Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/42235ec8-cf83-3813-a94f-3c3c00f289bd.roa
File:                     42235ec8-cf83-3813-a94f-3c3c00f289bd.roa (raw, json)
Hash identifier:          EdQjdxcJxhXWjVPedl11eGgjnQ1STRHz+p0QVDi3BLU=
Subject key identifier:   3F:B6:B2:0E:2E:AF:98:27:8E:C5:FB:9F:A7:64:84:A0:12:64:6F:D0
Certificate issuer:       /CN=18800324-5150-4981-a144-bdb80e6bcb7c
Certificate serial:       010D0C9F43285845777DCFAE449114108031F400
Authority key identifier: 11:6B:47:33:36:D9:E8:9D:B5:96:1B:5E:EF:A3:40:22:AE:DE:69:B6
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/42235ec8-cf83-3813-a94f-3c3c00f289bd.roa
Signing time:             Sun 07 Apr 2024 13:00:32 +0000
ROA not before:           Sun 07 Apr 2024 13:00:32 +0000
ROA not after:            Sat 06 Jul 2024 13:00:32 +0000
asID:                     149440
IP address blocks:        166.88.167.0/24 maxlen: 24
                          205.164.28.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:45:77:7d:cf:ae:44:91:14:10:80:31:f4:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18800324-5150-4981-a144-bdb80e6bcb7c
        Validity
            Not Before: Apr  7 13:00:32 2024 GMT
            Not After : Jul  6 13:00:32 2024 GMT
        Subject: CN=6ece54b0-98b0-4baf-9cab-74bf021232a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:e4:b7:f3:c4:5c:36:af:1a:b8:d0:15:e0:b2:
                    ff:47:60:45:19:cd:cb:c1:69:cb:d6:0b:bd:df:c2:
                    85:1a:4c:ea:89:7a:fd:0a:62:ba:7c:c3:6e:47:bf:
                    ce:fe:ad:fe:bb:cd:19:ee:8b:ad:42:a4:26:73:61:
                    50:72:3e:f7:d4:b6:b4:d0:d8:f8:35:b4:00:5f:51:
                    4d:77:2d:bc:a8:2e:14:3f:02:60:ab:17:87:39:50:
                    f0:53:13:cd:a7:04:df:22:4c:45:1c:9a:1e:0f:70:
                    fe:88:b2:7e:48:26:6b:63:68:7b:8d:b8:43:9a:9b:
                    9f:a2:c2:64:39:8e:b5:e8:6d:da:45:df:37:48:25:
                    c7:4a:04:07:b7:32:26:a5:a5:67:91:5c:f6:a8:a1:
                    cf:5b:4d:60:75:03:1b:99:4d:6f:c5:88:55:89:f0:
                    74:0d:61:31:10:04:a9:a3:8f:e5:f1:ce:57:b1:58:
                    67:d1:47:70:73:75:f3:33:58:56:70:c6:f6:6b:0e:
                    f8:f4:e5:7e:b9:72:35:a5:e9:7f:a1:fd:4f:5f:cb:
                    8e:6a:a7:99:83:f7:ce:8b:63:ce:ee:a7:d5:e3:5c:
                    80:29:ff:6b:97:e7:6b:a2:cc:fa:b7:61:15:8d:78:
                    dd:7a:06:ee:6c:b4:0b:06:38:68:43:42:0d:53:8c:
                    f0:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:B6:B2:0E:2E:AF:98:27:8E:C5:FB:9F:A7:64:84:A0:12:64:6F:D0
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/42235ec8-cf83-3813-a94f-3c3c00f289bd.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/18800324-5150-4981-a144-bdb80e6bcb7c.crl

            X509v3 Authority Key Identifier:
                keyid:11:6B:47:33:36:D9:E8:9D:B5:96:1B:5E:EF:A3:40:22:AE:DE:69:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  166.88.167.0/24
