Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/71ea89b4-ed85-463f-83d9-8453300bf2bd/e08a8341-b1f0-3f62-a1c7-067e603c0321.roa
File:                     e08a8341-b1f0-3f62-a1c7-067e603c0321.roa (raw, json)
Hash identifier:          pBYrd0WzfStBcj3tLVgMQaSpgzAaZHPjJfShHb5a7Q4=
Subject key identifier:   ED:F6:9F:3A:04:69:C5:D6:BE:6C:04:3F:43:E0:18:3A:8A:88:E9:B9
Certificate issuer:       /CN=71ea89b4-ed85-463f-83d9-8453300bf2bd
Certificate serial:       010D0C9F432858423A5871FF0BCA2FAE06DA6280
Authority key identifier: 00:FA:28:B0:63:5E:34:0C:5A:99:8E:4A:5A:9E:34:69:3A:5A:56:62
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/71ea89b4-ed85-463f-83d9-8453300bf2bd.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/71ea89b4-ed85-463f-83d9-8453300bf2bd/e08a8341-b1f0-3f62-a1c7-067e603c0321.roa
Signing time:             Thu 15 Jun 2023 13:00:18 +0000
ROA not before:           Thu 15 Jun 2023 13:00:18 +0000
ROA not after:            Wed 13 Sep 2023 13:00:18 +0000
asID:                     7862
IP address blocks:        144.5.60.0/23 maxlen: 24
                          146.23.208.0/22 maxlen: 24
                          146.23.212.0/22 maxlen: 24
                          146.23.216.0/22 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:42:3a:58:71:ff:0b:ca:2f:ae:06:da:62:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=71ea89b4-ed85-463f-83d9-8453300bf2bd
        Validity
            Not Before: Jun 15 13:00:18 2023 GMT
            Not After : Sep 13 13:00:18 2023 GMT
        Subject: CN=26eaa6c2-7870-4833-9343-0ebd405fddb2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:f9:ce:0f:82:a6:3d:cf:c8:de:01:f4:61:d1:
                    e7:eb:da:9f:4f:2c:95:10:1a:e4:72:5d:16:18:80:
                    e9:52:83:27:27:21:a2:e7:98:ed:6e:c0:b1:b5:80:
                    cf:28:eb:fb:39:cf:6a:dc:8c:ac:9c:c5:de:26:5c:
                    51:80:f6:f1:c3:05:37:54:2e:5a:21:18:4e:a1:d6:
                    32:41:27:55:e0:14:a6:85:88:7e:9d:78:d9:b7:a9:
                    3c:98:3f:35:ff:dd:4b:ec:c4:49:36:7d:59:5e:bf:
                    a2:a0:b6:96:e0:a9:bc:6e:ed:8f:92:4b:89:2e:f9:
                    b5:eb:68:cf:3d:09:9d:f6:c4:52:ef:c8:3a:5e:92:
                    ad:5a:4b:8d:a1:0f:aa:4e:1b:6d:11:26:d0:e1:fb:
                    ec:c7:64:f5:59:da:d8:0b:3e:f4:3a:42:e0:e7:1b:
                    4d:6d:34:6e:b2:6d:3f:f5:16:b1:18:b6:f6:59:fb:
                    8b:9a:f0:0c:e0:52:d5:0c:bc:d0:9c:8b:2e:91:44:
                    74:f7:a5:1c:14:8d:df:40:6e:c1:07:91:a5:e1:c8:
                    1f:41:3c:bf:69:e8:38:9f:49:0b:00:ef:a9:ce:ae:
                    e7:27:5d:7b:2a:81:56:3e:24:fb:14:12:0c:b3:24:
                    ee:cc:08:b5:2a:44:36:3f:53:51:6f:57:ec:17:b3:
                    1b:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:F6:9F:3A:04:69:C5:D6:BE:6C:04:3F:43:E0:18:3A:8A:88:E9:B9
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/71ea89b4-ed85-463f-83d9-8453300bf2bd/e08a8341-b1f0-3f62-a1c7-067e603c0321.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/71ea89b4-ed85-463f-83d9-8453300bf2bd/71ea89b4-ed85-463f-83d9-8453300bf2bd.crl

            X509v3 Authority Key Identifier:
                keyid:00:FA:28:B0:63:5E:34:0C:5A:99:8E:4A:5A:9E:34:69:3A:5A:56:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/71ea89b4-ed85-463f-83d9-8453300bf2bd.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  144.5.60.0/23
                  146.23.208.0-146.23.219.255

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         81:41:1e:73:cb:ee:a7:29:ba:5f:9d:1c:ed:0d:af:d1:1c:ac:
         8d:df:4c:ea:9f:8d:58:12:cd:d2:19:fb:32:4f:c1:b4:69:c0:
         d0:be:8c:90:1f:0c:d5:62:a1:8e:ca:54:6b:5d:ff:b2:47:dd:
         a2:69:3b:1c:de:9b:0e:0e:7c:7a:f6:4e:b3:ab:90:3c:f4:f4:
         0f:2f:dd:39:83:60:ab:46:c0:00:b6:b6:f3:01:fa:8c:44:56:
         e3:a8:8e:c0:06:9c:c9:0f:6c:7e:ea:9a:98:5d:6b:5b:68:3e:
         cb:ba:e8:72:b2:dd:d9:58:cb:81:ac:f0:86:4d:8c:04:ab:63:
         d0:7e:8b:4a:12:9b:eb:33:70:c7:83:d7:26:ce:d4:c3:35:37:
         89:ec:37:7d:1a:f9:c2:6a:77:8e:9c:44:20:fe:d3:6d:c5:19:
         fa:87:d3:43:91:d8:f9:68:22:32:67:cd:96:ef:e3:9e:52:2e:
         26:c5:8e:88:0f:37:f4:37:c1:29:b4:b3:a0:0c:6c:2e:ef:60:
         52:26:f3:10:e9:b0:5c:0e:e7:be:7f:8b:dc:64:48:ab:eb:a0:
         89:24:76:a9:29:16:7d:30:a6:9a:4b:ff:e1:59:49:0a:d3:91:
         70:0b:af:7b:07:6e:6a:29:51:0e:90:a3:9d:e3:cd:6f:41:76:
         9d:c0:ad:95
-----BEGIN CERTIFICATE-----
MIIGUTCCBTmgAwIBAgIUAQ0Mn0MoWEI6WHH/C8ovrgbaYoAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkNzFlYTg5YjQtZWQ4NS00NjNmLTgzZDktODQ1MzMwMGJm
MmJkMB4XDTIzMDYxNTEzMDAxOFoXDTIzMDkxMzEzMDAxOFowLzEtMCsGA1UEAxMk
MjZlYWE2YzItNzg3MC00ODMzLTkzNDMtMGViZDQwNWZkZGIyMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgPnOD4KmPc/I3gH0YdHn69qfTyyVEBrkcl0W
GIDpUoMnJyGi55jtbsCxtYDPKOv7Oc9q3IysnMXeJlxRgPbxwwU3VC5aIRhOodYy
QSdV4BSmhYh+nXjZt6k8mD81/91L7MRJNn1ZXr+ioLaW4Km8bu2PkkuJLvm162jP
PQmd9sRS78g6XpKtWkuNoQ+qThttESbQ4fvsx2T1WdrYCz70OkLg5xtNbTRusm0/
9RaxGLb2WfuLmvAM4FLVDLzQnIsukUR096UcFI3fQG7BB5Gl4cgfQTy/aeg4n0kL
AO+pzq7nJ117KoFWPiT7FBIMsyTuzAi1KkQ2P1NRb1fsF7Mb8QIDAQABo4IDYzCC
A18wHQYDVR0OBBYEFO32nzoEacXWvmwEP0PgGDqKiOm5MIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzc0NmUwMTExLWZhZmItNDMwZi1iNzc4LWQyMDRjZmNkOTlhOC83MWVh
ODliNC1lZDg1LTQ2M2YtODNkOS04NDUzMzAwYmYyYmQvZTA4YTgzNDEtYjFmMC0z
ZjYyLWExYzctMDY3ZTYwM2MwMzIxLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy83NDZlMDExMS1m
YWZiLTQzMGYtYjc3OC1kMjA0Y2ZjZDk5YTgvNzFlYTg5YjQtZWQ4NS00NjNmLTgz
ZDktODQ1MzMwMGJmMmJkLzcxZWE4OWI0LWVkODUtNDYzZi04M2Q5LTg0NTMzMDBi
ZjJiZC5jcmwwHwYDVR0jBBgwFoAUAPoosGNeNAxamY5KWp40aTpaVmIwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzc0NmUwMTExLWZhZmItNDMw
Zi1iNzc4LWQyMDRjZmNkOTlhOC83MWVhODliNC1lZDg1LTQ2M2YtODNkOS04NDUz
MzAwYmYyYmQuY2VyMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQBkAU8MAwD
BASSF9ADBAKSF9gwVAYDVR0gAQH/BEowSDBGBggrBgEFBQcOAjA6MDgGCCsGAQUF
BwIBFixodHRwczovL3d3dy5hcmluLm5ldC9yZXNvdXJjZXMvcnBraS9jcHMuaHRt
bDANBgkqhkiG9w0BAQsFAAOCAQEAgUEec8vupym6X50c7Q2v0Rysjd9M6p+NWBLN
0hn7Mk/BtGnA0L6MkB8M1WKhjspUa13/skfdomk7HN6bDg58evZOs6uQPPT0Dy/d
OYNgq0bAALa28wH6jERW46iOwAacyQ9sfuqamF1rW2g+y7rocrLd2VjLgazwhk2M
BKtj0H6LShKb6zNwx4PXJs7UwzU3iew3fRr5wmp3jpxEIP7TbcUZ+ofTQ5HY+Wgi
MmfNlu/jnlIuJsWOiA839DfBKbSzoAxsLu9gUibzEOmwXA7nvn+L3GRIq+ugiSR2
qSkWfTCmmkv/4VlJCtORcAuvewduailRDpCjnePNb0F2ncCtlQ==
-----END CERTIFICATE-----