Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/b7d0a9be-1840-3dcf-8b2d-43436936b455.roa
File:                     b7d0a9be-1840-3dcf-8b2d-43436936b455.roa (raw, json)
Hash identifier:          fhS5+OzWy++ZeopTpi6sKphpUvpqbsHzS1LN68QsAzA=
Subject key identifier:   0F:8D:59:2B:29:FB:14:F0:60:B5:7A:49:5D:4F:54:5D:79:FF:8D:7B
Certificate issuer:       /CN=f5a8e327-ebf4-4f4b-9073-90acd61797cc
Certificate serial:       010D0C9F4328583E4C64982E398D1106875C9B00
Authority key identifier: 45:86:65:E2:AF:1E:64:89:10:4A:3B:83:E3:D8:7F:48:93:B5:7B:93
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/b7d0a9be-1840-3dcf-8b2d-43436936b455.roa
Signing time:             Sun 19 Jun 2022 12:00:00 +0000
ROA not before:           Sun 19 Jun 2022 12:00:00 +0000
ROA not after:            Tue 20 Jun 2023 04:00:00 +0000
asID:                     3970
IP address blocks:        2620:9e:6001::/48 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:3e:4c:64:98:2e:39:8d:11:06:87:5c:9b:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f5a8e327-ebf4-4f4b-9073-90acd61797cc
        Validity
            Not Before: Jun 19 12:00:00 2022 GMT
            Not After : Jun 20 04:00:00 2023 GMT
        Subject: CN=b87fa061-c121-491c-a2a0-7a9bcdde4344
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:5b:8c:d5:81:ea:92:d2:81:ef:e8:61:71:b4:
                    3a:5c:a4:e3:af:1f:06:98:2b:8c:9f:8c:3b:34:8d:
                    e9:72:6a:b8:3a:0f:80:2b:c4:0d:e9:8e:7b:6b:9b:
                    b5:c7:80:4a:2b:63:4e:5e:4e:08:93:a1:fa:39:35:
                    32:e5:a8:00:8d:88:64:72:68:ae:c9:d1:26:71:d4:
                    b8:aa:77:db:54:bb:4e:8b:42:5d:5f:6a:dd:ac:b9:
                    92:aa:f9:8d:18:9b:3d:bd:42:11:2a:5b:2f:ef:56:
                    82:b9:8c:eb:2f:92:fa:4d:00:c5:2b:da:90:fe:f4:
                    ae:26:68:7c:ea:26:b5:1b:ab:22:3b:2a:53:76:e1:
                    a3:c6:b0:8b:40:1b:a5:0d:dc:73:b1:0c:d6:18:75:
                    2f:86:b1:e6:6e:57:1d:aa:6a:6a:27:50:ed:f6:53:
                    c0:04:05:c1:05:3b:4f:92:6d:13:07:28:35:c2:0b:
                    c9:6c:29:cc:96:1b:a0:e2:43:b8:c7:98:52:65:76:
                    ff:da:68:5f:2e:29:32:58:7d:14:38:e3:96:27:7f:
                    7b:5c:d5:b2:3e:b9:10:30:cd:64:c2:27:0a:93:62:
                    88:c6:71:ae:7d:55:5b:7d:49:be:ba:03:85:35:3c:
                    6c:a9:62:66:e2:a4:be:4a:f2:bf:a0:e8:4c:30:a1:
                    dd:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:8D:59:2B:29:FB:14:F0:60:B5:7A:49:5D:4F:54:5D:79:FF:8D:7B
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/b7d0a9be-1840-3dcf-8b2d-43436936b455.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/f5a8e327-ebf4-4f4b-9073-90acd61797cc.crl

            X509v3 Authority Key Identifier:
                keyid:45:86:65:E2:AF:1E:64:89:10:4A:3B:83:E3:D8:7F:48:93:B5:7B:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc.cer

            sbgp-ipAddrBlock: critical
                IPv6:
                  2620:9e:6001::/48

