Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/af19fbcf-1d0c-3873-a432-1145fcb8f9e4.roa
File:                     af19fbcf-1d0c-3873-a432-1145fcb8f9e4.roa (raw, json)
Hash identifier:          Rkp/FmKZkkClwOIjxSEmxcdhHQ7TwNf8e8bVhQ47oU4=
Subject key identifier:   86:BA:0F:64:10:0F:36:FB:3A:9E:E0:D1:98:60:31:29:2A:24:41:83
Certificate issuer:       /CN=f5a8e327-ebf4-4f4b-9073-90acd61797cc
Certificate serial:       010D0C9F4328583DA7F61431A694C40AFA3CAD00
Authority key identifier: 45:86:65:E2:AF:1E:64:89:10:4A:3B:83:E3:D8:7F:48:93:B5:7B:93
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/af19fbcf-1d0c-3873-a432-1145fcb8f9e4.roa
Signing time:             Thu 21 Apr 2022 12:00:00 +0000
ROA not before:           Thu 21 Apr 2022 12:00:00 +0000
ROA not after:            Sat 22 Apr 2023 04:00:00 +0000
asID:                     3970
IP address blocks:        2620:9e:6001::/48 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:3d:a7:f6:14:31:a6:94:c4:0a:fa:3c:ad:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f5a8e327-ebf4-4f4b-9073-90acd61797cc
        Validity
            Not Before: Apr 21 12:00:00 2022 GMT
            Not After : Apr 22 04:00:00 2023 GMT
        Subject: CN=52ccc209-4952-4d30-a139-ec7b67a8eb24
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:d6:49:aa:d6:95:d1:71:45:1d:24:62:2c:83:
                    b4:f8:a6:9d:60:c5:f7:52:8a:02:f4:0a:f6:17:17:
                    26:39:19:0b:fd:4c:83:97:1b:06:e3:23:8d:04:52:
                    7d:0b:e2:de:ad:99:d3:70:09:2a:a4:df:83:ac:46:
                    08:2f:9f:91:1d:1c:9e:86:83:c7:1d:c0:a6:b3:4e:
                    35:4c:76:70:c3:87:d2:a8:cc:a6:72:e6:ef:d6:d2:
                    7b:42:77:03:93:01:93:52:df:e6:10:d6:12:66:ec:
                    c4:19:c4:62:4f:71:d6:c1:9a:98:9f:fc:bc:fd:4f:
                    cd:55:1a:43:19:f6:26:d8:8b:31:94:2d:a0:00:49:
                    86:08:1a:62:19:76:fe:fb:1a:55:47:6c:b2:04:f0:
                    bc:5a:10:0a:8d:c2:0f:62:98:d8:4e:b1:f7:49:fd:
                    40:eb:63:75:99:0f:51:c1:ac:b7:cc:d7:cc:46:b8:
                    f8:55:85:c4:f0:1c:a7:0f:91:bf:8b:ba:24:0d:3e:
                    cf:bd:bf:1d:8f:c0:a6:80:90:6c:5b:c6:50:47:ef:
                    86:28:b7:e1:f0:ba:4a:35:f7:3a:e5:be:94:0f:33:
                    79:67:02:83:86:5e:9f:2c:66:04:55:60:74:d8:96:
                    53:f1:79:17:d6:c4:f4:71:66:e9:c8:ed:bf:14:30:
                    44:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:BA:0F:64:10:0F:36:FB:3A:9E:E0:D1:98:60:31:29:2A:24:41:83
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/af19fbcf-1d0c-3873-a432-1145fcb8f9e4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/f5a8e327-ebf4-4f4b-9073-90acd61797cc.crl

            X509v3 Authority Key Identifier:
                keyid:45:86:65:E2:AF:1E:64:89:10:4A:3B:83:E3:D8:7F:48:93:B5:7B:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc.cer

            sbgp-ipAddrBlock: critical
                IPv6:
                  2620:9e:6001::/48

