Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/bf13bd36-6e93-3f6c-b782-3d4980167a06.roa
File:                     bf13bd36-6e93-3f6c-b782-3d4980167a06.roa (raw, json)
Hash identifier:          jxWW4uU0JrpljZj9YC+g6sET9HZJNdnyYUVeUaeaEm4=
Subject key identifier:   FF:0E:AC:2A:7C:11:A6:CE:90:BA:63:19:C9:0A:91:5C:BF:E0:83:DC
Certificate issuer:       /CN=18800324-5150-4981-a144-bdb80e6bcb7c
Certificate serial:       010D0C9F4328583BC8F601B190E0F5DDA743BB00
Authority key identifier: 11:6B:47:33:36:D9:E8:9D:B5:96:1B:5E:EF:A3:40:22:AE:DE:69:B6
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/bf13bd36-6e93-3f6c-b782-3d4980167a06.roa
Signing time:             Wed 26 Aug 2020 04:00:00 +0000
ROA not before:           Wed 26 Aug 2020 04:00:00 +0000
ROA not after:            Sun 04 Feb 2024 05:00:00 +0000
asID:                     3257
IP address blocks:        173.245.75.0/24 maxlen: 24
                          173.245.90.0/24 maxlen: 24
                          173.245.85.0/24 maxlen: 24
                          23.27.9.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:3b:c8:f6:01:b1:90:e0:f5:dd:a7:43:bb:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18800324-5150-4981-a144-bdb80e6bcb7c
        Validity
            Not Before: Aug 26 04:00:00 2020 GMT
            Not After : Feb  4 05:00:00 2024 GMT
        Subject: CN=caa0bddf-bc45-4bb6-ba6e-470ab3c3b456
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:ec:ee:93:b2:c4:ba:a1:f2:70:28:10:83:ac:
                    f3:9c:37:6c:fe:c1:0e:11:d1:bc:36:52:a3:75:db:
                    d6:7f:f2:d1:9a:fd:bb:33:e2:76:41:d3:ac:bd:54:
                    3e:57:4e:b0:28:5f:44:87:f0:b8:8b:c0:65:72:e5:
                    7e:3c:13:c0:09:99:8b:1c:51:92:f9:7d:40:b4:e5:
                    1d:5f:fe:25:e8:de:6d:8b:82:d9:d7:56:a8:37:90:
                    7a:1b:b4:ac:bc:95:0c:37:f4:cd:e9:00:0d:ca:b9:
                    52:bb:c6:88:e7:43:a4:66:c3:4f:84:a9:eb:20:2d:
                    f4:57:35:c4:71:2d:d4:7a:92:6a:17:b2:a8:c9:a8:
                    13:ec:fe:04:94:1b:1d:31:99:62:6e:c0:67:dc:7a:
                    c8:a7:ec:70:8f:9d:38:a2:ba:34:17:9e:59:13:52:
                    3d:c3:0b:d2:15:36:88:63:66:58:1d:30:be:22:d6:
                    e5:f2:c3:46:3a:91:9d:8f:d6:19:ff:3e:e1:a9:0c:
                    06:0f:e3:22:9f:cd:0a:a3:ff:47:40:c7:98:b5:8d:
                    8a:13:f6:35:24:22:a0:a4:18:27:5e:c2:75:24:08:
                    d8:62:06:a6:3f:33:8d:bb:8c:f5:44:c5:5d:02:87:
                    93:ee:b6:6a:22:39:0f:a9:77:ce:72:18:d1:8f:3b:
                    60:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:0E:AC:2A:7C:11:A6:CE:90:BA:63:19:C9:0A:91:5C:BF:E0:83:DC
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/bf13bd36-6e93-3f6c-b782-3d4980167a06.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/18800324-5150-4981-a144-bdb80e6bcb7c.crl

            X509v3 Authority Key Identifier:
                keyid:11:6B:47:33:36:D9:E8:9D:B5:96:1B:5E:EF:A3:40:22:AE:DE:69:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.27.9.0/24
