Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/a5e73b48-d76f-3b1f-8936-e4df5a402d6c.roa
File:                     a5e73b48-d76f-3b1f-8936-e4df5a402d6c.roa (raw, json)
Hash identifier:          /AJn5PEC1VQ/N5AcpkVtZCv+0cO+QOl65ThH/vB5je8=
Subject key identifier:   DA:D7:D5:4C:4D:C2:8F:12:86:E2:DA:E8:C8:FE:27:8E:70:4B:7D:9C
Certificate issuer:       /CN=f5a8e327-ebf4-4f4b-9073-90acd61797cc
Certificate serial:       010D0C9F4328583E9243D0592C8158D7DC01F700
Authority key identifier: 45:86:65:E2:AF:1E:64:89:10:4A:3B:83:E3:D8:7F:48:93:B5:7B:93
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/a5e73b48-d76f-3b1f-8936-e4df5a402d6c.roa
Signing time:             Thu 14 Jul 2022 12:00:00 +0000
ROA not before:           Thu 14 Jul 2022 12:00:00 +0000
ROA not after:            Sat 15 Jul 2023 04:00:00 +0000
asID:                     3970
IP address blocks:        165.140.105.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:3e:92:43:d0:59:2c:81:58:d7:dc:01:f7:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f5a8e327-ebf4-4f4b-9073-90acd61797cc
        Validity
            Not Before: Jul 14 12:00:00 2022 GMT
            Not After : Jul 15 04:00:00 2023 GMT
        Subject: CN=7dfa1695-e17d-4704-8429-31cb8f38dcba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:b6:d6:5b:89:3f:28:c6:4a:a9:f4:9f:08:f8:
                    f5:f8:fd:24:d8:ef:c5:32:53:ec:bf:f1:fc:f4:7d:
                    58:19:a1:c3:27:e9:f0:6c:22:7e:af:1c:00:88:f7:
                    58:77:a1:47:2f:12:ee:93:6f:e9:a8:8b:1f:6b:4c:
                    ea:ec:b5:48:ed:59:7e:5f:0e:e8:3d:20:76:43:0b:
                    f0:fd:ad:e4:f1:db:6e:cb:19:42:43:4d:20:d1:47:
                    74:2a:41:da:85:e8:3f:9a:e0:d1:cb:8d:ac:35:b2:
                    00:8a:d3:9d:77:0b:c8:5c:6d:ac:94:e3:68:51:b1:
                    41:6e:76:48:e3:ba:f4:df:cf:6d:e3:f9:07:9d:59:
                    0f:11:23:4d:dc:c0:76:b2:f9:ab:84:0b:40:f6:a4:
                    d0:5d:ae:43:ca:55:ac:b4:05:f4:d0:08:7d:7f:ae:
                    af:e9:45:aa:91:21:e4:47:4a:74:aa:bd:1d:df:a0:
                    e1:58:4b:68:b4:5c:99:57:3e:ee:04:83:43:11:36:
                    35:1f:4c:ba:2e:da:00:72:42:9a:e6:07:e0:e2:f2:
                    e9:19:2c:b5:a8:87:d8:b8:78:b1:70:ae:f8:57:80:
                    df:ff:06:6f:b1:0c:77:12:86:82:50:2f:af:0e:5b:
                    b3:bd:51:12:ab:6c:fc:0c:73:fc:63:8c:07:03:c0:
                    fa:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:D7:D5:4C:4D:C2:8F:12:86:E2:DA:E8:C8:FE:27:8E:70:4B:7D:9C
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/a5e73b48-d76f-3b1f-8936-e4df5a402d6c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/f5a8e327-ebf4-4f4b-9073-90acd61797cc.crl

            X509v3 Authority Key Identifier:
                keyid:45:86:65:E2:AF:1E:64:89:10:4A:3B:83:E3:D8:7F:48:93:B5:7B:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  165.140.105.0/24

