Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/bb2fff0e-d9e0-3108-bba0-ff3ff5c28227.roa
File:                     bb2fff0e-d9e0-3108-bba0-ff3ff5c28227.roa (raw, json)
Hash identifier:          LvmFpQelOttIPOudsyDCDIjRE78euRn5AKwsKQnvWBk=
Subject key identifier:   A1:ED:B4:4F:FC:E9:E1:41:B4:0C:30:3E:EB:7E:CE:42:AD:37:2F:CE
Certificate issuer:       /CN=f5a8e327-ebf4-4f4b-9073-90acd61797cc
Certificate serial:       010D0C9F4328583F1AE774F04A76C6BD38ADE700
Authority key identifier: 45:86:65:E2:AF:1E:64:89:10:4A:3B:83:E3:D8:7F:48:93:B5:7B:93
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/bb2fff0e-d9e0-3108-bba0-ff3ff5c28227.roa
Signing time:             Thu 01 Sep 2022 12:00:00 +0000
ROA not before:           Thu 01 Sep 2022 12:00:00 +0000
ROA not after:            Sat 02 Sep 2023 04:00:00 +0000
asID:                     3970
IP address blocks:        165.140.105.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:3f:1a:e7:74:f0:4a:76:c6:bd:38:ad:e7:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f5a8e327-ebf4-4f4b-9073-90acd61797cc
        Validity
            Not Before: Sep  1 12:00:00 2022 GMT
            Not After : Sep  2 04:00:00 2023 GMT
        Subject: CN=b952379a-7131-45d3-b8de-933203a84a52
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:a0:bf:24:9e:07:4f:bc:15:94:df:32:74:f1:
                    03:c7:8d:c2:01:02:36:66:41:de:cd:05:04:30:e8:
                    3b:7c:a3:67:81:42:fd:eb:b1:d4:a4:fa:c2:e4:d0:
                    09:76:f0:27:6c:bc:79:2b:79:85:d3:38:44:1d:55:
                    29:48:99:bf:4e:dc:a0:aa:86:e0:9c:a2:18:63:57:
                    54:da:ee:27:f2:6c:bd:57:de:76:7a:6c:b2:b8:02:
                    ad:b2:f5:c9:9e:92:8c:cc:4e:9c:7c:88:2a:31:7e:
                    25:2c:00:49:36:2c:15:49:fb:43:14:24:c1:1c:01:
                    2a:4e:b9:59:15:66:08:34:39:4e:89:11:a5:03:86:
                    d4:44:a7:4b:b3:3d:1d:1d:94:2b:0a:db:9a:b1:5d:
                    d6:dc:7d:b8:63:16:8c:25:d2:72:85:b3:8f:6a:e0:
                    58:83:ce:7f:66:3b:8e:90:48:57:51:33:22:e1:6a:
                    cb:6c:d8:fd:59:07:97:11:90:2a:bf:f7:ee:cc:86:
                    af:a1:de:94:55:1b:64:3b:0f:a1:a0:75:ef:d4:6d:
                    70:42:c6:90:98:25:bc:75:75:f4:d8:c1:ac:fa:2f:
                    b3:32:e2:4c:ae:cf:d1:de:a6:66:b4:a5:9c:a7:4e:
                    6e:46:3c:0a:1f:87:ab:5c:74:56:69:52:24:f9:f1:
                    16:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:ED:B4:4F:FC:E9:E1:41:B4:0C:30:3E:EB:7E:CE:42:AD:37:2F:CE
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/bb2fff0e-d9e0-3108-bba0-ff3ff5c28227.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/f5a8e327-ebf4-4f4b-9073-90acd61797cc.crl

            X509v3 Authority Key Identifier:
                keyid:45:86:65:E2:AF:1E:64:89:10:4A:3B:83:E3:D8:7F:48:93:B5:7B:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  165.140.105.0/24

