Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/b3b1fe32-fa6f-3362-b23a-2eace48f2839.roa
File:                     b3b1fe32-fa6f-3362-b23a-2eace48f2839.roa (raw, json)
Hash identifier:          7qWIdvWG774grLkSAPSd1BlLaHFiWKWoOjQlmomJcUs=
Subject key identifier:   D7:FC:D8:92:D0:E8:4C:0E:FA:CB:A7:D7:41:49:A9:91:33:6F:D4:3F
Certificate issuer:       /CN=18800324-5150-4981-a144-bdb80e6bcb7c
Certificate serial:       010D0C9F43285844E93A941746D6CA863B0AA400
Authority key identifier: 11:6B:47:33:36:D9:E8:9D:B5:96:1B:5E:EF:A3:40:22:AE:DE:69:B6
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/b3b1fe32-fa6f-3362-b23a-2eace48f2839.roa
Signing time:             Fri 16 Feb 2024 14:00:29 +0000
ROA not before:           Fri 16 Feb 2024 14:00:29 +0000
ROA not after:            Thu 16 May 2024 13:00:29 +0000
asID:                     149440
IP address blocks:        107.165.195.0/24 maxlen: 24
                          136.0.11.0/24 maxlen: 24
                          172.252.245.0/24 maxlen: 24
                          173.245.74.0/24 maxlen: 24
                          209.73.143.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:44:e9:3a:94:17:46:d6:ca:86:3b:0a:a4:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18800324-5150-4981-a144-bdb80e6bcb7c
        Validity
            Not Before: Feb 16 14:00:29 2024 GMT
            Not After : May 16 13:00:29 2024 GMT
        Subject: CN=f7484553-20ea-4e62-bd83-7ed87fd08738
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:89:8c:dc:a8:13:6f:2e:01:be:5f:0d:2e:f1:
                    0f:e3:52:e0:53:ba:bc:c5:b5:40:b7:df:f2:bd:13:
                    10:01:a9:7f:f1:04:ca:79:87:f8:42:aa:c5:ca:c3:
                    b3:d8:eb:d0:b0:f0:c2:87:cf:93:1e:10:18:0e:fe:
                    1d:c1:3c:ce:59:79:e7:2c:65:d7:b8:7a:2e:49:e3:
                    73:2a:c3:1e:14:b3:30:8a:5f:a6:fb:c5:73:b4:df:
                    a9:fd:aa:bb:34:2a:59:31:52:e4:6b:4c:e8:2e:b4:
                    10:1b:85:59:be:01:06:8a:36:db:cd:7c:d2:38:e1:
                    7f:3c:7c:7c:b6:f6:87:49:92:a9:be:63:73:f2:e6:
                    2b:5c:2d:54:32:df:4a:59:e9:f6:ff:8a:cb:8f:98:
                    fd:f2:2b:63:f0:8e:08:a7:f9:bc:33:e2:69:00:b7:
                    51:27:ad:7f:7c:ff:df:f6:99:3a:18:9f:b9:29:0e:
                    d5:50:ef:e4:2e:42:fa:ce:b3:80:6e:1d:b6:84:99:
                    f4:7f:c5:e2:1d:9f:ee:c8:88:40:d1:f6:8f:86:37:
                    47:1f:66:3f:59:fa:a1:bd:67:45:b1:88:d3:da:81:
                    72:d3:23:b9:49:52:1a:c4:9d:d2:18:b5:c9:8a:a2:
                    a1:2a:eb:16:e5:81:f7:54:43:0f:76:56:19:aa:5d:
                    b0:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:FC:D8:92:D0:E8:4C:0E:FA:CB:A7:D7:41:49:A9:91:33:6F:D4:3F
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/b3b1fe32-fa6f-3362-b23a-2eace48f2839.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/18800324-5150-4981-a144-bdb80e6bcb7c.crl

            X509v3 Authority Key Identifier:
                keyid:11:6B:47:33:36:D9:E8:9D:B5:96:1B:5E:EF:A3:40:22:AE:DE:69:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  107.165.195.0/24
