Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/503da0d4-753f-34d6-a7ce-7a583f9b4f99.roa
File:                     503da0d4-753f-34d6-a7ce-7a583f9b4f99.roa (raw, json)
Hash identifier:          YzW7r/f3MjP3Ip494KGrfeUC+iNpqT8ns2PpPccMDok=
Subject key identifier:   0B:AD:A8:F5:D2:D1:BB:94:B4:AC:96:DC:DB:EE:B2:93:2B:15:14:4B
Certificate issuer:       /CN=18800324-5150-4981-a144-bdb80e6bcb7c
Certificate serial:       010D0C9F4328584535E2A032C80F789E970BA380
Authority key identifier: 11:6B:47:33:36:D9:E8:9D:B5:96:1B:5E:EF:A3:40:22:AE:DE:69:B6
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/503da0d4-753f-34d6-a7ce-7a583f9b4f99.roa
Signing time:             Fri 15 Mar 2024 01:00:26 +0000
ROA not before:           Fri 15 Mar 2024 01:00:26 +0000
ROA not after:            Thu 13 Jun 2024 01:00:26 +0000
asID:                     60311
IP address blocks:        136.0.0.0/20 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:45:35:e2:a0:32:c8:0f:78:9e:97:0b:a3:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18800324-5150-4981-a144-bdb80e6bcb7c
        Validity
            Not Before: Mar 15 01:00:26 2024 GMT
            Not After : Jun 13 01:00:26 2024 GMT
        Subject: CN=b0b339ca-d60d-4a9d-b14e-65b4ca8849bf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:12:b7:7d:1c:22:13:0b:fb:10:68:4e:4a:df:
                    29:bb:7f:74:5b:c2:58:78:08:1d:2e:ac:87:6e:36:
                    ec:a7:57:db:63:35:3c:18:c3:61:45:5b:1b:98:4a:
                    d3:cd:ca:09:20:a9:24:57:ed:bb:a0:91:ed:16:97:
                    cd:02:7b:34:3b:c9:0b:15:2e:b9:04:c7:ed:4c:36:
                    ba:27:9e:fa:af:b5:4e:d1:d2:d1:20:9c:0b:c2:ba:
                    97:75:ee:ef:74:9f:81:70:70:d6:d7:f3:62:ce:c7:
                    d9:a1:74:37:e3:9a:85:0c:1b:45:a8:fb:39:fd:eb:
                    dc:9e:21:cc:3a:16:43:a6:14:3d:25:4c:ca:45:c0:
                    b2:c2:20:39:95:ce:05:16:02:cf:f7:44:85:57:8b:
                    af:77:41:f5:53:80:8b:0e:e5:7c:fb:3f:d5:72:44:
                    ff:a1:b9:71:bc:f1:00:3d:c9:db:ca:a9:99:f6:0e:
                    06:94:7c:91:ec:a8:17:56:5b:5f:5a:3b:b7:81:a4:
                    5a:52:98:dd:d5:22:50:55:54:e8:d9:8a:2d:eb:80:
                    ca:a6:23:f3:a2:12:3d:8e:20:f6:77:5e:af:2f:a3:
                    11:fe:04:32:5a:67:6b:03:39:5f:41:cc:28:fe:85:
                    76:e8:b5:77:57:1b:a0:ab:86:27:56:63:32:53:e4:
                    3d:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:AD:A8:F5:D2:D1:BB:94:B4:AC:96:DC:DB:EE:B2:93:2B:15:14:4B
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/503da0d4-753f-34d6-a7ce-7a583f9b4f99.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/18800324-5150-4981-a144-bdb80e6bcb7c.crl

            X509v3 Authority Key Identifier:
                keyid:11:6B:47:33:36:D9:E8:9D:B5:96:1B:5E:EF:A3:40:22:AE:DE:69:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  136.0.0.0/20

