Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/29923da2-feca-37d9-a1ec-c479033cba85.roa
File:                     29923da2-feca-37d9-a1ec-c479033cba85.roa (raw, json)
Hash identifier:          Or7yirE//S5QOtY1ba542A3ZziB0pKo40MnZXf/llHo=
Subject key identifier:   A2:EC:34:A1:D3:4F:0B:AC:DF:C1:4E:A2:DC:4F:2A:5D:CE:27:60:83
Certificate issuer:       /CN=18800324-5150-4981-a144-bdb80e6bcb7c
Certificate serial:       010D0C9F432858457D13365A3B36DE7EA5A7DB10
Authority key identifier: 11:6B:47:33:36:D9:E8:9D:B5:96:1B:5E:EF:A3:40:22:AE:DE:69:B6
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/29923da2-feca-37d9-a1ec-c479033cba85.roa
Signing time:             Tue 09 Apr 2024 13:00:34 +0000
ROA not before:           Tue 09 Apr 2024 13:00:34 +0000
ROA not after:            Mon 08 Jul 2024 13:00:34 +0000
asID:                     149440
IP address blocks:        166.88.35.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:45:7d:13:36:5a:3b:36:de:7e:a5:a7:db:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18800324-5150-4981-a144-bdb80e6bcb7c
        Validity
            Not Before: Apr  9 13:00:34 2024 GMT
            Not After : Jul  8 13:00:34 2024 GMT
        Subject: CN=d064088a-0dd3-40bb-b141-3928c2f1a0be
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:da:2c:78:ad:60:eb:b2:d0:b5:36:40:63:ee:
                    d1:1d:6f:53:9c:95:a0:fd:28:19:4b:d1:59:f2:92:
                    7c:0c:76:fb:b7:3c:6e:80:b6:6b:7a:85:ff:20:6f:
                    85:7e:eb:33:97:73:d3:c9:6c:2b:54:ed:61:e5:31:
                    6f:bd:13:fe:e8:64:ad:0b:57:d7:88:a6:3d:95:88:
                    08:dc:43:05:94:aa:2c:3e:05:07:3f:36:3d:b9:9d:
                    08:fb:33:76:cd:da:ca:d9:a1:f7:a2:10:f9:a9:46:
                    8b:f1:1d:d1:8a:28:ba:9f:ef:1b:67:a3:dc:05:a4:
                    3b:64:cc:c9:33:b6:68:bd:97:fa:f1:17:0d:9f:b6:
                    2b:9d:2e:37:75:7a:85:fa:42:8a:0d:af:4b:fa:6b:
                    f2:2c:75:95:e0:8a:f5:67:dc:ed:b7:47:3e:b3:f6:
                    76:ef:7a:93:23:58:34:9b:87:5d:35:58:99:94:c1:
                    c4:d9:77:43:fc:48:c2:96:97:0e:1d:4d:93:63:22:
                    e4:9e:67:7c:d7:3b:ac:e8:c5:dd:29:eb:59:b0:42:
                    c8:f8:32:84:99:75:37:7f:d0:28:27:14:19:c9:52:
                    fb:f2:4f:71:f8:1e:df:0d:9f:46:09:74:a1:a8:25:
                    d5:2c:57:3f:b2:eb:bd:50:16:f5:f1:8d:ca:53:24:
                    cd:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:EC:34:A1:D3:4F:0B:AC:DF:C1:4E:A2:DC:4F:2A:5D:CE:27:60:83
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/29923da2-feca-37d9-a1ec-c479033cba85.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/18800324-5150-4981-a144-bdb80e6bcb7c.crl

            X509v3 Authority Key Identifier:
                keyid:11:6B:47:33:36:D9:E8:9D:B5:96:1B:5E:EF:A3:40:22:AE:DE:69:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  166.88.35.0/24

