Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/b7713ee8-7dca-3a91-9586-fb444939d3a0.roa
File:                     b7713ee8-7dca-3a91-9586-fb444939d3a0.roa (raw, json)
Hash identifier:          KEdj8o4XA04rhUnB4dj25/KNeffMKoQBlh0l03UA280=
Subject key identifier:   F2:85:44:48:90:1B:F5:41:E7:83:9F:44:13:10:15:CA:B0:B5:C3:90
Certificate issuer:       /CN=f5a8e327-ebf4-4f4b-9073-90acd61797cc
Certificate serial:       010D0C9F4328583F551EA879F885737DC8B2F780
Authority key identifier: 45:86:65:E2:AF:1E:64:89:10:4A:3B:83:E3:D8:7F:48:93:B5:7B:93
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/b7713ee8-7dca-3a91-9586-fb444939d3a0.roa
Signing time:             Thu 22 Sep 2022 12:00:00 +0000
ROA not before:           Thu 22 Sep 2022 12:00:00 +0000
ROA not after:            Sat 23 Sep 2023 04:00:00 +0000
asID:                     3970
IP address blocks:        165.140.105.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:3f:55:1e:a8:79:f8:85:73:7d:c8:b2:f7:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f5a8e327-ebf4-4f4b-9073-90acd61797cc
        Validity
            Not Before: Sep 22 12:00:00 2022 GMT
            Not After : Sep 23 04:00:00 2023 GMT
        Subject: CN=b9b01764-f219-4e89-8367-d6d4bf82caa1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:00:f9:75:32:54:c8:bf:aa:33:97:5e:03:b8:
                    51:9e:da:59:fc:d1:87:9c:60:48:57:ba:b4:40:94:
                    84:20:92:07:95:b7:8b:16:bd:69:7b:57:8c:be:2f:
                    d0:b6:3a:e8:90:de:43:c7:0f:e4:6d:1a:ad:30:7f:
                    13:dd:8a:8a:d0:63:a0:82:1f:33:1a:65:c6:36:81:
                    00:86:31:00:c8:69:27:70:a5:5b:53:66:67:6d:93:
                    b5:5f:3b:e2:f6:38:92:dd:7d:01:59:91:d7:75:35:
                    5b:61:7d:be:1a:89:b9:ec:86:a2:49:ba:c0:8d:9e:
                    9c:46:74:1e:e5:fb:ab:aa:9d:71:71:28:9a:8a:26:
                    61:08:fa:c3:86:dc:77:83:70:ee:a6:43:c0:df:ac:
                    55:d9:50:79:0b:ee:f6:38:23:2a:10:d9:b9:b6:bb:
                    16:63:76:1f:b4:61:56:91:53:fd:f9:44:36:cd:4c:
                    e4:ee:18:da:00:36:5d:66:55:02:5c:0f:00:95:cb:
                    ac:5a:d1:e6:07:da:28:b5:0e:cd:ff:ea:52:8e:6d:
                    f6:31:a0:e4:33:19:7b:80:ee:e1:39:4d:8b:62:b3:
                    64:37:31:16:37:6f:36:9a:6b:1e:fe:f0:ef:44:6f:
                    23:a3:40:46:4b:2a:02:e7:2e:e9:26:45:a3:16:37:
                    70:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:85:44:48:90:1B:F5:41:E7:83:9F:44:13:10:15:CA:B0:B5:C3:90
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/b7713ee8-7dca-3a91-9586-fb444939d3a0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/f5a8e327-ebf4-4f4b-9073-90acd61797cc.crl

            X509v3 Authority Key Identifier:
                keyid:45:86:65:E2:AF:1E:64:89:10:4A:3B:83:E3:D8:7F:48:93:B5:7B:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  165.140.105.0/24

