Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/1380a44d-7851-4eb6-8887-413917dcdc12/d1879fb8-b270-3373-a55c-0c77f7469889.roa
File:                     d1879fb8-b270-3373-a55c-0c77f7469889.roa (raw, json)
Hash identifier:          An7YjbpAUXEGsTfKtwGXGDOkEdWmY8LprRvW9DKZtnM=
Subject key identifier:   B3:9A:2F:D5:A1:9D:18:46:AB:A4:56:B8:E7:BC:0E:D6:1E:BF:34:F4
Certificate issuer:       /CN=1380a44d-7851-4eb6-8887-413917dcdc12
Certificate serial:       010D0C9F43285841FCED6A7287A40C964F3D6940
Authority key identifier: 6C:37:E1:61:68:B4:CF:88:64:11:CB:68:E9:4A:65:72:4A:96:54:93
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/1380a44d-7851-4eb6-8887-413917dcdc12.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/1380a44d-7851-4eb6-8887-413917dcdc12/d1879fb8-b270-3373-a55c-0c77f7469889.roa
Signing time:             Wed 24 May 2023 13:00:18 +0000
ROA not before:           Wed 24 May 2023 13:00:18 +0000
ROA not after:            Tue 22 Aug 2023 13:00:18 +0000
asID:                     31972
IP address blocks:        162.222.164.0/22 maxlen: 24
                          64.78.160.0/20 maxlen: 24
                          199.101.116.0/22 maxlen: 24
                          2607:8680::/32 maxlen: 64

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:41:fc:ed:6a:72:87:a4:0c:96:4f:3d:69:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1380a44d-7851-4eb6-8887-413917dcdc12
        Validity
            Not Before: May 24 13:00:18 2023 GMT
            Not After : Aug 22 13:00:18 2023 GMT
        Subject: CN=4c035918-ab18-4bf0-9985-b5d8a51f2193
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:2c:4e:16:54:46:e3:7c:99:18:3c:6a:58:9a:
                    81:53:48:bb:1a:31:88:49:b8:5c:52:9e:63:64:a9:
                    3b:92:8b:09:ef:6f:44:e8:d7:9b:2e:22:2d:24:24:
                    2b:c5:c9:51:ef:e7:57:1b:95:63:45:c2:b4:4f:64:
                    a4:c1:fd:85:67:1f:5f:33:75:fc:e4:96:89:d4:fc:
                    2b:66:01:23:46:58:3b:2f:8a:46:dc:d2:2a:7e:aa:
                    7c:5d:e2:79:10:68:95:a8:6c:73:0f:cf:e9:db:5f:
                    d7:d2:7c:34:53:50:2a:78:2d:a2:4e:8c:82:55:1e:
                    7d:1c:6e:26:39:e0:38:d1:29:31:90:0e:23:cd:66:
                    c5:1b:9c:a0:ef:fd:57:c7:64:dc:69:41:13:68:c7:
                    b1:b9:de:e4:b6:3d:c5:ee:71:2f:c7:e8:f8:26:de:
                    45:09:3f:1a:58:eb:03:37:78:e1:ed:9c:48:45:98:
                    4c:00:17:58:57:3e:99:f2:a8:c9:bd:a6:46:4c:ea:
                    6d:89:1f:09:e2:18:b4:a2:9b:63:ff:06:43:d1:91:
                    f4:23:ff:da:cf:3a:3e:03:94:96:a9:67:eb:eb:b7:
                    1b:5d:76:98:23:63:81:ba:00:16:cc:8b:75:67:54:
                    fc:13:9b:96:cb:4b:d0:4d:d9:b9:d7:f2:c9:73:d8:
                    f3:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:9A:2F:D5:A1:9D:18:46:AB:A4:56:B8:E7:BC:0E:D6:1E:BF:34:F4
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/1380a44d-7851-4eb6-8887-413917dcdc12/d1879fb8-b270-3373-a55c-0c77f7469889.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/1380a44d-7851-4eb6-8887-413917dcdc12/1380a44d-7851-4eb6-8887-413917dcdc12.crl

            X509v3 Authority Key Identifier:
                keyid:6C:37:E1:61:68:B4:CF:88:64:11:CB:68:E9:4A:65:72:4A:96:54:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/1380a44d-7851-4eb6-8887-413917dcdc12.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.78.160.0/20
                  162.222.164.0/22
                  199.101.116.0/22
                IPv6:
                  2607:8680::/32

