Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/4ff60f50-f857-3ddc-b7a9-c184aabe0fd2.roa
File:                     4ff60f50-f857-3ddc-b7a9-c184aabe0fd2.roa (raw, json)
Hash identifier:          k4fFdPGeuTsyX1uQddfgTOKAptQSnZMDMSYvaNivZa4=
Subject key identifier:   D0:41:86:91:1D:46:C2:21:80:BD:DB:4B:A3:67:D8:7C:0C:C0:1D:7B
Certificate issuer:       /CN=18800324-5150-4981-a144-bdb80e6bcb7c
Certificate serial:       010D0C9F43285844CAB8D24617EAE494F86DDC40
Authority key identifier: 11:6B:47:33:36:D9:E8:9D:B5:96:1B:5E:EF:A3:40:22:AE:DE:69:B6
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/4ff60f50-f857-3ddc-b7a9-c184aabe0fd2.roa
Signing time:             Mon 05 Feb 2024 15:44:49 +0000
ROA not before:           Mon 05 Feb 2024 15:44:49 +0000
ROA not after:            Sun 05 May 2024 14:44:49 +0000
asID:                     397630
IP address blocks:        23.27.240.0/24 maxlen: 24
                          45.39.72.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:44:ca:b8:d2:46:17:ea:e4:94:f8:6d:dc:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18800324-5150-4981-a144-bdb80e6bcb7c
        Validity
            Not Before: Feb  5 15:44:49 2024 GMT
            Not After : May  5 14:44:49 2024 GMT
        Subject: CN=97fac30f-bb80-41ec-8429-a53b8979df16
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:97:24:05:b2:3e:75:56:a2:31:31:5c:b7:01:
                    5e:ac:dd:87:76:00:42:14:be:b1:3b:c4:56:97:dc:
                    c5:36:e0:67:71:9d:aa:d8:a8:b0:53:15:e9:e8:2d:
                    c8:d4:f3:90:c6:fa:94:9f:1f:1c:df:9a:59:a2:31:
                    9c:3e:74:27:6c:62:34:ba:0c:60:ce:4e:f5:eb:cc:
                    d8:6c:dc:82:e3:a5:1a:2e:a4:57:61:56:13:e5:1d:
                    93:76:ce:ea:28:06:7b:62:ab:e7:42:68:01:de:00:
                    37:75:8e:21:45:98:9e:97:47:af:22:11:52:ea:76:
                    0b:94:58:7d:f0:d3:72:44:64:06:1e:1f:9c:05:18:
                    b7:23:4f:43:a9:3d:1b:c2:f9:36:fa:ed:b1:b1:1c:
                    84:52:d2:65:01:02:27:88:06:bb:fa:6d:20:7c:0d:
                    08:4f:c4:56:67:d0:a4:78:fd:79:e1:74:2d:7c:c6:
                    6f:22:30:34:a5:cb:30:c2:14:e6:e7:e9:1f:70:27:
                    f8:b5:5c:c5:52:cf:78:f8:9b:0d:ed:92:09:1f:a5:
                    92:00:5c:75:ce:03:c9:55:49:5a:f9:b5:29:dc:c3:
                    74:0b:9d:b8:66:b6:35:af:2c:a9:f9:dc:c0:70:ea:
                    da:88:ca:73:4e:02:30:2b:10:b0:e2:c6:eb:11:bc:
                    37:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:41:86:91:1D:46:C2:21:80:BD:DB:4B:A3:67:D8:7C:0C:C0:1D:7B
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/4ff60f50-f857-3ddc-b7a9-c184aabe0fd2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/18800324-5150-4981-a144-bdb80e6bcb7c.crl

            X509v3 Authority Key Identifier:
                keyid:11:6B:47:33:36:D9:E8:9D:B5:96:1B:5E:EF:A3:40:22:AE:DE:69:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.27.240.0/24
