Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/db841f95-5e7a-4808-a239-7276e9c28008/5fa42a01-97ec-3f4f-8cb0-ee1aea24df30.roa
File:                     5fa42a01-97ec-3f4f-8cb0-ee1aea24df30.roa (raw, json)
Hash identifier:          SV5F9g1+nbLPyzErCC46SOHan6wtZsPJeT7kcnPE3LA=
Subject key identifier:   C7:DA:B9:27:11:84:DF:9D:3E:A0:EF:62:39:2D:DB:81:4E:19:59:34
Certificate issuer:       /CN=db841f95-5e7a-4808-a239-7276e9c28008
Certificate serial:       010D0C9F4328584383C5313F6FE713BB77A14F40
Authority key identifier: 13:DD:03:58:0D:4E:8F:56:B7:F9:6A:BE:1B:2F:F5:D0:66:C4:A4:22
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/db841f95-5e7a-4808-a239-7276e9c28008.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/db841f95-5e7a-4808-a239-7276e9c28008/5fa42a01-97ec-3f4f-8cb0-ee1aea24df30.roa
Signing time:             Wed 11 Oct 2023 13:00:19 +0000
ROA not before:           Wed 11 Oct 2023 13:00:19 +0000
ROA not after:            Tue 09 Jan 2024 14:00:19 +0000
asID:                     62577
IP address blocks:        23.227.208.0/20 maxlen: 20
                          74.119.120.0/22 maxlen: 22

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:43:83:c5:31:3f:6f:e7:13:bb:77:a1:4f:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=db841f95-5e7a-4808-a239-7276e9c28008
        Validity
            Not Before: Oct 11 13:00:19 2023 GMT
            Not After : Jan  9 14:00:19 2024 GMT
        Subject: CN=0dfef3bc-d12f-4f5f-b02b-0c470ab52883
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:7b:db:2d:f2:7b:89:24:4e:94:00:e6:d3:16:
                    45:57:2d:02:88:c1:13:1e:6f:de:18:bd:d6:f5:e9:
                    1a:f0:8b:1c:23:36:7a:8a:65:da:5d:26:63:be:15:
                    35:03:97:9d:9d:8f:4e:c2:f4:90:30:14:06:14:0e:
                    06:85:b4:86:80:3f:35:36:ce:e7:06:4c:01:f6:39:
                    12:b9:a5:0c:35:af:5c:c3:c1:00:c8:99:f7:ab:49:
                    42:1f:de:a6:7e:b0:c3:24:b1:9e:89:cc:44:31:16:
                    3b:50:6c:c9:5f:f9:67:0c:1c:ae:70:40:0e:43:d5:
                    49:30:87:6a:75:ca:0d:cf:a5:f3:25:68:33:39:89:
                    3d:c5:e9:77:c3:e0:42:f1:1b:7a:7f:ed:67:a8:b6:
                    0f:d6:79:cd:fa:78:fa:77:4e:c1:96:01:0e:69:89:
                    bd:30:b2:df:c7:f2:59:54:eb:65:a5:e9:47:50:44:
                    81:46:4b:85:65:7a:fe:8d:52:13:91:69:a3:20:8c:
                    13:80:47:f9:e0:b7:f3:70:ad:cc:f4:86:3b:fd:1a:
                    9c:9b:d6:bf:38:c8:95:84:a8:13:a8:f4:54:43:39:
                    16:7e:e4:30:1b:ee:6a:6e:38:4b:df:1a:57:e5:1b:
                    e1:a0:00:a0:04:c2:fa:80:03:3f:de:b2:db:50:76:
                    4a:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:DA:B9:27:11:84:DF:9D:3E:A0:EF:62:39:2D:DB:81:4E:19:59:34
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/db841f95-5e7a-4808-a239-7276e9c28008/5fa42a01-97ec-3f4f-8cb0-ee1aea24df30.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/db841f95-5e7a-4808-a239-7276e9c28008/db841f95-5e7a-4808-a239-7276e9c28008.crl

            X509v3 Authority Key Identifier:
                keyid:13:DD:03:58:0D:4E:8F:56:B7:F9:6A:BE:1B:2F:F5:D0:66:C4:A4:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/db841f95-5e7a-4808-a239-7276e9c28008.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.227.208.0/20
                  74.119.120.0/22

