Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/3676a356-266f-3613-b9b3-62edcc835437.roa
File:                     3676a356-266f-3613-b9b3-62edcc835437.roa (raw, json)
Hash identifier:          fkJwjM4HThltNF3nDSQL6wLAFVEn7jO4U2iHbP0rw4g=
Subject key identifier:   88:86:29:2A:0A:E4:FB:68:B6:9C:E6:1B:1A:96:E6:50:2B:CE:C7:97
Certificate issuer:       /CN=18800324-5150-4981-a144-bdb80e6bcb7c
Certificate serial:       010D0C9F432858455FC2DD1FBFBA6FA668AA7880
Authority key identifier: 11:6B:47:33:36:D9:E8:9D:B5:96:1B:5E:EF:A3:40:22:AE:DE:69:B6
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/3676a356-266f-3613-b9b3-62edcc835437.roa
Signing time:             Sat 30 Mar 2024 01:00:26 +0000
ROA not before:           Sat 30 Mar 2024 01:00:26 +0000
ROA not after:            Fri 28 Jun 2024 01:00:26 +0000
asID:                     209854
IP address blocks:        166.88.137.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:45:5f:c2:dd:1f:bf:ba:6f:a6:68:aa:78:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18800324-5150-4981-a144-bdb80e6bcb7c
        Validity
            Not Before: Mar 30 01:00:26 2024 GMT
            Not After : Jun 28 01:00:26 2024 GMT
        Subject: CN=31541d4a-fa55-48e1-9de4-4dd8d94f7b11
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:9d:26:ae:50:bb:73:d4:fb:e1:ef:f4:b1:4d:
                    24:43:86:99:0f:ee:01:04:20:b1:50:8a:42:21:fc:
                    55:42:10:72:b3:10:a2:4b:aa:44:d2:cc:ee:3e:dd:
                    d3:20:75:92:1c:0a:d9:ad:f6:2d:7f:f5:80:4e:b5:
                    2e:a3:22:51:4c:cb:6e:0c:04:2e:95:21:2f:78:01:
                    f4:24:6d:58:55:0d:05:93:fd:3f:9a:ad:c2:1b:37:
                    62:20:17:2d:55:35:e6:28:85:f2:d0:9b:e6:30:46:
                    e0:19:36:45:22:55:fc:3b:14:74:c5:b3:3e:e9:f3:
                    0e:b1:cb:07:0f:61:cb:e0:52:62:16:b8:f0:aa:32:
                    07:e7:cd:db:21:c9:26:97:69:2c:10:37:66:e0:3f:
                    ff:a9:06:f7:d0:78:4e:2b:c5:e9:4c:dd:bd:4d:bd:
                    ec:54:30:b6:13:eb:14:39:2e:b7:5b:1e:9a:79:57:
                    55:77:de:c4:4f:fe:0b:aa:b7:20:81:14:d1:af:dd:
                    c9:c8:d7:2a:73:ab:16:f7:aa:03:0e:ab:db:3c:92:
                    81:b4:e0:cb:ba:84:bb:9e:c2:26:d6:6f:00:c9:20:
                    31:45:d1:6e:ce:4b:e9:f0:4e:f9:db:78:d9:c4:25:
                    d8:40:6a:45:67:39:c7:2b:bd:56:31:c7:2a:f6:09:
                    ec:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:86:29:2A:0A:E4:FB:68:B6:9C:E6:1B:1A:96:E6:50:2B:CE:C7:97
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/3676a356-266f-3613-b9b3-62edcc835437.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/18800324-5150-4981-a144-bdb80e6bcb7c.crl

            X509v3 Authority Key Identifier:
                keyid:11:6B:47:33:36:D9:E8:9D:B5:96:1B:5E:EF:A3:40:22:AE:DE:69:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  166.88.137.0/24

