Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/a73420cb-b3cc-4b03-bda7-1be204933ae5/8583e379-1578-4044-8426-ddcb4a4a8192/f03a8e97-8ca0-3994-afea-e92809df012d.roa
File:                     f03a8e97-8ca0-3994-afea-e92809df012d.roa (raw, json)
Hash identifier:          8JeG4ckNGijQ6VL7ezb8Br1zZgKFDhlMCDitajtLOl0=
Subject key identifier:   03:F8:36:40:26:8C:E3:0C:07:6A:B5:AB:EA:3F:72:5B:22:59:D6:3C
Certificate issuer:       /CN=8583e379-1578-4044-8426-ddcb4a4a8192
Certificate serial:       010D0C9F432858475BDB7E87DADBD451D3B5AB00
Authority key identifier: 89:C7:5F:3F:CE:A7:5D:0D:C3:10:F9:23:2C:65:92:27:0C:63:1D:62
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/a73420cb-b3cc-4b03-bda7-1be204933ae5/8583e379-1578-4044-8426-ddcb4a4a8192.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/a73420cb-b3cc-4b03-bda7-1be204933ae5/8583e379-1578-4044-8426-ddcb4a4a8192/f03a8e97-8ca0-3994-afea-e92809df012d.roa
Signing time:             Sat 28 Sep 2024 01:00:31 +0000
ROA not before:           Sat 28 Sep 2024 01:00:31 +0000
ROA not after:            Fri 27 Dec 2024 02:00:31 +0000
asID:                     40244
IP address blocks:        192.154.248.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:47:5b:db:7e:87:da:db:d4:51:d3:b5:ab:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8583e379-1578-4044-8426-ddcb4a4a8192
        Validity
            Not Before: Sep 28 01:00:31 2024 GMT
            Not After : Dec 27 02:00:31 2024 GMT
        Subject: CN=ca7e06db-cf8f-420c-88cd-b76517b936b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:52:58:64:0b:60:bd:f1:61:d9:5a:11:b2:05:
                    03:98:d7:91:ca:60:bd:af:88:67:79:34:0b:5f:5a:
                    3f:14:63:e9:f5:03:31:90:ae:aa:fe:d6:d1:3a:ea:
                    c6:ed:73:04:0d:a9:7a:84:58:81:09:99:56:43:f9:
                    ef:e7:e4:8b:cc:7e:a6:60:c0:ab:6d:da:f4:13:28:
                    85:ad:7c:b3:a0:bb:88:42:b1:99:b0:3a:98:c6:2b:
                    21:71:02:a8:c0:56:c7:ee:d9:44:e4:6f:c0:5c:24:
                    b8:0b:d7:63:99:9f:02:3d:6c:50:45:f5:97:03:fa:
                    21:18:72:59:b0:93:f6:86:87:ab:8f:e1:0e:2e:57:
                    42:5c:92:0c:c7:af:25:ee:e7:70:f8:21:8e:e2:d1:
                    4f:68:73:1c:7f:4c:dc:5f:2b:6c:0f:8d:7e:e4:c5:
                    f2:92:a5:70:6c:13:20:32:16:1e:a2:de:6d:74:c3:
                    c6:dc:91:0d:2a:9a:de:27:85:da:31:dc:c6:2d:ad:
                    9e:b4:93:e7:fd:9e:14:7f:5f:76:91:9d:e9:d9:60:
                    4a:55:4e:fc:d3:1a:68:1d:ba:45:82:8a:eb:ac:cc:
                    f3:fc:26:92:cd:81:40:71:0c:76:2c:a4:9f:a3:28:
                    30:e7:9a:cc:e4:0d:15:0c:0e:05:e7:26:5e:7b:52:
                    f9:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:F8:36:40:26:8C:E3:0C:07:6A:B5:AB:EA:3F:72:5B:22:59:D6:3C
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/a73420cb-b3cc-4b03-bda7-1be204933ae5/8583e379-1578-4044-8426-ddcb4a4a8192/f03a8e97-8ca0-3994-afea-e92809df012d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/a73420cb-b3cc-4b03-bda7-1be204933ae5/8583e379-1578-4044-8426-ddcb4a4a8192/8583e379-1578-4044-8426-ddcb4a4a8192.crl