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         15:37:0b:42:8f:d0:c9:45:05:47:2d:b1:09:60:42:0a:4b:7e:
         1d:9e:ef:4c:b4:c6:ec:8d:fc:8c:41:f9:c9:19:31:98:f8:20:
         d1:a0:1a:0f:99:5c:f7:a2:f8:d4:a1:0f:f6:23:71:33:8e:0d:
         4a:75:e6:ad:6c:19:43:c8:42:ba:93:a9:4f:3b:e8:12:03:03:
         2e:30:74:18:40:e0:7a:df:4a:47:96:67:8d:74:eb:3c:72:f9:
         a3:bb:40:7d:29:d7:dc:fe:0c:bd:18:49:1b:dc:ec:2e:31:d2:
         bb:25:3e:ac:4f:27:4d:9e:43:15:77:fd:09:d7:67:1a:f2:09:
         79:97:c0:e1:c9:fd:46:cf:b7:b2:26:50:3b:a0:7a:1d:c7:4e:
         45:7f:12:30:c3:c4:fe:7c:11:af:b3:6b:b2:02:cb:5a:cc:5a:
         61:f3:75:d1:63:71:e7:20:67:9d:27:7a:e8:e7:bd:20:2a:18:
         38:a3:b5:4c:cf:87:57:54:31:24:c9:18:67:22:22:ea:4b:d0:
         42:95:99:f8:19:68:b8:ef:22:be:f5:ae:1a:ed:2a:2f:fb:28:
         8e:54:78:09:7a:b8:64:4a:9a:3e:e2:fa:6a:59:d5:56:ce:97:
         4b:b6:16:71:4b:c6:32:5b:8f:88:ec:64:86:cd:4b:92:ea:ab:
         f1:f2:1e:96
-----BEGIN CERTIFICATE-----
MIIGSTCCBTGgAwIBAgIUAQ0Mn0MoWEODxTE/b+cTu3ehT0AwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkZGI4NDFmOTUtNWU3YS00ODA4LWEyMzktNzI3NmU5YzI4
MDA4MB4XDTIzMTAxMTEzMDAxOVoXDTI0MDEwOTE0MDAxOVowLzEtMCsGA1UEAxMk
MGRmZWYzYmMtZDEyZi00ZjVmLWIwMmItMGM0NzBhYjUyODgzMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg3vbLfJ7iSROlADm0xZFVy0CiMETHm/eGL3W
9eka8IscIzZ6imXaXSZjvhU1A5ednY9OwvSQMBQGFA4GhbSGgD81Ns7nBkwB9jkS
uaUMNa9cw8EAyJn3q0lCH96mfrDDJLGeicxEMRY7UGzJX/lnDByucEAOQ9VJMIdq
dcoNz6XzJWgzOYk9xel3w+BC8Rt6f+1nqLYP1nnN+nj6d07BlgEOaYm9MLLfx/JZ
VOtlpelHUESBRkuFZXr+jVITkWmjIIwTgEf54LfzcK3M9IY7/Rqcm9a/OMiVhKgT
qPRUQzkWfuQwG+5qbjhL3xpX5RvhoACgBML6gAM/3rLbUHZKKwIDAQABo4IDWzCC
A1cwHQYDVR0OBBYEFMfauScRhN+dPqDvYjkt24FOGVk0MIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzc2ZmUxMWQ0LWQzNTItNDk5NC04ZjZjLWQ2YzkxYjBiODQxNS9kYjg0
MWY5NS01ZTdhLTQ4MDgtYTIzOS03Mjc2ZTljMjgwMDgvNWZhNDJhMDEtOTdlYy0z
ZjRmLThjYjAtZWUxYWVhMjRkZjMwLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy83NmZlMTFkNC1k
MzUyLTQ5OTQtOGY2Yy1kNmM5MWIwYjg0MTUvZGI4NDFmOTUtNWU3YS00ODA4LWEy
MzktNzI3NmU5YzI4MDA4L2RiODQxZjk1LTVlN2EtNDgwOC1hMjM5LTcyNzZlOWMy
ODAwOC5jcmwwHwYDVR0jBBgwFoAUE90DWA1Oj1a3+Wq+Gy/10GbEpCIwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzc2ZmUxMWQ0LWQzNTItNDk5
NC04ZjZjLWQ2YzkxYjBiODQxNS9kYjg0MWY5NS01ZTdhLTQ4MDgtYTIzOS03Mjc2
ZTljMjgwMDguY2VyMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQEF+PQAwQC
Snd4MFQGA1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0
cHM6Ly93d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZI
hvcNAQELBQADggEBABU3C0KP0MlFBUctsQlgQgpLfh2e70y0xuyN/IxB+ckZMZj4
INGgGg+ZXPei+NShD/YjcTOODUp15q1sGUPIQrqTqU876BIDAy4wdBhA4HrfSkeW
Z4106zxy+aO7QH0p19z+DL0YSRvc7C4x0rslPqxPJ02eQxV3/QnXZxryCXmXwOHJ
/UbPt7ImUDugeh3HTkV/EjDDxP58Ea+za7ICy1rMWmHzddFjcecgZ50neujnvSAq
GDijtUzPh1dUMSTJGGciIupL0EKVmfgZaLjvIr71rhrtKi/7KI5UeAl6uGRKmj7i
+mpZ1VbOl0u2FnFLxjJbj4jsZIbNS5Lqq/HyHpY=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:46:36 2024 by rpki-client on console-ams.rpki-client.org