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         16:79:df:9c:cd:6e:5a:cf:2b:01:d2:9b:86:09:b9:6f:af:e3:
         5c:cd:4d:a5:4c:ae:31:51:30:4f:23:ff:25:e2:64:67:87:ac:
         1d:6e:dc:25:0e:db:6e:f1:c4:38:a7:4a:da:3e:b5:1e:e0:e3:
         02:cc:39:4b:ca:18:4b:3b:08:ac:92:d1:0a:1d:f7:08:8a:fb:
         98:64:b2:52:b5:26:46:95:8c:34:ad:b8:5d:49:8c:a3:84:e0:
         f0:8a:c2:6a:fd:b4:ff:50:cb:c2:a8:23:ed:21:01:78:30:e7:
         1d:34:7f:75:ac:54:58:8b:ed:b1:c4:70:44:20:f4:fa:12:53:
         bf:93:c9:01:fc:67:7e:e1:34:02:ca:67:f8:fc:03:d4:89:45:
         6d:4f:8c:2d:17:2c:b2:f5:b0:81:0f:85:fd:dd:0b:53:a9:9d:
         db:d7:8f:d3:b3:b7:9f:34:53:c3:5e:de:3c:51:7b:98:86:46:
         59:fd:e9:6e:39:d3:e5:6d:25:26:30:2c:d1:14:03:7f:2b:cb:
         60:9b:63:4f:7a:33:e8:a4:97:73:07:8d:1b:38:eb:3b:24:78:
         54:68:3a:c8:05:cc:66:25:f3:e1:0c:1f:9e:6d:72:8b:2f:72:
         a5:f5:99:d7:fb:4b:69:d8:98:46:dd:24:6e:66:75:86:48:f1:
         d6:f0:2a:28
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWEU14qAyyA94npcLo4AwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkMTg4MDAzMjQtNTE1MC00OTgxLWExNDQtYmRiODBlNmJj
YjdjMB4XDTI0MDMxNTAxMDAyNloXDTI0MDYxMzAxMDAyNlowLzEtMCsGA1UEAxMk
YjBiMzM5Y2EtZDYwZC00YTlkLWIxNGUtNjViNGNhODg0OWJmMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiRK3fRwiEwv7EGhOSt8pu390W8JYeAgdLqyH
bjbsp1fbYzU8GMNhRVsbmErTzcoJIKkkV+27oJHtFpfNAns0O8kLFS65BMftTDa6
J576r7VO0dLRIJwLwrqXde7vdJ+BcHDW1/NizsfZoXQ345qFDBtFqPs5/evcniHM
OhZDphQ9JUzKRcCywiA5lc4FFgLP90SFV4uvd0H1U4CLDuV8+z/VckT/oblxvPEA
PcnbyqmZ9g4GlHyR7KgXVltfWju3gaRaUpjd1SJQVVTo2Yot64DKpiPzohI9jiD2
d16vL6MR/gQyWmdrAzlfQcwo/oV26LV3Vxugq4YnVmMyU+Q9ZwIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFAutqPXS0buUtKyW3NvuspMrFRRLMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzc0NmUwMTExLWZhZmItNDMwZi1iNzc4LWQyMDRjZmNkOTlhOC8xODgw
MDMyNC01MTUwLTQ5ODEtYTE0NC1iZGI4MGU2YmNiN2MvNTAzZGEwZDQtNzUzZi0z
NGQ2LWE3Y2UtN2E1ODNmOWI0Zjk5LnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy83NDZlMDExMS1m
YWZiLTQzMGYtYjc3OC1kMjA0Y2ZjZDk5YTgvMTg4MDAzMjQtNTE1MC00OTgxLWEx
NDQtYmRiODBlNmJjYjdjLzE4ODAwMzI0LTUxNTAtNDk4MS1hMTQ0LWJkYjgwZTZi
Y2I3Yy5jcmwwHwYDVR0jBBgwFoAUEWtHMzbZ6J21lhte76NAIq7eabYwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzc0NmUwMTExLWZhZmItNDMw
Zi1iNzc4LWQyMDRjZmNkOTlhOC8xODgwMDMyNC01MTUwLTQ5ODEtYTE0NC1iZGI4
MGU2YmNiN2MuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEiAAAMFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBABZ535zNblrPKwHSm4YJuW+v41zNTaVMrjFRME8j/yXiZGeHrB1u3CUO
227xxDinSto+tR7g4wLMOUvKGEs7CKyS0Qod9wiK+5hkslK1JkaVjDStuF1JjKOE
4PCKwmr9tP9Qy8KoI+0hAXgw5x00f3WsVFiL7bHEcEQg9PoSU7+TyQH8Z37hNALK
Z/j8A9SJRW1PjC0XLLL1sIEPhf3dC1OpndvXj9Ozt580U8Ne3jxRe5iGRln96W45
0+VtJSYwLNEUA38ry2CbY096M+ikl3MHjRs46zskeFRoOsgFzGYl8+EMH55tcosv
cqX1mdf7S2nYmEbdJG5mdYZI8dbwKig=
-----END CERTIFICATE-----