Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/f33bf4c3-4340-3ae8-b80f-21324d8763bb.roa
File:                     f33bf4c3-4340-3ae8-b80f-21324d8763bb.roa (raw, json)
Hash identifier:          phMlZdJFO4WHr1WvqCOofShS8nJxtPJnnI5CVQB9Fd8=
Subject key identifier:   DF:14:5E:3D:32:91:77:3D:6E:2E:01:F8:25:94:35:AA:AC:23:EE:31
Certificate issuer:       /CN=f5a8e327-ebf4-4f4b-9073-90acd61797cc
Certificate serial:       010D0C9F4328583EA29F4583C60F520D58311900
Authority key identifier: 45:86:65:E2:AF:1E:64:89:10:4A:3B:83:E3:D8:7F:48:93:B5:7B:93
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/f33bf4c3-4340-3ae8-b80f-21324d8763bb.roa
Signing time:             Wed 20 Jul 2022 12:00:00 +0000
ROA not before:           Wed 20 Jul 2022 12:00:00 +0000
ROA not after:            Fri 21 Jul 2023 04:00:00 +0000
asID:                     3970
IP address blocks:        165.140.105.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:3e:a2:9f:45:83:c6:0f:52:0d:58:31:19:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f5a8e327-ebf4-4f4b-9073-90acd61797cc
        Validity
            Not Before: Jul 20 12:00:00 2022 GMT
            Not After : Jul 21 04:00:00 2023 GMT
        Subject: CN=e372b73a-abf0-4df8-9ec5-36d5813b7528
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:74:df:5c:c7:1b:03:78:ec:4e:b4:1d:91:f6:
                    f1:bb:ca:9e:c0:27:01:9f:e6:71:87:18:c7:18:da:
                    ed:8d:88:e2:db:cb:a4:4b:0a:a2:1b:ee:5c:bb:c1:
                    b6:8e:78:cd:f3:fb:fe:1d:1a:c2:3c:16:22:34:e9:
                    29:9e:f0:5f:58:5f:91:d9:7f:ca:45:9c:97:01:e0:
                    3a:b1:c6:6c:28:b8:70:81:48:15:39:74:c4:8a:c0:
                    51:52:6c:e2:19:1d:69:bf:6c:61:97:32:16:af:7f:
                    83:dd:8e:76:f7:12:0b:b2:67:0c:60:d3:05:5f:cd:
                    15:85:a1:20:c0:aa:66:17:97:8b:c6:c7:70:ec:4a:
                    01:9d:11:48:38:7b:d1:9f:2b:bc:78:18:44:9c:60:
                    34:9d:39:83:ff:92:84:2d:87:2f:95:bd:f6:8e:bc:
                    be:e1:aa:dd:db:aa:76:1b:67:1b:ee:e0:31:ec:64:
                    a5:52:f6:b5:32:9d:62:9c:a1:2f:a7:ed:4e:b9:8e:
                    c4:f7:01:dd:bc:a0:8f:96:43:36:4e:7f:4c:a7:5c:
                    c2:af:fd:ce:51:fc:13:ff:ce:db:22:64:f0:00:01:
                    1a:01:26:e2:57:d6:60:e9:02:aa:c2:7d:e4:ee:db:
                    db:eb:8b:77:ce:b4:47:f5:5c:2d:10:57:2c:e0:64:
                    e8:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:14:5E:3D:32:91:77:3D:6E:2E:01:F8:25:94:35:AA:AC:23:EE:31
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/f33bf4c3-4340-3ae8-b80f-21324d8763bb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc/f5a8e327-ebf4-4f4b-9073-90acd61797cc.crl

            X509v3 Authority Key Identifier:
                keyid:45:86:65:E2:AF:1E:64:89:10:4A:3B:83:E3:D8:7F:48:93:B5:7B:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/f5a8e327-ebf4-4f4b-9073-90acd61797cc.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  165.140.105.0/24

