Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/b7b17e95-1663-334c-9bba-ff0cc2cf50d7.roa
File:                     b7b17e95-1663-334c-9bba-ff0cc2cf50d7.roa (raw, json)
Hash identifier:          tQ1+EriF0/A7Z0sH/8J5Eg1N4mMMuC9kl0OS3VAcNHs=
Subject key identifier:   55:02:61:DB:8F:B1:76:2C:00:19:02:BA:F1:A4:9D:F9:24:EA:C6:2B
Certificate issuer:       /CN=f5a8e327-ebf4-4f4b-9073-90acd61797cc
Certificate serial:       010D0C9F43285840028B598130623C0C08130980
Authority key identifier: 45:86:65:E2:AF:1E:64:89:10:4A:3B:83:E3:D8:7F:48:93:B5:7B:93
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/b7b17e95-1663-334c-9bba-ff0cc2cf50d7.roa
Signing time:             Wed 23 Nov 2022 12:00:00 +0000
ROA not before:           Wed 23 Nov 2022 12:00:00 +0000
ROA not after:            Fri 24 Nov 2023 05:00:00 +0000
asID:                     3970
IP address blocks:        2620:9e:6001::/48 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:40:02:8b:59:81:30:62:3c:0c:08:13:09:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f5a8e327-ebf4-4f4b-9073-90acd61797cc
        Validity
            Not Before: Nov 23 12:00:00 2022 GMT
            Not After : Nov 24 05:00:00 2023 GMT
        Subject: CN=b426d3c3-637a-4e2c-9f44-aa6c1197a914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:3e:44:83:33:4b:a7:45:6b:da:c2:1e:bd:b8:
                    cc:41:1b:85:f7:99:b8:d3:87:d8:a0:94:e3:ec:b6:
                    ed:25:81:84:29:6f:d0:8f:de:96:14:89:c5:dc:da:
                    24:b4:d3:64:1d:70:7f:02:bf:51:b6:c3:17:6b:47:
                    4f:38:e0:75:0b:35:7a:37:b9:33:cd:70:1d:b7:05:
                    68:41:2a:a5:33:ae:62:58:14:32:ea:e5:e5:26:ae:
                    f1:20:b4:a5:61:22:26:8f:28:0b:88:c2:4c:16:e3:
                    3f:6f:95:ed:9b:9f:0f:08:50:4c:79:b1:82:e7:b7:
                    1a:49:fa:99:f8:d4:36:54:38:b0:54:13:9d:5d:59:
                    bf:50:58:05:c3:63:84:69:12:ed:4a:7d:db:ae:24:
                    6f:d6:2f:4e:7d:a6:56:98:1f:99:ac:83:6a:bd:e0:
                    b2:19:84:17:96:13:9c:23:7c:8b:dd:e7:6f:75:b1:
                    45:5f:e2:00:85:c6:11:5e:8d:2b:a1:0b:b1:3d:58:
                    85:3e:ff:c6:b3:c3:60:1c:92:4d:70:34:93:4d:d4:
                    0a:e2:dd:be:d1:21:04:ca:30:69:1a:d8:a6:19:83:
                    3f:8b:b3:a5:c9:f3:a4:3b:db:d1:a1:6b:71:43:cc:
                    5e:43:0b:2e:e0:6b:10:b6:cf:3f:9c:59:14:15:8c:
                    fd:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:02:61:DB:8F:B1:76:2C:00:19:02:BA:F1:A4:9D:F9:24:EA:C6:2B
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/b7b17e95-1663-334c-9bba-ff0cc2cf50d7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/f5a8e327-ebf4-4f4b-9073-90acd61797cc.crl

            X509v3 Authority Key Identifier:
                keyid:45:86:65:E2:AF:1E:64:89:10:4A:3B:83:E3:D8:7F:48:93:B5:7B:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc.cer

            sbgp-ipAddrBlock: critical
                IPv6:
                  2620:9e:6001::/48

