Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/a73420cb-b3cc-4b03-bda7-1be204933ae5/40460b23-dc47-4c42-a064-892b4cd809dc/4dffae06-4560-3fbc-9d91-ddb0a9bab0ac.roa
File:                     4dffae06-4560-3fbc-9d91-ddb0a9bab0ac.roa (raw, json)
Hash identifier:          PWQIct3Z4Kf7dAfbpyyLYVvJFJF0E9fOdNjstFOwwoc=
Subject key identifier:   F8:0C:9B:8F:BA:1B:1E:19:F1:F9:E0:06:7B:E9:86:10:AD:1B:2A:97
Certificate issuer:       /CN=40460b23-dc47-4c42-a064-892b4cd809dc
Certificate serial:       010D0C9F43285844606EFC356D2E4D6423DDCFC0
Authority key identifier: C5:5A:A8:A3:15:6C:B3:C2:F2:22:EB:2B:8F:08:60:A5:16:24:AE:4B
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/a73420cb-b3cc-4b03-bda7-1be204933ae5/40460b23-dc47-4c42-a064-892b4cd809dc.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/a73420cb-b3cc-4b03-bda7-1be204933ae5/40460b23-dc47-4c42-a064-892b4cd809dc/4dffae06-4560-3fbc-9d91-ddb0a9bab0ac.roa
Signing time:             Fri 29 Dec 2023 14:00:21 +0000
ROA not before:           Fri 29 Dec 2023 14:00:21 +0000
ROA not after:            Thu 28 Mar 2024 13:00:21 +0000
asID:                     18914
IP address blocks:        107.161.52.0/22 maxlen: 22

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:44:60:6e:fc:35:6d:2e:4d:64:23:dd:cf:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=40460b23-dc47-4c42-a064-892b4cd809dc
        Validity
            Not Before: Dec 29 14:00:21 2023 GMT
            Not After : Mar 28 13:00:21 2024 GMT
        Subject: CN=9d13ed6f-8441-4b23-ae2b-8b3a01bda031
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:04:71:42:ab:f5:7c:eb:ae:16:39:6a:ec:8f:
                    ac:3b:50:6d:7a:cd:f0:84:a8:28:04:7d:0f:d0:80:
                    36:7a:20:b6:12:71:4e:03:a5:10:81:b1:18:94:0e:
                    3f:38:8b:2b:2f:9e:cc:72:a6:64:44:7f:c0:7b:1d:
                    83:db:fa:eb:3a:d8:6c:11:4f:86:4a:48:bb:89:6a:
                    ab:e2:d3:09:47:d6:b2:0b:e8:f8:3e:23:25:1e:1f:
                    91:cb:a1:45:9b:1d:60:b6:42:59:1d:0a:9b:ae:9c:
                    68:de:75:70:aa:e9:ea:ba:53:00:90:57:6f:d6:02:
                    19:fa:dc:13:2e:f1:c1:fc:f0:fd:7e:3c:e4:73:c7:
                    84:ba:4d:37:79:00:4b:ff:a6:43:b9:d1:54:dd:78:
                    66:5c:61:31:b9:d8:73:b4:0d:2c:60:08:26:f9:4c:
                    93:2a:cb:aa:41:e3:e3:26:24:11:a4:d1:30:ed:0d:
                    64:05:d2:1d:bd:83:35:65:ba:f1:32:81:af:a1:40:
                    48:e1:36:d6:94:76:c2:1e:da:79:72:be:bb:20:d4:
                    15:c7:1c:ce:ba:99:1d:48:d8:d9:79:23:f3:3e:60:
                    2d:5e:fa:72:ea:1e:b8:99:ad:16:12:63:3c:6e:77:
                    6b:ce:6b:ac:a3:d3:1b:ca:fa:94:00:b5:3f:55:81:
                    3b:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:0C:9B:8F:BA:1B:1E:19:F1:F9:E0:06:7B:E9:86:10:AD:1B:2A:97
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/a73420cb-b3cc-4b03-bda7-1be204933ae5/40460b23-dc47-4c42-a064-892b4cd809dc/4dffae06-4560-3fbc-9d91-ddb0a9bab0ac.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/a73420cb-b3cc-4b03-bda7-1be204933ae5/40460b23-dc47-4c42-a064-892b4cd809dc/40460b23-dc47-4c42-a064-892b4cd809dc.crl

            X509v3 Authority Key Identifier:
                keyid:C5:5A:A8:A3:15:6C:B3:C2:F2:22:EB:2B:8F:08:60:A5:16:24:AE:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/a73420cb-b3cc-4b03-bda7-1be204933ae5/40460b23-dc47-4c42-a064-892b4cd809dc.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  107.161.52.0/22

