Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/1380a44d-7851-4eb6-8887-413917dcdc12/d0e6b9fd-5872-33fa-8ccc-9004b4a1a849.roa
File:                     d0e6b9fd-5872-33fa-8ccc-9004b4a1a849.roa (raw, json)
Hash identifier:          VEVIAZ/wkMNlpJ25woeYCi6XVKxYZNuX0SwKJ4/ywKk=
Subject key identifier:   1C:5E:F1:56:23:2F:4E:09:0B:8B:21:7E:DF:7C:73:3C:B2:9C:96:C3
Certificate issuer:       /CN=1380a44d-7851-4eb6-8887-413917dcdc12
Certificate serial:       010D0C9F43285841FCED6A9D5C5D30663B83CF00
Authority key identifier: 6C:37:E1:61:68:B4:CF:88:64:11:CB:68:E9:4A:65:72:4A:96:54:93
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/1380a44d-7851-4eb6-8887-413917dcdc12.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/1380a44d-7851-4eb6-8887-413917dcdc12/d0e6b9fd-5872-33fa-8ccc-9004b4a1a849.roa
Signing time:             Wed 24 May 2023 13:00:18 +0000
ROA not before:           Wed 24 May 2023 13:00:18 +0000
ROA not after:            Tue 22 Aug 2023 13:00:18 +0000
asID:                     132369
IP address blocks:        64.78.160.0/20 maxlen: 24
                          199.101.116.0/22 maxlen: 24
                          162.222.164.0/22 maxlen: 24
                          2607:8680::/32 maxlen: 64

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:41:fc:ed:6a:9d:5c:5d:30:66:3b:83:cf:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1380a44d-7851-4eb6-8887-413917dcdc12
        Validity
            Not Before: May 24 13:00:18 2023 GMT
            Not After : Aug 22 13:00:18 2023 GMT
        Subject: CN=6e109395-05e5-4474-83ac-0ac8dd1d33bc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:66:93:a5:a7:43:08:fc:fc:4a:d5:79:f7:50:
                    6b:3b:5f:b4:4e:cd:4c:09:f6:08:88:6a:aa:0c:53:
                    36:68:b1:41:b6:c0:05:1c:fa:2e:6b:e0:ab:35:03:
                    fd:68:a2:78:ac:2c:5e:ea:84:bd:a9:19:e0:6d:f0:
                    f2:d2:a4:62:83:ae:a7:4d:6e:01:47:ca:e7:23:d3:
                    e7:a3:2e:d3:81:2e:00:d5:9c:b8:7d:6e:3a:54:7a:
                    2a:37:cb:ee:fe:f3:8c:16:23:a8:fb:79:7d:b4:85:
                    01:28:60:03:e1:23:36:2e:3c:15:c7:a0:88:f0:bc:
                    de:9d:f3:58:ee:9d:fa:a1:b0:6b:c1:42:e4:05:aa:
                    27:a5:5a:da:bb:6e:ca:d6:9f:b5:9f:6d:29:6d:82:
                    8c:72:24:44:5a:a7:77:67:bc:89:34:a9:66:29:5d:
                    c2:ec:c0:82:7e:96:4e:df:18:73:29:c6:c8:46:5e:
                    63:d9:28:a3:cd:ce:3c:e3:00:4b:74:76:b5:0e:68:
                    c4:5c:ff:2a:51:0d:86:ad:15:de:1e:cd:4f:62:a7:
                    6d:d9:42:36:10:86:52:d3:73:11:07:98:32:25:1c:
                    64:45:98:1f:86:b0:f6:e5:20:89:0e:48:b6:d5:b4:
                    5a:08:4d:c5:17:e7:b2:ac:03:65:92:d2:1d:16:35:
                    fd:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:5E:F1:56:23:2F:4E:09:0B:8B:21:7E:DF:7C:73:3C:B2:9C:96:C3
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/1380a44d-7851-4eb6-8887-413917dcdc12/d0e6b9fd-5872-33fa-8ccc-9004b4a1a849.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/1380a44d-7851-4eb6-8887-413917dcdc12/1380a44d-7851-4eb6-8887-413917dcdc12.crl

            X509v3 Authority Key Identifier:
                keyid:6C:37:E1:61:68:B4:CF:88:64:11:CB:68:E9:4A:65:72:4A:96:54:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/1380a44d-7851-4eb6-8887-413917dcdc12.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.78.160.0/20
                  162.222.164.0/22
                  199.101.116.0/22
                IPv6:
                  2607:8680::/32