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         05:64:50:12:6b:72:d7:91:58:86:93:63:2b:f9:a4:ff:65:7a:
         c7:9c:72:9c:08:e9:3e:80:c6:30:9f:5e:92:d7:8e:45:99:a8:
         c9:1b:ba:51:fd:c2:c5:41:bf:0d:d2:2d:46:5e:42:d9:9a:f2:
         7d:e0:28:a0:92:54:0d:c0:6b:6f:fb:49:0b:e4:f4:25:f2:a3:
         93:1b:54:bf:53:af:ab:ed:0a:f1:16:2f:26:31:fd:bf:bd:18:
         b0:b1:15:90:68:01:f6:fc:f1:3d:d5:6f:6d:10:a5:60:0d:e8:
         7e:cf:f2:7a:93:d9:c7:e0:0f:8e:73:c2:16:1f:83:5a:39:5a:
         ff:9e:32:9a:3d:11:0d:e6:54:ff:89:95:20:5c:35:43:20:80:
         93:83:34:5d:6b:a0:45:5d:1b:e7:05:26:19:da:eb:d1:45:52:
         37:3b:f5:3c:cd:68:0d:8a:de:c4:55:23:34:c1:2b:49:23:76:
         e3:c4:2c:50:9b:a9:a2:1f:27:c1:8c:01:67:d6:a2:96:1a:21:
         f9:99:7c:a7:bb:31:75:29:66:fa:3f:ea:c5:8e:a6:01:c7:2a:
         73:a2:2e:95:7e:2b:62:81:2a:c1:10:af:b1:1e:03:45:01:9b:
         56:e7:d7:ca:d4:d8:ab:19:e5:64:77:a7:fe:b8:ab:ca:61:bd:
         55:93:03:2d
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWD6in0WDxg9SDVgxGQAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkZjVhOGUzMjctZWJmNC00ZjRiLTkwNzMtOTBhY2Q2MTc5
N2NjMB4XDTIyMDcyMDEyMDAwMFoXDTIzMDcyMTA0MDAwMFowLzEtMCsGA1UEAxMk
ZTM3MmI3M2EtYWJmMC00ZGY4LTllYzUtMzZkNTgxM2I3NTI4MIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn3TfXMcbA3jsTrQdkfbxu8qewCcBn+ZxhxjH
GNrtjYji28ukSwqiG+5cu8G2jnjN8/v+HRrCPBYiNOkpnvBfWF+R2X/KRZyXAeA6
scZsKLhwgUgVOXTEisBRUmziGR1pv2xhlzIWr3+D3Y529xILsmcMYNMFX80VhaEg
wKpmF5eLxsdw7EoBnRFIOHvRnyu8eBhEnGA0nTmD/5KELYcvlb32jry+4ard26p2
G2cb7uAx7GSlUva1Mp1inKEvp+1OuY7E9wHdvKCPlkM2Tn9Mp1zCr/3OUfwT/87b
ImTwAAEaASbiV9Zg6QKqwn3k7tvb64t3zrRH9VwtEFcs4GTofQIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFN8UXj0ykXc9bi4B+CWUNaqsI+4xMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy9mNWE4
ZTMyNy1lYmY0LTRmNGItOTA3My05MGFjZDYxNzk3Y2MvZjMzYmY0YzMtNDM0MC0z
YWU4LWI4MGYtMjEzMjRkODc2M2JiLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy81MjFlYjMzZi05
NjcyLTRjZDktYWNjZS0xMzcyMjdlOTcxYWMvZjVhOGUzMjctZWJmNC00ZjRiLTkw
NzMtOTBhY2Q2MTc5N2NjL2Y1YThlMzI3LWViZjQtNGY0Yi05MDczLTkwYWNkNjE3
OTdjYy5jcmwwHwYDVR0jBBgwFoAURYZl4q8eZIkQSjuD49h/SJO1e5MwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzUyMWViMzNmLTk2NzItNGNk
OS1hY2NlLTEzNzIyN2U5NzFhYy9mNWE4ZTMyNy1lYmY0LTRmNGItOTA3My05MGFj
ZDYxNzk3Y2MuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQApYxpMFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBAAVkUBJrcteRWIaTYyv5pP9leseccpwI6T6AxjCfXpLXjkWZqMkbulH9
wsVBvw3SLUZeQtma8n3gKKCSVA3Aa2/7SQvk9CXyo5MbVL9Tr6vtCvEWLyYx/b+9
GLCxFZBoAfb88T3Vb20QpWAN6H7P8nqT2cfgD45zwhYfg1o5Wv+eMpo9EQ3mVP+J
lSBcNUMggJODNF1roEVdG+cFJhna69FFUjc79TzNaA2K3sRVIzTBK0kjduPELFCb
qaIfJ8GMAWfWopYaIfmZfKe7MXUpZvo/6sWOpgHHKnOiLpV+K2KBKsEQr7EeA0UB
m1bn18rU2KsZ5WR3p/64q8phvVWTAy0=
-----END CERTIFICATE-----