Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/a0517667-20b4-3ec8-b155-ead751b0e607.roa
File:                     a0517667-20b4-3ec8-b155-ead751b0e607.roa (raw, json)
Hash identifier:          3QMprbXFpe+C3ocD2RzdCgzAd8GHCOnblJyjQV7clSU=
Subject key identifier:   F5:04:4D:0D:02:40:22:8D:01:F6:EE:9F:C5:10:E2:EE:24:39:1E:75
Certificate issuer:       /CN=f5a8e327-ebf4-4f4b-9073-90acd61797cc
Certificate serial:       010D0C9F432858403FC42FCFB7F0CD2652AF3A00
Authority key identifier: 45:86:65:E2:AF:1E:64:89:10:4A:3B:83:E3:D8:7F:48:93:B5:7B:93
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/a0517667-20b4-3ec8-b155-ead751b0e607.roa
Signing time:             Thu 15 Dec 2022 12:00:00 +0000
ROA not before:           Thu 15 Dec 2022 12:00:00 +0000
ROA not after:            Sat 16 Dec 2023 05:00:00 +0000
asID:                     3970
IP address blocks:        165.140.105.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:40:3f:c4:2f:cf:b7:f0:cd:26:52:af:3a:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f5a8e327-ebf4-4f4b-9073-90acd61797cc
        Validity
            Not Before: Dec 15 12:00:00 2022 GMT
            Not After : Dec 16 05:00:00 2023 GMT
        Subject: CN=9d8607f0-edfc-4cb8-af14-493dc98fb48c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:53:95:ae:26:85:cc:2d:c7:fa:74:bf:43:b5:
                    12:c8:fa:31:78:11:9b:86:ca:58:54:4c:a7:f9:8c:
                    41:72:69:d9:c1:b3:8a:e4:b0:c0:84:3c:8b:cd:81:
                    7f:c7:6c:c3:88:2f:c8:a6:5c:a2:ea:5f:b4:33:54:
                    2a:d9:89:33:52:c3:d2:fd:9d:71:26:3c:73:82:6c:
                    64:e1:5e:32:b4:27:5d:b1:33:51:1b:4f:65:1d:c3:
                    23:bb:b1:ce:13:57:f0:21:c7:db:1f:7c:5d:38:c9:
                    05:a6:62:ed:89:55:ce:ba:d7:7c:83:be:da:a5:cd:
                    8b:05:ba:7c:ce:c7:06:0d:80:b8:f5:1e:59:ba:e0:
                    03:d2:53:65:6c:24:02:b3:f4:fa:f8:54:cf:57:0e:
                    9e:08:97:fb:6b:64:88:52:9d:d2:23:8b:d9:27:db:
                    d2:75:d6:f4:dc:e4:e2:e3:87:1a:13:51:e8:e0:69:
                    36:3d:c8:1b:58:63:40:47:55:15:0a:75:f5:d0:16:
                    70:1c:7b:a2:81:58:ff:06:9b:7f:d6:95:31:37:85:
                    45:83:20:15:40:79:e9:da:ab:65:41:ab:bc:92:06:
                    b4:fc:b4:5d:42:f0:ca:5d:11:8c:c7:97:da:a8:b9:
                    85:17:3a:1b:36:8d:52:df:85:61:69:19:0b:35:f1:
                    ea:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:04:4D:0D:02:40:22:8D:01:F6:EE:9F:C5:10:E2:EE:24:39:1E:75
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/a0517667-20b4-3ec8-b155-ead751b0e607.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/f5a8e327-ebf4-4f4b-9073-90acd61797cc.crl

            X509v3 Authority Key Identifier:
                keyid:45:86:65:E2:AF:1E:64:89:10:4A:3B:83:E3:D8:7F:48:93:B5:7B:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  165.140.105.0/24