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         8f:52:05:d2:7c:79:a6:59:e2:af:28:ce:7c:7c:40:eb:95:61:
         d9:f5:f3:fb:c1:b1:18:74:7a:d8:f0:c1:bc:b4:55:b1:38:47:
         f0:28:a0:4e:0f:c2:fc:26:50:bf:eb:c5:7b:7b:51:49:57:bd:
         77:67:91:78:79:eb:8d:b0:a8:94:7d:4c:e7:35:62:fa:1e:4e:
         77:b2:09:3d:1c:62:a2:77:01:2d:94:d7:21:94:d6:95:e2:6d:
         25:8b:5b:bc:3a:46:34:75:c6:cc:f0:03:1d:bf:f1:a5:ca:6e:
         c6:51:d5:17:91:ce:5f:b1:b0:3e:35:fe:de:9e:05:71:fa:d1:
         93:30:d5:ae:f0:ae:05:b3:2d:c3:82:b8:27:53:04:05:1b:65:
         79:97:dc:c9:5e:e4:88:27:72:be:9f:4c:34:32:38:b6:a0:a9:
         ed:62:4d:b8:4d:43:71:33:25:39:7e:fa:85:b4:77:15:de:a3:
         01:fd:71:af:96:5b:14:98:9b:ef:9a:62:b7:c8:ba:be:d1:69:
         50:19:05:65:fb:91:fd:ff:da:0d:be:78:de:67:d7:d9:3f:c9:
         16:a8:fd:74:c6:7d:e2:5e:4e:af:fd:c6:27:f2:5b:05:f3:ca:
         6f:52:32:62:89:aa:27:41:aa:dd:3a:30:0a:d8:a9:a5:67:ef:
         5c:a0:3c:79
-----BEGIN CERTIFICATE-----
MIIGRjCCBS6gAwIBAgIUAQ0Mn0MoWEACi1mBMGI8DAgTCYAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkZjVhOGUzMjctZWJmNC00ZjRiLTkwNzMtOTBhY2Q2MTc5
N2NjMB4XDTIyMTEyMzEyMDAwMFoXDTIzMTEyNDA1MDAwMFowLzEtMCsGA1UEAxMk
YjQyNmQzYzMtNjM3YS00ZTJjLTlmNDQtYWE2YzExOTdhOTE0MIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsT5EgzNLp0Vr2sIevbjMQRuF95m404fYoJTj
7LbtJYGEKW/Qj96WFInF3NoktNNkHXB/Ar9RtsMXa0dPOOB1CzV6N7kzzXAdtwVo
QSqlM65iWBQy6uXlJq7xILSlYSImjygLiMJMFuM/b5Xtm58PCFBMebGC57caSfqZ
+NQ2VDiwVBOdXVm/UFgFw2OEaRLtSn3briRv1i9OfaZWmB+ZrINqveCyGYQXlhOc
I3yL3edvdbFFX+IAhcYRXo0roQuxPViFPv/Gs8NgHJJNcDSTTdQK4t2+0SEEyjBp
GtimGYM/i7OlyfOkO9vRoWtxQ8xeQwsu4GsQts8/nFkUFYz95QIDAQABo4IDWDCC
A1QwHQYDVR0OBBYEFFUCYduPsXYsABkCuvGknfkk6sYrMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy9mNWE4
ZTMyNy1lYmY0LTRmNGItOTA3My05MGFjZDYxNzk3Y2MvYjdiMTdlOTUtMTY2My0z
MzRjLTliYmEtZmYwY2MyY2Y1MGQ3LnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy81MjFlYjMzZi05
NjcyLTRjZDktYWNjZS0xMzcyMjdlOTcxYWMvZjVhOGUzMjctZWJmNC00ZjRiLTkw
NzMtOTBhY2Q2MTc5N2NjL2Y1YThlMzI3LWViZjQtNGY0Yi05MDczLTkwYWNkNjE3
OTdjYy5jcmwwHwYDVR0jBBgwFoAURYZl4q8eZIkQSjuD49h/SJO1e5MwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzUyMWViMzNmLTk2NzItNGNk
OS1hY2NlLTEzNzIyN2U5NzFhYy9mNWE4ZTMyNy1lYmY0LTRmNGItOTA3My05MGFj
ZDYxNzk3Y2MuY2VyMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAJiAAnmAB
MFQGA1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6
Ly93d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcN
AQELBQADggEBAI9SBdJ8eaZZ4q8oznx8QOuVYdn18/vBsRh0etjwwby0VbE4R/Ao
oE4PwvwmUL/rxXt7UUlXvXdnkXh5642wqJR9TOc1YvoeTneyCT0cYqJ3AS2U1yGU
1pXibSWLW7w6RjR1xszwAx2/8aXKbsZR1ReRzl+xsD41/t6eBXH60ZMw1a7wrgWz
LcOCuCdTBAUbZXmX3Mle5Igncr6fTDQyOLagqe1iTbhNQ3EzJTl++oW0dxXeowH9
ca+WWxSYm++aYrfIur7RaVAZBWX7kf3/2g2+eN5n19k/yRao/XTGfeJeTq/9xify
WwXzym9SMmKJqidBqt06MArYqaVn71ygPHk=
-----END CERTIFICATE-----