Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/bc88f76a-bf83-30f8-9a9d-1e7fd15e94a3.roa
File:                     bc88f76a-bf83-30f8-9a9d-1e7fd15e94a3.roa (raw, json)
Hash identifier:          9BsNSRtGeZmtOujx/APz19Knu+zUdPpsZaRTy0ffEk4=
Subject key identifier:   8A:F8:66:66:DC:2A:3B:86:DD:A2:C0:FF:CE:8A:AC:FE:95:5C:59:B4
Certificate issuer:       /CN=f5a8e327-ebf4-4f4b-9073-90acd61797cc
Certificate serial:       010D0C9F432858402F524A4E889C440813AF5F00
Authority key identifier: 45:86:65:E2:AF:1E:64:89:10:4A:3B:83:E3:D8:7F:48:93:B5:7B:93
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/bc88f76a-bf83-30f8-9a9d-1e7fd15e94a3.roa
Signing time:             Fri 09 Dec 2022 12:00:00 +0000
ROA not before:           Fri 09 Dec 2022 12:00:00 +0000
ROA not after:            Sun 10 Dec 2023 05:00:00 +0000
asID:                     3970
IP address blocks:        2620:9e:6001::/48 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:40:2f:52:4a:4e:88:9c:44:08:13:af:5f:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f5a8e327-ebf4-4f4b-9073-90acd61797cc
        Validity
            Not Before: Dec  9 12:00:00 2022 GMT
            Not After : Dec 10 05:00:00 2023 GMT
        Subject: CN=6572e102-8ed7-454a-8f0b-dda4da8d59cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:dc:2c:29:09:cb:15:c9:49:5f:77:ba:d9:0d:
                    e9:c6:ec:33:7a:ec:af:12:1f:cf:14:df:ec:0b:46:
                    f8:85:b7:57:98:5d:2f:46:74:e0:98:2f:b7:58:1a:
                    62:e1:83:cb:07:a4:28:06:3a:74:96:1e:6c:e3:49:
                    37:ca:0b:70:f1:73:70:7d:a1:b1:7c:06:73:b0:e1:
                    8e:4e:00:b5:c0:47:96:46:58:bd:7b:00:27:e6:fa:
                    24:13:32:e3:30:b2:24:ca:8d:34:2a:44:48:66:e4:
                    8c:aa:5f:f1:9c:f5:dd:6a:a5:49:f8:03:3e:65:4d:
                    d4:fc:bf:4c:d9:7e:28:17:0b:68:c7:76:7f:20:85:
                    6f:22:b6:84:47:24:0f:28:52:41:6f:65:78:bc:96:
                    2b:f8:3e:b6:65:d6:8e:6f:47:04:68:9e:50:4a:8b:
                    5e:65:0e:a7:02:90:63:87:1d:46:6f:d4:b5:ad:a6:
                    11:11:57:35:33:c2:3c:61:0c:85:e8:e3:12:88:cc:
                    c9:9e:f3:ff:fe:be:41:39:ea:78:7f:63:5f:55:77:
                    2e:a5:c7:b5:a5:44:18:68:ce:6c:34:c1:84:81:49:
                    2c:dd:c1:05:fd:32:b5:13:d7:ac:49:7c:b9:ea:ce:
                    c7:2f:ac:80:6f:5b:1f:36:44:70:e1:cc:5c:40:01:
                    55:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:F8:66:66:DC:2A:3B:86:DD:A2:C0:FF:CE:8A:AC:FE:95:5C:59:B4
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/bc88f76a-bf83-30f8-9a9d-1e7fd15e94a3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/f5a8e327-ebf4-4f4b-9073-90acd61797cc.crl

            X509v3 Authority Key Identifier:
                keyid:45:86:65:E2:AF:1E:64:89:10:4A:3B:83:E3:D8:7F:48:93:B5:7B:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc.cer

            sbgp-ipAddrBlock: critical
                IPv6:
                  2620:9e:6001::/48