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         66:7e:7c:50:d5:55:7b:95:30:78:8c:5a:7d:11:c4:35:5d:4d:
         c2:0f:8b:59:89:e1:88:71:43:65:bc:22:25:6d:23:d1:c8:77:
         b0:75:aa:cb:ce:45:76:ec:0b:d1:d8:39:1d:6a:78:ad:d7:35:
         9f:31:f7:ea:10:0f:9f:48:09:75:3e:b5:0d:3e:19:56:92:ef:
         8a:df:76:e3:fd:eb:c4:9d:81:4e:3a:e4:29:ec:81:24:9e:56:
         19:c6:10:0d:d6:e6:80:dc:6e:48:a7:2c:a8:a7:ec:9f:bd:13:
         3a:3d:11:dd:02:81:39:54:10:63:80:2c:16:22:95:fd:7b:65:
         43:45:35:ce:40:57:f4:ca:db:5c:7a:9f:c7:e9:dd:2c:93:aa:
         eb:13:c8:7e:0e:dd:0a:30:8d:64:7b:08:3b:ee:03:1a:96:2d:
         50:7a:9a:51:90:ee:c8:cb:20:13:82:e9:bf:96:89:85:87:de:
         16:53:cc:ab:42:f2:2b:1f:59:75:8c:6e:b7:b7:cc:e8:24:77:
         f9:21:f5:36:70:3d:ae:70:a9:b2:1e:20:cc:fa:93:d3:30:25:
         3b:bb:00:0f:1c:c1:e2:5f:b0:59:7f:8c:9e:f9:a3:b5:a8:57:
         a1:07:62:ca:a1:52:94:11:7b:16:28:66:2a:d9:d3:bc:b0:97:
         92:77:f4:20
-----BEGIN CERTIFICATE-----
MIIGRjCCBS6gAwIBAgIUAQ0Mn0MoWD2n9hQxppTECvo8rQAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkZjVhOGUzMjctZWJmNC00ZjRiLTkwNzMtOTBhY2Q2MTc5
N2NjMB4XDTIyMDQyMTEyMDAwMFoXDTIzMDQyMjA0MDAwMFowLzEtMCsGA1UEAxMk
NTJjY2MyMDktNDk1Mi00ZDMwLWExMzktZWM3YjY3YThlYjI0MIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAldZJqtaV0XFFHSRiLIO0+KadYMX3UooC9Ar2
FxcmORkL/UyDlxsG4yONBFJ9C+LerZnTcAkqpN+DrEYIL5+RHRyehoPHHcCms041
THZww4fSqMymcubv1tJ7QncDkwGTUt/mENYSZuzEGcRiT3HWwZqYn/y8/U/NVRpD
GfYm2IsxlC2gAEmGCBpiGXb++xpVR2yyBPC8WhAKjcIPYpjYTrH3Sf1A62N1mQ9R
way3zNfMRrj4VYXE8BynD5G/i7okDT7Pvb8dj8CmgJBsW8ZQR++GKLfh8LpKNfc6
5b6UDzN5ZwKDhl6fLGYEVWB02JZT8XkX1sT0cWbpyO2/FDBE5wIDAQABo4IDWDCC
A1QwHQYDVR0OBBYEFIa6D2QQDzb7Op7g0ZhgMSkqJEGDMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy9mNWE4
ZTMyNy1lYmY0LTRmNGItOTA3My05MGFjZDYxNzk3Y2MvYWYxOWZiY2YtMWQwYy0z
ODczLWE0MzItMTE0NWZjYjhmOWU0LnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy81MjFlYjMzZi05
NjcyLTRjZDktYWNjZS0xMzcyMjdlOTcxYWMvZjVhOGUzMjctZWJmNC00ZjRiLTkw
NzMtOTBhY2Q2MTc5N2NjL2Y1YThlMzI3LWViZjQtNGY0Yi05MDczLTkwYWNkNjE3
OTdjYy5jcmwwHwYDVR0jBBgwFoAURYZl4q8eZIkQSjuD49h/SJO1e5MwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzUyMWViMzNmLTk2NzItNGNk
OS1hY2NlLTEzNzIyN2U5NzFhYy9mNWE4ZTMyNy1lYmY0LTRmNGItOTA3My05MGFj
ZDYxNzk3Y2MuY2VyMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAJiAAnmAB
MFQGA1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6
Ly93d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcN
AQELBQADggEBAGZ+fFDVVXuVMHiMWn0RxDVdTcIPi1mJ4YhxQ2W8IiVtI9HId7B1
qsvORXbsC9HYOR1qeK3XNZ8x9+oQD59ICXU+tQ0+GVaS74rfduP968SdgU465Cns
gSSeVhnGEA3W5oDcbkinLKin7J+9Ezo9Ed0CgTlUEGOALBYilf17ZUNFNc5AV/TK
21x6n8fp3SyTqusTyH4O3QowjWR7CDvuAxqWLVB6mlGQ7sjLIBOC6b+WiYWH3hZT
zKtC8isfWXWMbre3zOgkd/kh9TZwPa5wqbIeIMz6k9MwJTu7AA8cweJfsFl/jJ75
o7WoV6EHYsqhUpQRexYoZirZ07ywl5J39CA=
-----END CERTIFICATE-----