Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/a5cfda76-f2f1-3f69-a076-ddda8b04d804.roa
File:                     a5cfda76-f2f1-3f69-a076-ddda8b04d804.roa (raw, json)
Hash identifier:          stp5rLbKVXWHjLkT3SrfN+fYXYNd3fFYF0hOwWDlSDU=
Subject key identifier:   AC:AA:83:AC:2B:1A:58:E9:DF:EF:2B:86:4E:95:55:78:68:8C:41:EB
Certificate issuer:       /CN=18800324-5150-4981-a144-bdb80e6bcb7c
Certificate serial:       010D0C9F43285845174AD8E8BCB875441735F480
Authority key identifier: 11:6B:47:33:36:D9:E8:9D:B5:96:1B:5E:EF:A3:40:22:AE:DE:69:B6
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/a5cfda76-f2f1-3f69-a076-ddda8b04d804.roa
Signing time:             Mon 04 Mar 2024 02:00:26 +0000
ROA not before:           Mon 04 Mar 2024 02:00:26 +0000
ROA not after:            Sun 02 Jun 2024 01:00:26 +0000
asID:                     1239
IP address blocks:        104.252.239.0/24 maxlen: 24
                          104.253.31.0/24 maxlen: 24
                          142.111.241.0/24 maxlen: 24
                          142.252.19.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:45:17:4a:d8:e8:bc:b8:75:44:17:35:f4:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18800324-5150-4981-a144-bdb80e6bcb7c
        Validity
            Not Before: Mar  4 02:00:26 2024 GMT
            Not After : Jun  2 01:00:26 2024 GMT
        Subject: CN=989e073d-b903-499d-b4a6-f4959be07110
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:c5:18:2d:e4:f6:77:98:0c:06:2e:c1:f8:3d:
                    51:5b:04:09:c2:a2:b8:c9:e6:5e:13:a9:ec:74:67:
                    d2:1c:44:15:c6:6c:62:bd:ab:43:4b:a7:93:79:45:
                    6a:92:64:05:69:94:59:d8:21:2f:09:bf:bb:83:77:
                    56:8d:b9:63:9b:db:0a:fb:b4:4b:18:80:e2:49:df:
                    be:95:71:d8:d0:c1:2c:2d:2e:e4:24:cb:2b:cc:e6:
                    29:d4:94:c7:eb:32:a9:8d:2f:99:2b:c9:a2:7c:3c:
                    2d:27:47:ef:12:55:6b:9d:4b:7c:f7:3a:e9:39:9c:
                    5c:a8:41:9b:4d:bd:41:46:94:49:4b:c6:17:29:68:
                    1f:2a:84:e1:58:52:1f:a8:f9:3b:cc:84:cf:d2:a4:
                    f4:90:92:b4:4d:83:4a:da:59:9d:fa:e1:0b:5f:8e:
                    74:39:b4:f4:a5:c7:76:a8:7d:ef:44:89:ff:eb:aa:
                    c8:96:87:b6:22:62:c2:62:6c:8a:c0:a5:39:9e:33:
                    71:ec:ca:95:43:e4:80:65:48:08:6c:1c:5b:a5:e0:
                    68:bc:6a:6f:95:bf:5f:b5:1e:92:79:c2:e8:6e:ec:
                    c1:59:87:14:30:9d:b3:ec:c1:06:15:7d:9e:23:ea:
                    fc:e9:6b:ba:7a:a0:0e:e0:eb:bd:24:33:ff:4c:09:
                    d8:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:AA:83:AC:2B:1A:58:E9:DF:EF:2B:86:4E:95:55:78:68:8C:41:EB
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/a5cfda76-f2f1-3f69-a076-ddda8b04d804.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/18800324-5150-4981-a144-bdb80e6bcb7c.crl

            X509v3 Authority Key Identifier:
                keyid:11:6B:47:33:36:D9:E8:9D:B5:96:1B:5E:EF:A3:40:22:AE:DE:69:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  104.252.239.0/24