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         31:25:97:5a:09:d6:1e:99:33:e1:6d:51:b2:ce:8b:b2:91:d8:
         ae:9a:a7:0f:2a:d3:91:10:b1:65:08:1e:0a:65:db:c4:58:7d:
         0e:07:d8:d5:ef:7e:b9:ef:e3:67:07:73:d5:5d:1e:53:ad:cc:
         0c:a9:7c:23:a3:d3:6e:13:98:f6:e1:35:12:b8:b9:66:70:67:
         b4:62:3b:a6:97:5f:28:59:88:af:88:ea:bc:78:c4:b0:69:fc:
         21:ee:df:6e:e0:9a:ad:18:1e:20:5e:a1:cc:fd:e7:b8:b9:17:
         7a:bf:3a:ed:e8:0c:ac:d0:69:85:88:1a:2a:0d:6e:f0:e5:01:
         2d:56:09:b0:f3:79:6e:0b:a5:37:af:f2:70:6c:7a:57:0a:9b:
         0e:0e:00:f5:3b:44:48:4f:aa:2b:a9:dd:99:02:43:a8:b0:69:
         eb:f0:a0:13:ef:9e:96:bf:30:0c:93:aa:65:48:66:67:99:23:
         df:7b:c0:94:1e:29:cc:08:3a:5c:4a:de:af:9b:9a:dd:0e:3e:
         b0:fc:d4:0a:6c:56:be:b4:18:2e:7b:55:25:30:88:c0:f7:34:
         3f:aa:89:92:65:10:5f:94:da:73:03:c2:f9:09:43:66:e5:42:
         66:73:2e:fa:54:14:ca:4c:10:a4:4c:f6:a1:d1:90:5f:db:e9:
         e7:dd:30:92
-----BEGIN CERTIFICATE-----
MIIGRjCCBS6gAwIBAgIUAQ0Mn0MoWD5MZJguOY0RBodcmwAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkZjVhOGUzMjctZWJmNC00ZjRiLTkwNzMtOTBhY2Q2MTc5
N2NjMB4XDTIyMDYxOTEyMDAwMFoXDTIzMDYyMDA0MDAwMFowLzEtMCsGA1UEAxMk
Yjg3ZmEwNjEtYzEyMS00OTFjLWEyYTAtN2E5YmNkZGU0MzQ0MIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjluM1YHqktKB7+hhcbQ6XKTjrx8GmCuMn4w7
NI3pcmq4Og+AK8QN6Y57a5u1x4BKK2NOXk4Ik6H6OTUy5agAjYhkcmiuydEmcdS4
qnfbVLtOi0JdX2rdrLmSqvmNGJs9vUIRKlsv71aCuYzrL5L6TQDFK9qQ/vSuJmh8
6ia1G6siOypTduGjxrCLQBulDdxzsQzWGHUvhrHmblcdqmpqJ1Dt9lPABAXBBTtP
km0TByg1wgvJbCnMlhug4kO4x5hSZXb/2mhfLikyWH0UOOOWJ397XNWyPrkQMM1k
wicKk2KIxnGufVVbfUm+ugOFNTxsqWJm4qS+SvK/oOhMMKHdoQIDAQABo4IDWDCC
A1QwHQYDVR0OBBYEFA+NWSsp+xTwYLV6SV1PVF15/417MIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy9mNWE4
ZTMyNy1lYmY0LTRmNGItOTA3My05MGFjZDYxNzk3Y2MvYjdkMGE5YmUtMTg0MC0z
ZGNmLThiMmQtNDM0MzY5MzZiNDU1LnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy81MjFlYjMzZi05
NjcyLTRjZDktYWNjZS0xMzcyMjdlOTcxYWMvZjVhOGUzMjctZWJmNC00ZjRiLTkw
NzMtOTBhY2Q2MTc5N2NjL2Y1YThlMzI3LWViZjQtNGY0Yi05MDczLTkwYWNkNjE3
OTdjYy5jcmwwHwYDVR0jBBgwFoAURYZl4q8eZIkQSjuD49h/SJO1e5MwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzUyMWViMzNmLTk2NzItNGNk
OS1hY2NlLTEzNzIyN2U5NzFhYy9mNWE4ZTMyNy1lYmY0LTRmNGItOTA3My05MGFj
ZDYxNzk3Y2MuY2VyMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAJiAAnmAB
MFQGA1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6
Ly93d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcN
AQELBQADggEBADEll1oJ1h6ZM+FtUbLOi7KR2K6apw8q05EQsWUIHgpl28RYfQ4H
2NXvfrnv42cHc9VdHlOtzAypfCOj024TmPbhNRK4uWZwZ7RiO6aXXyhZiK+I6rx4
xLBp/CHu327gmq0YHiBeocz957i5F3q/Ou3oDKzQaYWIGioNbvDlAS1WCbDzeW4L
pTev8nBselcKmw4OAPU7REhPqiup3ZkCQ6iwaevwoBPvnpa/MAyTqmVIZmeZI997
wJQeKcwIOlxK3q+bmt0OPrD81ApsVr60GC57VSUwiMD3ND+qiZJlEF+U2nMDwvkJ
Q2blQmZzLvpUFMpMEKRM9qHRkF/b6efdMJI=
-----END CERTIFICATE-----