Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/23ddb57b-8888-40f4-bf17-518b6a50512d/f494e26f-f852-3b1c-b6f9-ed29a8e97c82.roa
File:                     f494e26f-f852-3b1c-b6f9-ed29a8e97c82.roa (raw, json)
Hash identifier:          1eYwRD6aHAM9r8DkYNhHl7obzEtaYEFwKxaFttXY/lc=
Subject key identifier:   3D:4C:DC:34:98:1D:CD:B3:A4:4D:40:A0:B0:89:A8:AB:45:A5:0D:02
Certificate issuer:       /CN=23ddb57b-8888-40f4-bf17-518b6a50512d
Certificate serial:       010D0C9F43285843A88ECD2F0A031C5EFAF24180
Authority key identifier: 17:88:7D:65:E8:CC:18:17:F2:EC:48:B8:91:53:8B:39:B3:F2:2D:74
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/23ddb57b-8888-40f4-bf17-518b6a50512d.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/23ddb57b-8888-40f4-bf17-518b6a50512d/f494e26f-f852-3b1c-b6f9-ed29a8e97c82.roa
Signing time:             Tue 24 Oct 2023 17:15:44 +0000
ROA not before:           Tue 24 Oct 2023 17:15:44 +0000
ROA not after:            Mon 22 Jan 2024 18:15:44 +0000
asID:                     3356
IP address blocks:        209.100.0.0/16 maxlen: 16

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:43:a8:8e:cd:2f:0a:03:1c:5e:fa:f2:41:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=23ddb57b-8888-40f4-bf17-518b6a50512d
        Validity
            Not Before: Oct 24 17:15:44 2023 GMT
            Not After : Jan 22 18:15:44 2024 GMT
        Subject: CN=eff822ef-4723-40db-9dca-e26f90324752
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:2c:1a:01:4e:97:62:49:92:bf:65:07:2b:68:
                    9c:eb:62:57:39:be:76:8b:41:59:b7:74:e2:b8:00:
                    cd:d1:de:46:f3:f8:40:b5:2b:82:73:9b:1b:5e:20:
                    ee:d8:72:62:c5:42:13:c7:a1:7e:1d:e3:c4:b7:86:
                    7b:45:d8:f0:7a:e4:5f:07:93:11:8e:c8:8a:4b:bc:
                    f3:b1:f1:27:4a:ae:d9:54:dc:8c:52:e7:a2:96:0d:
                    33:dd:2a:37:7a:07:27:e2:27:b1:6e:08:d4:78:11:
                    67:38:1a:4a:dd:6a:98:43:7c:4c:a7:3f:6f:a9:e0:
                    89:b2:a3:62:0a:3c:f7:f3:4c:2b:7b:50:38:a4:7f:
                    cc:87:5c:11:de:9e:55:d8:cd:ee:69:d9:de:df:8c:
                    9c:d1:6f:7e:78:d0:39:05:07:9d:b3:b9:ab:ff:52:
                    fc:82:7c:95:ee:a5:4e:98:5c:55:d6:61:4b:12:ce:
                    81:15:4e:94:bc:40:77:20:79:6f:71:f3:25:8b:4b:
                    79:19:5d:7a:95:77:2b:68:98:96:55:e7:5c:34:7f:
                    0c:26:97:d3:e1:0a:b1:32:65:7c:d3:ad:d7:ef:fa:
                    25:2e:19:81:49:c7:92:46:1d:10:e3:33:e8:ed:54:
                    58:6f:a2:b9:54:e4:f8:ff:2f:f3:f9:d5:af:8c:bd:
                    01:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:4C:DC:34:98:1D:CD:B3:A4:4D:40:A0:B0:89:A8:AB:45:A5:0D:02
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/23ddb57b-8888-40f4-bf17-518b6a50512d/f494e26f-f852-3b1c-b6f9-ed29a8e97c82.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/23ddb57b-8888-40f4-bf17-518b6a50512d/23ddb57b-8888-40f4-bf17-518b6a50512d.crl

            X509v3 Authority Key Identifier:
                keyid:17:88:7D:65:E8:CC:18:17:F2:EC:48:B8:91:53:8B:39:B3:F2:2D:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/23ddb57b-8888-40f4-bf17-518b6a50512d.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  209.100.0.0/16