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         46:d3:8b:2f:f4:74:87:f4:3c:52:00:9f:e8:f7:ea:a5:e6:c4:
         ea:7a:4f:96:ef:90:0d:00:99:5b:ff:d7:fa:23:ac:2e:fc:02:
         85:93:45:a9:1f:96:70:4a:68:dd:eb:4a:30:85:ca:4f:cf:8d:
         14:42:cc:53:b4:ab:4e:46:65:78:96:04:5f:c8:fb:13:c0:e3:
         ac:04:44:ca:cf:23:4b:ff:63:30:ec:80:40:4c:58:46:30:84:
         2d:da:63:ce:77:ef:f5:64:41:01:59:72:f5:47:64:d7:74:f3:
         5e:e9:ea:36:39:f5:ff:9e:31:24:20:4a:07:cb:be:29:fe:91:
         81:2f:c2:18:e9:2c:f9:e1:9d:ed:af:2f:44:5a:4c:a3:c9:ee:
         d7:24:7a:9c:2a:86:eb:06:7a:50:c2:19:4f:2b:85:30:e3:aa:
         08:73:5a:43:e5:7e:16:34:1b:df:8c:9c:20:e4:53:7f:2d:eb:
         74:ac:b6:93:43:c8:53:ab:a6:8c:5a:fc:d3:4e:b4:dc:b3:2e:
         04:cd:04:88:f7:5b:6b:7f:03:c4:07:91:48:bb:fb:e2:3a:a8:
         37:4b:11:22:59:b1:30:2f:cd:07:36:7d:f0:7d:b2:29:94:e4:
         14:21:94:f4:cc:42:54:f2:fd:62:6b:cc:64:00:00:68:aa:01:
         df:70:6c:43
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWD6SQ9BZLIFY19wB9wAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkZjVhOGUzMjctZWJmNC00ZjRiLTkwNzMtOTBhY2Q2MTc5
N2NjMB4XDTIyMDcxNDEyMDAwMFoXDTIzMDcxNTA0MDAwMFowLzEtMCsGA1UEAxMk
N2RmYTE2OTUtZTE3ZC00NzA0LTg0MjktMzFjYjhmMzhkY2JhMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEA07bWW4k/KMZKqfSfCPj1+P0k2O/FMlPsv/H8
9H1YGaHDJ+nwbCJ+rxwAiPdYd6FHLxLuk2/pqIsfa0zq7LVI7Vl+Xw7oPSB2Qwvw
/a3k8dtuyxlCQ00g0Ud0KkHaheg/muDRy42sNbIAitOddwvIXG2slONoUbFBbnZI
47r0389t4/kHnVkPESNN3MB2svmrhAtA9qTQXa5DylWstAX00Ah9f66v6UWqkSHk
R0p0qr0d36DhWEtotFyZVz7uBINDETY1H0y6LtoAckKa5gfg4vLpGSy1qIfYuHix
cK74V4Df/wZvsQx3EoaCUC+vDluzvVESq2z8DHP8Y4wHA8D6xwIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFNrX1UxNwo8ShuLa6Mj+J45wS32cMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy9mNWE4
ZTMyNy1lYmY0LTRmNGItOTA3My05MGFjZDYxNzk3Y2MvYTVlNzNiNDgtZDc2Zi0z
YjFmLTg5MzYtZTRkZjVhNDAyZDZjLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy81MjFlYjMzZi05
NjcyLTRjZDktYWNjZS0xMzcyMjdlOTcxYWMvZjVhOGUzMjctZWJmNC00ZjRiLTkw
NzMtOTBhY2Q2MTc5N2NjL2Y1YThlMzI3LWViZjQtNGY0Yi05MDczLTkwYWNkNjE3
OTdjYy5jcmwwHwYDVR0jBBgwFoAURYZl4q8eZIkQSjuD49h/SJO1e5MwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzUyMWViMzNmLTk2NzItNGNk
OS1hY2NlLTEzNzIyN2U5NzFhYy9mNWE4ZTMyNy1lYmY0LTRmNGItOTA3My05MGFj
ZDYxNzk3Y2MuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQApYxpMFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBAEbTiy/0dIf0PFIAn+j36qXmxOp6T5bvkA0AmVv/1/ojrC78AoWTRakf
lnBKaN3rSjCFyk/PjRRCzFO0q05GZXiWBF/I+xPA46wERMrPI0v/YzDsgEBMWEYw
hC3aY8537/VkQQFZcvVHZNd0817p6jY59f+eMSQgSgfLvin+kYEvwhjpLPnhne2v
L0RaTKPJ7tckepwqhusGelDCGU8rhTDjqghzWkPlfhY0G9+MnCDkU38t63SstpND
yFOrpoxa/NNOtNyzLgTNBIj3W2t/A8QHkUi7++I6qDdLESJZsTAvzQc2ffB9simU
5BQhlPTMQlTy/WJrzGQAAGiqAd9wbEM=
-----END CERTIFICATE-----