Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/a920645f-6928-416c-87e9-a0135e5720e4/76497bf7-b8b6-3f4a-b3ad-c062525b0bde.roa
File:                     76497bf7-b8b6-3f4a-b3ad-c062525b0bde.roa (raw, json)
Hash identifier:          Nyps6fFG3K3Xxks43qLA3o6MxglnRlk3G32ksYakIhY=
Subject key identifier:   BD:B4:65:C1:CD:8F:9B:81:CA:88:44:ED:BB:28:47:0E:12:B6:4D:C8
Certificate issuer:       /CN=a920645f-6928-416c-87e9-a0135e5720e4
Certificate serial:       010D0C9F4328576D51CC73C042CFC16C62BFDD36
Authority key identifier: 0E:7A:36:95:23:AE:89:31:10:84:05:B7:7D:52:6F:5F:91:94:48:29
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/a920645f-6928-416c-87e9-a0135e5720e4.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/a920645f-6928-416c-87e9-a0135e5720e4/76497bf7-b8b6-3f4a-b3ad-c062525b0bde.roa
Signing time:             Mon 05 Aug 2019 17:07:16 +0000
ROA not before:           Tue 23 Jul 2019 04:00:00 +0000
ROA not after:            Mon 23 Jul 2029 04:00:00 +0000
asID:                     13657
IP address blocks:        104.242.0.0/16 maxlen: 16
                          67.215.192.0/20 maxlen: 20
                          216.235.0.0/20 maxlen: 20
                          2001:4900::/32 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:57:6d:51:cc:73:c0:42:cf:c1:6c:62:bf:dd:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a920645f-6928-416c-87e9-a0135e5720e4
        Validity
            Not Before: Jul 23 04:00:00 2019 GMT
            Not After : Jul 23 04:00:00 2029 GMT
        Subject: CN=2126fc30-93de-4f23-9d10-9c52a5ab0153
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:0a:82:92:ba:d4:72:ce:f4:23:ee:b6:bb:89:
                    af:db:d6:d5:17:34:53:1b:75:4f:53:8f:3e:1f:c2:
                    df:47:de:cb:29:d1:73:55:be:c9:78:19:05:a5:43:
                    e9:93:78:c0:86:33:61:a7:e7:ab:ac:7d:d5:15:f7:
                    e5:f7:49:38:6d:30:37:4d:89:b7:22:80:c5:51:21:
                    7f:ec:ae:4c:31:be:2b:48:7f:2b:f3:9d:e9:b5:92:
                    5f:a3:1d:06:01:23:0d:98:a4:ed:2b:8b:c7:5d:6c:
                    67:11:62:ad:ac:b6:15:8c:a2:b4:33:92:24:b2:b4:
                    f1:55:e2:64:f9:88:15:1f:c0:8e:45:81:85:41:e9:
                    5d:d4:4d:54:08:79:b2:2e:dc:6c:bf:4c:02:e2:1d:
                    70:05:13:da:ad:58:76:2b:43:52:8f:ec:2f:53:68:
                    be:59:dc:41:c7:a9:c9:87:fd:0e:9c:9f:13:a0:46:
                    44:3e:fd:6b:81:44:2b:eb:46:09:39:06:60:b5:a7:
                    cb:57:54:58:0c:50:c7:54:aa:35:22:95:0e:ca:fe:
                    ee:9e:95:16:84:10:5e:74:78:17:62:b3:ef:b3:ae:
                    2a:7d:58:56:eb:2d:d8:05:ae:fa:e6:ef:bf:98:74:
                    eb:5f:6e:7b:09:ee:68:a1:a1:c3:e9:c3:fa:11:08:
                    18:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:B4:65:C1:CD:8F:9B:81:CA:88:44:ED:BB:28:47:0E:12:B6:4D:C8
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/a920645f-6928-416c-87e9-a0135e5720e4/76497bf7-b8b6-3f4a-b3ad-c062525b0bde.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/a920645f-6928-416c-87e9-a0135e5720e4/a920645f-6928-416c-87e9-a0135e5720e4.crl

            X509v3 Authority Key Identifier:
                keyid:0E:7A:36:95:23:AE:89:31:10:84:05:B7:7D:52:6F:5F:91:94:48:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/a920645f-6928-416c-87e9-a0135e5720e4.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  67.215.192.0/20
                  104.242.0.0/16