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         7e:21:20:67:9a:47:eb:d9:d9:53:71:8c:c4:2d:c3:2e:77:0c:
         58:da:ca:5d:6f:1f:42:f1:40:32:5c:7d:b8:e6:b5:99:c7:68:
         c7:4b:2e:40:bf:6c:74:2c:da:e4:40:ad:7e:d0:27:28:7c:cb:
         ef:69:44:99:20:34:eb:49:4f:d8:9e:72:8b:f5:1f:5b:4d:5d:
         96:ec:82:5a:8f:b5:9f:09:a4:a2:c3:a5:f3:fd:e2:0a:01:bb:
         2c:ab:13:a7:e9:4d:d5:a1:3d:2c:7a:7b:84:6c:ed:a2:13:79:
         21:1a:1b:35:ce:e7:b4:91:15:a5:59:15:f8:fc:ec:f6:f8:69:
         3e:57:70:07:7f:ce:73:26:32:4b:e1:b9:61:bc:59:65:4b:dd:
         ca:f6:7c:ba:59:d4:f4:d9:e5:e4:60:ce:8f:0e:8e:78:99:17:
         3c:9f:0e:66:f4:e4:0d:d8:3e:a0:5f:83:93:1c:7f:51:49:ae:
         4b:e4:28:3f:1a:64:f9:e1:a1:96:38:15:5c:f6:6a:83:bf:6b:
         db:d8:49:a8:e9:e8:96:59:31:af:65:55:b9:6e:b1:00:c0:67:
         48:ea:52:07:e3:8c:cb:26:29:6b:15:d0:36:b2:62:a7:e1:91:
         1b:61:29:71:0d:fc:de:4a:88:4e:b7:dc:74:1e:98:d1:9c:ad:
         0a:a0:ff:51
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWEV9EzZaOzbefqWn2xAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkMTg4MDAzMjQtNTE1MC00OTgxLWExNDQtYmRiODBlNmJj
YjdjMB4XDTI0MDQwOTEzMDAzNFoXDTI0MDcwODEzMDAzNFowLzEtMCsGA1UEAxMk
ZDA2NDA4OGEtMGRkMy00MGJiLWIxNDEtMzkyOGMyZjFhMGJlMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu9oseK1g67LQtTZAY+7RHW9TnJWg/SgZS9FZ
8pJ8DHb7tzxugLZreoX/IG+Ffuszl3PTyWwrVO1h5TFvvRP+6GStC1fXiKY9lYgI
3EMFlKosPgUHPzY9uZ0I+zN2zdrK2aH3ohD5qUaL8R3Riii6n+8bZ6PcBaQ7ZMzJ
M7ZovZf68RcNn7YrnS43dXqF+kKKDa9L+mvyLHWV4Ir1Z9ztt0c+s/Z273qTI1g0
m4ddNViZlMHE2XdD/EjClpcOHU2TYyLknmd81zus6MXdKetZsELI+DKEmXU3f9Ao
JxQZyVL78k9x+B7fDZ9GCXShqCXVLFc/suu9UBb18Y3KUyTNSQIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFKLsNKHTTwus38FOotxPKl3OJ2CDMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzc0NmUwMTExLWZhZmItNDMwZi1iNzc4LWQyMDRjZmNkOTlhOC8xODgw
MDMyNC01MTUwLTQ5ODEtYTE0NC1iZGI4MGU2YmNiN2MvMjk5MjNkYTItZmVjYS0z
N2Q5LWExZWMtYzQ3OTAzM2NiYTg1LnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy83NDZlMDExMS1m
YWZiLTQzMGYtYjc3OC1kMjA0Y2ZjZDk5YTgvMTg4MDAzMjQtNTE1MC00OTgxLWEx
NDQtYmRiODBlNmJjYjdjLzE4ODAwMzI0LTUxNTAtNDk4MS1hMTQ0LWJkYjgwZTZi
Y2I3Yy5jcmwwHwYDVR0jBBgwFoAUEWtHMzbZ6J21lhte76NAIq7eabYwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzc0NmUwMTExLWZhZmItNDMw
Zi1iNzc4LWQyMDRjZmNkOTlhOC8xODgwMDMyNC01MTUwLTQ5ODEtYTE0NC1iZGI4
MGU2YmNiN2MuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAplgjMFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBAH4hIGeaR+vZ2VNxjMQtwy53DFjayl1vH0LxQDJcfbjmtZnHaMdLLkC/
bHQs2uRArX7QJyh8y+9pRJkgNOtJT9iecov1H1tNXZbsglqPtZ8JpKLDpfP94goB
uyyrE6fpTdWhPSx6e4Rs7aITeSEaGzXO57SRFaVZFfj87Pb4aT5XcAd/znMmMkvh
uWG8WWVL3cr2fLpZ1PTZ5eRgzo8OjniZFzyfDmb05A3YPqBfg5Mcf1FJrkvkKD8a
ZPnhoZY4FVz2aoO/a9vYSajp6JZZMa9lVblusQDAZ0jqUgfjjMsmKWsV0DayYqfh
kRthKXEN/N5KiE633HQemNGcrQqg/1E=
-----END CERTIFICATE-----