                  136.0.11.0/24
                  172.252.245.0/24
                  173.245.74.0/24
                  209.73.143.0/24

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         00:a0:60:d8:18:1b:5c:fe:6a:10:ac:90:35:8b:98:af:ce:f9:
         82:4e:de:42:3b:76:80:0d:fd:f5:f3:e2:d1:31:b2:ef:5e:0a:
         f4:e5:ff:35:f0:bd:05:e0:9e:d2:61:43:bd:fe:20:a2:93:57:
         da:9e:3c:f0:e5:8c:27:f1:fe:02:81:7b:a5:c1:b8:e2:e8:83:
         43:0f:a3:80:1b:eb:14:26:17:77:34:62:05:e0:0d:06:90:8f:
         cc:05:3e:fe:63:c0:10:da:37:52:9f:f4:f2:d1:37:15:03:04:
         44:3b:4a:ed:54:6c:bd:7e:13:e1:e9:ba:df:8e:9c:35:d8:a6:
         36:9f:df:03:67:5b:cd:7f:65:9a:5d:2a:0e:e2:55:0e:8a:cb:
         e4:f1:8f:49:86:aa:2d:6b:dd:ed:9a:d9:1d:31:0f:c9:5d:93:
         1b:16:6c:13:59:37:94:1a:d3:61:34:45:04:db:78:e8:8b:78:
         38:36:ff:14:53:be:f2:e7:35:d9:08:37:18:3e:8c:bd:01:8f:
         89:cb:13:c6:db:50:21:0d:c0:e6:76:44:e0:a0:bf:04:96:f4:
         31:fd:6d:74:7f:df:bc:85:95:e0:1e:7a:f8:5f:6e:53:04:86:
         70:a3:3f:68:27:95:58:94:c0:75:ed:b0:9c:2c:27:82:be:25:
         ed:c5:0c:cb
-----BEGIN CERTIFICATE-----
MIIGWzCCBUOgAwIBAgIUAQ0Mn0MoWETpOpQXRtbKhjsKpAAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkMTg4MDAzMjQtNTE1MC00OTgxLWExNDQtYmRiODBlNmJj
YjdjMB4XDTI0MDIxNjE0MDAyOVoXDTI0MDUxNjEzMDAyOVowLzEtMCsGA1UEAxMk
Zjc0ODQ1NTMtMjBlYS00ZTYyLWJkODMtN2VkODdmZDA4NzM4MIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEApYmM3KgTby4Bvl8NLvEP41LgU7q8xbVAt9/y
vRMQAal/8QTKeYf4QqrFysOz2OvQsPDCh8+THhAYDv4dwTzOWXnnLGXXuHouSeNz
KsMeFLMwil+m+8VztN+p/aq7NCpZMVLka0zoLrQQG4VZvgEGijbbzXzSOOF/PHx8
tvaHSZKpvmNz8uYrXC1UMt9KWen2/4rLj5j98itj8I4Ip/m8M+JpALdRJ61/fP/f
9pk6GJ+5KQ7VUO/kLkL6zrOAbh22hJn0f8XiHZ/uyIhA0faPhjdHH2Y/WfqhvWdF
sYjT2oFy0yO5SVIaxJ3SGLXJiqKhKusW5YH3VEMPdlYZql2w8QIDAQABo4IDbTCC
A2kwHQYDVR0OBBYEFNf82JLQ6EwO+sun10FJqZEzb9Q/MIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzc0NmUwMTExLWZhZmItNDMwZi1iNzc4LWQyMDRjZmNkOTlhOC8xODgw
MDMyNC01MTUwLTQ5ODEtYTE0NC1iZGI4MGU2YmNiN2MvYjNiMWZlMzItZmE2Zi0z
MzYyLWIyM2EtMmVhY2U0OGYyODM5LnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy83NDZlMDExMS1m
YWZiLTQzMGYtYjc3OC1kMjA0Y2ZjZDk5YTgvMTg4MDAzMjQtNTE1MC00OTgxLWEx
NDQtYmRiODBlNmJjYjdjLzE4ODAwMzI0LTUxNTAtNDk4MS1hMTQ0LWJkYjgwZTZi
Y2I3Yy5jcmwwHwYDVR0jBBgwFoAUEWtHMzbZ6J21lhte76NAIq7eabYwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzc0NmUwMTExLWZhZmItNDMw
Zi1iNzc4LWQyMDRjZmNkOTlhOC8xODgwMDMyNC01MTUwLTQ5ODEtYTE0NC1iZGI4
MGU2YmNiN2MuY2VyMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQAa6XDAwQA
iAALAwQArPz1AwQArfVKAwQA0UmPMFQGA1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIw
OjA4BggrBgEFBQcCARYsaHR0cHM6Ly93d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jw
a2kvY3BzLmh0bWwwDQYJKoZIhvcNAQELBQADggEBAACgYNgYG1z+ahCskDWLmK/O
+YJO3kI7doAN/fXz4tExsu9eCvTl/zXwvQXgntJhQ73+IKKTV9qePPDljCfx/gKB
e6XBuOLog0MPo4Ab6xQmF3c0YgXgDQaQj8wFPv5jwBDaN1Kf9PLRNxUDBEQ7Su1U
bL1+E+Hput+OnDXYpjaf3wNnW81/ZZpdKg7iVQ6Ky+Txj0mGqi1r3e2a2R0xD8ld
kxsWbBNZN5Qa02E0RQTbeOiLeDg2/xRTvvLnNdkINxg+jL0Bj4nLE8bbUCENwOZ2
ROCgvwSW9DH9bXR/37yFleAeevhfblMEhnCjP2gnlViUwHXtsJwsJ4K+Je3FDMs=
-----END CERTIFICATE-----