Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/08a1c71b-e253-3e30-86bd-367c3af47cbb.roa
File:                     08a1c71b-e253-3e30-86bd-367c3af47cbb.roa (raw, json)
Hash identifier:          BdddA4mLZF3kbsz33N64nj4lB++7HsLg0l+w0PJ/D6c=
Subject key identifier:   16:D3:AC:1F:F4:AA:34:A8:64:9C:4B:DA:EC:04:86:42:65:AC:2F:C0
Certificate issuer:       /CN=18800324-5150-4981-a144-bdb80e6bcb7c
Certificate serial:       010D0C9F432858422FE83A802D0E01C31314E680
Authority key identifier: 11:6B:47:33:36:D9:E8:9D:B5:96:1B:5E:EF:A3:40:22:AE:DE:69:B6
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/08a1c71b-e253-3e30-86bd-367c3af47cbb.roa
Signing time:             Sun 11 Jun 2023 19:16:10 +0000
ROA not before:           Sun 11 Jun 2023 19:16:10 +0000
ROA not after:            Sat 09 Sep 2023 19:16:10 +0000
asID:                     15731
IP address blocks:        166.88.213.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:42:2f:e8:3a:80:2d:0e:01:c3:13:14:e6:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18800324-5150-4981-a144-bdb80e6bcb7c
        Validity
            Not Before: Jun 11 19:16:10 2023 GMT
            Not After : Sep  9 19:16:10 2023 GMT
        Subject: CN=98abe6ca-b018-47fd-ae05-9ce51c4d9e42
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:6a:f6:70:83:d0:61:55:31:1c:63:7c:25:8a:
                    14:67:b9:c0:13:b7:6f:c3:af:84:3d:d8:0d:f5:b1:
                    b5:79:c4:5e:44:2c:22:db:29:cb:e6:e7:f9:7b:cf:
                    8f:af:31:ce:a5:35:11:9e:08:bd:21:a9:09:50:f9:
                    1f:9f:2a:41:8d:24:33:a6:96:67:d7:b4:eb:c9:c8:
                    4d:38:65:b7:a3:62:b5:4b:80:ad:ab:e6:07:7a:84:
                    8c:21:7f:ca:65:f3:a9:19:c9:53:8d:5a:0e:9b:87:
                    16:17:5d:b8:a7:63:ee:94:ff:58:81:16:f7:04:9f:
                    3e:32:c2:0d:da:6d:b9:c7:c5:4f:24:f1:53:d7:43:
                    29:1b:c4:4a:ed:1b:91:90:63:3c:f3:6f:00:51:34:
                    bf:61:a4:36:ff:ac:86:74:1a:53:d3:a2:70:d7:d3:
                    36:f5:0c:a8:fd:22:49:1b:60:2c:ee:6b:1e:b5:e7:
                    1a:37:de:e9:47:6b:d6:86:f9:5d:92:a3:bf:84:a4:
                    a6:2f:e6:65:53:c1:f1:3a:32:d8:4d:d6:84:78:1a:
                    2d:1e:27:fd:ca:a2:9f:da:be:12:8f:7c:b7:cd:d6:
                    d7:74:c6:55:72:a3:9c:0a:42:26:0a:63:e0:eb:d3:
                    8a:c5:d3:0b:10:40:30:30:e8:48:b0:e5:ec:90:37:
                    c6:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:D3:AC:1F:F4:AA:34:A8:64:9C:4B:DA:EC:04:86:42:65:AC:2F:C0
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/08a1c71b-e253-3e30-86bd-367c3af47cbb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/18800324-5150-4981-a144-bdb80e6bcb7c.crl

            X509v3 Authority Key Identifier:
                keyid:11:6B:47:33:36:D9:E8:9D:B5:96:1B:5E:EF:A3:40:22:AE:DE:69:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  166.88.213.0/24