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         a0:1f:31:ac:36:1f:60:9a:22:37:de:82:5a:0f:fa:af:5c:41:
         eb:0a:10:b0:d5:e9:b0:c7:58:31:05:c7:04:4e:09:fe:90:af:
         8c:0f:c6:ed:d8:1e:4d:55:41:0e:92:67:b2:d8:2a:9c:fc:eb:
         4a:f1:99:78:2e:99:fa:98:1a:23:5f:b6:a6:f0:98:40:d3:d7:
         da:a0:37:21:7f:43:10:b7:c5:4a:3f:da:ff:a0:fd:42:6c:1d:
         b6:ff:7b:27:02:9a:66:54:58:7c:f6:ec:70:dd:83:02:f6:9c:
         68:6e:25:78:28:25:76:a7:b5:a2:75:bd:72:40:80:30:c0:52:
         95:1a:b8:09:2e:96:dd:33:a5:1c:d4:0a:7b:11:f1:fa:86:17:
         4e:6c:41:73:34:30:e5:c6:db:07:f7:9a:10:15:6c:01:25:17:
         47:69:97:32:f1:0c:5f:9d:d0:c6:26:39:92:51:53:97:1d:73:
         23:22:44:93:f0:c3:d8:a9:a2:6c:ae:27:11:b0:a3:de:2d:69:
         5c:ad:27:27:9e:d9:11:c5:d8:c5:f8:e6:6b:d1:79:a2:05:60:
         de:3e:77:11:e4:2e:52:24:31:a0:9f:ef:ea:ff:44:79:d8:8c:
         d9:e5:39:2f:4c:6d:ee:1c:91:c4:ae:a5:d8:72:c0:42:08:2a:
         31:a4:15:93
-----BEGIN CERTIFICATE-----
MIIGXjCCBUagAwIBAgIUAQ0Mn0MoWEH87WqdXF0wZjuDzwAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkMTM4MGE0NGQtNzg1MS00ZWI2LTg4ODctNDEzOTE3ZGNk
YzEyMB4XDTIzMDUyNDEzMDAxOFoXDTIzMDgyMjEzMDAxOFowLzEtMCsGA1UEAxMk
NmUxMDkzOTUtMDVlNS00NDc0LTgzYWMtMGFjOGRkMWQzM2JjMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6GaTpadDCPz8StV591BrO1+0Ts1MCfYIiGqq
DFM2aLFBtsAFHPoua+CrNQP9aKJ4rCxe6oS9qRngbfDy0qRig66nTW4BR8rnI9Pn
oy7TgS4A1Zy4fW46VHoqN8vu/vOMFiOo+3l9tIUBKGAD4SM2LjwVx6CI8LzenfNY
7p36obBrwULkBaonpVrau27K1p+1n20pbYKMciREWqd3Z7yJNKlmKV3C7MCCfpZO
3xhzKcbIRl5j2Sijzc484wBLdHa1DmjEXP8qUQ2GrRXeHs1PYqdt2UI2EIZS03MR
B5gyJRxkRZgfhrD25SCJDki21bRaCE3FF+eyrANlktIdFjX9hwIDAQABo4IDcDCC
A2wwHQYDVR0OBBYEFBxe8VYjL04JC4shft98czyynJbDMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzc2ZmUxMWQ0LWQzNTItNDk5NC04ZjZjLWQ2YzkxYjBiODQxNS8xMzgw
YTQ0ZC03ODUxLTRlYjYtODg4Ny00MTM5MTdkY2RjMTIvZDBlNmI5ZmQtNTg3Mi0z
M2ZhLThjY2MtOTAwNGI0YTFhODQ5LnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy83NmZlMTFkNC1k
MzUyLTQ5OTQtOGY2Yy1kNmM5MWIwYjg0MTUvMTM4MGE0NGQtNzg1MS00ZWI2LTg4
ODctNDEzOTE3ZGNkYzEyLzEzODBhNDRkLTc4NTEtNGViNi04ODg3LTQxMzkxN2Rj
ZGMxMi5jcmwwHwYDVR0jBBgwFoAUbDfhYWi0z4hkEcto6UplckqWVJMwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzc2ZmUxMWQ0LWQzNTItNDk5
NC04ZjZjLWQ2YzkxYjBiODQxNS8xMzgwYTQ0ZC03ODUxLTRlYjYtODg4Ny00MTM5
MTdkY2RjMTIuY2VyMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQEQE6gAwQC
ot6kAwQCx2V0MA0EAgACMAcDBQAmB4aAMFQGA1UdIAEB/wRKMEgwRgYIKwYBBQUH
DgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93d3cuYXJpbi5uZXQvcmVzb3VyY2Vz
L3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQELBQADggEBAKAfMaw2H2CaIjfegloP
+q9cQesKELDV6bDHWDEFxwROCf6Qr4wPxu3YHk1VQQ6SZ7LYKpz860rxmXgumfqY
GiNftqbwmEDT19qgNyF/QxC3xUo/2v+g/UJsHbb/eycCmmZUWHz27HDdgwL2nGhu
JXgoJXantaJ1vXJAgDDAUpUauAkult0zpRzUCnsR8fqGF05sQXM0MOXG2wf3mhAV
bAElF0dplzLxDF+d0MYmOZJRU5cdcyMiRJPww9ipomyuJxGwo94taVytJyee2RHF
2MX45mvReaIFYN4+dxHkLlIkMaCf7+r/RHnYjNnlOS9Mbe4ckcSupdhywEIIKjGk
FZM=
-----END CERTIFICATE-----