Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/2d25e51e-138b-37b5-bfdb-45423e074a96.roa
File:                     2d25e51e-138b-37b5-bfdb-45423e074a96.roa (raw, json)
Hash identifier:          9emFXDd6y9lw7cAq96lKXMvBc7wB2DyTWWYWSkg3XhA=
Subject key identifier:   4D:AB:9F:91:6F:23:D3:04:C9:16:51:76:04:B8:35:D9:A0:02:3D:13
Certificate issuer:       /CN=18800324-5150-4981-a144-bdb80e6bcb7c
Certificate serial:       010D0C9F432858451A158895B2A589151166B640
Authority key identifier: 11:6B:47:33:36:D9:E8:9D:B5:96:1B:5E:EF:A3:40:22:AE:DE:69:B6
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/2d25e51e-138b-37b5-bfdb-45423e074a96.roa
Signing time:             Tue 05 Mar 2024 02:00:26 +0000
ROA not before:           Tue 05 Mar 2024 02:00:26 +0000
ROA not after:            Mon 03 Jun 2024 01:00:26 +0000
asID:                     18530
IP address blocks:        23.27.56.0/21 maxlen: 21

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:45:1a:15:88:95:b2:a5:89:15:11:66:b6:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18800324-5150-4981-a144-bdb80e6bcb7c
        Validity
            Not Before: Mar  5 02:00:26 2024 GMT
            Not After : Jun  3 01:00:26 2024 GMT
        Subject: CN=19b8eeb8-cf06-46f2-8f3c-430893025eaf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:7b:34:f2:d9:0d:57:7c:05:2c:19:41:8f:37:
                    6b:03:01:4b:52:80:1d:e9:17:85:80:45:74:39:d0:
                    2c:41:97:66:9e:e2:45:61:43:61:6f:ab:a7:53:ae:
                    13:f9:4e:52:dd:95:25:6d:8c:7c:5f:31:5b:7e:66:
                    ae:b0:27:03:37:da:63:e2:80:31:b0:2b:7f:05:9c:
                    57:45:c7:99:76:55:42:f2:b4:89:57:48:25:bf:0e:
                    24:d0:6c:97:35:d7:7f:9d:f3:3f:61:ed:66:fb:ca:
                    79:1a:64:a0:68:4d:17:16:0f:c5:ba:cc:d2:03:08:
                    0b:6d:8f:a8:14:25:15:24:b8:5e:68:ef:70:bc:e4:
                    e0:a2:5f:0e:52:ee:60:d5:11:eb:be:b9:10:d9:5a:
                    01:fe:d9:b1:97:1a:0c:c6:dc:3c:dd:cb:d6:42:cf:
                    b9:d8:9b:04:18:07:e9:94:20:b2:80:c7:64:eb:f4:
                    fc:37:79:94:28:ff:d7:6f:08:71:a3:63:d4:59:81:
                    43:49:e3:ee:13:4f:96:4b:6c:94:04:47:7c:9d:0a:
                    96:f2:65:bf:11:ec:a4:cc:bc:4f:29:f9:68:88:ea:
                    6f:f6:94:ce:ed:8d:74:6b:e9:0b:dd:67:1b:cc:4c:
                    33:d4:e4:9a:81:7b:26:31:a9:b7:9b:ef:3c:11:61:
                    fc:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:AB:9F:91:6F:23:D3:04:C9:16:51:76:04:B8:35:D9:A0:02:3D:13
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/2d25e51e-138b-37b5-bfdb-45423e074a96.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/18800324-5150-4981-a144-bdb80e6bcb7c.crl

            X509v3 Authority Key Identifier:
                keyid:11:6B:47:33:36:D9:E8:9D:B5:96:1B:5E:EF:A3:40:22:AE:DE:69:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.27.56.0/21

