Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/41da0b40-075f-301b-b6c9-e6044cb758f5.roa
File:                     41da0b40-075f-301b-b6c9-e6044cb758f5.roa (raw, json)
Hash identifier:          Bl85ZR43V56Da+yxC3BfqR25vowOeo7G8fn6dDTExTI=
Subject key identifier:   04:54:3D:AC:7C:19:9B:DD:C7:68:C0:C9:DD:C8:7D:BD:62:0D:0B:3A
Certificate issuer:       /CN=18800324-5150-4981-a144-bdb80e6bcb7c
Certificate serial:       010D0C9F432858453318029C68A084503C05A0E0
Authority key identifier: 11:6B:47:33:36:D9:E8:9D:B5:96:1B:5E:EF:A3:40:22:AE:DE:69:B6
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/41da0b40-075f-301b-b6c9-e6044cb758f5.roa
Signing time:             Thu 14 Mar 2024 01:00:25 +0000
ROA not before:           Thu 14 Mar 2024 01:00:25 +0000
ROA not after:            Wed 12 Jun 2024 01:00:25 +0000
asID:                     23338
IP address blocks:        23.27.160.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:45:33:18:02:9c:68:a0:84:50:3c:05:a0:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18800324-5150-4981-a144-bdb80e6bcb7c
        Validity
            Not Before: Mar 14 01:00:25 2024 GMT
            Not After : Jun 12 01:00:25 2024 GMT
        Subject: CN=7b746d88-d65b-4af3-b927-8a9d363d8cb3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:0a:11:ba:a8:e8:45:24:fd:71:3f:7e:07:04:
                    52:10:c1:96:4b:a8:e5:c0:35:7b:71:cd:27:51:40:
                    29:47:b8:ca:fc:d4:f5:17:0c:72:c8:c8:23:db:f9:
                    54:a1:d4:92:95:45:22:ea:cc:51:9c:b1:4e:15:54:
                    d1:d4:1b:fa:dd:07:1e:e2:22:a0:2e:ea:4c:f0:40:
                    04:b2:d2:10:ca:f8:70:71:0c:e7:2e:04:8c:6a:27:
                    69:d7:68:8e:46:ef:3a:65:94:e8:93:e6:79:f5:2f:
                    82:88:fe:18:29:f2:3a:72:dc:a2:5c:cc:a0:fd:87:
                    39:cc:0d:93:7e:25:c0:65:84:a8:4d:f7:47:a7:c4:
                    9d:99:79:02:2f:91:e9:d5:98:05:af:ea:5e:f2:97:
                    95:9d:14:67:e4:82:83:c5:66:1f:52:8f:2e:d3:d0:
                    c2:43:fa:e2:57:67:a1:a2:8f:bd:7b:b4:51:8b:b3:
                    aa:08:d4:29:46:fb:4f:0c:af:a7:48:b2:d1:8f:a6:
                    6e:38:ac:0a:db:52:3d:3e:d0:7a:c1:2d:9b:c0:56:
                    73:0a:11:17:3a:59:06:3b:45:f9:7a:f0:d1:97:89:
                    83:20:a9:80:17:85:e6:b1:9b:54:82:d7:93:ca:1e:
                    5c:c0:3a:f2:85:75:7f:87:95:90:d2:42:2d:f3:2f:
                    1a:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:54:3D:AC:7C:19:9B:DD:C7:68:C0:C9:DD:C8:7D:BD:62:0D:0B:3A
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/41da0b40-075f-301b-b6c9-e6044cb758f5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/18800324-5150-4981-a144-bdb80e6bcb7c.crl

            X509v3 Authority Key Identifier:
                keyid:11:6B:47:33:36:D9:E8:9D:B5:96:1B:5E:EF:A3:40:22:AE:DE:69:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.27.160.0/24