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         84:69:be:7e:47:25:eb:92:92:3b:49:2d:3c:80:9c:fb:34:f5:
         c7:a5:d7:f9:a8:93:1b:0b:97:72:9c:76:43:65:ed:67:62:bf:
         95:7a:a3:d5:9a:9a:8d:8f:c3:35:1a:aa:9c:8b:e2:bd:44:11:
         93:be:70:21:e0:11:8e:71:38:34:f3:15:af:c8:de:6c:3f:02:
         31:63:49:15:10:19:42:e3:ef:49:b7:dd:ef:61:13:69:06:1d:
         41:a9:cb:9b:d3:e8:d1:5e:9c:2d:09:71:eb:de:6a:da:3a:31:
         c3:5e:87:55:72:eb:4c:12:c6:45:d3:29:d4:67:97:c6:3c:ae:
         32:c2:aa:77:37:a5:32:d7:7f:bb:89:9c:e1:a1:c8:92:0e:c9:
         8d:e6:43:8e:9b:e0:19:70:21:d4:f4:41:2a:ba:22:39:d2:73:
         d4:61:63:5a:27:ab:91:5e:58:29:fc:e7:fc:ef:68:8a:d8:27:
         2f:91:ce:42:68:fc:39:be:fb:90:4c:6c:fc:fd:34:b1:fd:d1:
         36:ee:50:49:00:64:12:81:c4:da:77:d5:21:7d:51:62:7a:1d:
         40:68:81:ea:61:81:b6:c9:9a:3f:df:2c:49:9a:1b:f3:32:c9:
         e0:3e:23:38:f6:e4:3a:d6:99:b3:ad:f2:82:36:74:a5:58:27:
         e7:f8:59:28
-----BEGIN CERTIFICATE-----
MIIGXjCCBUagAwIBAgIUAQ0Mn0MoWEH87Wpyh6QMlk89aUAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkMTM4MGE0NGQtNzg1MS00ZWI2LTg4ODctNDEzOTE3ZGNk
YzEyMB4XDTIzMDUyNDEzMDAxOFoXDTIzMDgyMjEzMDAxOFowLzEtMCsGA1UEAxMk
NGMwMzU5MTgtYWIxOC00YmYwLTk5ODUtYjVkOGE1MWYyMTkzMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgyxOFlRG43yZGDxqWJqBU0i7GjGISbhcUp5j
ZKk7kosJ729E6NebLiItJCQrxclR7+dXG5VjRcK0T2Skwf2FZx9fM3X85JaJ1Pwr
ZgEjRlg7L4pG3NIqfqp8XeJ5EGiVqGxzD8/p21/X0nw0U1AqeC2iToyCVR59HG4m
OeA40SkxkA4jzWbFG5yg7/1Xx2TcaUETaMexud7ktj3F7nEvx+j4Jt5FCT8aWOsD
N3jh7ZxIRZhMABdYVz6Z8qjJvaZGTOptiR8J4hi0optj/wZD0ZH0I//azzo+A5SW
qWfr67cbXXaYI2OBugAWzIt1Z1T8E5uWy0vQTdm51/LJc9jz3QIDAQABo4IDcDCC
A2wwHQYDVR0OBBYEFLOaL9WhnRhGq6RWuOe8DtYevzT0MIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzc2ZmUxMWQ0LWQzNTItNDk5NC04ZjZjLWQ2YzkxYjBiODQxNS8xMzgw
YTQ0ZC03ODUxLTRlYjYtODg4Ny00MTM5MTdkY2RjMTIvZDE4NzlmYjgtYjI3MC0z
MzczLWE1NWMtMGM3N2Y3NDY5ODg5LnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy83NmZlMTFkNC1k
MzUyLTQ5OTQtOGY2Yy1kNmM5MWIwYjg0MTUvMTM4MGE0NGQtNzg1MS00ZWI2LTg4
ODctNDEzOTE3ZGNkYzEyLzEzODBhNDRkLTc4NTEtNGViNi04ODg3LTQxMzkxN2Rj
ZGMxMi5jcmwwHwYDVR0jBBgwFoAUbDfhYWi0z4hkEcto6UplckqWVJMwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzc2ZmUxMWQ0LWQzNTItNDk5
NC04ZjZjLWQ2YzkxYjBiODQxNS8xMzgwYTQ0ZC03ODUxLTRlYjYtODg4Ny00MTM5
MTdkY2RjMTIuY2VyMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQEQE6gAwQC
ot6kAwQCx2V0MA0EAgACMAcDBQAmB4aAMFQGA1UdIAEB/wRKMEgwRgYIKwYBBQUH
DgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93d3cuYXJpbi5uZXQvcmVzb3VyY2Vz
L3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQELBQADggEBAIRpvn5HJeuSkjtJLTyA
nPs09cel1/mokxsLl3KcdkNl7Wdiv5V6o9Wamo2PwzUaqpyL4r1EEZO+cCHgEY5x
ODTzFa/I3mw/AjFjSRUQGULj70m33e9hE2kGHUGpy5vT6NFenC0Jceveato6McNe
h1Vy60wSxkXTKdRnl8Y8rjLCqnc3pTLXf7uJnOGhyJIOyY3mQ46b4BlwIdT0QSq6
IjnSc9RhY1onq5FeWCn85/zvaIrYJy+RzkJo/Dm++5BMbPz9NLH90TbuUEkAZBKB
xNp31SF9UWJ6HUBogephgbbJmj/fLEmaG/MyyeA+Izj25DrWmbOt8oI2dKVYJ+f4
WSg=
-----END CERTIFICATE-----