Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/71ea89b4-ed85-463f-83d9-8453300bf2bd/40877c0c-96a8-321c-95cd-eef1b77070d4.roa
File:                     40877c0c-96a8-321c-95cd-eef1b77070d4.roa (raw, json)
Hash identifier:          2MBTFAThqWM0KvB84rdRyXCwMRlZML8XbrB05sx1kAM=
Subject key identifier:   75:49:C1:05:89:11:1D:19:46:2D:D3:54:A5:CB:03:CE:8E:03:CA:01
Certificate issuer:       /CN=71ea89b4-ed85-463f-83d9-8453300bf2bd
Certificate serial:       010D0C9F432858423A5872FC2D60D8B70378ABA0
Authority key identifier: 00:FA:28:B0:63:5E:34:0C:5A:99:8E:4A:5A:9E:34:69:3A:5A:56:62
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/71ea89b4-ed85-463f-83d9-8453300bf2bd.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/71ea89b4-ed85-463f-83d9-8453300bf2bd/40877c0c-96a8-321c-95cd-eef1b77070d4.roa
Signing time:             Thu 15 Jun 2023 13:00:18 +0000
ROA not before:           Thu 15 Jun 2023 13:00:18 +0000
ROA not after:            Wed 13 Sep 2023 13:00:18 +0000
asID:                     7862
IP address blocks:        146.23.220.0/22 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:42:3a:58:72:fc:2d:60:d8:b7:03:78:ab:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=71ea89b4-ed85-463f-83d9-8453300bf2bd
        Validity
            Not Before: Jun 15 13:00:18 2023 GMT
            Not After : Sep 13 13:00:18 2023 GMT
        Subject: CN=2a5ab866-e0e9-4449-b292-0ef427c8ba23
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:7b:af:e9:c6:e9:f8:ee:2a:08:e7:39:05:c4:
                    4f:f9:f6:f5:b0:d7:62:72:6c:6f:f3:ce:e3:11:79:
                    c3:73:13:21:3d:2c:d6:6d:ab:78:cc:90:ea:0a:3b:
                    03:6c:4e:f9:c3:1b:ad:71:b2:66:ff:ac:08:17:c1:
                    30:c3:74:bd:31:0d:a5:75:bc:d4:09:b9:63:f3:28:
                    c4:f9:3f:f6:d5:f3:8f:ac:16:d7:53:e2:6f:f8:5d:
                    a4:67:d0:dc:ba:cd:fe:ef:a5:41:3f:4f:42:a6:d1:
                    a0:fe:b2:e0:d6:a6:82:ea:7f:7f:64:7e:ed:28:66:
                    f9:a0:0e:7f:1d:26:41:e7:4f:44:fb:f1:bf:ce:86:
                    43:d7:f7:da:e6:98:6b:52:9a:62:e6:c8:61:08:31:
                    9c:9c:96:48:10:6c:b9:e6:52:18:2d:d4:ad:96:0f:
                    34:8f:1a:c8:fd:c7:f0:92:ef:b3:d5:ef:79:de:cd:
                    14:b2:aa:1d:e1:c3:33:88:de:1c:29:a3:2d:af:c1:
                    ad:6d:6b:20:93:84:0f:86:7f:61:50:24:ff:aa:bf:
                    e7:aa:9a:b1:0e:fb:05:6e:87:a1:75:9b:d7:97:f9:
                    02:e5:65:bf:56:48:a2:b0:3a:f0:0c:1c:81:ce:ae:
                    f7:0e:72:88:9c:73:b8:cc:9c:13:0e:25:dd:38:23:
                    88:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:49:C1:05:89:11:1D:19:46:2D:D3:54:A5:CB:03:CE:8E:03:CA:01
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/71ea89b4-ed85-463f-83d9-8453300bf2bd/40877c0c-96a8-321c-95cd-eef1b77070d4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/71ea89b4-ed85-463f-83d9-8453300bf2bd/71ea89b4-ed85-463f-83d9-8453300bf2bd.crl

            X509v3 Authority Key Identifier:
                keyid:00:FA:28:B0:63:5E:34:0C:5A:99:8E:4A:5A:9E:34:69:3A:5A:56:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/71ea89b4-ed85-463f-83d9-8453300bf2bd.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.23.220.0/22

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         94:5f:5f:54:16:59:ae:70:be:42:40:f9:c7:3f:7f:3a:42:a5:
         78:2d:79:4d:b1:d3:f1:25:e0:25:df:46:0b:32:3a:d7:e1:5a:
         74:a8:ce:43:ca:e8:38:b7:d5:6c:bb:ce:19:1e:e5:16:ab:c0:
         6e:1d:ec:a0:21:9c:5d:4f:07:10:57:93:72:6a:6c:0b:06:43:
         ee:d8:ad:b4:e9:67:2a:7d:c8:ed:d8:06:52:78:5a:bf:2d:52:
         c0:2b:d6:2d:5d:c3:d0:91:6e:88:64:47:3b:90:ab:8e:05:21:
         3d:1d:ae:6e:ac:e4:a2:22:ed:ff:f6:69:57:e5:4c:f6:5d:65:
         64:32:02:10:f0:c1:8e:22:2e:1d:31:38:30:cd:6c:d0:97:87:
         ce:54:8a:3d:ca:ad:f2:1c:36:cd:e2:5d:48:99:2b:79:3a:f7:
         f5:ec:ec:d9:c8:46:81:59:48:8e:68:eb:0e:01:f9:9c:44:1c:
         f1:b8:33:68:73:24:ad:05:6c:08:bd:fe:77:bc:7c:1d:a8:92:
         90:36:dd:85:03:0d:aa:aa:eb:41:d5:ed:71:94:cd:d0:ec:45:
         6f:a5:52:68:f2:ef:47:3a:7a:ec:11:35:a3:6d:f4:6a:52:41:
         25:fc:90:42:02:ab:a1:c4:9b:8f:a5:6a:ee:65:9d:4f:2e:4d:
         3a:ab:ce:aa
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWEI6WHL8LWDYtwN4q6AwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkNzFlYTg5YjQtZWQ4NS00NjNmLTgzZDktODQ1MzMwMGJm
MmJkMB4XDTIzMDYxNTEzMDAxOFoXDTIzMDkxMzEzMDAxOFowLzEtMCsGA1UEAxMk
MmE1YWI4NjYtZTBlOS00NDQ5LWIyOTItMGVmNDI3YzhiYTIzMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhHuv6cbp+O4qCOc5BcRP+fb1sNdicmxv887j
EXnDcxMhPSzWbat4zJDqCjsDbE75wxutcbJm/6wIF8Eww3S9MQ2ldbzUCblj8yjE
+T/21fOPrBbXU+Jv+F2kZ9Dcus3+76VBP09CptGg/rLg1qaC6n9/ZH7tKGb5oA5/
HSZB509E+/G/zoZD1/fa5phrUppi5shhCDGcnJZIEGy55lIYLdStlg80jxrI/cfw
ku+z1e953s0Usqod4cMziN4cKaMtr8GtbWsgk4QPhn9hUCT/qr/nqpqxDvsFboeh
dZvXl/kC5WW/VkiisDrwDByBzq73DnKInHO4zJwTDiXdOCOIawIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFHVJwQWJER0ZRi3TVKXLA86OA8oBMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzc0NmUwMTExLWZhZmItNDMwZi1iNzc4LWQyMDRjZmNkOTlhOC83MWVh
ODliNC1lZDg1LTQ2M2YtODNkOS04NDUzMzAwYmYyYmQvNDA4NzdjMGMtOTZhOC0z
MjFjLTk1Y2QtZWVmMWI3NzA3MGQ0LnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy83NDZlMDExMS1m
YWZiLTQzMGYtYjc3OC1kMjA0Y2ZjZDk5YTgvNzFlYTg5YjQtZWQ4NS00NjNmLTgz
ZDktODQ1MzMwMGJmMmJkLzcxZWE4OWI0LWVkODUtNDYzZi04M2Q5LTg0NTMzMDBi
ZjJiZC5jcmwwHwYDVR0jBBgwFoAUAPoosGNeNAxamY5KWp40aTpaVmIwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzc0NmUwMTExLWZhZmItNDMw
Zi1iNzc4LWQyMDRjZmNkOTlhOC83MWVhODliNC1lZDg1LTQ2M2YtODNkOS04NDUz
MzAwYmYyYmQuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCkhfcMFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBAJRfX1QWWa5wvkJA+cc/fzpCpXgteU2x0/El4CXfRgsyOtfhWnSozkPK
6Di31Wy7zhke5RarwG4d7KAhnF1PBxBXk3JqbAsGQ+7YrbTpZyp9yO3YBlJ4Wr8t
UsAr1i1dw9CRbohkRzuQq44FIT0drm6s5KIi7f/2aVflTPZdZWQyAhDwwY4iLh0x
ODDNbNCXh85Uij3KrfIcNs3iXUiZK3k69/Xs7NnIRoFZSI5o6w4B+ZxEHPG4M2hz
JK0FbAi9/ne8fB2okpA23YUDDaqq60HV7XGUzdDsRW+lUmjy70c6euwRNaNt9GpS
QSX8kEICq6HEm4+lau5lnU8uTTqrzqo=
-----END CERTIFICATE-----