                  45.39.72.0/24

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         26:74:3a:4b:cc:cf:06:db:a4:ef:f5:0b:68:ff:53:56:e9:63:
         da:83:8b:bc:0a:bb:3e:3f:52:a1:27:aa:38:f0:1f:17:7f:1f:
         68:72:5e:02:d7:68:00:18:ad:5b:e6:26:a6:ec:29:79:1d:3b:
         09:16:d8:de:a7:6a:68:9d:35:69:dd:6e:4e:e9:65:cb:7f:85:
         d8:e8:bd:0a:f2:98:bb:69:47:35:1b:c2:05:3b:2c:d3:94:15:
         9a:54:90:45:38:e4:eb:65:b5:cb:37:9b:fd:14:57:f1:9f:28:
         de:05:38:63:1d:0f:ec:ac:47:99:0d:0e:b1:23:32:94:68:7b:
         7e:0a:84:ce:e4:07:75:43:6d:78:3a:87:2f:4c:cf:e5:7f:08:
         e3:bf:25:f9:2a:a2:39:4a:3f:c9:1c:83:30:53:29:1b:cb:ba:
         7f:51:f8:40:aa:76:0f:cb:49:0e:2b:32:62:0d:5b:80:91:66:
         27:91:96:7e:22:f3:38:b3:1b:63:8f:11:34:77:5c:b4:44:1a:
         28:d7:c1:c7:0b:5c:1b:96:ea:eb:58:87:a6:fc:1a:2c:0c:27:
         02:0a:12:20:6b:92:5d:e3:82:84:25:51:d8:45:98:99:5e:a4:
         ec:cd:50:b0:17:45:87:b2:0d:f3:98:10:20:a5:f2:f6:68:61:
         a4:2b:42:a5
-----BEGIN CERTIFICATE-----
MIIGSTCCBTGgAwIBAgIUAQ0Mn0MoWETKuNJGF+rklPht3EAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkMTg4MDAzMjQtNTE1MC00OTgxLWExNDQtYmRiODBlNmJj
YjdjMB4XDTI0MDIwNTE1NDQ0OVoXDTI0MDUwNTE0NDQ0OVowLzEtMCsGA1UEAxMk
OTdmYWMzMGYtYmI4MC00MWVjLTg0MjktYTUzYjg5NzlkZjE2MIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmpckBbI+dVaiMTFctwFerN2HdgBCFL6xO8RW
l9zFNuBncZ2q2KiwUxXp6C3I1POQxvqUnx8c35pZojGcPnQnbGI0ugxgzk7168zY
bNyC46UaLqRXYVYT5R2Tds7qKAZ7YqvnQmgB3gA3dY4hRZiel0evIhFS6nYLlFh9
8NNyRGQGHh+cBRi3I09DqT0bwvk2+u2xsRyEUtJlAQIniAa7+m0gfA0IT8RWZ9Ck
eP154XQtfMZvIjA0pcswwhTm5+kfcCf4tVzFUs94+JsN7ZIJH6WSAFx1zgPJVUla
+bUp3MN0C524ZrY1ryyp+dzAcOraiMpzTgIwKxCw4sbrEbw3kwIDAQABo4IDWzCC
A1cwHQYDVR0OBBYEFNBBhpEdRsIhgL3bS6Nn2HwMwB17MIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzc0NmUwMTExLWZhZmItNDMwZi1iNzc4LWQyMDRjZmNkOTlhOC8xODgw
MDMyNC01MTUwLTQ5ODEtYTE0NC1iZGI4MGU2YmNiN2MvNGZmNjBmNTAtZjg1Ny0z
ZGRjLWI3YTktYzE4NGFhYmUwZmQyLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy83NDZlMDExMS1m
YWZiLTQzMGYtYjc3OC1kMjA0Y2ZjZDk5YTgvMTg4MDAzMjQtNTE1MC00OTgxLWEx
NDQtYmRiODBlNmJjYjdjLzE4ODAwMzI0LTUxNTAtNDk4MS1hMTQ0LWJkYjgwZTZi
Y2I3Yy5jcmwwHwYDVR0jBBgwFoAUEWtHMzbZ6J21lhte76NAIq7eabYwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzc0NmUwMTExLWZhZmItNDMw
Zi1iNzc4LWQyMDRjZmNkOTlhOC8xODgwMDMyNC01MTUwLTQ5ODEtYTE0NC1iZGI4
MGU2YmNiN2MuY2VyMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAFxvwAwQA
LSdIMFQGA1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0
cHM6Ly93d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZI
hvcNAQELBQADggEBACZ0OkvMzwbbpO/1C2j/U1bpY9qDi7wKuz4/UqEnqjjwHxd/
H2hyXgLXaAAYrVvmJqbsKXkdOwkW2N6namidNWndbk7pZct/hdjovQrymLtpRzUb
wgU7LNOUFZpUkEU45Otltcs3m/0UV/GfKN4FOGMdD+ysR5kNDrEjMpRoe34KhM7k
B3VDbXg6hy9Mz+V/COO/JfkqojlKP8kcgzBTKRvLun9R+ECqdg/LSQ4rMmINW4CR
ZieRln4i8zizG2OPETR3XLREGijXwccLXBuW6utYh6b8GiwMJwIKEiBrkl3jgoQl
UdhFmJlepOzNULAXRYeyDfOYECCl8vZoYaQrQqU=
-----END CERTIFICATE-----