Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/6d91ccc1-4217-4cde-9687-260a5f00361b/77bf89b6-82cb-3170-93e5-43809fad2f74.roa
File:                     77bf89b6-82cb-3170-93e5-43809fad2f74.roa (raw, json)
Hash identifier:          1BTeCixzxdzsOYblMoSW5u4AdaWyM7/9pMr5wiQdue0=
Subject key identifier:   16:6C:6E:98:AB:C3:58:42:31:CD:C0:71:F2:6F:3D:B2:D2:D9:28:E8
Certificate issuer:       /CN=6d91ccc1-4217-4cde-9687-260a5f00361b
Certificate serial:       010D0C9F43285842097D71FED1C554306D2EC280
Authority key identifier: 76:6C:6F:7C:28:EC:36:26:94:51:BF:D2:7A:7E:99:56:29:22:9A:FC
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/6d91ccc1-4217-4cde-9687-260a5f00361b.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/6d91ccc1-4217-4cde-9687-260a5f00361b/77bf89b6-82cb-3170-93e5-43809fad2f74.roa
Signing time:             Mon 29 May 2023 01:00:17 +0000
ROA not before:           Mon 29 May 2023 01:00:17 +0000
ROA not after:            Sun 27 Aug 2023 01:00:17 +0000
asID:                     1239
IP address blocks:        207.202.128.0/17 maxlen: 17
                          216.65.128.0/19 maxlen: 19
                          206.55.128.0/19 maxlen: 19
                          209.20.192.0/18 maxlen: 18

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:42:09:7d:71:fe:d1:c5:54:30:6d:2e:c2:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d91ccc1-4217-4cde-9687-260a5f00361b
        Validity
            Not Before: May 29 01:00:17 2023 GMT
            Not After : Aug 27 01:00:17 2023 GMT
        Subject: CN=ec3308c2-48ad-46eb-b5fc-e24c58f07ef1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:80:e4:d9:ce:1d:78:38:75:8e:73:0a:65:ad:
                    dd:13:d3:26:51:51:08:e0:2f:b8:e2:c4:56:96:1e:
                    5a:56:96:97:f1:27:08:6c:5b:10:04:c9:e0:28:7e:
                    e8:0a:b8:b2:bf:fc:4f:65:f5:92:3f:1d:1c:ad:43:
                    d4:80:43:39:f7:36:3a:ad:2f:bf:e0:ef:68:cb:66:
                    07:f8:eb:e7:af:2c:4f:0a:34:db:db:5d:ba:bb:87:
                    ed:ba:d7:70:a5:b8:59:c9:0e:58:c2:b0:25:09:63:
                    69:a3:a0:79:e2:3f:27:fd:20:ad:e8:d8:69:b6:2d:
                    42:8e:0b:b9:f0:ca:9b:32:e0:fc:f8:f5:6c:e7:13:
                    53:a6:1d:d8:4f:cd:d3:87:92:d4:01:43:45:c7:07:
                    17:28:7e:f0:83:dd:6e:65:02:78:e0:d5:71:62:98:
                    d4:e8:34:af:c2:3d:82:32:4a:4c:7c:01:38:0a:89:
                    7b:50:41:8b:b1:6d:f0:cf:9e:ae:51:84:54:88:71:
                    f3:fd:a5:2d:06:49:3e:21:2c:22:fe:b6:57:ad:b6:
                    10:d9:56:e2:fa:7c:9d:d5:21:d3:60:08:6e:ff:7c:
                    21:43:b2:cd:77:8d:cc:dd:14:5a:e4:f8:d5:0b:e4:
                    e0:e9:08:95:bf:20:49:b9:52:08:ee:7a:e4:58:60:
                    21:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:6C:6E:98:AB:C3:58:42:31:CD:C0:71:F2:6F:3D:B2:D2:D9:28:E8
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/6d91ccc1-4217-4cde-9687-260a5f00361b/77bf89b6-82cb-3170-93e5-43809fad2f74.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/6d91ccc1-4217-4cde-9687-260a5f00361b/6d91ccc1-4217-4cde-9687-260a5f00361b.crl

            X509v3 Authority Key Identifier:
                keyid:76:6C:6F:7C:28:EC:36:26:94:51:BF:D2:7A:7E:99:56:29:22:9A:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/6d91ccc1-4217-4cde-9687-260a5f00361b.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  206.55.128.0/19
                  207.202.128.0/17
                  209.20.192.0/18
                  216.65.128.0/19

