Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/bc831f6b-71a6-46bb-9f64-2da80ccc244c/3258d412-b3c5-35c9-8ca7-b46c3fc06931.roa
File:                     3258d412-b3c5-35c9-8ca7-b46c3fc06931.roa (raw, json)
Hash identifier:          pGwcpY9rR1/aeFl/TX5SFMlLxw4VkvhxEN4zGA42m1c=
Subject key identifier:   13:52:E6:D9:5A:0A:6B:2A:F8:00:42:C1:11:80:9F:A4:1C:A8:56:B2
Certificate issuer:       /CN=bc831f6b-71a6-46bb-9f64-2da80ccc244c
Certificate serial:       010D0C9F43285842B52E90BE26135D5A9E6B7380
Authority key identifier: A9:50:46:A5:5A:7E:BB:0F:CE:06:22:BA:A4:AF:11:59:F2:3E:CD:24
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/bc831f6b-71a6-46bb-9f64-2da80ccc244c.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/bc831f6b-71a6-46bb-9f64-2da80ccc244c/3258d412-b3c5-35c9-8ca7-b46c3fc06931.roa
Signing time:             Sat 29 Jul 2023 13:00:21 +0000
ROA not before:           Sat 29 Jul 2023 13:00:21 +0000
ROA not after:            Fri 27 Oct 2023 13:00:21 +0000
asID:                     997
IP address blocks:        23.249.16.0/20 maxlen: 24
                          104.251.224.0/20 maxlen: 24
                          104.143.32.0/20 maxlen: 24
                          172.81.96.0/20 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:42:b5:2e:90:be:26:13:5d:5a:9e:6b:73:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bc831f6b-71a6-46bb-9f64-2da80ccc244c
        Validity
            Not Before: Jul 29 13:00:21 2023 GMT
            Not After : Oct 27 13:00:21 2023 GMT
        Subject: CN=de9740f6-5570-4838-85b1-fed7d00e2c47
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:a6:2e:5b:38:c3:ef:54:74:5c:23:7f:1a:16:
                    09:78:33:1f:ab:b7:5c:5f:4c:b9:96:cd:17:ed:93:
                    01:ee:0c:b6:ac:52:93:c9:de:3d:b7:61:bf:58:97:
                    b6:f8:9c:9b:77:51:f8:90:c0:13:75:01:36:be:9a:
                    be:7b:00:ec:2e:c3:32:7e:9b:e5:8b:97:dd:df:2e:
                    eb:01:70:ac:fc:2a:d8:59:a1:40:77:84:39:5e:8b:
                    dd:d7:56:42:01:de:e5:18:67:95:b6:08:b4:41:b5:
                    5a:45:eb:b9:7c:53:fc:11:25:68:4b:70:e7:1c:85:
                    83:9a:59:2f:eb:dc:94:d1:ee:c9:93:d1:2d:34:be:
                    3a:4e:b3:cb:6f:2a:9c:55:86:be:6b:bd:56:fd:24:
                    59:c2:60:79:1d:75:7e:3b:19:d4:40:70:4c:55:73:
                    c5:f6:30:76:55:90:f5:ad:fb:75:10:7a:6d:55:3d:
                    2a:a5:8f:e6:99:77:db:37:49:fa:dc:30:07:32:76:
                    79:ed:9c:06:d9:6b:ce:7c:62:c7:fa:2b:77:06:6d:
                    2e:f1:33:b1:ee:00:c9:84:f3:89:d8:c4:92:81:40:
                    ca:82:6a:54:33:72:5d:a7:0a:c1:bf:f0:f8:74:b4:
                    51:7f:b1:da:d7:d1:8e:42:89:ec:03:b7:f4:5e:4c:
                    3a:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:52:E6:D9:5A:0A:6B:2A:F8:00:42:C1:11:80:9F:A4:1C:A8:56:B2
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/bc831f6b-71a6-46bb-9f64-2da80ccc244c/3258d412-b3c5-35c9-8ca7-b46c3fc06931.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/bc831f6b-71a6-46bb-9f64-2da80ccc244c/bc831f6b-71a6-46bb-9f64-2da80ccc244c.crl

            X509v3 Authority Key Identifier:
                keyid:A9:50:46:A5:5A:7E:BB:0F:CE:06:22:BA:A4:AF:11:59:F2:3E:CD:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/bc831f6b-71a6-46bb-9f64-2da80ccc244c.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.249.16.0/20
                  104.143.32.0/20
                  104.251.224.0/20
                  172.81.96.0/20

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         22:f5:ce:2c:13:f1:b5:a5:62:3f:86:d9:bf:5b:25:d6:e6:15:
         95:4e:34:df:54:ec:54:d6:72:ac:d8:4d:95:cc:4b:fc:79:11:
         2b:dd:91:09:22:f3:33:02:34:3f:8d:a7:54:7b:41:1c:f1:3f:
         12:d3:7c:49:36:e7:33:a0:4c:df:47:e9:45:c5:89:d6:a0:a9:
         39:79:05:50:05:34:55:77:ed:18:b9:bd:89:9c:43:af:e8:6d:
         b5:7c:ef:21:c3:50:ed:cb:11:72:70:dd:d6:3b:db:73:4c:00:
         3c:6b:52:f7:8b:76:c5:63:61:4c:29:03:bb:cd:61:04:da:27:
         23:41:66:ca:bd:d6:e9:a0:ae:2e:a0:9c:de:e9:da:5b:24:b3:
         19:43:c5:33:dc:ea:1b:83:5b:7e:71:98:4e:93:ae:f8:aa:4a:
         cb:27:e1:db:62:6f:ab:ff:28:c2:7a:b4:0e:af:89:d5:0d:2e:
         9e:1b:48:c1:18:a6:59:5e:20:5d:1e:b4:ec:09:4b:2c:4f:0b:
         75:d5:8b:a2:bb:18:e8:92:d5:e0:ff:25:f3:e8:bc:3e:c1:df:
         fa:8f:e3:eb:d8:45:eb:6c:cb:c2:36:a6:fc:5c:9e:af:40:3a:
         70:01:02:75:f1:dc:15:d2:31:0e:7e:a1:c7:60:17:4a:16:f1:
         1e:7f:e7:38
-----BEGIN CERTIFICATE-----
MIIGVTCCBT2gAwIBAgIUAQ0Mn0MoWEK1LpC+JhNdWp5rc4AwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkYmM4MzFmNmItNzFhNi00NmJiLTlmNjQtMmRhODBjY2My
NDRjMB4XDTIzMDcyOTEzMDAyMVoXDTIzMTAyNzEzMDAyMVowLzEtMCsGA1UEAxMk
ZGU5NzQwZjYtNTU3MC00ODM4LTg1YjEtZmVkN2QwMGUyYzQ3MIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgqYuWzjD71R0XCN/GhYJeDMfq7dcX0y5ls0X
7ZMB7gy2rFKTyd49t2G/WJe2+Jybd1H4kMATdQE2vpq+ewDsLsMyfpvli5fd3y7r
AXCs/CrYWaFAd4Q5Xovd11ZCAd7lGGeVtgi0QbVaReu5fFP8ESVoS3DnHIWDmlkv
69yU0e7Jk9EtNL46TrPLbyqcVYa+a71W/SRZwmB5HXV+OxnUQHBMVXPF9jB2VZD1
rft1EHptVT0qpY/mmXfbN0n63DAHMnZ57ZwG2WvOfGLH+it3Bm0u8TOx7gDJhPOJ
2MSSgUDKgmpUM3JdpwrBv/D4dLRRf7Ha19GOQonsA7f0Xkw6BQIDAQABo4IDZzCC
A2MwHQYDVR0OBBYEFBNS5tlaCmsq+ABCwRGAn6QcqFayMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzL2Y2MGM5ZjMyLWE4N2MtNDMzOS1hMmYzLTYyOTlhM2IwMmUyOS9iYzgz
MWY2Yi03MWE2LTQ2YmItOWY2NC0yZGE4MGNjYzI0NGMvMzI1OGQ0MTItYjNjNS0z
NWM5LThjYTctYjQ2YzNmYzA2OTMxLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy9mNjBjOWYzMi1h
ODdjLTQzMzktYTJmMy02Mjk5YTNiMDJlMjkvYmM4MzFmNmItNzFhNi00NmJiLTlm
NjQtMmRhODBjY2MyNDRjL2JjODMxZjZiLTcxYTYtNDZiYi05ZjY0LTJkYTgwY2Nj
MjQ0Yy5jcmwwHwYDVR0jBBgwFoAUqVBGpVp+uw/OBiK6pK8RWfI+zSQwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzL2Y2MGM5ZjMyLWE4N2MtNDMz
OS1hMmYzLTYyOTlhM2IwMmUyOS9iYzgzMWY2Yi03MWE2LTQ2YmItOWY2NC0yZGE4
MGNjYzI0NGMuY2VyMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQEF/kQAwQE
aI8gAwQEaPvgAwQErFFgMFQGA1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4Bggr
BgEFBQcCARYsaHR0cHM6Ly93d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3Bz
Lmh0bWwwDQYJKoZIhvcNAQELBQADggEBACL1ziwT8bWlYj+G2b9bJdbmFZVONN9U
7FTWcqzYTZXMS/x5ESvdkQki8zMCND+Np1R7QRzxPxLTfEk25zOgTN9H6UXFidag
qTl5BVAFNFV37Ri5vYmcQ6/obbV87yHDUO3LEXJw3dY723NMADxrUveLdsVjYUwp
A7vNYQTaJyNBZsq91umgri6gnN7p2lsksxlDxTPc6huDW35xmE6TrviqSssn4dti
b6v/KMJ6tA6vidUNLp4bSMEYplleIF0etOwJSyxPC3XVi6K7GOiS1eD/JfPovD7B
3/qP4+vYRetsy8I2pvxcnq9AOnABAnXx3BXSMQ5+ocdgF0oW8R5/5zg=
-----END CERTIFICATE-----