Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/7514a3aa-f231-38c7-85c1-a740c37897b4.roa
File:                     7514a3aa-f231-38c7-85c1-a740c37897b4.roa (raw, json)
Hash identifier:          nlbGnsxICxzLXlkBIuMD+Db3WwqTmLL+ozZiKfvqzyY=
Subject key identifier:   AD:31:05:C0:81:30:1A:90:CF:05:8A:84:8D:F2:18:58:13:A5:EC:5B
Certificate issuer:       /CN=18800324-5150-4981-a144-bdb80e6bcb7c
Certificate serial:       010D0C9F4328583CE5F033C93FF7DD1DFD60D420
Authority key identifier: 11:6B:47:33:36:D9:E8:9D:B5:96:1B:5E:EF:A3:40:22:AE:DE:69:B6
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/7514a3aa-f231-38c7-85c1-a740c37897b4.roa
Signing time:             Wed 26 Aug 2020 04:00:00 +0000
ROA not before:           Wed 26 Aug 2020 04:00:00 +0000
ROA not after:            Thu 16 May 2024 04:00:00 +0000
asID:                     3257
IP address blocks:        23.27.236.0/24 maxlen: 24
                          23.27.237.0/24 maxlen: 24
                          23.27.238.0/24 maxlen: 24
                          23.27.239.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:3c:e5:f0:33:c9:3f:f7:dd:1d:fd:60:d4:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18800324-5150-4981-a144-bdb80e6bcb7c
        Validity
            Not Before: Aug 26 04:00:00 2020 GMT
            Not After : May 16 04:00:00 2024 GMT
        Subject: CN=9e4eb3b9-690a-4f3b-9026-74601489b920
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:f8:2b:4f:38:86:5f:45:09:77:94:04:71:8a:
                    8e:5b:a3:46:2c:dc:09:dd:0c:a5:e3:02:e7:5e:73:
                    78:36:ca:98:37:61:86:f6:fa:2e:06:5b:2b:a5:2f:
                    dd:b3:22:de:e8:7a:71:07:e9:59:45:12:b8:e2:cd:
                    98:96:88:7c:e1:66:7c:76:c9:c7:ba:26:43:9e:14:
                    49:46:2d:fa:a8:ab:eb:17:75:51:16:ea:9b:9b:8b:
                    8e:3a:b0:0e:d5:8c:45:f9:ec:60:37:6c:ee:7b:b0:
                    fe:68:43:e9:e6:d9:0f:07:e2:48:1b:1c:be:01:d0:
                    7d:1b:ce:da:49:37:cc:47:c9:5a:16:fd:f7:66:19:
                    62:03:3d:a3:1a:6f:56:5d:0f:d4:c5:5f:50:e3:de:
                    16:76:8e:96:05:64:2c:cb:a6:13:f6:9b:9c:4b:0d:
                    7d:a1:9a:91:fe:ec:c7:d7:ca:83:11:89:c1:a3:5d:
                    1b:7b:58:70:e8:bf:9f:aa:99:4b:e4:75:2b:44:6e:
                    a5:a2:e5:d5:79:1a:c6:02:ce:91:f0:86:b0:09:3f:
                    39:2b:0c:fc:27:8a:d7:e7:ca:dd:94:ef:e7:1a:c2:
                    b3:57:29:97:71:bf:0b:3b:a0:69:1d:aa:65:27:45:
                    c9:a8:47:2d:0c:ae:d5:56:cb:24:a6:36:8c:95:a9:
                    dd:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:31:05:C0:81:30:1A:90:CF:05:8A:84:8D:F2:18:58:13:A5:EC:5B
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/7514a3aa-f231-38c7-85c1-a740c37897b4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/18800324-5150-4981-a144-bdb80e6bcb7c.crl

            X509v3 Authority Key Identifier:
                keyid:11:6B:47:33:36:D9:E8:9D:B5:96:1B:5E:EF:A3:40:22:AE:DE:69:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.27.236.0/22

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         15:91:50:e8:c7:69:f7:62:55:88:a4:aa:96:3c:46:5c:79:b6:
         1b:c8:36:b0:37:9d:3c:b5:5c:f6:1f:4b:d8:74:fe:5d:15:61:
         d0:bd:b6:92:ba:88:61:c1:bf:7f:04:fd:1d:b5:44:fd:53:f9:
         ff:ff:4d:7e:61:c0:ad:93:35:46:af:d0:23:52:6b:54:3b:52:
         5c:f0:aa:0a:e4:e9:1d:2b:5e:51:86:0b:0e:6f:bb:06:5a:5b:
         52:13:9b:03:ed:90:a5:fe:56:1e:00:dd:77:a9:e3:ed:39:5a:
         85:13:c9:78:5c:af:77:49:db:66:e2:49:15:0b:5d:c9:df:7b:
         e5:ef:15:c4:90:4f:12:73:86:4d:40:56:37:60:39:8e:aa:ad:
         0e:d6:d4:07:ba:8b:38:10:82:8f:fb:3a:cf:a8:f3:57:3f:97:
         cc:23:ed:06:79:fb:53:d3:67:f2:8b:b6:1a:2c:95:a2:b5:5a:
         22:90:2a:a9:50:88:ab:17:79:02:2b:76:67:07:62:71:b8:43:
         c6:2c:d1:a8:d6:25:65:1f:73:c8:f4:aa:38:79:af:28:c6:37:
         03:f8:a5:89:2d:8e:3d:fb:25:3d:4c:7c:c9:56:39:ea:7b:0f:
         bb:45:ca:76:be:fb:76:2a:eb:0d:e1:6f:fe:42:87:99:ec:f1:
         a5:fd:18:99
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWDzl8DPJP/fdHf1g1CAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkMTg4MDAzMjQtNTE1MC00OTgxLWExNDQtYmRiODBlNmJj
YjdjMB4XDTIwMDgyNjA0MDAwMFoXDTI0MDUxNjA0MDAwMFowLzEtMCsGA1UEAxMk
OWU0ZWIzYjktNjkwYS00ZjNiLTkwMjYtNzQ2MDE0ODliOTIwMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAifgrTziGX0UJd5QEcYqOW6NGLNwJ3Qyl4wLn
XnN4NsqYN2GG9vouBlsrpS/dsyLe6HpxB+lZRRK44s2Yloh84WZ8dsnHuiZDnhRJ
Ri36qKvrF3VRFuqbm4uOOrAO1YxF+exgN2zue7D+aEPp5tkPB+JIGxy+AdB9G87a
STfMR8laFv33ZhliAz2jGm9WXQ/UxV9Q494Wdo6WBWQsy6YT9pucSw19oZqR/uzH
18qDEYnBo10be1hw6L+fqplL5HUrRG6louXVeRrGAs6R8IawCT85Kwz8J4rX58rd
lO/nGsKzVymXcb8LO6BpHaplJ0XJqEctDK7VVsskpjaMlandMQIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFK0xBcCBMBqQzwWKhI3yGFgTpexbMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzc0NmUwMTExLWZhZmItNDMwZi1iNzc4LWQyMDRjZmNkOTlhOC8xODgw
MDMyNC01MTUwLTQ5ODEtYTE0NC1iZGI4MGU2YmNiN2MvNzUxNGEzYWEtZjIzMS0z
OGM3LTg1YzEtYTc0MGMzNzg5N2I0LnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy83NDZlMDExMS1m
YWZiLTQzMGYtYjc3OC1kMjA0Y2ZjZDk5YTgvMTg4MDAzMjQtNTE1MC00OTgxLWEx
NDQtYmRiODBlNmJjYjdjLzE4ODAwMzI0LTUxNTAtNDk4MS1hMTQ0LWJkYjgwZTZi
Y2I3Yy5jcmwwHwYDVR0jBBgwFoAUEWtHMzbZ6J21lhte76NAIq7eabYwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzc0NmUwMTExLWZhZmItNDMw
Zi1iNzc4LWQyMDRjZmNkOTlhOC8xODgwMDMyNC01MTUwLTQ5ODEtYTE0NC1iZGI4
MGU2YmNiN2MuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCFxvsMFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBABWRUOjHafdiVYikqpY8Rlx5thvINrA3nTy1XPYfS9h0/l0VYdC9tpK6
iGHBv38E/R21RP1T+f//TX5hwK2TNUav0CNSa1Q7Ulzwqgrk6R0rXlGGCw5vuwZa
W1ITmwPtkKX+Vh4A3Xep4+05WoUTyXhcr3dJ22biSRULXcnfe+XvFcSQTxJzhk1A
VjdgOY6qrQ7W1Ae6izgQgo/7Os+o81c/l8wj7QZ5+1PTZ/KLthoslaK1WiKQKqlQ
iKsXeQIrdmcHYnG4Q8Ys0ajWJWUfc8j0qjh5ryjGNwP4pYktjj37JT1MfMlWOep7
D7tFyna++3Yq6w3hb/5Ch5ns8aX9GJk=
-----END CERTIFICATE-----