Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/b04e46d2-7952-4fd4-ae9f-045de0e84497/a488b445-ba46-3f31-9c50-ee618db04a3a.roa
File:                     a488b445-ba46-3f31-9c50-ee618db04a3a.roa (raw, json)
Hash identifier:          ejYtcGBjU8PKGDOpOw8NPXQMx0Lv1jmocEI5B+IXpnw=
Subject key identifier:   5F:AB:BD:32:97:7A:6A:7C:C2:30:F0:C0:DE:F8:65:3B:7F:88:54:C2
Certificate issuer:       /CN=b04e46d2-7952-4fd4-ae9f-045de0e84497
Certificate serial:       010D0C9F4328583AC0A194DBCA9A7D1F1AE8D360
Authority key identifier: F9:4D:A4:40:5C:D5:22:D0:43:E1:5F:4A:EB:D3:0C:1D:17:D5:03:5F
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/b04e46d2-7952-4fd4-ae9f-045de0e84497.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/b04e46d2-7952-4fd4-ae9f-045de0e84497/a488b445-ba46-3f31-9c50-ee618db04a3a.roa
Signing time:             Fri 16 Jul 2021 04:00:00 +0000
ROA not before:           Fri 16 Jul 2021 04:00:00 +0000
ROA not after:            Wed 01 Nov 2023 04:00:00 +0000
asID:                     31764
IP address blocks:        2620:11c:3000::/40 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:3a:c0:a1:94:db:ca:9a:7d:1f:1a:e8:d3:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b04e46d2-7952-4fd4-ae9f-045de0e84497
        Validity
            Not Before: Jul 16 04:00:00 2021 GMT
            Not After : Nov  1 04:00:00 2023 GMT
        Subject: CN=ecc29750-2124-4a7b-aade-cba68801fdbe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:e9:a5:d9:46:d1:85:d5:fa:16:1d:65:66:66:
                    48:44:90:40:40:09:a3:ea:25:32:a0:89:54:41:de:
                    8f:dc:ce:97:42:78:87:3f:b6:bb:aa:59:84:fe:09:
                    f7:31:fc:e3:97:05:bc:05:a6:4b:aa:50:bd:c0:05:
                    80:34:8b:df:43:c5:54:c7:9c:e0:06:18:ee:bf:11:
                    72:2b:d9:36:a6:67:36:22:ff:83:e3:f9:6e:bd:00:
                    37:9a:ef:a8:d1:c1:5d:90:5a:4f:f2:9b:cc:e6:e0:
                    bf:d2:57:3c:69:9a:21:b9:9b:96:4a:67:c4:52:71:
                    d8:29:05:ab:e6:0c:15:3c:b0:27:28:c3:65:b6:f3:
                    ea:f2:33:40:9e:8b:aa:5d:bd:7c:9f:54:4a:98:88:
                    26:50:2c:7b:8e:bc:9c:7e:98:6a:7f:a4:d1:c8:36:
                    67:92:ff:5d:bd:ff:20:55:82:00:d7:8c:4c:1d:d5:
                    b4:8e:be:14:da:35:b7:b4:db:01:f0:5a:c8:36:1c:
                    14:10:93:22:b2:88:dc:56:bc:fb:99:66:3a:f5:61:
                    8b:ae:bd:03:f6:25:72:fd:3f:eb:c0:01:c8:20:aa:
                    54:49:00:df:90:cd:ce:fa:2e:dd:94:23:de:50:d4:
                    a7:32:90:50:6d:25:54:b2:df:7c:7f:49:2e:68:de:
                    d5:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:AB:BD:32:97:7A:6A:7C:C2:30:F0:C0:DE:F8:65:3B:7F:88:54:C2
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/b04e46d2-7952-4fd4-ae9f-045de0e84497/a488b445-ba46-3f31-9c50-ee618db04a3a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/b04e46d2-7952-4fd4-ae9f-045de0e84497/b04e46d2-7952-4fd4-ae9f-045de0e84497.crl

            X509v3 Authority Key Identifier:
                keyid:F9:4D:A4:40:5C:D5:22:D0:43:E1:5F:4A:EB:D3:0C:1D:17:D5:03:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/b04e46d2-7952-4fd4-ae9f-045de0e84497.cer

            sbgp-ipAddrBlock: critical
                IPv6:
                  2620:11c:3000::/40