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         04:e4:10:0c:18:b9:a5:3a:6b:15:06:43:f0:17:4c:b3:77:86:
         d0:8a:e3:e5:0c:51:47:d4:03:a0:8f:6b:90:39:81:5e:50:de:
         1d:1c:94:a8:68:e0:ea:81:02:cc:d9:46:42:8b:ea:45:9c:a5:
         77:0b:26:85:de:3d:7b:c7:93:fc:15:f1:7e:57:58:97:6f:28:
         66:d9:13:a7:c2:7f:45:b3:02:97:3d:1e:bf:01:ee:01:29:59:
         e7:10:ae:23:b6:a9:26:1b:e9:54:70:84:d0:13:50:2d:40:db:
         ab:57:62:85:c1:97:36:8c:fb:e1:a5:0c:f0:46:bb:ae:31:99:
         d8:68:f0:ce:07:d0:17:b4:10:57:68:8d:f2:78:83:56:38:17:
         38:75:71:96:95:1b:fc:9e:49:aa:6d:40:2a:72:08:a6:38:a6:
         b2:c5:00:d8:cf:d7:5b:51:df:b0:6a:e4:71:63:eb:ab:09:de:
         f9:32:68:48:98:7f:38:19:9c:e9:90:e7:44:bf:f5:82:94:33:
         60:4b:98:32:f2:44:46:b5:20:4f:67:79:5d:83:dd:b7:bc:f6:
         52:20:ad:e3:1a:44:fc:5b:0a:46:32:18:3d:26:d0:95:01:84:
         91:eb:b4:01:63:2e:3d:1e:24:dc:60:2c:f2:79:16:ef:8c:9c:
         d7:83:f8:ac
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWERgbvw1bS5NZCPdz8AwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkNDA0NjBiMjMtZGM0Ny00YzQyLWEwNjQtODkyYjRjZDgw
OWRjMB4XDTIzMTIyOTE0MDAyMVoXDTI0MDMyODEzMDAyMVowLzEtMCsGA1UEAxMk
OWQxM2VkNmYtODQ0MS00YjIzLWFlMmItOGIzYTAxYmRhMDMxMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtARxQqv1fOuuFjlq7I+sO1Btes3whKgoBH0P
0IA2eiC2EnFOA6UQgbEYlA4/OIsrL57McqZkRH/Aex2D2/rrOthsEU+GSki7iWqr
4tMJR9ayC+j4PiMlHh+Ry6FFmx1gtkJZHQqbrpxo3nVwqunqulMAkFdv1gIZ+twT
LvHB/PD9fjzkc8eEuk03eQBL/6ZDudFU3XhmXGExudhztA0sYAgm+UyTKsuqQePj
JiQRpNEw7Q1kBdIdvYM1ZbrxMoGvoUBI4TbWlHbCHtp5cr67INQVxxzOupkdSNjZ
eSPzPmAtXvpy6h64ma0WEmM8bndrzmuso9MbyvqUALU/VYE7UwIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFPgMm4+6Gx4Z8fngBnvphhCtGyqXMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzL2E3MzQyMGNiLWIzY2MtNGIwMy1iZGE3LTFiZTIwNDkzM2FlNS80MDQ2
MGIyMy1kYzQ3LTRjNDItYTA2NC04OTJiNGNkODA5ZGMvNGRmZmFlMDYtNDU2MC0z
ZmJjLTlkOTEtZGRiMGE5YmFiMGFjLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy9hNzM0MjBjYi1i
M2NjLTRiMDMtYmRhNy0xYmUyMDQ5MzNhZTUvNDA0NjBiMjMtZGM0Ny00YzQyLWEw
NjQtODkyYjRjZDgwOWRjLzQwNDYwYjIzLWRjNDctNGM0Mi1hMDY0LTg5MmI0Y2Q4
MDlkYy5jcmwwHwYDVR0jBBgwFoAUxVqooxVss8LyIusrjwhgpRYkrkswDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzL2E3MzQyMGNiLWIzY2MtNGIw
My1iZGE3LTFiZTIwNDkzM2FlNS80MDQ2MGIyMy1kYzQ3LTRjNDItYTA2NC04OTJi
NGNkODA5ZGMuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCa6E0MFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBAATkEAwYuaU6axUGQ/AXTLN3htCK4+UMUUfUA6CPa5A5gV5Q3h0clKho
4OqBAszZRkKL6kWcpXcLJoXePXvHk/wV8X5XWJdvKGbZE6fCf0WzApc9Hr8B7gEp
WecQriO2qSYb6VRwhNATUC1A26tXYoXBlzaM++GlDPBGu64xmdho8M4H0Be0EFdo
jfJ4g1Y4Fzh1cZaVG/yeSaptQCpyCKY4prLFANjP11tR37Bq5HFj66sJ3vkyaEiY
fzgZnOmQ50S/9YKUM2BLmDLyREa1IE9neV2D3be89lIgreMaRPxbCkYyGD0m0JUB
hJHrtAFjLj0eJNxgLPJ5Fu+MnNeD+Kw=
-----END CERTIFICATE-----