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         78:ea:87:57:48:e4:55:c3:eb:91:d5:7b:cf:7e:64:b7:50:4e:
         16:df:96:7e:ed:ad:1e:8b:e5:a7:67:1b:98:b8:71:07:95:2a:
         41:cc:e4:1a:74:c4:2a:fa:cb:d8:03:bc:bf:b2:62:77:fa:66:
         2b:dd:f9:be:5f:15:6d:e8:55:88:f4:55:13:89:0f:9a:81:3e:
         92:9d:2f:3c:c9:52:6c:28:59:31:f9:53:1b:05:82:82:dd:b5:
         7d:ea:52:16:cd:92:05:ef:79:f8:a1:74:21:59:2f:7b:42:cd:
         bf:73:0c:82:92:c0:aa:a0:a2:db:47:83:cd:e6:be:df:ed:c2:
         2d:5e:5c:be:f0:bc:c9:44:80:27:d6:dd:af:f9:b8:1d:98:39:
         85:b4:13:69:4f:a8:bc:71:89:27:27:74:04:1d:9b:17:a5:93:
         f2:3a:c1:64:2e:47:77:80:6c:e5:f7:7b:2b:cc:0d:50:42:ae:
         98:9c:57:8e:26:0f:90:43:34:90:67:20:6c:55:31:3c:e0:2c:
         b3:fa:46:aa:d4:02:df:aa:16:3e:bf:6f:96:73:d5:71:50:87:
         cd:12:24:48:7c:87:29:da:d8:ef:ad:a7:50:3f:0a:60:2e:92:
         a7:94:01:02:28:89:40:de:5a:ae:fb:e2:f7:fd:2a:bf:d4:5a:
         b9:cf:dd:ce
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWEUaFYiVsqWJFRFmtkAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkMTg4MDAzMjQtNTE1MC00OTgxLWExNDQtYmRiODBlNmJj
YjdjMB4XDTI0MDMwNTAyMDAyNloXDTI0MDYwMzAxMDAyNlowLzEtMCsGA1UEAxMk
MTliOGVlYjgtY2YwNi00NmYyLThmM2MtNDMwODkzMDI1ZWFmMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz3s08tkNV3wFLBlBjzdrAwFLUoAd6ReFgEV0
OdAsQZdmnuJFYUNhb6unU64T+U5S3ZUlbYx8XzFbfmausCcDN9pj4oAxsCt/BZxX
RceZdlVC8rSJV0glvw4k0GyXNdd/nfM/Ye1m+8p5GmSgaE0XFg/FuszSAwgLbY+o
FCUVJLheaO9wvOTgol8OUu5g1RHrvrkQ2VoB/tmxlxoMxtw83cvWQs+52JsEGAfp
lCCygMdk6/T8N3mUKP/Xbwhxo2PUWYFDSePuE0+WS2yUBEd8nQqW8mW/EeykzLxP
KfloiOpv9pTO7Y10a+kL3WcbzEwz1OSagXsmMam3m+88EWH8awIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFE2rn5FvI9MEyRZRdgS4NdmgAj0TMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzc0NmUwMTExLWZhZmItNDMwZi1iNzc4LWQyMDRjZmNkOTlhOC8xODgw
MDMyNC01MTUwLTQ5ODEtYTE0NC1iZGI4MGU2YmNiN2MvMmQyNWU1MWUtMTM4Yi0z
N2I1LWJmZGItNDU0MjNlMDc0YTk2LnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy83NDZlMDExMS1m
YWZiLTQzMGYtYjc3OC1kMjA0Y2ZjZDk5YTgvMTg4MDAzMjQtNTE1MC00OTgxLWEx
NDQtYmRiODBlNmJjYjdjLzE4ODAwMzI0LTUxNTAtNDk4MS1hMTQ0LWJkYjgwZTZi
Y2I3Yy5jcmwwHwYDVR0jBBgwFoAUEWtHMzbZ6J21lhte76NAIq7eabYwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzc0NmUwMTExLWZhZmItNDMw
Zi1iNzc4LWQyMDRjZmNkOTlhOC8xODgwMDMyNC01MTUwLTQ5ODEtYTE0NC1iZGI4
MGU2YmNiN2MuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDFxs4MFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBAHjqh1dI5FXD65HVe89+ZLdQThbfln7trR6L5adnG5i4cQeVKkHM5Bp0
xCr6y9gDvL+yYnf6Zivd+b5fFW3oVYj0VROJD5qBPpKdLzzJUmwoWTH5UxsFgoLd
tX3qUhbNkgXvefihdCFZL3tCzb9zDIKSwKqgottHg83mvt/twi1eXL7wvMlEgCfW
3a/5uB2YOYW0E2lPqLxxiScndAQdmxelk/I6wWQuR3eAbOX3eyvMDVBCrpicV44m
D5BDNJBnIGxVMTzgLLP6RqrUAt+qFj6/b5Zz1XFQh80SJEh8hyna2O+tp1A/CmAu
kqeUAQIoiUDeWq774vf9Kr/UWrnP3c4=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:42:05 2024 by rpki-client on console-ams.rpki-client.org