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         70:a2:ca:83:d3:9a:eb:a8:63:44:ab:9e:d0:62:07:3e:f1:31:
         e8:91:f7:51:26:c6:27:b1:83:ea:89:b5:67:64:10:49:8c:c1:
         65:1e:f8:bc:71:8b:0a:80:eb:30:41:cb:61:84:fe:43:60:1b:
         05:ee:e8:71:6d:5f:9e:5c:f3:61:9e:72:a3:56:af:19:39:7c:
         ab:ba:3e:b4:65:5e:51:01:04:d6:98:28:7f:5b:85:5a:7a:be:
         fc:84:8b:0b:03:10:15:93:23:53:56:87:e9:8c:2f:32:76:eb:
         ba:56:01:78:8e:8f:8f:d9:ef:84:b7:84:da:0d:10:56:75:3b:
         63:1a:6a:46:76:5c:e8:3c:f0:9f:0e:f1:f0:41:91:4c:e6:f6:
         b9:ef:5c:66:7e:44:2f:cc:1e:f3:50:26:72:b5:63:b3:cc:c1:
         f6:fb:98:e1:5f:42:5f:08:39:32:49:17:96:0a:49:d0:33:6d:
         d4:c1:0c:d8:f0:76:67:3d:29:b7:22:c1:83:7a:4d:a0:d1:c1:
         d8:ef:e5:a0:98:df:c6:83:12:b2:ce:c9:18:29:5f:d9:30:1d:
         3b:f2:30:9f:f5:b9:cb:33:13:2b:d9:1e:9a:0d:83:40:20:7a:
         03:7d:66:fc:aa:86:86:08:89:37:3d:48:e6:37:ae:5f:ee:e3:
         43:6f:df:07
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWD9VHqh5+IVzfciy94AwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkZjVhOGUzMjctZWJmNC00ZjRiLTkwNzMtOTBhY2Q2MTc5
N2NjMB4XDTIyMDkyMjEyMDAwMFoXDTIzMDkyMzA0MDAwMFowLzEtMCsGA1UEAxMk
YjliMDE3NjQtZjIxOS00ZTg5LTgzNjctZDZkNGJmODJjYWExMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAogD5dTJUyL+qM5deA7hRntpZ/NGHnGBIV7q0
QJSEIJIHlbeLFr1pe1eMvi/QtjrokN5Dxw/kbRqtMH8T3YqK0GOggh8zGmXGNoEA
hjEAyGkncKVbU2ZnbZO1Xzvi9jiS3X0BWZHXdTVbYX2+Gom57IaiSbrAjZ6cRnQe
5furqp1xcSiaiiZhCPrDhtx3g3DupkPA36xV2VB5C+72OCMqENm5trsWY3YftGFW
kVP9+UQ2zUzk7hjaADZdZlUCXA8AlcusWtHmB9ootQ7N/+pSjm32MaDkMxl7gO7h
OU2LYrNkNzEWN282mmse/vDvRG8jo0BGSyoC5y7pJkWjFjdwnwIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFPKFREiQG/VB54OfRBMQFcqwtcOQMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy9mNWE4
ZTMyNy1lYmY0LTRmNGItOTA3My05MGFjZDYxNzk3Y2MvYjc3MTNlZTgtN2RjYS0z
YTkxLTk1ODYtZmI0NDQ5MzlkM2EwLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy81MjFlYjMzZi05
NjcyLTRjZDktYWNjZS0xMzcyMjdlOTcxYWMvZjVhOGUzMjctZWJmNC00ZjRiLTkw
NzMtOTBhY2Q2MTc5N2NjL2Y1YThlMzI3LWViZjQtNGY0Yi05MDczLTkwYWNkNjE3
OTdjYy5jcmwwHwYDVR0jBBgwFoAURYZl4q8eZIkQSjuD49h/SJO1e5MwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzUyMWViMzNmLTk2NzItNGNk
OS1hY2NlLTEzNzIyN2U5NzFhYy9mNWE4ZTMyNy1lYmY0LTRmNGItOTA3My05MGFj
ZDYxNzk3Y2MuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQApYxpMFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBAHCiyoPTmuuoY0SrntBiBz7xMeiR91Emxiexg+qJtWdkEEmMwWUe+Lxx
iwqA6zBBy2GE/kNgGwXu6HFtX55c82GecqNWrxk5fKu6PrRlXlEBBNaYKH9bhVp6
vvyEiwsDEBWTI1NWh+mMLzJ267pWAXiOj4/Z74S3hNoNEFZ1O2MaakZ2XOg88J8O
8fBBkUzm9rnvXGZ+RC/MHvNQJnK1Y7PMwfb7mOFfQl8IOTJJF5YKSdAzbdTBDNjw
dmc9KbciwYN6TaDRwdjv5aCY38aDErLOyRgpX9kwHTvyMJ/1ucszEyvZHpoNg0Ag
egN9ZvyqhoYIiTc9SOY3rl/u40Nv3wc=
-----END CERTIFICATE-----