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         35:03:9d:fa:e0:dc:b2:c6:77:1a:f0:ea:0a:a7:87:e6:36:b9:
         51:79:22:eb:c6:a6:a2:60:60:ea:74:ab:ab:d9:53:3f:5d:13:
         5a:f7:c7:05:25:20:99:9b:5b:2d:a3:4a:fd:f0:01:1e:43:dd:
         d7:90:a6:3a:f7:fa:c4:61:a9:58:fd:93:1f:16:9a:1f:02:2e:
         75:bb:9b:8d:ce:1b:b4:4b:39:e2:75:39:f4:53:ab:16:95:d4:
         3d:05:a8:4c:dd:8e:38:74:de:5b:04:82:91:2c:ec:93:78:eb:
         49:dd:55:4d:b8:ab:24:f5:3a:af:19:6d:5d:51:4b:38:55:6b:
         33:9c:69:84:8a:c7:6b:a8:2c:9c:9a:53:b5:f5:6b:2c:9d:f9:
         2d:a0:7d:8e:f3:05:fa:cf:83:72:4a:5d:de:ac:3c:d1:4f:cf:
         cc:21:ac:12:14:04:73:bd:04:ee:ca:cb:be:67:59:c8:d4:be:
         1c:cf:3d:00:30:89:5a:91:39:a9:ab:fc:2a:02:1a:d5:34:35:
         7d:9f:fe:63:24:75:c2:5e:40:f9:2b:a9:d7:25:d1:f7:d1:6d:
         d5:93:5f:4a:7a:cb:32:35:b6:2c:9c:62:5f:4a:54:1d:95:41:
         be:57:95:36:02:0e:6e:3a:3c:75:5a:21:d1:ac:85:51:a5:45:
         77:85:a8:a2
-----BEGIN CERTIFICATE-----
MIIGQjCCBSqgAwIBAgIUAQ0Mn0MoWEOojs0vCgMcXvryQYAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkMjNkZGI1N2ItODg4OC00MGY0LWJmMTctNTE4YjZhNTA1
MTJkMB4XDTIzMTAyNDE3MTU0NFoXDTI0MDEyMjE4MTU0NFowLzEtMCsGA1UEAxMk
ZWZmODIyZWYtNDcyMy00MGRiLTlkY2EtZTI2ZjkwMzI0NzUyMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxywaAU6XYkmSv2UHK2ic62JXOb52i0FZt3Ti
uADN0d5G8/hAtSuCc5sbXiDu2HJixUITx6F+HePEt4Z7RdjweuRfB5MRjsiKS7zz
sfEnSq7ZVNyMUueilg0z3So3egcn4iexbgjUeBFnOBpK3WqYQ3xMpz9vqeCJsqNi
Cjz380wre1A4pH/Mh1wR3p5V2M3uadne34yc0W9+eNA5BQeds7mr/1L8gnyV7qVO
mFxV1mFLEs6BFU6UvEB3IHlvcfMli0t5GV16lXcraJiWVedcNH8MJpfT4QqxMmV8
063X7/olLhmBSceSRh0Q4zPo7VRYb6K5VOT4/y/z+dWvjL0B9wIDAQABo4IDVDCC
A1AwHQYDVR0OBBYEFD1M3DSYHc2zpE1AoLCJqKtFpQ0CMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8yM2Rk
YjU3Yi04ODg4LTQwZjQtYmYxNy01MThiNmE1MDUxMmQvZjQ5NGUyNmYtZjg1Mi0z
YjFjLWI2ZjktZWQyOWE4ZTk3YzgyLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy8yYTI0Njk0Ny0y
ZDYyLTRhNmMtYmEwNS04NzE4N2YwMDk5YjIvMjNkZGI1N2ItODg4OC00MGY0LWJm
MTctNTE4YjZhNTA1MTJkLzIzZGRiNTdiLTg4ODgtNDBmNC1iZjE3LTUxOGI2YTUw
NTEyZC5jcmwwHwYDVR0jBBgwFoAUF4h9ZejMGBfy7Ei4kVOLObPyLXQwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzJhMjQ2OTQ3LTJkNjItNGE2
Yy1iYTA1LTg3MTg3ZjAwOTliMi8yM2RkYjU3Yi04ODg4LTQwZjQtYmYxNy01MThi
NmE1MDUxMmQuY2VyMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA0WQwVAYD
VR0gAQH/BEowSDBGBggrBgEFBQcOAjA6MDgGCCsGAQUFBwIBFixodHRwczovL3d3
dy5hcmluLm5ldC9yZXNvdXJjZXMvcnBraS9jcHMuaHRtbDANBgkqhkiG9w0BAQsF
AAOCAQEANQOd+uDcssZ3GvDqCqeH5ja5UXki68amomBg6nSrq9lTP10TWvfHBSUg
mZtbLaNK/fABHkPd15CmOvf6xGGpWP2THxaaHwIudbubjc4btEs54nU59FOrFpXU
PQWoTN2OOHTeWwSCkSzsk3jrSd1VTbirJPU6rxltXVFLOFVrM5xphIrHa6gsnJpT
tfVrLJ35LaB9jvMF+s+Dckpd3qw80U/PzCGsEhQEc70E7srLvmdZyNS+HM89ADCJ
WpE5qav8KgIa1TQ1fZ/+YyR1wl5A+Sup1yXR99Ft1ZNfSnrLMjW2LJxiX0pUHZVB
vleVNgIObjo8dVoh0ayFUaVFd4Woog==
-----END CERTIFICATE-----