Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/63db68a4-d979-3131-8ace-ede3b8047e04.roa
File:                     63db68a4-d979-3131-8ace-ede3b8047e04.roa (raw, json)
Hash identifier:          KG1z8LyjcQiYJF2m9+D6GmSQLWzAvL918yEBICqHYYA=
Subject key identifier:   24:F9:0E:7D:24:67:3A:24:5D:7A:6F:66:E8:C3:6B:17:98:41:B6:60
Certificate issuer:       /CN=18800324-5150-4981-a144-bdb80e6bcb7c
Certificate serial:       010D0C9F4328584533180286B9A67E44E8B36C60
Authority key identifier: 11:6B:47:33:36:D9:E8:9D:B5:96:1B:5E:EF:A3:40:22:AE:DE:69:B6
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/63db68a4-d979-3131-8ace-ede3b8047e04.roa
Signing time:             Thu 14 Mar 2024 01:00:25 +0000
ROA not before:           Thu 14 Mar 2024 01:00:25 +0000
ROA not after:            Wed 12 Jun 2024 01:00:25 +0000
asID:                     40676
IP address blocks:        136.0.111.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:45:33:18:02:86:b9:a6:7e:44:e8:b3:6c:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18800324-5150-4981-a144-bdb80e6bcb7c
        Validity
            Not Before: Mar 14 01:00:25 2024 GMT
            Not After : Jun 12 01:00:25 2024 GMT
        Subject: CN=ef6bd480-c74b-44e5-bb3b-5c1f32707ff8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:c9:c0:d1:32:ef:f0:68:b9:da:e3:56:5e:bc:
                    30:51:84:d1:e9:7e:0c:88:7a:4b:2d:fb:72:9d:a6:
                    9e:6a:90:7c:23:e5:16:80:2c:6a:56:26:33:c4:3f:
                    f9:78:12:8e:de:91:75:bf:9c:a2:6c:61:5b:3d:e4:
                    3e:37:9a:8d:c1:f1:bf:60:1f:cd:b1:cc:6d:96:2b:
                    2d:76:e3:15:65:9e:d9:65:dc:b9:3a:33:3b:b6:b2:
                    5a:eb:83:da:3a:4a:57:41:0c:1a:19:98:19:d0:76:
                    dc:ee:2d:9c:ed:4c:00:f5:be:cb:4f:c8:d4:62:ae:
                    98:75:32:51:28:40:71:48:5a:f5:58:21:32:78:d3:
                    66:24:8c:41:2b:7c:78:e4:52:a4:72:1b:7d:27:19:
                    43:00:c3:83:87:02:01:14:b5:49:1b:7a:46:4f:89:
                    59:3a:0e:a4:3b:34:3f:44:93:64:88:28:88:85:1b:
                    14:30:13:8c:24:dc:fc:a8:bb:62:26:88:66:a6:39:
                    08:08:d8:12:f5:34:a5:e3:26:78:d1:09:e1:26:ce:
                    2c:1e:e5:a4:e2:7b:e6:11:e4:47:80:f0:00:60:2e:
                    04:74:6a:29:d6:a7:40:e5:2a:e3:23:33:33:02:41:
                    06:af:f0:3a:67:0c:27:9a:40:ff:1b:93:7b:a0:67:
                    3a:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:F9:0E:7D:24:67:3A:24:5D:7A:6F:66:E8:C3:6B:17:98:41:B6:60
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/63db68a4-d979-3131-8ace-ede3b8047e04.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/18800324-5150-4981-a144-bdb80e6bcb7c.crl

            X509v3 Authority Key Identifier:
                keyid:11:6B:47:33:36:D9:E8:9D:B5:96:1B:5E:EF:A3:40:22:AE:DE:69:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  136.0.111.0/24

