Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5b7fb122-dfdf-4c0c-b90d-3bc7a5feb82b/9e36dcff-6526-450f-a9d4-367f2c2d4a7f/d7c7e4f5-d9df-3ad4-bdd7-9e4db5ccb1fd.roa
File:                     d7c7e4f5-d9df-3ad4-bdd7-9e4db5ccb1fd.roa (raw, json)
Hash identifier:          tCiEyxwSDoc9dlHaK0emGxr8aQ9DUrraIVX0M7ht0Es=
Subject key identifier:   60:7E:04:35:2D:71:6C:65:33:FA:25:C9:28:87:3E:35:61:59:1F:BD
Certificate issuer:       /CN=9e36dcff-6526-450f-a9d4-367f2c2d4a7f
Certificate serial:       010D0C9F43285847B6B62AA7D3833624CC479700
Authority key identifier: 84:F9:60:4D:69:2E:F4:73:8B:1B:24:A6:73:C0:85:78:58:DE:1B:C3
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5b7fb122-dfdf-4c0c-b90d-3bc7a5feb82b/9e36dcff-6526-450f-a9d4-367f2c2d4a7f.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5b7fb122-dfdf-4c0c-b90d-3bc7a5feb82b/9e36dcff-6526-450f-a9d4-367f2c2d4a7f/d7c7e4f5-d9df-3ad4-bdd7-9e4db5ccb1fd.roa
Signing time:             Wed 30 Oct 2024 14:04:07 +0000
ROA not before:           Wed 30 Oct 2024 14:04:07 +0000
ROA not after:            Tue 28 Jan 2025 15:04:07 +0000
asID:                     2648000
IP address blocks:        2602:fc3b:6b00::/40 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:47:b6:b6:2a:a7:d3:83:36:24:cc:47:97:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e36dcff-6526-450f-a9d4-367f2c2d4a7f
        Validity
            Not Before: Oct 30 14:04:07 2024 GMT
            Not After : Jan 28 15:04:07 2025 GMT
        Subject: CN=627b9cab-fdab-4983-9ecd-9a813548c302
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:aa:70:b7:ae:8f:7b:23:e5:f0:d9:27:e0:f7:
                    3f:3d:22:33:6b:14:a6:77:ab:e7:6b:9b:99:7d:7c:
                    89:c3:1a:5a:e4:91:44:ef:97:5f:56:b9:f1:6f:ed:
                    01:1c:03:f9:85:1e:67:64:62:67:a5:d6:08:10:1d:
                    fd:4b:67:4d:28:40:cf:37:3d:9a:1b:28:77:13:38:
                    9d:92:05:1a:2e:2f:d5:ad:7c:9a:f2:da:df:77:2f:
                    42:52:e5:28:63:fb:ce:16:de:35:aa:ec:44:7d:d6:
                    fe:c0:64:9b:9f:95:65:5a:18:21:91:49:d8:60:81:
                    06:29:28:34:dc:1f:4e:f3:7d:c0:9f:eb:7d:11:f9:
                    96:0f:8b:d8:11:cc:70:d7:32:f9:a2:67:fe:1c:fe:
                    0c:b6:1b:e9:10:5f:27:cf:2a:99:9f:be:c5:ea:88:
                    a4:5b:2a:d7:e3:0d:21:39:88:9a:5c:75:87:aa:70:
                    3e:bf:ff:04:a3:5c:60:31:2b:7d:32:c4:06:48:30:
                    08:f2:66:62:47:b9:46:fe:74:9b:43:2b:1b:de:6a:
                    59:18:77:4a:7d:5b:db:2d:b1:47:00:61:21:d6:5a:
                    95:0a:a6:66:81:32:76:49:fe:45:7b:82:1e:6d:5e:
                    f9:e4:e8:8f:5b:46:54:3e:e9:6d:6d:7c:35:87:a1:
                    dc:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:7E:04:35:2D:71:6C:65:33:FA:25:C9:28:87:3E:35:61:59:1F:BD
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5b7fb122-dfdf-4c0c-b90d-3bc7a5feb82b/9e36dcff-6526-450f-a9d4-367f2c2d4a7f/d7c7e4f5-d9df-3ad4-bdd7-9e4db5ccb1fd.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5b7fb122-dfdf-4c0c-b90d-3bc7a5feb82b/9e36dcff-6526-450f-a9d4-367f2c2d4a7f/9e36dcff-6526-450f-a9d4-367f2c2d4a7f.crl

            X509v3 Authority Key Identifier:
                keyid:84:F9:60:4D:69:2E:F4:73:8B:1B:24:A6:73:C0:85:78:58:DE:1B:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5b7fb122-dfdf-4c0c-b90d-3bc7a5feb82b/9e36dcff-6526-450f-a9d4-367f2c2d4a7f.cer

            sbgp-ipAddrBlock: critical
                IPv6:
                  2602:fc3b:6b00::/40