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         67:51:05:e7:c2:ac:fb:bd:eb:03:5b:7a:d5:c1:84:3a:74:60:
         32:77:48:16:b8:0d:9b:f5:8c:14:56:63:ff:09:98:23:a5:4d:
         fe:af:4e:48:d7:b7:4f:7e:d0:81:39:d5:95:96:45:0f:6b:2b:
         50:db:61:2a:ce:fd:ca:ee:21:83:a5:12:c8:a8:44:23:ef:8f:
         29:7f:66:37:1f:9e:c9:8e:df:32:ba:23:ad:df:9e:20:6c:8d:
         e9:6a:90:fc:af:b8:1c:0b:b4:c9:bb:1c:a4:5d:6f:6c:e3:66:
         31:5b:bd:52:d3:8c:90:3e:76:6e:c8:ec:1c:87:65:6b:4e:8e:
         ad:16:52:c6:ab:fa:2e:69:00:44:04:95:f4:a6:a0:be:22:df:
         5a:3b:c6:ba:ea:56:bc:b3:9d:7c:f4:45:4d:ab:a3:3f:08:dc:
         88:f7:01:35:c9:5e:c3:dc:de:d6:9d:17:8a:0f:f1:82:e0:d6:
         a7:a2:f5:e4:3d:e6:95:26:ad:fd:1c:71:e0:4d:b5:f7:02:19:
         e7:88:62:d9:6e:44:c3:7c:bf:6a:5b:fa:2b:09:9e:7a:e2:fd:
         c7:ce:6f:2e:39:44:f8:10:f7:6e:5d:b6:8a:56:84:94:0f:d6:
         1b:42:ff:1e:19:45:a4:18:ec:8d:b4:30:c3:ea:00:0d:5d:a2:
         80:5e:8f:fd
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWEIv6DqALQ4BwxMU5oAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkMTg4MDAzMjQtNTE1MC00OTgxLWExNDQtYmRiODBlNmJj
YjdjMB4XDTIzMDYxMTE5MTYxMFoXDTIzMDkwOTE5MTYxMFowLzEtMCsGA1UEAxMk
OThhYmU2Y2EtYjAxOC00N2ZkLWFlMDUtOWNlNTFjNGQ5ZTQyMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsmr2cIPQYVUxHGN8JYoUZ7nAE7dvw6+EPdgN
9bG1ecReRCwi2ynL5uf5e8+PrzHOpTURngi9IakJUPkfnypBjSQzppZn17TrychN
OGW3o2K1S4Ctq+YHeoSMIX/KZfOpGclTjVoOm4cWF124p2PulP9YgRb3BJ8+MsIN
2m25x8VPJPFT10MpG8RK7RuRkGM8828AUTS/YaQ2/6yGdBpT06Jw19M29Qyo/SJJ
G2As7msetecaN97pR2vWhvldkqO/hKSmL+ZlU8HxOjLYTdaEeBotHif9yqKf2r4S
j3y3zdbXdMZVcqOcCkImCmPg69OKxdMLEEAwMOhIsOXskDfG+QIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFBbTrB/0qjSoZJxL2uwEhkJlrC/AMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzc0NmUwMTExLWZhZmItNDMwZi1iNzc4LWQyMDRjZmNkOTlhOC8xODgw
MDMyNC01MTUwLTQ5ODEtYTE0NC1iZGI4MGU2YmNiN2MvMDhhMWM3MWItZTI1My0z
ZTMwLTg2YmQtMzY3YzNhZjQ3Y2JiLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy83NDZlMDExMS1m
YWZiLTQzMGYtYjc3OC1kMjA0Y2ZjZDk5YTgvMTg4MDAzMjQtNTE1MC00OTgxLWEx
NDQtYmRiODBlNmJjYjdjLzE4ODAwMzI0LTUxNTAtNDk4MS1hMTQ0LWJkYjgwZTZi
Y2I3Yy5jcmwwHwYDVR0jBBgwFoAUEWtHMzbZ6J21lhte76NAIq7eabYwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzc0NmUwMTExLWZhZmItNDMw
Zi1iNzc4LWQyMDRjZmNkOTlhOC8xODgwMDMyNC01MTUwLTQ5ODEtYTE0NC1iZGI4
MGU2YmNiN2MuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQApljVMFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBAGdRBefCrPu96wNbetXBhDp0YDJ3SBa4DZv1jBRWY/8JmCOlTf6vTkjX
t09+0IE51ZWWRQ9rK1DbYSrO/cruIYOlEsioRCPvjyl/ZjcfnsmO3zK6I63fniBs
jelqkPyvuBwLtMm7HKRdb2zjZjFbvVLTjJA+dm7I7ByHZWtOjq0WUsar+i5pAEQE
lfSmoL4i31o7xrrqVryznXz0RU2roz8I3Ij3ATXJXsPc3tadF4oP8YLg1qei9eQ9
5pUmrf0cceBNtfcCGeeIYtluRMN8v2pb+isJnnri/cfOby45RPgQ925dtopWhJQP
1htC/x4ZRaQY7I20MMPqAA1dooBej/0=
-----END CERTIFICATE-----