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         85:85:bd:69:74:c1:ae:ed:c1:94:71:1e:38:18:d0:e5:df:9a:
         b1:02:a3:ce:c2:0b:f9:b8:64:b7:2c:fe:95:6e:45:2d:d0:50:
         f0:9d:4b:b1:1b:67:3d:24:48:33:7d:92:8b:d5:fe:9a:2a:e2:
         35:f0:48:00:b6:6f:ce:24:90:1f:ac:d8:ef:da:a2:a0:3e:f1:
         7d:da:d9:13:6a:02:0e:12:4b:02:40:82:93:30:42:75:e7:42:
         5d:51:2e:61:0f:94:38:7c:0a:2b:c8:a6:76:bd:f0:a0:89:4f:
         46:e1:cc:f7:eb:49:5c:48:cb:c4:61:10:9b:83:b5:21:8a:d5:
         e0:6b:27:df:d7:b9:51:2c:1e:5a:03:1c:5f:2b:e9:da:ea:f0:
         93:f5:60:35:f2:3f:ff:6f:a9:c3:28:72:c3:63:60:bc:f6:be:
         31:35:01:84:0e:b2:9c:f3:71:80:0f:9d:5a:22:0b:38:11:4f:
         85:55:f1:bf:32:7c:14:67:45:80:70:e0:72:64:53:e4:9e:36:
         de:c8:a9:bd:72:b8:ae:fe:1c:ad:4c:77:1c:12:fe:6b:46:e7:
         e3:a5:c6:3d:c6:0f:e5:09:df:63:92:12:db:1d:b3:de:15:59:
         ce:4d:9e:67:70:df:43:a4:b6:fb:5e:db:ab:bf:54:3a:82:97:
         00:93:ad:fd
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWEA/xC/Pt/DNJlKvOgAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkZjVhOGUzMjctZWJmNC00ZjRiLTkwNzMtOTBhY2Q2MTc5
N2NjMB4XDTIyMTIxNTEyMDAwMFoXDTIzMTIxNjA1MDAwMFowLzEtMCsGA1UEAxMk
OWQ4NjA3ZjAtZWRmYy00Y2I4LWFmMTQtNDkzZGM5OGZiNDhjMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAslOVriaFzC3H+nS/Q7USyPoxeBGbhspYVEyn
+YxBcmnZwbOK5LDAhDyLzYF/x2zDiC/Iplyi6l+0M1Qq2YkzUsPS/Z1xJjxzgmxk
4V4ytCddsTNRG09lHcMju7HOE1fwIcfbH3xdOMkFpmLtiVXOutd8g77apc2LBbp8
zscGDYC49R5ZuuAD0lNlbCQCs/T6+FTPVw6eCJf7a2SIUp3SI4vZJ9vSddb03OTi
44caE1Ho4Gk2PcgbWGNAR1UVCnX10BZwHHuigVj/Bpt/1pUxN4VFgyAVQHnp2qtl
Qau8kga0/LRdQvDKXRGMx5faqLmFFzobNo1S34VhaRkLNfHqxQIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFPUETQ0CQCKNAfbun8UQ4u4kOR51MIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy9mNWE4
ZTMyNy1lYmY0LTRmNGItOTA3My05MGFjZDYxNzk3Y2MvYTA1MTc2NjctMjBiNC0z
ZWM4LWIxNTUtZWFkNzUxYjBlNjA3LnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy81MjFlYjMzZi05
NjcyLTRjZDktYWNjZS0xMzcyMjdlOTcxYWMvZjVhOGUzMjctZWJmNC00ZjRiLTkw
NzMtOTBhY2Q2MTc5N2NjL2Y1YThlMzI3LWViZjQtNGY0Yi05MDczLTkwYWNkNjE3
OTdjYy5jcmwwHwYDVR0jBBgwFoAURYZl4q8eZIkQSjuD49h/SJO1e5MwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzUyMWViMzNmLTk2NzItNGNk
OS1hY2NlLTEzNzIyN2U5NzFhYy9mNWE4ZTMyNy1lYmY0LTRmNGItOTA3My05MGFj
ZDYxNzk3Y2MuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQApYxpMFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBAIWFvWl0wa7twZRxHjgY0OXfmrECo87CC/m4ZLcs/pVuRS3QUPCdS7Eb
Zz0kSDN9kovV/poq4jXwSAC2b84kkB+s2O/aoqA+8X3a2RNqAg4SSwJAgpMwQnXn
Ql1RLmEPlDh8CivIpna98KCJT0bhzPfrSVxIy8RhEJuDtSGK1eBrJ9/XuVEsHloD
HF8r6drq8JP1YDXyP/9vqcMocsNjYLz2vjE1AYQOspzzcYAPnVoiCzgRT4VV8b8y
fBRnRYBw4HJkU+SeNt7Iqb1yuK7+HK1MdxwS/mtG5+Olxj3GD+UJ32OSEtsds94V
Wc5Nnmdw30Oktvte26u/VDqClwCTrf0=
-----END CERTIFICATE-----