                  173.245.75.0/24
                  173.245.85.0/24
                  173.245.90.0/24

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         4f:31:27:d4:c8:ba:77:95:32:3f:f4:e9:84:fc:c6:d8:79:9f:
         81:51:e9:2c:33:ed:57:d7:2e:d7:36:c8:2c:1b:18:48:2e:cf:
         98:90:51:04:b8:fd:99:b4:00:e4:50:3d:7d:36:47:d3:91:28:
         16:c8:68:2e:05:bc:5d:4f:83:bc:c5:fc:02:33:71:a9:7d:1e:
         05:31:4c:8d:34:b4:2a:18:b6:02:fe:17:9f:30:bf:d5:ec:51:
         ff:ec:75:79:7f:71:d4:a0:49:44:a5:5c:1a:11:bb:be:50:5a:
         33:3d:a4:cf:2d:f5:f5:a9:e8:62:fe:d7:73:62:a1:51:b0:92:
         b9:30:86:9b:de:d7:ee:26:e9:b6:d0:ed:63:fd:e6:df:84:a2:
         39:5d:6f:45:7e:99:4f:ed:d9:f1:26:d6:95:f9:68:71:0c:a0:
         7c:b7:f4:80:af:48:bc:70:14:36:27:7b:30:04:e7:db:12:ef:
         24:87:1b:a9:1d:9a:92:62:c0:56:db:b5:01:e5:f2:66:ef:e8:
         ef:61:d1:af:0d:8b:62:af:7a:10:29:d5:92:77:90:9c:ad:bc:
         c6:6b:02:0f:3c:24:ac:06:5a:1b:5b:5a:b1:3b:b6:a2:50:4b:
         70:83:2c:d2:c8:a2:e6:27:2f:b8:a8:ce:9d:b7:d5:0c:be:a9:
         a6:d3:4f:06
-----BEGIN CERTIFICATE-----
MIIGVTCCBT2gAwIBAgIUAQ0Mn0MoWDvI9gGxkOD13adDuwAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkMTg4MDAzMjQtNTE1MC00OTgxLWExNDQtYmRiODBlNmJj
YjdjMB4XDTIwMDgyNjA0MDAwMFoXDTI0MDIwNDA1MDAwMFowLzEtMCsGA1UEAxMk
Y2FhMGJkZGYtYmM0NS00YmI2LWJhNmUtNDcwYWIzYzNiNDU2MIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7Ozuk7LEuqHycCgQg6zznDds/sEOEdG8NlKj
ddvWf/LRmv27M+J2QdOsvVQ+V06wKF9Eh/C4i8BlcuV+PBPACZmLHFGS+X1AtOUd
X/4l6N5ti4LZ11aoN5B6G7SsvJUMN/TN6QANyrlSu8aI50OkZsNPhKnrIC30VzXE
cS3UepJqF7KoyagT7P4ElBsdMZlibsBn3HrIp+xwj504oro0F55ZE1I9wwvSFTaI
Y2ZYHTC+Itbl8sNGOpGdj9YZ/z7hqQwGD+Min80Ko/9HQMeYtY2KE/Y1JCKgpBgn
XsJ1JAjYYgamPzONu4z1RMVdAoeT7rZqIjkPqXfOchjRjztgEwIDAQABo4IDZzCC
A2MwHQYDVR0OBBYEFP8OrCp8EabOkLpjGckKkVy/4IPcMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzc0NmUwMTExLWZhZmItNDMwZi1iNzc4LWQyMDRjZmNkOTlhOC8xODgw
MDMyNC01MTUwLTQ5ODEtYTE0NC1iZGI4MGU2YmNiN2MvYmYxM2JkMzYtNmU5My0z
ZjZjLWI3ODItM2Q0OTgwMTY3YTA2LnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy83NDZlMDExMS1m
YWZiLTQzMGYtYjc3OC1kMjA0Y2ZjZDk5YTgvMTg4MDAzMjQtNTE1MC00OTgxLWEx
NDQtYmRiODBlNmJjYjdjLzE4ODAwMzI0LTUxNTAtNDk4MS1hMTQ0LWJkYjgwZTZi
Y2I3Yy5jcmwwHwYDVR0jBBgwFoAUEWtHMzbZ6J21lhte76NAIq7eabYwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzc0NmUwMTExLWZhZmItNDMw
Zi1iNzc4LWQyMDRjZmNkOTlhOC8xODgwMDMyNC01MTUwLTQ5ODEtYTE0NC1iZGI4
MGU2YmNiN2MuY2VyMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAFxsJAwQA
rfVLAwQArfVVAwQArfVaMFQGA1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4Bggr
BgEFBQcCARYsaHR0cHM6Ly93d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3Bz
Lmh0bWwwDQYJKoZIhvcNAQELBQADggEBAE8xJ9TIuneVMj/06YT8xth5n4FR6Swz
7VfXLtc2yCwbGEguz5iQUQS4/Zm0AORQPX02R9ORKBbIaC4FvF1Pg7zF/AIzcal9
HgUxTI00tCoYtgL+F58wv9XsUf/sdXl/cdSgSUSlXBoRu75QWjM9pM8t9fWp6GL+
13NioVGwkrkwhpve1+4m6bbQ7WP95t+Eojldb0V+mU/t2fEm1pX5aHEMoHy39ICv
SLxwFDYnezAE59sS7ySHG6kdmpJiwFbbtQHl8mbv6O9h0a8Ni2KvehAp1ZJ3kJyt
vMZrAg88JKwGWhtbWrE7tqJQS3CDLNLIouYnL7iozp231Qy+qabTTwY=
-----END CERTIFICATE-----