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         08:98:dc:4f:81:79:ee:39:6c:13:ab:92:e4:1f:d2:93:4f:db:
         a1:fe:2d:27:22:9f:bb:8e:b4:27:be:e6:96:7b:1d:b7:58:dc:
         8a:d1:32:09:33:ac:cc:29:73:5b:9c:40:be:de:b0:e0:a5:75:
         fd:66:bb:c2:db:2f:d2:cc:e5:92:9f:03:cb:e5:24:01:38:45:
         cb:50:24:b6:1e:cb:6f:b9:fd:cd:3c:86:8e:3c:49:20:fe:c7:
         d3:77:77:e1:14:78:25:82:34:84:6e:84:69:72:59:60:8e:ac:
         96:28:eb:0f:e9:f1:54:c9:37:05:65:87:19:f9:a7:eb:ca:6d:
         62:ba:cf:11:2c:16:f5:67:00:89:52:55:02:d4:0d:3d:23:14:
         bc:0a:d7:99:bd:e9:3c:00:db:bc:c5:13:46:94:32:f3:09:a8:
         52:da:2a:35:4c:a4:80:7e:82:47:71:7c:8d:9f:f3:05:89:e6:
         53:20:ff:92:25:2a:c4:2b:8c:39:16:5b:c4:71:29:dc:d5:f9:
         f2:af:86:a7:b4:ef:bb:82:40:f7:68:c6:d8:cd:e3:87:47:1b:
         a6:d4:6a:58:98:ec:e6:e5:d5:82:b6:b7:d7:71:0f:fe:36:90:
         e6:62:b0:bd:88:28:3d:69:76:dd:e4:ea:12:66:dc:52:05:cc:
         4c:30:f2:70
-----BEGIN CERTIFICATE-----
MIIGVTCCBT2gAwIBAgIUAQ0Mn0MoWEIJfXH+0cVUMG0uwoAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkNmQ5MWNjYzEtNDIxNy00Y2RlLTk2ODctMjYwYTVmMDAz
NjFiMB4XDTIzMDUyOTAxMDAxN1oXDTIzMDgyNzAxMDAxN1owLzEtMCsGA1UEAxMk
ZWMzMzA4YzItNDhhZC00NmViLWI1ZmMtZTI0YzU4ZjA3ZWYxMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvYDk2c4deDh1jnMKZa3dE9MmUVEI4C+44sRW
lh5aVpaX8ScIbFsQBMngKH7oCriyv/xPZfWSPx0crUPUgEM59zY6rS+/4O9oy2YH
+OvnryxPCjTb2126u4ftutdwpbhZyQ5YwrAlCWNpo6B54j8n/SCt6Nhpti1Cjgu5
8MqbMuD8+PVs5xNTph3YT83Th5LUAUNFxwcXKH7wg91uZQJ44NVxYpjU6DSvwj2C
MkpMfAE4Col7UEGLsW3wz56uUYRUiHHz/aUtBkk+ISwi/rZXrbYQ2Vbi+nyd1SHT
YAhu/3whQ7LNd43M3RRa5PjVC+Tg6QiVvyBJuVII7nrkWGAhzwIDAQABo4IDZzCC
A2MwHQYDVR0OBBYEFBZsbpirw1hCMc3AcfJvPbLS2SjoMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzc2ZmUxMWQ0LWQzNTItNDk5NC04ZjZjLWQ2YzkxYjBiODQxNS82ZDkx
Y2NjMS00MjE3LTRjZGUtOTY4Ny0yNjBhNWYwMDM2MWIvNzdiZjg5YjYtODJjYi0z
MTcwLTkzZTUtNDM4MDlmYWQyZjc0LnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy83NmZlMTFkNC1k
MzUyLTQ5OTQtOGY2Yy1kNmM5MWIwYjg0MTUvNmQ5MWNjYzEtNDIxNy00Y2RlLTk2
ODctMjYwYTVmMDAzNjFiLzZkOTFjY2MxLTQyMTctNGNkZS05Njg3LTI2MGE1ZjAw
MzYxYi5jcmwwHwYDVR0jBBgwFoAUdmxvfCjsNiaUUb/Sen6ZVikimvwwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzc2ZmUxMWQ0LWQzNTItNDk5
NC04ZjZjLWQ2YzkxYjBiODQxNS82ZDkxY2NjMS00MjE3LTRjZGUtOTY4Ny0yNjBh
NWYwMDM2MWIuY2VyMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQFzjeAAwQH
z8qAAwQG0RTAAwQF2EGAMFQGA1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4Bggr
BgEFBQcCARYsaHR0cHM6Ly93d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3Bz
Lmh0bWwwDQYJKoZIhvcNAQELBQADggEBAAiY3E+Bee45bBOrkuQf0pNP26H+LSci
n7uOtCe+5pZ7HbdY3IrRMgkzrMwpc1ucQL7esOCldf1mu8LbL9LM5ZKfA8vlJAE4
RctQJLYey2+5/c08ho48SSD+x9N3d+EUeCWCNIRuhGlyWWCOrJYo6w/p8VTJNwVl
hxn5p+vKbWK6zxEsFvVnAIlSVQLUDT0jFLwK15m96TwA27zFE0aUMvMJqFLaKjVM
pIB+gkdxfI2f8wWJ5lMg/5IlKsQrjDkWW8RxKdzV+fKvhqe077uCQPdoxtjN44dH
G6bUaliY7Obl1YK2t9dxD/42kOZisL2IKD1pdt3k6hJm3FIFzEww8nA=
-----END CERTIFICATE-----