Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/df1b807e-4c6f-31ab-b0ad-4c66734ca542.roa
File:                     df1b807e-4c6f-31ab-b0ad-4c66734ca542.roa (raw, json)
Hash identifier:          Dxmf4nzVsZXOvHltpX7WjJS2/2dvbvq3D/5xy/TXku8=
Subject key identifier:   27:6D:2E:17:6F:B6:EF:D2:F3:CA:DF:83:A6:9F:AA:3F:69:75:C3:83
Certificate issuer:       /CN=f5a8e327-ebf4-4f4b-9073-90acd61797cc
Certificate serial:       010D0C9F4328583F0CE474C98074DA931CB46100
Authority key identifier: 45:86:65:E2:AF:1E:64:89:10:4A:3B:83:E3:D8:7F:48:93:B5:7B:93
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/df1b807e-4c6f-31ab-b0ad-4c66734ca542.roa
Signing time:             Sat 27 Aug 2022 12:00:00 +0000
ROA not before:           Sat 27 Aug 2022 12:00:00 +0000
ROA not after:            Mon 28 Aug 2023 04:00:00 +0000
asID:                     3970
IP address blocks:        165.140.105.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:3f:0c:e4:74:c9:80:74:da:93:1c:b4:61:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f5a8e327-ebf4-4f4b-9073-90acd61797cc
        Validity
            Not Before: Aug 27 12:00:00 2022 GMT
            Not After : Aug 28 04:00:00 2023 GMT
        Subject: CN=77467f57-afe5-454e-94d6-d5da619dd473
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:8f:ea:5d:03:cb:3a:0a:8f:68:0e:75:e6:e8:
                    54:9b:9e:09:0b:04:de:4d:b5:0a:34:fd:85:a4:44:
                    67:5f:12:46:fb:f9:43:0c:33:23:5c:01:83:4a:1b:
                    17:e5:85:83:ff:7b:b6:92:a3:04:3f:fb:c5:d8:de:
                    38:9b:1c:87:35:db:0b:90:5c:d8:54:7b:64:de:41:
                    29:66:39:23:0c:6e:df:25:11:d3:48:ed:11:ca:22:
                    73:32:77:36:08:1b:9c:b3:fa:01:65:61:f2:68:22:
                    d5:61:eb:3e:59:da:99:77:05:30:64:2b:1c:69:8b:
                    a8:1f:7f:dc:a1:3d:2c:41:48:8b:2f:5a:6d:69:a4:
                    eb:9b:9a:23:88:f2:5d:09:36:38:63:47:01:95:68:
                    7f:76:f7:40:39:6a:0c:64:62:9f:f0:40:04:2a:41:
                    e0:f5:ac:dd:62:6f:18:81:03:20:10:2d:cd:e3:e8:
                    51:f9:6c:59:99:01:e1:b7:be:ad:43:0d:0d:78:e8:
                    89:a8:68:c3:5d:27:45:11:b3:10:0f:bb:1c:18:c8:
                    25:27:38:53:b3:b4:d6:43:71:14:5b:d7:a0:3e:23:
                    a5:72:30:1d:12:64:45:58:79:d4:e9:d9:25:13:29:
                    a9:6b:99:f6:90:5b:a4:4b:07:02:4f:5a:0c:95:c9:
                    93:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:6D:2E:17:6F:B6:EF:D2:F3:CA:DF:83:A6:9F:AA:3F:69:75:C3:83
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/df1b807e-4c6f-31ab-b0ad-4c66734ca542.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/f5a8e327-ebf4-4f4b-9073-90acd61797cc.crl

            X509v3 Authority Key Identifier:
                keyid:45:86:65:E2:AF:1E:64:89:10:4A:3B:83:E3:D8:7F:48:93:B5:7B:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  165.140.105.0/24

