Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/a1c33c08-b27a-4120-9af0-e2c3eef2713e/ccab149c-b5b8-3901-b16e-cabfef098b34.roa
File:                     ccab149c-b5b8-3901-b16e-cabfef098b34.roa (raw, json)
Hash identifier:          T1Wx/4dewJ05yDGK0Y07RVnD4iCPdXVWmT3mUfcK8UU=
Subject key identifier:   08:C6:B8:F2:87:C2:80:F0:B6:E0:17:C5:17:7D:C3:5B:E7:E0:15:DE
Certificate issuer:       /CN=a1c33c08-b27a-4120-9af0-e2c3eef2713e
Certificate serial:       010D0C9F4328583F88EA6EB35FF125E06BEDDE00
Authority key identifier: 23:D4:80:FE:7D:88:22:2F:E2:ED:6F:EC:C6:1F:91:F3:9D:E6:02:F3
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/a1c33c08-b27a-4120-9af0-e2c3eef2713e.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/a1c33c08-b27a-4120-9af0-e2c3eef2713e/ccab149c-b5b8-3901-b16e-cabfef098b34.roa
Signing time:             Fri 16 Sep 2022 16:48:08 +0000
ROA not before:           Fri 16 Sep 2022 16:48:08 +0000
ROA not after:            Wed 11 Sep 2024 04:00:00 +0000
asID:                     54316
IP address blocks:        23.175.208.0/23 maxlen: 24
                          23.175.210.0/24 maxlen: 24
                          204.137.12.0/24 maxlen: 24
                          2602:fcad::/36 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:3f:88:ea:6e:b3:5f:f1:25:e0:6b:ed:de:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a1c33c08-b27a-4120-9af0-e2c3eef2713e
        Validity
            Not Before: Sep 16 16:48:08 2022 GMT
            Not After : Sep 11 04:00:00 2024 GMT
        Subject: CN=846e6832-1c54-4b08-a85e-39134fbc0b1f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:90:11:01:c3:8b:92:3e:27:b5:86:f9:c2:59:
                    ac:59:10:50:73:e3:05:9c:e5:11:a5:75:f4:a3:51:
                    d1:6a:58:99:b3:b4:45:5b:6f:f6:fc:84:79:99:90:
                    31:df:67:d4:08:d8:2e:69:84:f9:0a:da:52:cc:e3:
                    ab:10:b3:ae:fb:6c:b5:13:53:bb:58:11:f6:64:1f:
                    58:9b:a0:fd:ca:88:c4:10:ed:88:89:f3:b1:c9:fe:
                    b9:75:cc:f3:66:ac:17:fe:ee:4f:3c:6d:18:aa:ff:
                    8e:9a:28:91:5f:7e:4b:c2:71:ee:e0:2e:3e:91:9c:
                    d2:f2:00:36:df:b3:44:7b:a2:5c:4a:e6:e5:91:86:
                    35:6f:3c:19:18:25:ee:1b:c7:07:a5:84:3a:f1:d2:
                    4f:27:8d:68:35:67:67:8b:49:ff:ad:6e:2a:03:9d:
                    c2:0e:be:90:af:8b:f1:d0:b2:fa:66:9d:06:cf:ea:
                    4e:28:0a:28:66:f6:61:2a:23:21:19:6b:2c:58:47:
                    3e:c0:22:26:2d:92:22:3b:dd:27:bc:82:c0:7e:7b:
                    05:3e:ac:77:95:66:5c:88:11:51:98:ed:51:49:b9:
                    65:07:7c:d9:48:e5:29:a6:ad:e9:65:43:e9:16:3c:
                    3f:e5:47:ee:8e:f3:38:74:7d:c8:f2:50:ea:63:98:
                    bd:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:C6:B8:F2:87:C2:80:F0:B6:E0:17:C5:17:7D:C3:5B:E7:E0:15:DE
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/a1c33c08-b27a-4120-9af0-e2c3eef2713e/ccab149c-b5b8-3901-b16e-cabfef098b34.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/a1c33c08-b27a-4120-9af0-e2c3eef2713e/a1c33c08-b27a-4120-9af0-e2c3eef2713e.crl

            X509v3 Authority Key Identifier:
                keyid:23:D4:80:FE:7D:88:22:2F:E2:ED:6F:EC:C6:1F:91:F3:9D:E6:02:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/a1c33c08-b27a-4120-9af0-e2c3eef2713e.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.175.208.0-23.175.210.255
                  204.137.12.0/24
                IPv6:
                  2602:fcad::/36

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         85:a2:91:a3:2b:56:37:a6:13:71:49:c9:fb:3c:fb:5b:3d:be:
         82:86:69:70:22:18:97:72:2c:4e:f1:76:94:27:47:f8:01:5f:
         ca:da:7a:d9:19:53:cf:79:de:3e:93:84:cf:7e:36:f4:a1:84:
         e0:9b:dc:c8:54:24:cc:99:4b:96:d1:50:59:e0:80:00:97:f0:
         a7:75:5a:f2:9d:88:8f:60:9b:90:b0:3d:e3:80:63:bd:d8:ba:
         78:0f:68:f1:02:7e:c9:95:4a:0f:5c:87:36:f1:d2:fd:81:75:
         43:f6:35:77:1b:7a:9e:c1:7e:8b:8f:76:91:d3:b2:5d:3c:17:
         a2:3e:a4:37:39:f7:4e:32:12:8a:30:66:24:d0:94:02:5e:80:
         ad:cb:99:fb:f1:bd:1c:7f:e5:22:e1:ac:c2:fa:9f:f6:c2:26:
         b9:58:40:1f:f0:ad:d5:e7:0a:5e:2c:16:de:27:99:70:5d:42:
         58:21:8b:97:72:33:dd:c0:c1:c1:93:7a:10:f1:8a:89:2b:f5:
         3e:16:79:51:59:0c:1c:b0:16:46:b3:7f:8a:99:54:9c:22:82:
         74:2b:eb:1e:46:f5:d6:7a:d0:ee:8c:8b:79:f4:cd:7f:59:4a:
         1a:ef:47:6e:61:b3:cd:64:b0:17:6b:04:5a:dd:8b:78:8e:6a:
         c1:85:07:93
-----BEGIN CERTIFICATE-----
MIIGYTCCBUmgAwIBAgIUAQ0Mn0MoWD+I6m6zX/El4Gvt3gAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkYTFjMzNjMDgtYjI3YS00MTIwLTlhZjAtZTJjM2VlZjI3
MTNlMB4XDTIyMDkxNjE2NDgwOFoXDTI0MDkxMTA0MDAwMFowLzEtMCsGA1UEAxMk
ODQ2ZTY4MzItMWM1NC00YjA4LWE4NWUtMzkxMzRmYmMwYjFmMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwZARAcOLkj4ntYb5wlmsWRBQc+MFnOURpXX0
o1HRaliZs7RFW2/2/IR5mZAx32fUCNguaYT5CtpSzOOrELOu+2y1E1O7WBH2ZB9Y
m6D9yojEEO2IifOxyf65dczzZqwX/u5PPG0Yqv+OmiiRX35LwnHu4C4+kZzS8gA2
37NEe6JcSublkYY1bzwZGCXuG8cHpYQ68dJPJ41oNWdni0n/rW4qA53CDr6Qr4vx
0LL6Zp0Gz+pOKAooZvZhKiMhGWssWEc+wCImLZIiO90nvILAfnsFPqx3lWZciBFR
mO1RSbllB3zZSOUppq3pZUPpFjw/5UfujvM4dH3I8lDqY5i9gQIDAQABo4IDczCC
A28wHQYDVR0OBBYEFAjGuPKHwoDwtuAXxRd9w1vn4BXeMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzc2ZmUxMWQ0LWQzNTItNDk5NC04ZjZjLWQ2YzkxYjBiODQxNS9hMWMz
M2MwOC1iMjdhLTQxMjAtOWFmMC1lMmMzZWVmMjcxM2UvY2NhYjE0OWMtYjViOC0z
OTAxLWIxNmUtY2FiZmVmMDk4YjM0LnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy83NmZlMTFkNC1k
MzUyLTQ5OTQtOGY2Yy1kNmM5MWIwYjg0MTUvYTFjMzNjMDgtYjI3YS00MTIwLTlh
ZjAtZTJjM2VlZjI3MTNlL2ExYzMzYzA4LWIyN2EtNDEyMC05YWYwLWUyYzNlZWYy
NzEzZS5jcmwwHwYDVR0jBBgwFoAUI9SA/n2IIi/i7W/sxh+R853mAvMwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzc2ZmUxMWQ0LWQzNTItNDk5
NC04ZjZjLWQ2YzkxYjBiODQxNS9hMWMzM2MwOC1iMjdhLTQxMjAtOWFmMC1lMmMz
ZWVmMjcxM2UuY2VyMD0GCCsGAQUFBwEHAQH/BC4wLDAaBAIAATAUMAwDBAQXr9AD
BAAXr9IDBADMiQwwDgQCAAIwCAMGBCYC/K0AMFQGA1UdIAEB/wRKMEgwRgYIKwYB
BQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93d3cuYXJpbi5uZXQvcmVzb3Vy
Y2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQELBQADggEBAIWikaMrVjemE3FJ
yfs8+1s9voKGaXAiGJdyLE7xdpQnR/gBX8raetkZU8953j6ThM9+NvShhOCb3MhU
JMyZS5bRUFnggACX8Kd1WvKdiI9gm5CwPeOAY73YungPaPECfsmVSg9chzbx0v2B
dUP2NXcbep7BfouPdpHTsl08F6I+pDc5904yEoowZiTQlAJegK3LmfvxvRx/5SLh
rML6n/bCJrlYQB/wrdXnCl4sFt4nmXBdQlghi5dyM93AwcGTehDxiokr9T4WeVFZ
DBywFkazf4qZVJwignQr6x5G9dZ60O6Mi3n0zX9ZShrvR25hs81ksBdrBFrdi3iO
asGFB5M=
-----END CERTIFICATE-----