                  104.253.31.0/24
                  142.111.241.0/24
                  142.252.19.0/24

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         9c:0d:a5:e6:67:26:20:24:2f:58:f7:93:ce:ce:21:6e:b7:56:
         ee:33:0a:b2:e3:6e:d1:20:be:3c:33:59:ff:d9:c4:52:a4:74:
         a8:2e:a3:9d:24:3a:86:fa:3f:03:9f:3d:fc:19:f8:26:d9:b9:
         14:75:7b:16:55:15:58:98:f6:62:85:c9:86:0c:2f:d3:47:6f:
         9e:0e:0f:7d:25:fc:65:51:e4:5a:de:fd:5b:5b:c0:7c:4e:12:
         bb:d5:cf:80:d6:c6:4a:ed:c8:6d:29:6b:f2:02:15:fa:aa:d8:
         c3:f3:c5:7e:e5:0d:61:1a:e3:ea:14:4a:1d:17:0e:d7:34:da:
         3b:db:51:bf:7d:e6:ce:1b:5c:6d:48:28:9a:7f:50:40:49:a0:
         54:60:2a:d8:99:38:ee:63:f4:a0:b6:ea:32:c2:78:03:d7:4e:
         1b:3e:ec:7f:98:b1:1f:d3:3f:5d:30:cb:4c:bd:a8:00:8d:43:
         1c:79:bb:a3:5f:e3:51:ea:53:68:67:71:40:02:de:c6:f3:77:
         8d:65:dc:e3:e7:59:d7:68:45:fb:eb:74:1a:b7:4f:51:fa:7d:
         45:bc:53:d4:11:a1:6e:02:7b:a7:54:73:2f:76:c6:6a:d6:23:
         0d:6a:f3:c4:c5:74:53:9b:d8:db:7e:27:2d:6e:5d:8b:2d:4f:
         1d:e2:66:31
-----BEGIN CERTIFICATE-----
MIIGVTCCBT2gAwIBAgIUAQ0Mn0MoWEUXStjovLh1RBc19IAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkMTg4MDAzMjQtNTE1MC00OTgxLWExNDQtYmRiODBlNmJj
YjdjMB4XDTI0MDMwNDAyMDAyNloXDTI0MDYwMjAxMDAyNlowLzEtMCsGA1UEAxMk
OTg5ZTA3M2QtYjkwMy00OTlkLWI0YTYtZjQ5NTliZTA3MTEwMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjMUYLeT2d5gMBi7B+D1RWwQJwqK4yeZeE6ns
dGfSHEQVxmxivatDS6eTeUVqkmQFaZRZ2CEvCb+7g3dWjbljm9sK+7RLGIDiSd++
lXHY0MEsLS7kJMsrzOYp1JTH6zKpjS+ZK8mifDwtJ0fvElVrnUt89zrpOZxcqEGb
Tb1BRpRJS8YXKWgfKoThWFIfqPk7zITP0qT0kJK0TYNK2lmd+uELX450ObT0pcd2
qH3vRIn/66rIloe2ImLCYmyKwKU5njNx7MqVQ+SAZUgIbBxbpeBovGpvlb9ftR6S
ecLobuzBWYcUMJ2z7MEGFX2eI+r86Wu6eqAO4Ou9JDP/TAnY9QIDAQABo4IDZzCC
A2MwHQYDVR0OBBYEFKyqg6wrGljp3+8rhk6VVXhojEHrMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzc0NmUwMTExLWZhZmItNDMwZi1iNzc4LWQyMDRjZmNkOTlhOC8xODgw
MDMyNC01MTUwLTQ5ODEtYTE0NC1iZGI4MGU2YmNiN2MvYTVjZmRhNzYtZjJmMS0z
ZjY5LWEwNzYtZGRkYThiMDRkODA0LnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy83NDZlMDExMS1m
YWZiLTQzMGYtYjc3OC1kMjA0Y2ZjZDk5YTgvMTg4MDAzMjQtNTE1MC00OTgxLWEx
NDQtYmRiODBlNmJjYjdjLzE4ODAwMzI0LTUxNTAtNDk4MS1hMTQ0LWJkYjgwZTZi
Y2I3Yy5jcmwwHwYDVR0jBBgwFoAUEWtHMzbZ6J21lhte76NAIq7eabYwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzc0NmUwMTExLWZhZmItNDMw
Zi1iNzc4LWQyMDRjZmNkOTlhOC8xODgwMDMyNC01MTUwLTQ5ODEtYTE0NC1iZGI4
MGU2YmNiN2MuY2VyMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAaPzvAwQA
aP0fAwQAjm/xAwQAjvwTMFQGA1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4Bggr
BgEFBQcCARYsaHR0cHM6Ly93d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3Bz
Lmh0bWwwDQYJKoZIhvcNAQELBQADggEBAJwNpeZnJiAkL1j3k87OIW63Vu4zCrLj
btEgvjwzWf/ZxFKkdKguo50kOob6PwOfPfwZ+CbZuRR1exZVFViY9mKFyYYML9NH
b54OD30l/GVR5Fre/VtbwHxOErvVz4DWxkrtyG0pa/ICFfqq2MPzxX7lDWEa4+oU
Sh0XDtc02jvbUb995s4bXG1IKJp/UEBJoFRgKtiZOO5j9KC26jLCeAPXThs+7H+Y
sR/TP10wy0y9qACNQxx5u6Nf41HqU2hncUAC3sbzd41l3OPnWddoRfvrdBq3T1H6
fUW8U9QRoW4Ce6dUcy92xmrWIw1q88TFdFOb2Nt+Jy1uXYstTx3iZjE=
-----END CERTIFICATE-----