Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/fb1fa7e8-0899-3a22-a150-850f00319ea6.roa
File:                     fb1fa7e8-0899-3a22-a150-850f00319ea6.roa (raw, json)
Hash identifier:          UrIWOuyV0HNRHKiU1hCB2bdtKk1fH3T/UlwzVXXGI7E=
Subject key identifier:   37:67:75:CC:8E:BD:48:2E:E2:8D:C0:76:7A:07:76:62:18:1D:EA:30
Certificate issuer:       /CN=18800324-5150-4981-a144-bdb80e6bcb7c
Certificate serial:       010D0C9F4328584585733170B619CB1C550B9960
Authority key identifier: 11:6B:47:33:36:D9:E8:9D:B5:96:1B:5E:EF:A3:40:22:AE:DE:69:B6
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/fb1fa7e8-0899-3a22-a150-850f00319ea6.roa
Signing time:             Fri 12 Apr 2024 13:00:34 +0000
ROA not before:           Fri 12 Apr 2024 13:00:34 +0000
ROA not after:            Thu 11 Jul 2024 13:00:34 +0000
asID:                     149440
IP address blocks:        166.88.77.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:45:85:73:31:70:b6:19:cb:1c:55:0b:99:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18800324-5150-4981-a144-bdb80e6bcb7c
        Validity
            Not Before: Apr 12 13:00:34 2024 GMT
            Not After : Jul 11 13:00:34 2024 GMT
        Subject: CN=8d58ecba-0a41-46cf-b6d5-0b9045e64ddc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:16:92:de:cc:2b:7e:fd:bd:5c:4e:60:26:b0:
                    6c:4b:10:91:7b:93:9f:13:59:bb:ef:27:33:ff:ba:
                    1e:5f:aa:c7:b9:9f:81:e6:5f:b5:fe:e2:1e:bd:ce:
                    f9:e1:f9:b9:ba:fc:74:8f:87:fb:71:b3:3e:b7:74:
                    9d:71:49:4a:59:51:99:d0:d6:c0:fa:e3:38:d3:f6:
                    9f:f9:58:d4:52:33:9c:1e:42:0e:ac:96:69:7d:b4:
                    94:2a:74:84:6a:dc:7b:fe:2d:b1:d2:0a:19:e5:3a:
                    9c:0a:ff:be:d5:0e:7c:a5:9d:bb:30:91:9e:12:c1:
                    89:8c:e5:df:bd:40:7b:d8:d6:25:83:1b:8a:4c:14:
                    c5:90:9c:2e:80:de:0d:58:4a:70:47:ab:b4:ff:6d:
                    ce:64:56:cc:c1:f0:7e:ff:b3:03:f1:c2:85:a7:cc:
                    fb:d2:f6:18:ba:bd:0c:52:ff:46:4e:50:1e:d0:be:
                    25:88:5b:9f:a3:80:2d:88:d7:2a:3d:01:07:df:19:
                    76:1b:aa:89:84:ea:cd:76:47:e5:b4:78:4f:42:01:
                    68:79:c3:14:8d:8b:09:35:dd:c6:7e:02:b0:66:33:
                    37:3a:3d:ce:00:a7:3b:4c:f7:57:74:31:94:b8:f7:
                    d9:d3:ea:95:bd:e2:b7:63:cc:b2:b9:f0:34:5a:41:
                    fe:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:67:75:CC:8E:BD:48:2E:E2:8D:C0:76:7A:07:76:62:18:1D:EA:30
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/fb1fa7e8-0899-3a22-a150-850f00319ea6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c/18800324-5150-4981-a144-bdb80e6bcb7c.crl

            X509v3 Authority Key Identifier:
                keyid:11:6B:47:33:36:D9:E8:9D:B5:96:1B:5E:EF:A3:40:22:AE:DE:69:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/18800324-5150-4981-a144-bdb80e6bcb7c.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  166.88.77.0/24