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         29:5e:97:d6:cd:94:c7:89:be:28:66:44:25:ff:59:29:75:92:
         7e:58:2f:70:92:c8:18:6b:f9:64:d6:64:20:6b:03:03:d6:59:
         b1:d2:3a:51:04:f1:7f:cb:85:c9:bb:6b:ff:b3:99:18:4b:47:
         6a:3a:7e:c4:89:e7:2d:2c:73:cc:08:a5:82:75:85:eb:1f:d6:
         ac:c8:7b:b8:3c:fa:be:44:50:5b:01:61:f0:43:88:8e:3c:91:
         3f:7b:4a:50:5c:df:66:7b:3b:f9:6e:6e:d1:30:56:e2:c6:7d:
         28:8c:31:ac:96:5e:3f:e5:2a:0a:b5:43:58:a6:1e:43:2f:a9:
         c1:ca:ef:ee:6a:d2:41:51:f7:4a:86:47:fc:63:49:a7:c7:75:
         7f:6a:00:25:d3:53:0b:fb:d9:2d:07:a8:a7:78:5a:56:a6:c2:
         8e:06:e8:de:67:3b:4a:38:92:2c:ea:ad:fe:06:4b:15:fa:4f:
         a3:3c:e0:b5:4a:93:53:74:61:6f:8c:1a:1a:7f:7d:54:d9:2c:
         cd:4b:ae:47:62:4b:77:c4:c9:9b:2f:7b:08:b8:40:98:e0:21:
         70:b5:b7:0e:f7:dc:49:f2:b9:c0:e9:24:70:21:64:01:fa:f6:
         6e:58:01:ab:f0:49:79:13:18:46:d5:3c:2f:a0:76:80:fd:f9:
         32:ba:a8:b0
-----BEGIN CERTIFICATE-----
MIIGRTCCBS2gAwIBAgIUAQ0Mn0MoWDrAoZTbypp9Hxro02AwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkYjA0ZTQ2ZDItNzk1Mi00ZmQ0LWFlOWYtMDQ1ZGUwZTg0
NDk3MB4XDTIxMDcxNjA0MDAwMFoXDTIzMTEwMTA0MDAwMFowLzEtMCsGA1UEAxMk
ZWNjMjk3NTAtMjEyNC00YTdiLWFhZGUtY2JhNjg4MDFmZGJlMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0eml2UbRhdX6Fh1lZmZIRJBAQAmj6iUyoIlU
Qd6P3M6XQniHP7a7qlmE/gn3MfzjlwW8BaZLqlC9wAWANIvfQ8VUx5zgBhjuvxFy
K9k2pmc2Iv+D4/luvQA3mu+o0cFdkFpP8pvM5uC/0lc8aZohuZuWSmfEUnHYKQWr
5gwVPLAnKMNltvPq8jNAnouqXb18n1RKmIgmUCx7jrycfphqf6TRyDZnkv9dvf8g
VYIA14xMHdW0jr4U2jW3tNsB8FrINhwUEJMisojcVrz7mWY69WGLrr0D9iVy/T/r
wAHIIKpUSQDfkM3O+i7dlCPeUNSnMpBQbSVUst98f0kuaN7V5QIDAQABo4IDVzCC
A1MwHQYDVR0OBBYEFF+rvTKXemp8wjDwwN74ZTt/iFTCMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzc2ZmUxMWQ0LWQzNTItNDk5NC04ZjZjLWQ2YzkxYjBiODQxNS9iMDRl
NDZkMi03OTUyLTRmZDQtYWU5Zi0wNDVkZTBlODQ0OTcvYTQ4OGI0NDUtYmE0Ni0z
ZjMxLTljNTAtZWU2MThkYjA0YTNhLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy83NmZlMTFkNC1k
MzUyLTQ5OTQtOGY2Yy1kNmM5MWIwYjg0MTUvYjA0ZTQ2ZDItNzk1Mi00ZmQ0LWFl
OWYtMDQ1ZGUwZTg0NDk3L2IwNGU0NmQyLTc5NTItNGZkNC1hZTlmLTA0NWRlMGU4
NDQ5Ny5jcmwwHwYDVR0jBBgwFoAU+U2kQFzVItBD4V9K69MMHRfVA18wDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzc2ZmUxMWQ0LWQzNTItNDk5
NC04ZjZjLWQ2YzkxYjBiODQxNS9iMDRlNDZkMi03OTUyLTRmZDQtYWU5Zi0wNDVk
ZTBlODQ0OTcuY2VyMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAJiABHDAw
VAYDVR0gAQH/BEowSDBGBggrBgEFBQcOAjA6MDgGCCsGAQUFBwIBFixodHRwczov
L3d3dy5hcmluLm5ldC9yZXNvdXJjZXMvcnBraS9jcHMuaHRtbDANBgkqhkiG9w0B
AQsFAAOCAQEAKV6X1s2Ux4m+KGZEJf9ZKXWSflgvcJLIGGv5ZNZkIGsDA9ZZsdI6
UQTxf8uFybtr/7OZGEtHajp+xInnLSxzzAilgnWF6x/WrMh7uDz6vkRQWwFh8EOI
jjyRP3tKUFzfZns7+W5u0TBW4sZ9KIwxrJZeP+UqCrVDWKYeQy+pwcrv7mrSQVH3
SoZH/GNJp8d1f2oAJdNTC/vZLQeop3haVqbCjgbo3mc7SjiSLOqt/gZLFfpPozzg
tUqTU3Rhb4waGn99VNkszUuuR2JLd8TJmy97CLhAmOAhcLW3DvfcSfK5wOkkcCFk
Afr2blgBq/BJeRMYRtU8L6B2gP35MrqosA==
-----END CERTIFICATE-----