Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/9da5489c-943d-495a-995a-ee1d16049d29/df0a786e-5ade-31cc-9aa7-ba16d4f9cd02.roa
File:                     df0a786e-5ade-31cc-9aa7-ba16d4f9cd02.roa (raw, json)
Hash identifier:          b5P1p8eXv+mHs12Rw7R7dElkMqaKYQWMya/fUhJXZn8=
Subject key identifier:   73:34:CD:D8:21:54:BB:42:47:5A:B5:A5:1E:6C:C7:BC:D5:BF:DD:E4
Certificate issuer:       /CN=9da5489c-943d-495a-995a-ee1d16049d29
Certificate serial:       010D0C9F432858444484288623F08BFE78E56C80
Authority key identifier: 68:7B:4F:F2:2B:2F:2C:0D:D0:D6:C9:89:FF:00:5C:A1:A5:50:B9:5B
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/9da5489c-943d-495a-995a-ee1d16049d29.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/9da5489c-943d-495a-995a-ee1d16049d29/df0a786e-5ade-31cc-9aa7-ba16d4f9cd02.roa
Signing time:             Tue 19 Dec 2023 14:00:20 +0000
ROA not before:           Tue 19 Dec 2023 14:00:20 +0000
ROA not after:            Mon 18 Mar 2024 13:00:20 +0000
asID:                     16509
IP address blocks:        204.75.186.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:44:44:84:28:86:23:f0:8b:fe:78:e5:6c:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9da5489c-943d-495a-995a-ee1d16049d29
        Validity
            Not Before: Dec 19 14:00:20 2023 GMT
            Not After : Mar 18 13:00:20 2024 GMT
        Subject: CN=eb0d4cf3-3e49-4cda-8321-feff0a907b4b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:eb:55:6a:fa:39:a1:91:c8:6e:6c:7e:07:97:
                    e4:d6:5a:23:30:96:d3:51:20:dd:2f:81:ba:33:6a:
                    d6:dd:26:d8:e9:92:8e:71:3f:cd:05:72:1a:0f:6c:
                    55:33:c9:79:e3:6e:32:49:47:13:3e:68:e2:9c:b9:
                    82:88:3d:25:d5:fd:55:cc:77:39:99:b3:53:e4:e7:
                    71:5e:8b:fb:7c:99:54:d0:85:80:4a:34:5f:20:f3:
                    29:c4:72:11:ee:a3:07:8e:86:aa:8f:35:3e:36:e7:
                    c3:7b:b4:f5:0c:a6:3c:d4:16:16:17:ec:f4:68:89:
                    ef:9a:ff:d6:59:29:dc:8b:5d:74:de:a0:9d:3e:ec:
                    e2:71:d0:6d:7b:e6:1a:bb:61:8e:f4:e7:00:7a:ab:
                    cf:08:93:39:40:d8:6a:21:eb:f4:9a:77:76:91:37:
                    f8:1d:be:85:64:0d:3b:c7:c3:18:ca:ab:4a:36:5d:
                    02:99:4e:ec:6f:bb:c9:4f:0e:e5:b6:6a:98:9a:90:
                    cb:10:0b:e0:b3:33:3c:79:6d:ab:f2:7a:ab:4a:db:
                    f8:9f:4e:b8:ce:9b:70:49:ac:e1:78:99:3a:38:56:
                    24:97:29:c0:0d:b0:77:58:3a:35:89:c4:86:c2:89:
                    1b:ae:aa:07:68:79:32:66:89:c1:ed:ba:88:8b:7e:
                    81:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:34:CD:D8:21:54:BB:42:47:5A:B5:A5:1E:6C:C7:BC:D5:BF:DD:E4
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/9da5489c-943d-495a-995a-ee1d16049d29/df0a786e-5ade-31cc-9aa7-ba16d4f9cd02.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/9da5489c-943d-495a-995a-ee1d16049d29/9da5489c-943d-495a-995a-ee1d16049d29.crl

            X509v3 Authority Key Identifier:
                keyid:68:7B:4F:F2:2B:2F:2C:0D:D0:D6:C9:89:FF:00:5C:A1:A5:50:B9:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/9da5489c-943d-495a-995a-ee1d16049d29.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  204.75.186.0/24

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         23:bb:7a:15:41:d1:16:cd:3b:64:e4:0f:4c:22:81:d8:fb:9f:
         01:d5:32:59:c0:d1:81:40:c9:49:78:55:97:28:10:30:d2:5c:
         4c:32:fa:8e:e1:78:37:34:6b:0f:d2:fc:dd:57:f4:01:a5:0f:
         15:30:79:cc:8d:b9:ac:bd:a8:1b:59:4d:e3:21:8f:e2:bf:e7:
         7a:a7:21:5e:4c:a7:a5:34:71:4f:c3:87:65:47:ec:f7:9e:99:
         0a:91:13:2b:0a:cf:71:10:38:ce:f2:e4:df:68:67:c7:34:d0:
         ef:dd:34:89:5c:21:bd:18:3f:03:77:83:9e:e6:41:69:aa:5a:
         9c:ff:c1:2d:1d:88:c5:2e:a6:92:b2:01:80:c2:8e:9b:b5:75:
         31:ea:66:d9:20:8f:38:88:47:05:ae:41:a9:58:bb:97:4b:6e:
         0b:c8:43:59:10:bd:06:d4:2d:5b:fc:94:bf:a4:98:09:8d:5c:
         09:b2:25:07:36:99:c5:bb:ee:17:cc:1b:4a:b3:46:d9:35:7f:
         82:08:6f:ac:dd:80:a0:68:3c:33:7f:46:d8:61:17:9b:29:79:
         79:24:f2:e8:e8:6f:a7:cf:bc:48:0a:5b:e8:76:4e:f6:16:7e:
         c9:ca:b1:78:93:06:28:39:cb:6d:b7:4e:2d:80:3a:64:1d:f7:
         aa:ac:c6:c0
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWEREhCiGI/CL/njlbIAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkOWRhNTQ4OWMtOTQzZC00OTVhLTk5NWEtZWUxZDE2MDQ5
ZDI5MB4XDTIzMTIxOTE0MDAyMFoXDTI0MDMxODEzMDAyMFowLzEtMCsGA1UEAxMk
ZWIwZDRjZjMtM2U0OS00Y2RhLTgzMjEtZmVmZjBhOTA3YjRiMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1OtVavo5oZHIbmx+B5fk1lojMJbTUSDdL4G6
M2rW3SbY6ZKOcT/NBXIaD2xVM8l5424ySUcTPmjinLmCiD0l1f1VzHc5mbNT5Odx
Xov7fJlU0IWASjRfIPMpxHIR7qMHjoaqjzU+NufDe7T1DKY81BYWF+z0aInvmv/W
WSnci1103qCdPuzicdBte+Yau2GO9OcAeqvPCJM5QNhqIev0mnd2kTf4Hb6FZA07
x8MYyqtKNl0CmU7sb7vJTw7ltmqYmpDLEAvgszM8eW2r8nqrStv4n064zptwSazh
eJk6OFYklynADbB3WDo1icSGwokbrqoHaHkyZonB7bqIi36BRwIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFHM0zdghVLtCR1q1pR5sx7zVv93kMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzL2Y2MGM5ZjMyLWE4N2MtNDMzOS1hMmYzLTYyOTlhM2IwMmUyOS85ZGE1
NDg5Yy05NDNkLTQ5NWEtOTk1YS1lZTFkMTYwNDlkMjkvZGYwYTc4NmUtNWFkZS0z
MWNjLTlhYTctYmExNmQ0ZjljZDAyLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy9mNjBjOWYzMi1h
ODdjLTQzMzktYTJmMy02Mjk5YTNiMDJlMjkvOWRhNTQ4OWMtOTQzZC00OTVhLTk5
NWEtZWUxZDE2MDQ5ZDI5LzlkYTU0ODljLTk0M2QtNDk1YS05OTVhLWVlMWQxNjA0
OWQyOS5jcmwwHwYDVR0jBBgwFoAUaHtP8isvLA3Q1smJ/wBcoaVQuVswDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzL2Y2MGM5ZjMyLWE4N2MtNDMz
OS1hMmYzLTYyOTlhM2IwMmUyOS85ZGE1NDg5Yy05NDNkLTQ5NWEtOTk1YS1lZTFk
MTYwNDlkMjkuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAzEu6MFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBACO7ehVB0RbNO2TkD0wigdj7nwHVMlnA0YFAyUl4VZcoEDDSXEwy+o7h
eDc0aw/S/N1X9AGlDxUwecyNuay9qBtZTeMhj+K/53qnIV5Mp6U0cU/Dh2VH7Pee
mQqREysKz3EQOM7y5N9oZ8c00O/dNIlcIb0YPwN3g57mQWmqWpz/wS0diMUuppKy
AYDCjpu1dTHqZtkgjziIRwWuQalYu5dLbgvIQ1kQvQbULVv8lL+kmAmNXAmyJQc2
mcW77hfMG0qzRtk1f4IIb6zdgKBoPDN/RthhF5speXkk8ujob6fPvEgKW+h2TvYW
fsnKsXiTBig5y223Ti2AOmQd96qsxsA=
-----END CERTIFICATE-----