            X509v3 Authority Key Identifier:
                keyid:89:C7:5F:3F:CE:A7:5D:0D:C3:10:F9:23:2C:65:92:27:0C:63:1D:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/a73420cb-b3cc-4b03-bda7-1be204933ae5/8583e379-1578-4044-8426-ddcb4a4a8192.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.154.248.0/24

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         a8:1c:29:40:d0:f7:89:82:5a:a7:d3:84:a0:69:e0:e3:50:f5:
         d2:72:51:62:a9:e1:be:5b:ae:89:f2:8e:cd:b3:1f:69:d1:ec:
         98:ae:a6:e3:d1:42:74:22:c0:ec:0a:6d:f9:4c:20:a7:81:66:
         f3:a1:05:fd:8d:3f:6f:ec:a2:7c:53:ad:6f:7b:b2:64:1b:a4:
         d8:f3:fe:52:83:df:f3:8f:75:45:f0:ad:b1:eb:b9:f3:1a:37:
         93:b7:cc:74:97:17:a3:4c:d1:fd:20:99:3f:0c:a4:f7:14:95:
         67:b0:3d:ce:eb:b7:11:ea:68:ed:b3:f6:fa:3f:b2:95:1c:50:
         87:cd:1d:6d:4b:1d:ec:b9:6f:96:bc:f7:ad:0b:36:f2:94:70:
         3b:fe:53:56:c5:0f:bc:1a:7a:d1:26:bc:bc:7a:e6:e9:f8:23:
         aa:a2:74:00:3b:5b:06:db:0d:3b:4a:1c:c0:e9:7e:82:ff:e8:
         02:b7:08:37:fe:6e:4b:6b:18:61:0f:88:81:15:ba:19:ad:18:
         be:63:a6:3f:ed:29:73:82:f4:69:79:1f:33:e3:f5:25:5a:be:
         cd:76:d0:b9:08:53:e8:74:02:e9:75:aa:6e:3f:bd:29:4a:b2:
         00:04:9b:82:54:61:b7:28:38:b0:12:12:76:21:42:a2:6a:2f:
         b3:b1:3c:a4
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWEdb236H2tvUUdO1qwAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkODU4M2UzNzktMTU3OC00MDQ0LTg0MjYtZGRjYjRhNGE4
MTkyMB4XDTI0MDkyODAxMDAzMVoXDTI0MTIyNzAyMDAzMVowLzEtMCsGA1UEAxMk
Y2E3ZTA2ZGItY2Y4Zi00MjBjLTg4Y2QtYjc2NTE3YjkzNmI5MIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjVJYZAtgvfFh2VoRsgUDmNeRymC9r4hneTQL
X1o/FGPp9QMxkK6q/tbROurG7XMEDal6hFiBCZlWQ/nv5+SLzH6mYMCrbdr0EyiF
rXyzoLuIQrGZsDqYxishcQKowFbH7tlE5G/AXCS4C9djmZ8CPWxQRfWXA/ohGHJZ
sJP2hoerj+EOLldCXJIMx68l7udw+CGO4tFPaHMcf0zcXytsD41+5MXykqVwbBMg
MhYeot5tdMPG3JENKpreJ4XaMdzGLa2etJPn/Z4Uf192kZ3p2WBKVU780xpoHbpF
gorrrMzz/CaSzYFAcQx2LKSfoygw55rM5A0VDA4F5yZee1L5hQIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFAP4NkAmjOMMB2q1q+o/clsiWdY8MIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzL2E3MzQyMGNiLWIzY2MtNGIwMy1iZGE3LTFiZTIwNDkzM2FlNS84NTgz
ZTM3OS0xNTc4LTQwNDQtODQyNi1kZGNiNGE0YTgxOTIvZjAzYThlOTctOGNhMC0z
OTk0LWFmZWEtZTkyODA5ZGYwMTJkLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy9hNzM0MjBjYi1i
M2NjLTRiMDMtYmRhNy0xYmUyMDQ5MzNhZTUvODU4M2UzNzktMTU3OC00MDQ0LTg0
MjYtZGRjYjRhNGE4MTkyLzg1ODNlMzc5LTE1NzgtNDA0NC04NDI2LWRkY2I0YTRh
ODE5Mi5jcmwwHwYDVR0jBBgwFoAUicdfP86nXQ3DEPkjLGWSJwxjHWIwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzL2E3MzQyMGNiLWIzY2MtNGIw
My1iZGE3LTFiZTIwNDkzM2FlNS84NTgzZTM3OS0xNTc4LTQwNDQtODQyNi1kZGNi
NGE0YTgxOTIuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwJr4MFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBAKgcKUDQ94mCWqfThKBp4ONQ9dJyUWKp4b5bronyjs2zH2nR7JiupuPR
QnQiwOwKbflMIKeBZvOhBf2NP2/sonxTrW97smQbpNjz/lKD3/OPdUXwrbHrufMa
N5O3zHSXF6NM0f0gmT8MpPcUlWewPc7rtxHqaO2z9vo/spUcUIfNHW1LHey5b5a8
960LNvKUcDv+U1bFD7waetEmvLx65un4I6qidAA7WwbbDTtKHMDpfoL/6AK3CDf+
bktrGGEPiIEVuhmtGL5jpj/tKXOC9Gl5HzPj9SVavs120LkIU+h0Aul1qm4/vSlK
sgAEm4JUYbcoOLASEnYhQqJqL7OxPKQ=
-----END CERTIFICATE-----