:3b:c0:
                    48:a2:07:2d:ee:7f:2f:95:c0:fe:c4:ef:12:b5:5c:
                    8f:96:64:51:2f:aa:3b:e2:2e:b0:ab:67:b8:d5:8a:
                    e3:1e:5b:10:85:2e:a0:e5:d5:57:9b:94:5e:fd:ec:
                    1a:50:19:fc:66:04:6f:3c:d6:55:fe:bf:ee:5f:c5:
                    73:80:a3:bb:b4:a2:30:73:89:8d:2d:c9:9c:dc:ff:
                    7e:d2:01:eb:bf:d7:57:2d:d4:7b:91:bd:8e:b7:8e:
                    48:0a:72:33:8a:16:5b:ec:b4:b0:ea:8d:15:50:8d:
                    02:2a:b8:bc:5e:ed:b3:1b:24:93:ed:09:26:8e:01:
                    eb:0d:f8:c8:12:c9:65:9d:ec:9e:b9:20:18:ca:36:
                    67:2c:c9:4d:a0:4a:f3:c7:75:83:83:50:33:ee:cc:
                    a2:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:74:C3:C4:A7:F5:A6:95:10:0D:77:5F:D9:F8:30:CB:6D:C6:E0:C1
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/9eb2ed59-aa97-3609-8b7a-f782b14a1069.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/f5a8e327-ebf4-4f4b-9073-90acd61797cc.crl

            X509v3 Authority Key Identifier:
                keyid:45:86:65:E2:AF:1E:64:89:10:4A:3B:83:E3:D8:7F:48:93:B5:7B:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc.cer

            sbgp-ipAddrBlock: critical
                IPv6:
                  2620:9e:6001::/48

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         4b:2e:3e:65:c5:08:7f:bc:0e:df:2f:41:bb:7a:48:17:e5:cb:
         86:7a:d4:80:f1:ba:60:89:88:f3:88:2c:8b:4d:a9:1c:18:8b:
         66:36:38:4a:c3:69:55:f7:e7:a5:d7:4a:b1:8f:b2:6f:5b:bb:
         4f:ef:0b:cf:6a:8d:a6:2b:0b:68:6a:49:87:1c:0e:59:2b:af:
         a1:05:d4:e2:3f:49:b9:1f:df:67:c0:65:f3:ba:43:55:12:ef:
         14:98:81:57:8f:60:b3:4a:29:91:3f:a4:d2:4d:09:d3:b9:f8:
         cc:09:e1:77:21:26:09:c0:4b:ae:4d:7d:42:cb:be:6a:b3:17:
         e8:ee:2a:53:df:8e:e5:4b:a4:82:0e:c6:a3:17:c5:b4:29:0c:
         1b:f2:d9:73:e8:09:40:14:5f:4c:dd:3d:6d:ea:56:40:ba:62:
         52:b3:a9:2a:51:06:00:ef:17:84:08:98:56:aa:d4:70:bf:e6:
         d6:c6:10:65:bb:e0:d9:1d:b7:20:53:16:b3:46:fa:5b:1d:f7:
         28:b2:83:bf:68:04:5c:b1:18:cd:3a:eb:8e:54:d9:04:b1:b6:
         a6:f3:d5:ed:8d:14:2f:a7:43:5a:ba:c2:a0:39:08:01:4c:9e:
         13:9c:4b:ae:41:ed:39:1b:01:2b:30:d2:91:4b:fe:22:6c:62:
         d7:4c:4f:d1
-----BEGIN CERTIFICATE-----
MIIGRjCCBS6gAwIBAgIUAQ0Mn0MoWD/xuF1lRmzcsTB2dFAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkZjVhOGUzMjctZWJmNC00ZjRiLTkwNzMtOTBhY2Q2MTc5
N2NjMB4XDTIyMTExNzEyMDAwMFoXDTIzMTExODA1MDAwMFowLzEtMCsGA1UEAxMk
NWEwODQ4ZjgtNjFiZS00M2UyLWIxMWUtN2ZjNzYzMTBiNzY5MIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEA37xbiGihucTSU0lP/mafn1j8wGfMNJJTLqYd
uphVBA9mly9cqBpC2cMYBjtXbi867L+M8S2knzr9vyaC4hlPdiDeg3g7I7NQRpb4
7xJG4BdyExGcEA01cm16t5r3WLwYTBS4RjF/O8BIogct7n8vlcD+xO8StVyPlmRR
L6o74i6wq2e41YrjHlsQhS6g5dVXm5Re/ewaUBn8ZgRvPNZV/r/uX8VzgKO7tKIw
c4mNLcmc3P9+0gHrv9dXLdR7kb2Ot45ICnIzihZb7LSw6o0VUI0CKri8Xu2zGyST
7QkmjgHrDfjIEsllneyeuSAYyjZnLMlNoErzx3WDg1Az7syiCQIDAQABo4IDWDCC
A1QwHQYDVR0OBBYEFJt0w8Sn9aaVEA13X9n4MMttxuDBMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy9mNWE4
ZTMyNy1lYmY0LTRmNGItOTA3My05MGFjZDYxNzk3Y2MvOWViMmVkNTktYWE5Ny0z
NjA5LThiN2EtZjc4MmIxNGExMDY5LnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy81MjFlYjMzZi05
NjcyLTRjZDktYWNjZS0xMzcyMjdlOTcxYWMvZjVhOGUzMjctZWJmNC00ZjRiLTkw
NzMtOTBhY2Q2MTc5N2NjL2Y1YThlMzI3LWViZjQtNGY0Yi05MDczLTkwYWNkNjE3
OTdjYy5jcmwwHwYDVR0jBBgwFoAURYZl4q8eZIkQSjuD49h/SJO1e5MwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzUyMWViMzNmLTk2NzItNGNk
OS1hY2NlLTEzNzIyN2U5NzFhYy9mNWE4ZTMyNy1lYmY0LTRmNGItOTA3My05MGFj
ZDYxNzk3Y2MuY2VyMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAJiAAnmAB
MFQGA1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6
Ly93d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcN
AQELBQADggEBAEsuPmXFCH+8Dt8vQbt6SBfly4Z61IDxumCJiPOILItNqRwYi2Y2
OErDaVX356XXSrGPsm9bu0/vC89qjaYrC2hqSYccDlkrr6EF1OI/Sbkf32fAZfO6
Q1US7xSYgVePYLNKKZE/pNJNCdO5+MwJ4XchJgnAS65NfULLvmqzF+juKlPfjuVL
pIIOxqMXxbQpDBvy2XPoCUAUX0zdPW3qVkC6YlKzqSpRBgDvF4QImFaq1HC/5tbG
EGW74NkdtyBTFrNG+lsd9yiyg79oBFyxGM06645U2QSxtqbz1e2NFC+nQ1q6wqA5
CAFMnhOcS65B7TkbASsw0pFL/iJsYtdMT9E=
-----END CERTIFICATE-----