                  216.235.0.0/20
                IPv6:
                  2001:4900::/32

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         65:a8:d3:e2:a9:1e:ac:9d:81:b5:83:0a:bd:1a:1b:67:a8:2d:
         2a:b7:48:88:b6:5e:db:cb:28:a9:6f:6a:38:d8:f8:fd:00:6e:
         37:8e:e5:d8:a8:e4:45:8c:3a:bf:76:31:4c:21:fc:74:85:9f:
         11:e6:da:4f:43:14:5d:c2:46:39:76:73:cc:46:18:0f:d3:f7:
         a1:66:e6:48:8d:fa:d8:43:c9:38:68:b3:41:79:cc:af:37:85:
         3f:91:67:73:ed:18:3f:2c:93:c5:a5:66:f4:29:b8:1a:4d:50:
         e6:06:99:17:43:52:ed:2a:19:ec:34:40:e2:c1:41:e7:13:d7:
         19:31:7c:62:78:49:25:43:74:2f:33:93:f5:5d:df:8b:93:a4:
         b5:3f:1f:61:b3:11:ea:62:cc:bd:5b:dc:67:05:a4:ad:cd:6a:
         01:19:17:c0:bb:36:37:ac:fb:81:8a:23:9c:68:bd:f5:d5:9e:
         3f:ae:08:bc:2d:16:b0:f5:ac:9c:a9:33:a3:8e:ab:8b:a0:3a:
         80:7f:aa:2c:ab:fe:41:b2:a5:e3:81:17:da:72:8a:b0:4d:20:
         ac:eb:82:1d:54:b8:2c:33:47:85:08:1f:1c:c1:19:2b:22:a1:
         47:55:a5:90:4e:6e:c8:10:ad:7c:f2:a0:5e:14:88:c1:61:a7:
         75:f5:89:49
-----BEGIN CERTIFICATE-----
MIIGWTCCBUOgAwIBAgIUAQ0Mn0MoV21RzHPAQs/BbGK/3TYwCwYJKoZIhvcNAQEL
MC8xLTArBgNVBAMTJGE5MjA2NDVmLTY5MjgtNDE2Yy04N2U5LWEwMTM1ZTU3MjBl
NDAeFw0xOTA3MjMwNDAwMDBaFw0yOTA3MjMwNDAwMDBaMC8xLTArBgNVBAMTJDIx
MjZmYzMwLTkzZGUtNGYyMy05ZDEwLTljNTJhNWFiMDE1MzCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAOkKgpK61HLO9CPutruJr9vW1Rc0Uxt1T1OPPh/C
30feyynRc1W+yXgZBaVD6ZN4wIYzYafnq6x91RX35fdJOG0wN02JtyKAxVEhf+yu
TDG+K0h/K/Od6bWSX6MdBgEjDZik7SuLx11sZxFiray2FYyitDOSJLK08VXiZPmI
FR/AjkWBhUHpXdRNVAh5si7cbL9MAuIdcAUT2q1YditDUo/sL1NovlncQcepyYf9
DpyfE6BGRD79a4FEK+tGCTkGYLWny1dUWAxQx1SqNSKVDsr+7p6VFoQQXnR4F2Kz
77OuKn1YVust2AWu+ubvv5h0619uewnuaKGhw+nD+hEIGMkCAwEAAaOCA28wggNr
MB0GA1UdDgQWBBS9tGXBzY+bgcqIRO27KEcOErZNyDCB5QYIKwYBBQUHAQsEgdgw
gdUwgdIGCCsGAQUFBzALhoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRv
cnkvYXJpbi1ycGtpLXRhLzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIx
NTdkMy9mNjBjOWYzMi1hODdjLTQzMzktYTJmMy02Mjk5YTNiMDJlMjkvYTkyMDY0
NWYtNjkyOC00MTZjLTg3ZTktYTAxMzVlNTcyMGU0Lzc2NDk3YmY3LWI4YjYtM2Y0
YS1iM2FkLWMwNjI1MjViMGJkZS5yb2EwgdwGA1UdHwSB1DCB0TCBzqCBy6CByIaB
xXJzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4tcnBraS10YS81
ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvZjYwYzlmMzItYTg3
Yy00MzM5LWEyZjMtNjI5OWEzYjAyZTI5L2E5MjA2NDVmLTY5MjgtNDE2Yy04N2U5
LWEwMTM1ZTU3MjBlNC9hOTIwNjQ1Zi02OTI4LTQxNmMtODdlOS1hMDEzNWU1NzIw
ZTQuY3JsMB8GA1UdIwQYMBaAFA56NpUjrokxEIQFt31Sb1+RlEgpMA4GA1UdDwEB
/wQEAwIHgDCBwAYIKwYBBQUHAQEEgbMwgbAwga0GCCsGAQUFBzAChoGgcnN5bmM6
Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRhLzVlNGEyM2Vh
LWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy9mNjBjOWYzMi1hODdjLTQzMzkt
YTJmMy02Mjk5YTNiMDJlMjkvYTkyMDY0NWYtNjkyOC00MTZjLTg3ZTktYTAxMzVl
NTcyMGU0LmNlcjA5BggrBgEFBQcBBwEB/wQqMCgwFwQCAAEwEQMEBEPXwAMDAGjy
AwQE2OsAMA0EAgACMAcDBQAgAUkAMFQGA1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIw
OjA4BggrBgEFBQcCARYsaHR0cHM6Ly93d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jw
a2kvY3BzLmh0bWwwCwYJKoZIhvcNAQELA4IBAQBlqNPiqR6snYG1gwq9GhtnqC0q
t0iItl7byyipb2o42Pj9AG43juXYqORFjDq/djFMIfx0hZ8R5tpPQxRdwkY5dnPM
RhgP0/ehZuZIjfrYQ8k4aLNBecyvN4U/kWdz7Rg/LJPFpWb0KbgaTVDmBpkXQ1Lt
KhnsNEDiwUHnE9cZMXxieEklQ3QvM5P1Xd+Lk6S1Px9hsxHqYsy9W9xnBaStzWoB
GRfAuzY3rPuBiiOcaL311Z4/rgi8LRaw9aycqTOjjquLoDqAf6osq/5BsqXjgRfa
coqwTSCs64IdVLgsM0eFCB8cwRkrIqFHVaWQTm7IEK188qBeFIjBYad19YlJ
-----END CERTIFICATE-----