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         69:9c:f2:2c:4f:ee:18:d8:2f:48:54:c6:66:e4:ab:60:bb:85:
         fa:d7:45:fa:da:54:91:64:43:e3:fa:48:e8:69:82:63:d1:f6:
         c0:b1:ec:59:be:16:c4:5e:06:99:4c:7f:79:83:18:81:8c:64:
         5a:8a:d8:7f:57:59:2b:6e:25:28:32:66:15:45:ef:2a:31:b6:
         a5:5e:30:57:bc:b4:4d:05:09:d6:c3:8b:4d:8d:e5:7e:24:07:
         40:ca:c6:7f:5e:f6:eb:73:f7:07:67:92:f3:48:90:c4:00:5a:
         c3:06:89:86:95:ac:08:e6:43:24:cb:2e:35:20:73:a4:7a:75:
         b1:8e:ec:02:74:90:6f:a1:87:75:0f:08:73:45:ba:cc:40:d0:
         34:a5:09:9e:8b:5f:ff:c6:73:e2:cf:f8:af:45:e1:34:4a:b0:
         89:e7:58:5c:c8:ab:30:4d:30:11:38:d0:4c:cc:23:be:79:63:
         f7:64:2a:24:57:19:a6:07:f2:20:c8:32:67:ea:1f:f0:a9:f9:
         a2:58:86:d6:cd:a3:9b:a9:0f:3d:8e:6e:57:31:05:7a:e6:98:
         83:e4:0b:01:e8:ac:66:28:49:21:39:3b:2a:3a:f5:c9:76:4c:
         b8:c6:95:db:3d:b4:04:39:45:b6:3c:95:4a:cf:ef:dc:8b:cc:
         99:fd:11:80
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWEVfwt0fv7pvpmiqeIAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkMTg4MDAzMjQtNTE1MC00OTgxLWExNDQtYmRiODBlNmJj
YjdjMB4XDTI0MDMzMDAxMDAyNloXDTI0MDYyODAxMDAyNlowLzEtMCsGA1UEAxMk
MzE1NDFkNGEtZmE1NS00OGUxLTlkZTQtNGRkOGQ5NGY3YjExMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiZ0mrlC7c9T74e/0sU0kQ4aZD+4BBCCxUIpC
IfxVQhBysxCiS6pE0szuPt3TIHWSHArZrfYtf/WATrUuoyJRTMtuDAQulSEveAH0
JG1YVQ0Fk/0/mq3CGzdiIBctVTXmKIXy0JvmMEbgGTZFIlX8OxR0xbM+6fMOscsH
D2HL4FJiFrjwqjIH583bIckml2ksEDdm4D//qQb30HhOK8XpTN29Tb3sVDC2E+sU
OS63Wx6aeVdVd97ET/4LqrcggRTRr93JyNcqc6sW96oDDqvbPJKBtODLuoS7nsIm
1m8AySAxRdFuzkvp8E7523jZxCXYQGpFZznHK71WMccq9gnsYQIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFIiGKSoK5PtotpzmGxqW5lArzseXMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzc0NmUwMTExLWZhZmItNDMwZi1iNzc4LWQyMDRjZmNkOTlhOC8xODgw
MDMyNC01MTUwLTQ5ODEtYTE0NC1iZGI4MGU2YmNiN2MvMzY3NmEzNTYtMjY2Zi0z
NjEzLWI5YjMtNjJlZGNjODM1NDM3LnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy83NDZlMDExMS1m
YWZiLTQzMGYtYjc3OC1kMjA0Y2ZjZDk5YTgvMTg4MDAzMjQtNTE1MC00OTgxLWEx
NDQtYmRiODBlNmJjYjdjLzE4ODAwMzI0LTUxNTAtNDk4MS1hMTQ0LWJkYjgwZTZi
Y2I3Yy5jcmwwHwYDVR0jBBgwFoAUEWtHMzbZ6J21lhte76NAIq7eabYwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzc0NmUwMTExLWZhZmItNDMw
Zi1iNzc4LWQyMDRjZmNkOTlhOC8xODgwMDMyNC01MTUwLTQ5ODEtYTE0NC1iZGI4
MGU2YmNiN2MuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQApliJMFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBAGmc8ixP7hjYL0hUxmbkq2C7hfrXRfraVJFkQ+P6SOhpgmPR9sCx7Fm+
FsReBplMf3mDGIGMZFqK2H9XWStuJSgyZhVF7yoxtqVeMFe8tE0FCdbDi02N5X4k
B0DKxn9e9utz9wdnkvNIkMQAWsMGiYaVrAjmQyTLLjUgc6R6dbGO7AJ0kG+hh3UP
CHNFusxA0DSlCZ6LX//Gc+LP+K9F4TRKsInnWFzIqzBNMBE40EzMI755Y/dkKiRX
GaYH8iDIMmfqH/Cp+aJYhtbNo5upDz2OblcxBXrmmIPkCwHorGYoSSE5Oyo69cl2
TLjGlds9tAQ5RbY8lUrP79yLzJn9EYA=
-----END CERTIFICATE-----