Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/9da5489c-943d-495a-995a-ee1d16049d29/328041a1-f3c6-3309-845b-dbabc8241e3c.roa
File:                     328041a1-f3c6-3309-845b-dbabc8241e3c.roa (raw, json)
Hash identifier:          Fd6uH57JkKD9gDp/k3LLMruyCFzoPFxKzPZxQFsxSgQ=
Subject key identifier:   0B:E1:78:0C:B9:F9:2F:64:26:5B:7D:50:21:6F:79:CE:61:57:CB:9D
Certificate issuer:       /CN=9da5489c-943d-495a-995a-ee1d16049d29
Certificate serial:       010D0C9F432858464779ADA0C9A8AABA324ABA00
Authority key identifier: 68:7B:4F:F2:2B:2F:2C:0D:D0:D6:C9:89:FF:00:5C:A1:A5:50:B9:5B
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/9da5489c-943d-495a-995a-ee1d16049d29.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/9da5489c-943d-495a-995a-ee1d16049d29/328041a1-f3c6-3309-845b-dbabc8241e3c.roa
Signing time:             Fri 21 Jun 2024 01:00:26 +0000
ROA not before:           Fri 21 Jun 2024 01:00:26 +0000
ROA not after:            Thu 19 Sep 2024 01:00:26 +0000
asID:                     16509
IP address blocks:        204.75.189.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:46:47:79:ad:a0:c9:a8:aa:ba:32:4a:ba:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9da5489c-943d-495a-995a-ee1d16049d29
        Validity
            Not Before: Jun 21 01:00:26 2024 GMT
            Not After : Sep 19 01:00:26 2024 GMT
        Subject: CN=8da16625-0849-4f06-8a19-642a7a8d00ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:1a:8b:e5:26:a3:34:59:5e:f3:01:40:ee:be:
                    93:b4:96:5c:f3:7c:5d:a4:e5:10:3b:3e:75:f0:23:
                    fb:00:5d:50:9b:2f:ad:c0:a4:4e:03:7d:0a:fb:9d:
                    29:84:35:9a:b0:f4:e0:7f:e2:fa:c2:86:5f:10:4c:
                    e8:94:c3:71:46:ac:36:af:2c:70:f8:f5:73:a6:ac:
                    e5:51:41:d8:0c:42:f7:63:c7:8e:62:57:3e:29:76:
                    db:06:6e:c0:c2:fd:e1:c8:67:f0:05:bf:f3:00:4c:
                    94:e7:89:98:89:02:b7:1b:31:b8:6f:73:dc:a5:82:
                    f2:a4:ab:19:a0:1b:13:cf:b8:78:08:89:bf:11:46:
                    98:b9:7f:ff:5a:1e:34:ee:e9:63:8f:06:22:59:ae:
                    06:73:bf:6a:6a:0d:ae:68:0c:cd:b0:41:3d:8a:0a:
                    b5:e8:08:a5:0d:98:85:72:9b:80:82:63:5c:01:7c:
                    e7:69:d0:8c:47:d1:39:4d:a4:fc:d9:50:17:3f:4f:
                    16:1c:5e:78:63:61:d2:5e:9f:51:52:e8:27:f1:73:
                    70:0e:71:54:4b:b3:df:9e:ba:ac:81:4e:44:89:4b:
                    a4:52:e5:c2:84:73:32:a2:0b:27:42:24:9b:ac:4c:
                    e7:a6:40:7e:7f:55:22:5e:a0:b2:a5:50:c6:00:f4:
                    a0:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:E1:78:0C:B9:F9:2F:64:26:5B:7D:50:21:6F:79:CE:61:57:CB:9D
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/9da5489c-943d-495a-995a-ee1d16049d29/328041a1-f3c6-3309-845b-dbabc8241e3c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/9da5489c-943d-495a-995a-ee1d16049d29/9da5489c-943d-495a-995a-ee1d16049d29.crl

            X509v3 Authority Key Identifier:
