Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/9da5489c-943d-495a-995a-ee1d16049d29/952e09f3-7ec2-353f-a53b-7c736f2a0511.roa
File:                     952e09f3-7ec2-353f-a53b-7c736f2a0511.roa (raw, json)
Hash identifier:          xqjXG9eGg1PzIsmLQIGMNz2ZHuyLexJfhnkZz+kUgtQ=
Subject key identifier:   F7:A8:07:F3:C7:F5:5D:B2:FD:3A:85:D8:93:62:84:21:65:83:77:B0
Certificate issuer:       /CN=9da5489c-943d-495a-995a-ee1d16049d29
Certificate serial:       010D0C9F4328583CA866A261B604F4862F749700
Authority key identifier: 68:7B:4F:F2:2B:2F:2C:0D:D0:D6:C9:89:FF:00:5C:A1:A5:50:B9:5B
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/9da5489c-943d-495a-995a-ee1d16049d29.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/9da5489c-943d-495a-995a-ee1d16049d29/952e09f3-7ec2-353f-a53b-7c736f2a0511.roa
Signing time:             Thu 20 Jan 2022 05:00:00 +0000
ROA not before:           Thu 20 Jan 2022 05:00:00 +0000
ROA not after:            Thu 19 Jan 2023 05:00:00 +0000
asID:                     16509
IP address blocks:        204.75.187.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:3c:a8:66:a2:61:b6:04:f4:86:2f:74:97:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9da5489c-943d-495a-995a-ee1d16049d29
        Validity
            Not Before: Jan 20 05:00:00 2022 GMT
            Not After : Jan 19 05:00:00 2023 GMT
        Subject: CN=a7bdd6e1-efb8-4caf-9809-89507e214e5b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:46:3a:25:b3:fc:97:53:52:1e:7c:f3:05:a3:
                    b8:56:0f:cd:52:e8:d1:53:d3:f4:33:ed:49:e6:e4:
                    cc:59:7c:42:ff:e7:66:2f:df:a6:22:28:94:a5:37:
                    a1:48:fb:83:81:9f:47:69:09:ff:1e:3a:83:ab:cb:
                    75:5f:fe:2b:6b:b5:a9:11:e7:58:18:80:fa:b5:7c:
                    3d:01:ef:78:5b:df:79:f8:73:ed:c7:5b:5c:aa:18:
                    66:6f:ff:ef:8d:6c:a7:17:56:71:f6:c0:f5:7a:01:
                    41:00:41:a5:d2:d5:f8:41:46:05:12:92:ee:5b:a7:
                    20:66:7e:28:21:ab:16:fa:22:db:8f:63:c2:93:fe:
                    19:75:e7:0c:9b:28:49:5a:bd:a6:35:d7:6a:76:9f:
                    79:79:41:b1:a6:7f:45:2f:96:b4:33:52:1b:a3:41:
                    69:a3:84:9d:d5:42:ed:93:43:a1:0f:f2:08:65:89:
                    80:9b:f6:32:90:7f:f9:32:52:c4:0f:bb:28:80:65:
                    bb:b0:7b:76:8c:1c:28:d7:fa:70:a5:e7:c0:61:55:
                    d4:29:cd:f4:24:cf:ea:d7:87:7e:8f:a8:51:1e:ab:
                    ef:4c:62:c0:36:6b:0a:0e:f9:4e:1a:ff:fb:09:c6:
                    c2:60:11:89:57:93:55:46:eb:99:2a:8a:6a:c9:73:
                    37:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:A8:07:F3:C7:F5:5D:B2:FD:3A:85:D8:93:62:84:21:65:83:77:B0
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/9da5489c-943d-495a-995a-ee1d16049d29/952e09f3-7ec2-353f-a53b-7c736f2a0511.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/9da5489c-943d-495a-995a-ee1d16049d29/9da5489c-943d-495a-995a-ee1d16049d29.crl

            X509v3 Authority Key Identifier:
                keyid:68:7B:4F:F2:2B:2F:2C:0D:D0:D6:C9:89:FF:00:5C:A1:A5:50:B9:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/9da5489c-943d-495a-995a-ee1d16049d29.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  204.75.187.0/24

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         36:56:d3:7e:25:60:8a:fa:47:59:a2:bf:84:5d:73:0d:8a:62:
         f5:24:72:f7:3a:1c:b6:12:7c:d1:04:57:16:94:9f:0a:bb:eb:
         ea:5b:94:be:64:70:69:45:fd:b1:40:42:7d:28:9c:dc:fc:2e:
         6c:17:ff:45:9a:07:05:29:b2:5f:0c:4d:bf:ae:54:75:33:ab:
         a5:b7:6e:ba:1a:2f:c4:50:91:a8:31:a6:dd:28:58:0a:e1:d2:
         98:08:42:d7:5f:3d:75:c3:42:01:c4:27:6f:6d:28:ff:32:b4:
         0a:8f:4a:54:53:ae:2f:96:f8:2f:b1:33:c7:cf:3e:98:22:d9:
         3d:fe:29:c8:71:04:09:10:6b:06:fa:23:53:fe:10:33:c4:6c:
         c1:07:88:f6:1f:bd:ca:61:7a:7f:43:6b:ca:9c:35:3d:1d:a1:
         0b:e8:dc:be:cb:aa:d9:82:d2:f2:fb:a6:95:71:9b:43:3a:b0:
         db:74:56:42:39:16:54:3c:0e:82:b0:4f:86:b1:0a:bf:f4:9e:
         9e:52:7a:bc:77:4e:43:ab:ec:4b:72:58:0e:37:eb:47:d5:9c:
         73:4b:ef:e9:d7:d9:08:3e:16:0b:88:61:3b:4d:ae:9d:e6:aa:
         3f:ec:c1:e9:b1:e4:d8:52:77:ef:ae:31:2f:fb:c0:96:88:3d:
         2c:eb:6b:7e
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWDyoZqJhtgT0hi90lwAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkOWRhNTQ4OWMtOTQzZC00OTVhLTk5NWEtZWUxZDE2MDQ5
ZDI5MB4XDTIyMDEyMDA1MDAwMFoXDTIzMDExOTA1MDAwMFowLzEtMCsGA1UEAxMk
YTdiZGQ2ZTEtZWZiOC00Y2FmLTk4MDktODk1MDdlMjE0ZTViMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwkY6JbP8l1NSHnzzBaO4Vg/NUujRU9P0M+1J
5uTMWXxC/+dmL9+mIiiUpTehSPuDgZ9HaQn/HjqDq8t1X/4ra7WpEedYGID6tXw9
Ae94W995+HPtx1tcqhhmb//vjWynF1Zx9sD1egFBAEGl0tX4QUYFEpLuW6cgZn4o
IasW+iLbj2PCk/4ZdecMmyhJWr2mNddqdp95eUGxpn9FL5a0M1Ibo0Fpo4Sd1ULt
k0OhD/IIZYmAm/YykH/5MlLED7sogGW7sHt2jBwo1/pwpefAYVXUKc30JM/q14d+
j6hRHqvvTGLANmsKDvlOGv/7CcbCYBGJV5NVRuuZKopqyXM30wIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFPeoB/PH9V2y/TqF2JNihCFlg3ewMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzL2Y2MGM5ZjMyLWE4N2MtNDMzOS1hMmYzLTYyOTlhM2IwMmUyOS85ZGE1
NDg5Yy05NDNkLTQ5NWEtOTk1YS1lZTFkMTYwNDlkMjkvOTUyZTA5ZjMtN2VjMi0z
NTNmLWE1M2ItN2M3MzZmMmEwNTExLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy9mNjBjOWYzMi1h
ODdjLTQzMzktYTJmMy02Mjk5YTNiMDJlMjkvOWRhNTQ4OWMtOTQzZC00OTVhLTk5
NWEtZWUxZDE2MDQ5ZDI5LzlkYTU0ODljLTk0M2QtNDk1YS05OTVhLWVlMWQxNjA0
OWQyOS5jcmwwHwYDVR0jBBgwFoAUaHtP8isvLA3Q1smJ/wBcoaVQuVswDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzL2Y2MGM5ZjMyLWE4N2MtNDMz
OS1hMmYzLTYyOTlhM2IwMmUyOS85ZGE1NDg5Yy05NDNkLTQ5NWEtOTk1YS1lZTFk
MTYwNDlkMjkuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAzEu7MFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBADZW034lYIr6R1miv4Rdcw2KYvUkcvc6HLYSfNEEVxaUnwq76+pblL5k
cGlF/bFAQn0onNz8LmwX/0WaBwUpsl8MTb+uVHUzq6W3broaL8RQkagxpt0oWArh
0pgIQtdfPXXDQgHEJ29tKP8ytAqPSlRTri+W+C+xM8fPPpgi2T3+KchxBAkQawb6
I1P+EDPEbMEHiPYfvcphen9Da8qcNT0doQvo3L7LqtmC0vL7ppVxm0M6sNt0VkI5
FlQ8DoKwT4axCr/0np5Serx3TkOr7EtyWA4360fVnHNL7+nX2Qg+FguIYTtNrp3m
qj/swemx5NhSd++uMS/7wJaIPSzra34=
-----END CERTIFICATE-----