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         1c:af:a5:dd:6c:e2:71:bb:cd:07:3e:93:d9:1a:3b:83:be:f8:
         d3:43:d7:6d:ef:b4:92:b7:94:36:42:ca:1b:fc:15:17:96:5a:
         cd:83:6d:c6:fe:05:68:75:cd:3d:15:89:d5:3a:cb:e8:76:33:
         08:7c:d3:f3:0b:57:dc:e7:02:d2:ce:7d:2e:39:36:97:ff:58:
         8b:ee:93:de:ec:63:b6:85:50:81:c9:41:27:cb:db:5b:26:2a:
         53:74:f0:63:dd:2a:02:1f:45:44:6e:54:7a:30:66:74:bd:c3:
         a5:55:73:e4:6a:78:b7:e2:c6:14:84:8a:0a:57:cc:11:27:68:
         b6:ca:bc:9d:05:bb:40:34:e1:21:ad:a0:33:33:5a:ce:5c:99:
         f6:73:55:08:d6:d1:db:0c:67:6b:c8:3a:fa:34:f2:e2:a3:b7:
         28:40:88:fd:2c:1f:f2:00:97:3a:a2:87:c0:8b:b6:00:df:94:
         13:4d:f3:3e:70:0c:8a:79:13:d3:f9:03:16:79:8a:8c:9a:7d:
         19:8a:98:98:a7:92:0a:85:c9:c3:6c:e9:93:47:e9:6d:cb:83:
         83:c4:21:16:e3:6c:1a:05:f5:f8:a8:57:8f:c3:41:65:1d:a4:
         ed:b9:0f:44:b4:7e:87:98:70:33:4b:67:3d:d0:65:36:71:79:
         d7:35:ae:d4
-----BEGIN CERTIFICATE-----
MIIGRTCCBS2gAwIBAgIUAQ0Mn0MoWEe2tiqn04M2JMxHlwAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkOWUzNmRjZmYtNjUyNi00NTBmLWE5ZDQtMzY3ZjJjMmQ0
YTdmMB4XDTI0MTAzMDE0MDQwN1oXDTI1MDEyODE1MDQwN1owLzEtMCsGA1UEAxMk
NjI3YjljYWItZmRhYi00OTgzLTllY2QtOWE4MTM1NDhjMzAyMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlqpwt66PeyPl8Nkn4Pc/PSIzaxSmd6vna5uZ
fXyJwxpa5JFE75dfVrnxb+0BHAP5hR5nZGJnpdYIEB39S2dNKEDPNz2aGyh3Ezid
kgUaLi/VrXya8trfdy9CUuUoY/vOFt41quxEfdb+wGSbn5VlWhghkUnYYIEGKSg0
3B9O833An+t9EfmWD4vYEcxw1zL5omf+HP4MthvpEF8nzyqZn77F6oikWyrX4w0h
OYiaXHWHqnA+v/8Eo1xgMSt9MsQGSDAI8mZiR7lG/nSbQysb3mpZGHdKfVvbLbFH
AGEh1lqVCqZmgTJ2Sf5Fe4IebV755OiPW0ZUPultbXw1h6Hc0QIDAQABo4IDVzCC
A1MwHQYDVR0OBBYEFGB+BDUtcWxlM/olySiHPjVhWR+9MIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzViN2ZiMTIyLWRmZGYtNGMwYy1iOTBkLTNiYzdhNWZlYjgyYi85ZTM2
ZGNmZi02NTI2LTQ1MGYtYTlkNC0zNjdmMmMyZDRhN2YvZDdjN2U0ZjUtZDlkZi0z
YWQ0LWJkZDctOWU0ZGI1Y2NiMWZkLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy81YjdmYjEyMi1k
ZmRmLTRjMGMtYjkwZC0zYmM3YTVmZWI4MmIvOWUzNmRjZmYtNjUyNi00NTBmLWE5
ZDQtMzY3ZjJjMmQ0YTdmLzllMzZkY2ZmLTY1MjYtNDUwZi1hOWQ0LTM2N2YyYzJk
NGE3Zi5jcmwwHwYDVR0jBBgwFoAUhPlgTWku9HOLGySmc8CFeFjeG8MwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzViN2ZiMTIyLWRmZGYtNGMw
Yy1iOTBkLTNiYzdhNWZlYjgyYi85ZTM2ZGNmZi02NTI2LTQ1MGYtYTlkNC0zNjdm
MmMyZDRhN2YuY2VyMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAJgL8O2sw
VAYDVR0gAQH/BEowSDBGBggrBgEFBQcOAjA6MDgGCCsGAQUFBwIBFixodHRwczov
L3d3dy5hcmluLm5ldC9yZXNvdXJjZXMvcnBraS9jcHMuaHRtbDANBgkqhkiG9w0B
AQsFAAOCAQEAHK+l3WzicbvNBz6T2Ro7g77400PXbe+0kreUNkLKG/wVF5ZazYNt
xv4FaHXNPRWJ1TrL6HYzCHzT8wtX3OcC0s59Ljk2l/9Yi+6T3uxjtoVQgclBJ8vb
WyYqU3TwY90qAh9FRG5UejBmdL3DpVVz5Gp4t+LGFISKClfMESdotsq8nQW7QDTh
Ia2gMzNazlyZ9nNVCNbR2wxna8g6+jTy4qO3KECI/Swf8gCXOqKHwIu2AN+UE03z
PnAMinkT0/kDFnmKjJp9GYqYmKeSCoXJw2zpk0fpbcuDg8QhFuNsGgX1+KhXj8NB
ZR2k7bkPRLR+h5hwM0tnPdBlNnF51zWu1A==
-----END CERTIFICATE-----