                keyid:68:7B:4F:F2:2B:2F:2C:0D:D0:D6:C9:89:FF:00:5C:A1:A5:50:B9:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/9da5489c-943d-495a-995a-ee1d16049d29.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  204.75.189.0/24

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         04:d7:dd:f4:fb:65:e2:3e:fa:c3:65:5e:14:97:21:a4:4a:de:
         49:2b:5a:ec:d2:a7:c2:31:bd:ed:dc:42:38:c9:d0:65:b2:1e:
         45:52:29:1e:da:89:29:7a:ba:ea:57:1d:3a:14:21:53:d7:56:
         8f:dd:3b:29:4e:0f:16:d8:2a:a5:b6:83:f4:cc:ad:41:3f:bf:
         5a:fe:8e:c8:ff:a8:13:0c:db:18:59:62:0f:c2:62:ae:e4:8e:
         bd:7f:cf:48:e1:1e:69:e5:b3:c5:eb:23:dd:8a:42:6d:22:89:
         6b:4e:22:70:a2:af:e8:c5:55:60:22:da:ca:07:27:34:5b:c7:
         47:81:0e:a6:8e:f6:27:b4:77:0c:26:22:07:3d:42:91:32:c4:
         d0:e9:49:55:05:1a:20:60:6d:a9:71:58:45:53:b9:71:5e:56:
         d0:5c:14:9f:8e:cb:75:f4:57:95:7f:57:11:84:48:69:8c:f3:
         a5:c8:00:99:ed:90:40:66:97:14:bf:f3:cb:37:13:97:e7:ef:
         d1:11:a5:3c:52:fe:7e:f9:e4:ed:ab:5e:95:e9:01:24:d4:a0:
         a1:16:c1:fa:ae:38:ab:f4:8f:5a:87:08:15:a9:7b:00:eb:e1:
         af:e3:38:4f:06:e7:53:1b:ff:e2:3c:15:83:40:18:a0:86:d1:
         1c:5e:0b:12
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWEZHea2gyaiqujJKugAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkOWRhNTQ4OWMtOTQzZC00OTVhLTk5NWEtZWUxZDE2MDQ5
ZDI5MB4XDTI0MDYyMTAxMDAyNloXDTI0MDkxOTAxMDAyNlowLzEtMCsGA1UEAxMk
OGRhMTY2MjUtMDg0OS00ZjA2LThhMTktNjQyYTdhOGQwMGFkMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuBqL5SajNFle8wFA7r6TtJZc83xdpOUQOz51
8CP7AF1Qmy+twKROA30K+50phDWasPTgf+L6woZfEEzolMNxRqw2ryxw+PVzpqzl
UUHYDEL3Y8eOYlc+KXbbBm7Awv3hyGfwBb/zAEyU54mYiQK3GzG4b3PcpYLypKsZ
oBsTz7h4CIm/EUaYuX//Wh407uljjwYiWa4Gc79qag2uaAzNsEE9igq16AilDZiF
cpuAgmNcAXznadCMR9E5TaT82VAXP08WHF54Y2HSXp9RUugn8XNwDnFUS7Pfnrqs
gU5EiUukUuXChHMyogsnQiSbrEznpkB+f1UiXqCypVDGAPSg6wIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFAvheAy5+S9kJlt9UCFvec5hV8udMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzL2Y2MGM5ZjMyLWE4N2MtNDMzOS1hMmYzLTYyOTlhM2IwMmUyOS85ZGE1
NDg5Yy05NDNkLTQ5NWEtOTk1YS1lZTFkMTYwNDlkMjkvMzI4MDQxYTEtZjNjNi0z
MzA5LTg0NWItZGJhYmM4MjQxZTNjLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy9mNjBjOWYzMi1h
ODdjLTQzMzktYTJmMy02Mjk5YTNiMDJlMjkvOWRhNTQ4OWMtOTQzZC00OTVhLTk5
NWEtZWUxZDE2MDQ5ZDI5LzlkYTU0ODljLTk0M2QtNDk1YS05OTVhLWVlMWQxNjA0
OWQyOS5jcmwwHwYDVR0jBBgwFoAUaHtP8isvLA3Q1smJ/wBcoaVQuVswDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzL2Y2MGM5ZjMyLWE4N2MtNDMz
OS1hMmYzLTYyOTlhM2IwMmUyOS85ZGE1NDg5Yy05NDNkLTQ5NWEtOTk1YS1lZTFk
MTYwNDlkMjkuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAzEu9MFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBAATX3fT7ZeI++sNlXhSXIaRK3kkrWuzSp8Ixve3cQjjJ0GWyHkVSKR7a
iSl6uupXHToUIVPXVo/dOylODxbYKqW2g/TMrUE/v1r+jsj/qBMM2xhZYg/CYq7k
jr1/z0jhHmnls8XrI92KQm0iiWtOInCir+jFVWAi2soHJzRbx0eBDqaO9ie0dwwm
Igc9QpEyxNDpSVUFGiBgbalxWEVTuXFeVtBcFJ+Oy3X0V5V/VxGESGmM86XIAJnt
kEBmlxS/88s3E5fn79ERpTxS/n755O2rXpXpASTUoKEWwfquOKv0j1qHCBWpewDr
4a/jOE8G51Mb/+I8FYNAGKCG0RxeCxI=
-----END CERTIFICATE-----