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         7a:59:fe:d5:1e:ed:24:70:a9:70:5f:96:78:66:31:f3:3b:dd:
         fe:ae:6c:47:eb:45:1a:16:05:3e:68:f0:38:64:20:6c:b1:99:
         5d:bd:6f:05:a3:c8:b5:bf:67:fc:ab:41:14:e7:a8:b6:69:04:
         2e:62:71:25:57:85:d3:fe:80:84:bb:65:73:c5:3a:7b:b8:09:
         dd:9e:fe:03:79:5f:fe:7f:53:bd:d3:3e:65:a5:5a:44:ce:43:
         1f:4f:b4:1b:bc:4a:d8:4b:93:28:76:2e:8a:7a:b8:cc:16:d1:
         c2:c3:3d:03:f6:24:98:83:63:0c:31:13:80:e8:6b:b9:e7:a2:
         1e:22:b5:5d:08:58:06:ba:de:dd:28:75:3a:f7:e7:60:73:73:
         0d:bd:e4:ca:0e:59:df:c2:b9:dc:a0:57:a6:d3:80:c4:84:a3:
         a8:6a:fd:75:d0:bd:35:16:31:0e:65:88:75:7e:56:2c:0f:15:
         96:90:68:98:9d:89:15:ed:76:29:54:33:57:df:fd:7d:cf:88:
         46:a5:2f:5d:5e:62:eb:0d:5a:c6:a4:5c:a1:dd:ef:c9:4c:a4:
         71:16:91:98:9a:36:35:13:8a:db:43:b2:1a:a5:58:62:97:4e:
         0a:f3:61:d8:cb:2e:f0:c3:01:b6:c3:a6:d2:b1:1e:d4:bd:ae:
         20:cd:d7:e5
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWD8a53TwSnbGvTit5wAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkZjVhOGUzMjctZWJmNC00ZjRiLTkwNzMtOTBhY2Q2MTc5
N2NjMB4XDTIyMDkwMTEyMDAwMFoXDTIzMDkwMjA0MDAwMFowLzEtMCsGA1UEAxMk
Yjk1MjM3OWEtNzEzMS00NWQzLWI4ZGUtOTMzMjAzYTg0YTUyMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj6C/JJ4HT7wVlN8ydPEDx43CAQI2ZkHezQUE
MOg7fKNngUL967HUpPrC5NAJdvAnbLx5K3mF0zhEHVUpSJm/TtygqobgnKIYY1dU
2u4n8my9V952emyyuAKtsvXJnpKMzE6cfIgqMX4lLABJNiwVSftDFCTBHAEqTrlZ
FWYINDlOiRGlA4bURKdLsz0dHZQrCtuasV3W3H24YxaMJdJyhbOPauBYg85/ZjuO
kEhXUTMi4WrLbNj9WQeXEZAqv/fuzIavod6UVRtkOw+hoHXv1G1wQsaQmCW8dXX0
2MGs+i+zMuJMrs/R3qZmtKWcp05uRjwKH4erXHRWaVIk+fEWnQIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFKHttE/86eFBtAwwPut+zkKtNy/OMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy9mNWE4
ZTMyNy1lYmY0LTRmNGItOTA3My05MGFjZDYxNzk3Y2MvYmIyZmZmMGUtZDllMC0z
MTA4LWJiYTAtZmYzZmY1YzI4MjI3LnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy81MjFlYjMzZi05
NjcyLTRjZDktYWNjZS0xMzcyMjdlOTcxYWMvZjVhOGUzMjctZWJmNC00ZjRiLTkw
NzMtOTBhY2Q2MTc5N2NjL2Y1YThlMzI3LWViZjQtNGY0Yi05MDczLTkwYWNkNjE3
OTdjYy5jcmwwHwYDVR0jBBgwFoAURYZl4q8eZIkQSjuD49h/SJO1e5MwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzUyMWViMzNmLTk2NzItNGNk
OS1hY2NlLTEzNzIyN2U5NzFhYy9mNWE4ZTMyNy1lYmY0LTRmNGItOTA3My05MGFj
ZDYxNzk3Y2MuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQApYxpMFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBAHpZ/tUe7SRwqXBflnhmMfM73f6ubEfrRRoWBT5o8DhkIGyxmV29bwWj
yLW/Z/yrQRTnqLZpBC5icSVXhdP+gIS7ZXPFOnu4Cd2e/gN5X/5/U73TPmWlWkTO
Qx9PtBu8SthLkyh2Lop6uMwW0cLDPQP2JJiDYwwxE4Doa7nnoh4itV0IWAa63t0o
dTr352Bzcw295MoOWd/CudygV6bTgMSEo6hq/XXQvTUWMQ5liHV+ViwPFZaQaJid
iRXtdilUM1ff/X3PiEalL11eYusNWsakXKHd78lMpHEWkZiaNjUTittDshqlWGKX
TgrzYdjLLvDDAbbDptKxHtS9riDN1+U=
-----END CERTIFICATE-----