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         22:c1:8f:ef:b9:79:ef:27:70:2c:b3:68:4e:82:11:75:f6:9b:
         d2:ba:f2:2a:16:8b:13:7b:f3:7a:f6:35:7c:aa:43:dc:c7:ff:
         53:da:80:5f:b6:f1:f0:9d:53:b2:9c:20:ba:52:6d:58:e4:32:
         c7:b1:54:f3:ad:02:4e:eb:aa:3e:93:2d:37:5d:94:25:97:22:
         6a:91:34:bb:1c:75:6d:df:d7:25:97:14:7a:69:ac:0d:21:76:
         a0:ab:e7:b6:81:22:9c:75:33:b2:6c:41:ac:b1:28:01:54:a0:
         d6:95:68:f0:da:a8:c1:d4:52:0d:30:5c:28:0d:28:8c:5e:06:
         49:7b:b0:21:13:b6:90:0e:d7:6a:7a:76:b8:6e:00:8b:82:bb:
         09:83:55:e5:c0:24:55:76:4a:92:77:10:79:4d:dd:54:33:88:
         51:37:33:0e:6f:c5:25:3b:02:4d:5a:5b:10:5e:ac:d3:11:8b:
         1e:af:46:29:f8:e7:2b:47:ac:e4:ee:1d:1e:e6:fb:16:85:dc:
         1c:64:91:67:9b:23:23:ca:75:92:f8:2c:83:cc:53:d8:d2:36:
         69:14:3e:55:73:11:77:23:21:ea:80:c1:5d:b8:15:7f:c3:72:
         eb:70:66:09:42:ce:39:be:ee:5c:51:7f:ca:bd:76:21:8e:4d:
         46:2f:56:25
-----BEGIN CERTIFICATE-----
MIIGRjCCBS6gAwIBAgIUAQ0Mn0MoWEAvUkpOiJxECBOvXwAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkZjVhOGUzMjctZWJmNC00ZjRiLTkwNzMtOTBhY2Q2MTc5
N2NjMB4XDTIyMTIwOTEyMDAwMFoXDTIzMTIxMDA1MDAwMFowLzEtMCsGA1UEAxMk
NjU3MmUxMDItOGVkNy00NTRhLThmMGItZGRhNGRhOGQ1OWNkMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEArtwsKQnLFclJX3e62Q3pxuwzeuyvEh/PFN/s
C0b4hbdXmF0vRnTgmC+3WBpi4YPLB6QoBjp0lh5s40k3ygtw8XNwfaGxfAZzsOGO
TgC1wEeWRli9ewAn5vokEzLjMLIkyo00KkRIZuSMql/xnPXdaqVJ+AM+ZU3U/L9M
2X4oFwtox3Z/IIVvIraERyQPKFJBb2V4vJYr+D62ZdaOb0cEaJ5QSoteZQ6nApBj
hx1Gb9S1raYREVc1M8I8YQyF6OMSiMzJnvP//r5BOep4f2NfVXcupce1pUQYaM5s
NMGEgUks3cEF/TK1E9esSXy56s7HL6yAb1sfNkRw4cxcQAFVFwIDAQABo4IDWDCC
A1QwHQYDVR0OBBYEFIr4ZmbcKjuG3aLA/86KrP6VXFm0MIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy9mNWE4
ZTMyNy1lYmY0LTRmNGItOTA3My05MGFjZDYxNzk3Y2MvYmM4OGY3NmEtYmY4My0z
MGY4LTlhOWQtMWU3ZmQxNWU5NGEzLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy81MjFlYjMzZi05
NjcyLTRjZDktYWNjZS0xMzcyMjdlOTcxYWMvZjVhOGUzMjctZWJmNC00ZjRiLTkw
NzMtOTBhY2Q2MTc5N2NjL2Y1YThlMzI3LWViZjQtNGY0Yi05MDczLTkwYWNkNjE3
OTdjYy5jcmwwHwYDVR0jBBgwFoAURYZl4q8eZIkQSjuD49h/SJO1e5MwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzUyMWViMzNmLTk2NzItNGNk
OS1hY2NlLTEzNzIyN2U5NzFhYy9mNWE4ZTMyNy1lYmY0LTRmNGItOTA3My05MGFj
ZDYxNzk3Y2MuY2VyMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAJiAAnmAB
MFQGA1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6
Ly93d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcN
AQELBQADggEBACLBj++5ee8ncCyzaE6CEXX2m9K68ioWixN783r2NXyqQ9zH/1Pa
gF+28fCdU7KcILpSbVjkMsexVPOtAk7rqj6TLTddlCWXImqRNLscdW3f1yWXFHpp
rA0hdqCr57aBIpx1M7JsQayxKAFUoNaVaPDaqMHUUg0wXCgNKIxeBkl7sCETtpAO
12p6drhuAIuCuwmDVeXAJFV2SpJ3EHlN3VQziFE3Mw5vxSU7Ak1aWxBerNMRix6v
Rin45ytHrOTuHR7m+xaF3BxkkWebIyPKdZL4LIPMU9jSNmkUPlVzEXcjIeqAwV24
FX/DcutwZglCzjm+7lxRf8q9diGOTUYvViU=
-----END CERTIFICATE-----