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         08:bb:d4:3c:d8:cf:a9:b4:25:91:1a:09:36:bf:3e:62:19:9e:
         82:3f:59:8c:03:2d:d4:96:27:55:62:e6:03:e0:6c:c3:11:90:
         e8:4c:25:be:71:b2:22:9d:ac:9b:ef:c2:fc:0f:c3:db:31:b9:
         a2:86:53:16:48:62:e3:21:c5:94:81:a9:90:87:f0:2f:f2:84:
         b6:37:62:03:da:3e:6f:d3:35:a5:93:48:81:28:a4:4a:e2:ae:
         67:ed:7f:d2:4e:db:f9:bd:d7:fc:27:56:cd:f8:52:3d:26:16:
         94:aa:59:c2:ea:8b:ba:0d:e8:49:fe:5d:a9:0e:ba:c0:76:3d:
         a0:ea:88:26:fd:80:ad:83:6e:70:e5:ad:95:e7:79:4e:f5:38:
         58:86:66:9f:e2:f9:66:05:33:b8:e6:65:63:f1:ce:05:13:de:
         be:fa:77:e2:d3:3b:2e:93:94:4b:6d:0c:65:50:3f:b0:ff:27:
         02:93:e8:04:9b:ab:02:c7:ac:b6:bc:3a:0b:3d:43:fa:9b:23:
         02:78:9b:a1:b0:15:86:86:90:dd:73:87:d6:d6:46:84:b5:11:
         47:b2:2d:81:0c:57:93:84:f3:99:a0:2b:87:76:84:49:79:b4:
         68:23:04:5f:11:8a:9b:91:8d:75:d5:1f:37:94:89:8f:dd:b4:
         37:4e:16:96
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWEUzGAKcaKCEUDwFoOAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkMTg4MDAzMjQtNTE1MC00OTgxLWExNDQtYmRiODBlNmJj
YjdjMB4XDTI0MDMxNDAxMDAyNVoXDTI0MDYxMjAxMDAyNVowLzEtMCsGA1UEAxMk
N2I3NDZkODgtZDY1Yi00YWYzLWI5MjctOGE5ZDM2M2Q4Y2IzMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlQoRuqjoRST9cT9+BwRSEMGWS6jlwDV7cc0n
UUApR7jK/NT1FwxyyMgj2/lUodSSlUUi6sxRnLFOFVTR1Bv63Qce4iKgLupM8EAE
stIQyvhwcQznLgSMaidp12iORu86ZZTok+Z59S+CiP4YKfI6ctyiXMyg/Yc5zA2T
fiXAZYSoTfdHp8SdmXkCL5Hp1ZgFr+pe8peVnRRn5IKDxWYfUo8u09DCQ/riV2eh
oo+9e7RRi7OqCNQpRvtPDK+nSLLRj6ZuOKwK21I9PtB6wS2bwFZzChEXOlkGO0X5
evDRl4mDIKmAF4XmsZtUgteTyh5cwDryhXV/h5WQ0kIt8y8aYwIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFARUPax8GZvdx2jAyd3Ifb1iDQs6MIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzc0NmUwMTExLWZhZmItNDMwZi1iNzc4LWQyMDRjZmNkOTlhOC8xODgw
MDMyNC01MTUwLTQ5ODEtYTE0NC1iZGI4MGU2YmNiN2MvNDFkYTBiNDAtMDc1Zi0z
MDFiLWI2YzktZTYwNDRjYjc1OGY1LnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy83NDZlMDExMS1m
YWZiLTQzMGYtYjc3OC1kMjA0Y2ZjZDk5YTgvMTg4MDAzMjQtNTE1MC00OTgxLWEx
NDQtYmRiODBlNmJjYjdjLzE4ODAwMzI0LTUxNTAtNDk4MS1hMTQ0LWJkYjgwZTZi
Y2I3Yy5jcmwwHwYDVR0jBBgwFoAUEWtHMzbZ6J21lhte76NAIq7eabYwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzc0NmUwMTExLWZhZmItNDMw
Zi1iNzc4LWQyMDRjZmNkOTlhOC8xODgwMDMyNC01MTUwLTQ5ODEtYTE0NC1iZGI4
MGU2YmNiN2MuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAFxugMFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBAAi71DzYz6m0JZEaCTa/PmIZnoI/WYwDLdSWJ1Vi5gPgbMMRkOhMJb5x
siKdrJvvwvwPw9sxuaKGUxZIYuMhxZSBqZCH8C/yhLY3YgPaPm/TNaWTSIEopEri
rmftf9JO2/m91/wnVs34Uj0mFpSqWcLqi7oN6En+XakOusB2PaDqiCb9gK2DbnDl
rZXneU71OFiGZp/i+WYFM7jmZWPxzgUT3r76d+LTOy6TlEttDGVQP7D/JwKT6ASb
qwLHrLa8Ogs9Q/qbIwJ4m6GwFYaGkN1zh9bWRoS1EUeyLYEMV5OE85mgK4d2hEl5
tGgjBF8RipuRjXXVHzeUiY/dtDdOFpY=
-----END CERTIFICATE-----