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         26:de:18:e5:50:29:5a:ee:42:37:ad:9e:77:a2:7b:3c:95:69:
         4e:05:c0:d5:ab:06:b1:db:2d:ef:5b:0f:62:83:ed:9e:87:da:
         19:cd:20:e5:f9:ad:f9:05:93:c6:7a:c4:1c:a0:f8:6a:d3:c8:
         b1:09:b1:ff:a2:7a:96:44:c5:9f:07:81:14:9b:ae:80:2f:b2:
         f4:9e:42:79:5d:29:d2:f3:ae:86:4a:4d:33:1f:3c:82:9d:53:
         db:89:81:ec:db:39:fa:e9:1f:91:7f:c7:c7:99:e5:b4:d4:99:
         5d:56:51:ed:54:a1:2a:61:65:b5:85:11:21:d3:c0:2c:ea:9f:
         a7:a6:8b:09:c2:09:b7:45:4b:fc:7c:cf:52:33:6e:8e:d5:f6:
         5b:7b:49:b4:87:0b:22:1a:9e:a5:c3:10:eb:c5:9c:f1:c4:c4:
         60:4f:5b:7a:4f:3e:df:e9:d0:9e:0f:0f:af:a2:08:fa:38:02:
         14:1e:f7:5e:ef:35:42:e5:a3:eb:43:98:f1:0b:2c:77:fd:98:
         2b:74:16:37:75:7f:5b:bf:e5:fa:e8:cf:5c:1c:d3:74:d3:00:
         99:71:4c:01:f1:36:78:39:8c:b2:c7:41:78:be:c8:44:c9:70:
         96:5a:89:7b:14:2a:4b:96:dc:85:92:f3:cc:d4:fb:26:3b:c2:
         ca:52:0e:c2
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWEUzGAKGuaZ+ROizbGAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkMTg4MDAzMjQtNTE1MC00OTgxLWExNDQtYmRiODBlNmJj
YjdjMB4XDTI0MDMxNDAxMDAyNVoXDTI0MDYxMjAxMDAyNVowLzEtMCsGA1UEAxMk
ZWY2YmQ0ODAtYzc0Yi00NGU1LWJiM2ItNWMxZjMyNzA3ZmY4MIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgsnA0TLv8Gi52uNWXrwwUYTR6X4MiHpLLfty
naaeapB8I+UWgCxqViYzxD/5eBKO3pF1v5yibGFbPeQ+N5qNwfG/YB/Nscxtlist
duMVZZ7ZZdy5OjM7trJa64PaOkpXQQwaGZgZ0Hbc7i2c7UwA9b7LT8jUYq6YdTJR
KEBxSFr1WCEyeNNmJIxBK3x45FKkcht9JxlDAMODhwIBFLVJG3pGT4lZOg6kOzQ/
RJNkiCiIhRsUMBOMJNz8qLtiJohmpjkICNgS9TSl4yZ40QnhJs4sHuWk4nvmEeRH
gPAAYC4EdGop1qdA5SrjIzMzAkEGr/A6ZwwnmkD/G5N7oGc6XwIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFCT5Dn0kZzokXXpvZujDaxeYQbZgMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzc0NmUwMTExLWZhZmItNDMwZi1iNzc4LWQyMDRjZmNkOTlhOC8xODgw
MDMyNC01MTUwLTQ5ODEtYTE0NC1iZGI4MGU2YmNiN2MvNjNkYjY4YTQtZDk3OS0z
MTMxLThhY2UtZWRlM2I4MDQ3ZTA0LnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy83NDZlMDExMS1m
YWZiLTQzMGYtYjc3OC1kMjA0Y2ZjZDk5YTgvMTg4MDAzMjQtNTE1MC00OTgxLWEx
NDQtYmRiODBlNmJjYjdjLzE4ODAwMzI0LTUxNTAtNDk4MS1hMTQ0LWJkYjgwZTZi
Y2I3Yy5jcmwwHwYDVR0jBBgwFoAUEWtHMzbZ6J21lhte76NAIq7eabYwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzc0NmUwMTExLWZhZmItNDMw
Zi1iNzc4LWQyMDRjZmNkOTlhOC8xODgwMDMyNC01MTUwLTQ5ODEtYTE0NC1iZGI4
MGU2YmNiN2MuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAiABvMFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBACbeGOVQKVruQjetnneiezyVaU4FwNWrBrHbLe9bD2KD7Z6H2hnNIOX5
rfkFk8Z6xByg+GrTyLEJsf+iepZExZ8HgRSbroAvsvSeQnldKdLzroZKTTMfPIKd
U9uJgezbOfrpH5F/x8eZ5bTUmV1WUe1UoSphZbWFESHTwCzqn6emiwnCCbdFS/x8
z1Izbo7V9lt7SbSHCyIanqXDEOvFnPHExGBPW3pPPt/p0J4PD6+iCPo4AhQe917v
NULlo+tDmPELLHf9mCt0Fjd1f1u/5froz1wc03TTAJlxTAHxNng5jLLHQXi+yETJ
cJZaiXsUKkuW3IWS88zU+yY7wspSDsI=
-----END CERTIFICATE-----