                  205.164.28.0/24

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         09:cf:88:fc:b0:c0:4f:6b:19:e4:e8:3b:41:05:bd:46:32:94:
         b6:31:19:3b:88:e6:00:e5:56:d0:c8:0f:3c:3d:52:ea:ef:85:
         7e:6d:2e:47:74:be:34:a6:6d:52:85:f8:a2:cb:e7:6b:62:46:
         f8:e0:e8:bf:39:3e:46:df:37:54:6d:bd:d8:5f:43:d2:7f:97:
         a1:9e:b1:2d:26:63:00:32:ed:b9:59:95:69:c2:c1:3c:58:11:
         42:fe:eb:f9:17:0c:1a:d2:48:80:86:02:71:3f:b7:1f:b2:64:
         23:e3:14:12:1c:d7:0c:d5:2e:dd:b8:53:5c:bc:6d:64:41:fa:
         56:bf:cf:45:ad:c2:11:d5:1f:44:a7:24:52:58:b3:d1:5c:73:
         81:3d:18:10:13:c9:f1:ef:c0:67:7f:7f:5a:c9:8e:e7:69:a5:
         c5:0b:b0:71:b8:aa:e2:7d:32:d6:ec:7b:99:22:39:68:4b:81:
         45:67:b1:35:9f:05:8c:61:7e:46:31:a6:20:17:2b:1f:34:a2:
         1d:09:fb:b0:ef:69:28:35:3b:e8:c1:a8:55:38:7a:c6:3f:a7:
         78:0f:fe:54:14:fe:d4:60:c1:34:ed:10:65:17:92:94:97:e9:
         53:b5:2e:96:53:b4:a2:b3:90:0b:1b:a6:31:51:27:39:e3:59:
         d0:b9:76:c9
-----BEGIN CERTIFICATE-----
MIIGSTCCBTGgAwIBAgIUAQ0Mn0MoWEV3fc+uRJEUEIAx9AAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkMTg4MDAzMjQtNTE1MC00OTgxLWExNDQtYmRiODBlNmJj
YjdjMB4XDTI0MDQwNzEzMDAzMloXDTI0MDcwNjEzMDAzMlowLzEtMCsGA1UEAxMk
NmVjZTU0YjAtOThiMC00YmFmLTljYWItNzRiZjAyMTIzMmEzMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwuS388RcNq8auNAV4LL/R2BFGc3LwWnL1gu9
38KFGkzqiXr9CmK6fMNuR7/O/q3+u80Z7outQqQmc2FQcj731La00Nj4NbQAX1FN
dy28qC4UPwJgqxeHOVDwUxPNpwTfIkxFHJoeD3D+iLJ+SCZrY2h7jbhDmpufosJk
OY616G3aRd83SCXHSgQHtzImpaVnkVz2qKHPW01gdQMbmU1vxYhVifB0DWExEASp
o4/l8c5XsVhn0Udwc3XzM1hWcMb2aw749OV+uXI1pel/of1PX8uOaqeZg/fOi2PO
7qfV41yAKf9rl+drosz6t2EVjXjdegbubLQLBjhoQ0INU4zwCQIDAQABo4IDWzCC
A1cwHQYDVR0OBBYEFD+2sg4ur5gnjsX7n6dkhKASZG/QMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzc0NmUwMTExLWZhZmItNDMwZi1iNzc4LWQyMDRjZmNkOTlhOC8xODgw
MDMyNC01MTUwLTQ5ODEtYTE0NC1iZGI4MGU2YmNiN2MvNDIyMzVlYzgtY2Y4My0z
ODEzLWE5NGYtM2MzYzAwZjI4OWJkLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy83NDZlMDExMS1m
YWZiLTQzMGYtYjc3OC1kMjA0Y2ZjZDk5YTgvMTg4MDAzMjQtNTE1MC00OTgxLWEx
NDQtYmRiODBlNmJjYjdjLzE4ODAwMzI0LTUxNTAtNDk4MS1hMTQ0LWJkYjgwZTZi
Y2I3Yy5jcmwwHwYDVR0jBBgwFoAUEWtHMzbZ6J21lhte76NAIq7eabYwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzc0NmUwMTExLWZhZmItNDMw
Zi1iNzc4LWQyMDRjZmNkOTlhOC8xODgwMDMyNC01MTUwLTQ5ODEtYTE0NC1iZGI4
MGU2YmNiN2MuY2VyMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAplinAwQA
zaQcMFQGA1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0
cHM6Ly93d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZI
hvcNAQELBQADggEBAAnPiPywwE9rGeToO0EFvUYylLYxGTuI5gDlVtDIDzw9Uurv
hX5tLkd0vjSmbVKF+KLL52tiRvjg6L85PkbfN1RtvdhfQ9J/l6GesS0mYwAy7blZ
lWnCwTxYEUL+6/kXDBrSSICGAnE/tx+yZCPjFBIc1wzVLt24U1y8bWRB+la/z0Wt
whHVH0SnJFJYs9Fcc4E9GBATyfHvwGd/f1rJjudppcULsHG4quJ9Mtbse5kiOWhL
gUVnsTWfBYxhfkYxpiAXKx80oh0J+7DvaSg1O+jBqFU4esY/p3gP/lQU/tRgwTTt
EGUXkpSX6VO1LpZTtKKzkAsbpjFRJznjWdC5dsk=
-----END CERTIFICATE-----