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         03:ba:e5:81:a2:ed:75:c2:2e:49:a4:39:4d:ce:63:dc:1a:60:
         c5:8e:07:bd:05:7d:df:5e:d4:26:a0:cb:67:70:38:27:53:52:
         a8:ff:e0:26:ac:9c:eb:ce:ff:b4:d7:a2:4a:08:89:5e:85:d3:
         20:7c:32:66:62:e0:b3:c5:3a:40:4b:2f:0e:8c:90:2e:5d:9b:
         d5:73:af:8b:a2:1b:5f:fb:7b:4f:6d:6c:9e:7f:0b:99:40:44:
         69:5d:73:e0:19:68:84:61:21:00:44:5f:90:6a:69:47:a9:1c:
         f2:d1:41:6a:3a:13:d3:cb:e0:5c:8d:85:d2:46:2f:1e:5d:fb:
         ad:38:aa:6b:9c:e9:cd:08:b0:31:8e:5a:57:05:6e:76:30:a8:
         e2:fe:a1:94:2b:79:dd:0f:84:1b:78:fb:1d:0e:76:34:85:55:
         29:94:cc:e0:e9:24:18:a5:db:71:6d:31:41:00:00:05:a0:5e:
         1a:7b:63:e4:d6:58:e4:32:26:0d:ee:51:47:c9:ec:42:55:7f:
         80:95:d8:6f:16:4e:e8:1e:64:8f:ab:c3:ff:45:d2:8d:b1:39:
         6c:50:f8:2d:38:e6:af:ad:a0:c3:df:8a:b8:9b:02:60:b3:ae:
         8e:b7:9c:a2:9b:cc:9b:4a:b0:fd:c0:8f:65:8b:f9:22:a8:87:
         04:b2:87:a8
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWEWFczFwthnLHFULmWAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkMTg4MDAzMjQtNTE1MC00OTgxLWExNDQtYmRiODBlNmJj
YjdjMB4XDTI0MDQxMjEzMDAzNFoXDTI0MDcxMTEzMDAzNFowLzEtMCsGA1UEAxMk
OGQ1OGVjYmEtMGE0MS00NmNmLWI2ZDUtMGI5MDQ1ZTY0ZGRjMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjRaS3swrfv29XE5gJrBsSxCRe5OfE1m77ycz
/7oeX6rHuZ+B5l+1/uIevc754fm5uvx0j4f7cbM+t3SdcUlKWVGZ0NbA+uM40/af
+VjUUjOcHkIOrJZpfbSUKnSEatx7/i2x0goZ5TqcCv++1Q58pZ27MJGeEsGJjOXf
vUB72NYlgxuKTBTFkJwugN4NWEpwR6u0/23OZFbMwfB+/7MD8cKFp8z70vYYur0M
Uv9GTlAe0L4liFufo4AtiNcqPQEH3xl2G6qJhOrNdkfltHhPQgFoecMUjYsJNd3G
fgKwZjM3Oj3OAKc7TPdXdDGUuPfZ0+qVveK3Y8yyufA0WkH+RQIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFDdndcyOvUgu4o3AdnoHdmIYHeowMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzc0NmUwMTExLWZhZmItNDMwZi1iNzc4LWQyMDRjZmNkOTlhOC8xODgw
MDMyNC01MTUwLTQ5ODEtYTE0NC1iZGI4MGU2YmNiN2MvZmIxZmE3ZTgtMDg5OS0z
YTIyLWExNTAtODUwZjAwMzE5ZWE2LnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy83NDZlMDExMS1m
YWZiLTQzMGYtYjc3OC1kMjA0Y2ZjZDk5YTgvMTg4MDAzMjQtNTE1MC00OTgxLWEx
NDQtYmRiODBlNmJjYjdjLzE4ODAwMzI0LTUxNTAtNDk4MS1hMTQ0LWJkYjgwZTZi
Y2I3Yy5jcmwwHwYDVR0jBBgwFoAUEWtHMzbZ6J21lhte76NAIq7eabYwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzc0NmUwMTExLWZhZmItNDMw
Zi1iNzc4LWQyMDRjZmNkOTlhOC8xODgwMDMyNC01MTUwLTQ5ODEtYTE0NC1iZGI4
MGU2YmNiN2MuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAplhNMFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBAAO65YGi7XXCLkmkOU3OY9waYMWOB70Ffd9e1Cagy2dwOCdTUqj/4Cas
nOvO/7TXokoIiV6F0yB8MmZi4LPFOkBLLw6MkC5dm9Vzr4uiG1/7e09tbJ5/C5lA
RGldc+AZaIRhIQBEX5BqaUepHPLRQWo6E9PL4FyNhdJGLx5d+604qmuc6c0IsDGO
WlcFbnYwqOL+oZQred0PhBt4+x0OdjSFVSmUzODpJBil23FtMUEAAAWgXhp7Y+TW
WOQyJg3uUUfJ7EJVf4CV2G8WTugeZI+rw/9F0o2xOWxQ+C045q+toMPfiribAmCz
ro63nKKbzJtKsP3Aj2WL+SKohwSyh6g=
-----END CERTIFICATE-----