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         5a:88:15:67:be:42:2f:42:7f:9e:97:0b:6b:36:27:6b:03:53:
         37:23:69:c5:d3:fe:8b:6b:09:4b:0d:8b:06:89:a4:69:9d:f6:
         d9:0a:78:c4:ed:39:6a:39:3b:76:42:8c:c9:18:9e:14:ac:57:
         7b:4f:b1:f4:91:b3:af:ff:52:3b:76:f4:da:12:48:59:50:9b:
         22:f2:1a:45:00:4c:6a:fa:49:89:5b:d7:80:bd:33:f8:f8:e3:
         d5:4f:84:db:47:f7:51:d4:09:96:f4:9d:8d:ab:f1:23:2d:27:
         00:32:06:ce:94:73:eb:88:60:21:a5:60:f8:86:b7:07:d9:ed:
         95:d2:84:2c:bf:df:f1:23:f8:ed:82:62:69:6a:e5:f4:65:66:
         a4:f9:4b:58:9c:5e:0e:11:8e:ba:93:26:8c:f7:7f:24:4f:5d:
         dc:63:c5:57:18:b6:48:9d:16:18:37:68:a3:a1:18:9d:07:d3:
         54:cb:82:3d:8a:db:43:8d:9f:21:b8:7f:40:40:f8:5f:ff:c4:
         5d:dd:83:60:4f:3a:a5:f9:c2:d1:96:cf:aa:a5:9a:58:0a:2a:
         49:45:0c:65:92:8c:4d:99:a0:7c:1d:a9:77:5f:0d:f9:78:7b:
         91:b6:69:6f:2e:ce:69:f8:21:bd:22:53:b3:38:d0:28:72:e6:
         a2:e2:cd:35
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWD8M5HTJgHTakxy0YQAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkZjVhOGUzMjctZWJmNC00ZjRiLTkwNzMtOTBhY2Q2MTc5
N2NjMB4XDTIyMDgyNzEyMDAwMFoXDTIzMDgyODA0MDAwMFowLzEtMCsGA1UEAxMk
Nzc0NjdmNTctYWZlNS00NTRlLTk0ZDYtZDVkYTYxOWRkNDczMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAio/qXQPLOgqPaA515uhUm54JCwTeTbUKNP2F
pERnXxJG+/lDDDMjXAGDShsX5YWD/3u2kqMEP/vF2N44mxyHNdsLkFzYVHtk3kEp
ZjkjDG7fJRHTSO0RyiJzMnc2CBucs/oBZWHyaCLVYes+WdqZdwUwZCscaYuoH3/c
oT0sQUiLL1ptaaTrm5ojiPJdCTY4Y0cBlWh/dvdAOWoMZGKf8EAEKkHg9azdYm8Y
gQMgEC3N4+hR+WxZmQHht76tQw0NeOiJqGjDXSdFEbMQD7scGMglJzhTs7TWQ3EU
W9egPiOlcjAdEmRFWHnU6dklEympa5n2kFukSwcCT1oMlcmTIwIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFCdtLhdvtu/S88rfg6afqj9pdcODMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy9mNWE4
ZTMyNy1lYmY0LTRmNGItOTA3My05MGFjZDYxNzk3Y2MvZGYxYjgwN2UtNGM2Zi0z
MWFiLWIwYWQtNGM2NjczNGNhNTQyLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy81MjFlYjMzZi05
NjcyLTRjZDktYWNjZS0xMzcyMjdlOTcxYWMvZjVhOGUzMjctZWJmNC00ZjRiLTkw
NzMtOTBhY2Q2MTc5N2NjL2Y1YThlMzI3LWViZjQtNGY0Yi05MDczLTkwYWNkNjE3
OTdjYy5jcmwwHwYDVR0jBBgwFoAURYZl4q8eZIkQSjuD49h/SJO1e5MwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzUyMWViMzNmLTk2NzItNGNk
OS1hY2NlLTEzNzIyN2U5NzFhYy9mNWE4ZTMyNy1lYmY0LTRmNGItOTA3My05MGFj
ZDYxNzk3Y2MuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQApYxpMFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBAFqIFWe+Qi9Cf56XC2s2J2sDUzcjacXT/otrCUsNiwaJpGmd9tkKeMTt
OWo5O3ZCjMkYnhSsV3tPsfSRs6//Ujt29NoSSFlQmyLyGkUATGr6SYlb14C9M/j4
49VPhNtH91HUCZb0nY2r8SMtJwAyBs6Uc+uIYCGlYPiGtwfZ7ZXShCy/3/Ej+O2C
Ymlq5fRlZqT5S1icXg4RjrqTJoz3fyRPXdxjxVcYtkidFhg3aKOhGJ0H01TLgj2K
20ONnyG4f0BA+F//xF3dg2BPOqX5wtGWz6qlmlgKKklFDGWSjE2ZoHwdqXdfDfl4
e5G2aW8uzmn4Ib0iU7M40Chy5qLizTU=
-----END CERTIFICATE-----