Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/19205e7c-a881-4873-9188-e521b6af529c/0/323430303a646330303a343130313a3a2f34382d3438203d3e20313331313131.roa
File:                     323430303a646330303a343130313a3a2f34382d3438203d3e20313331313131.roa (raw, json)
Hash identifier:          kUMLbi1tcSYy245B2khEbQUK0ItGw4xmQ5wEmpE/JcU=
Subject key identifier:   D4:AA:2B:A4:79:F9:9E:57:7C:B3:9A:89:6B:03:77:40:4D:BE:41:90
Certificate issuer:       /CN=C1AF8C999E9D06DADEBC387D78B305AB8716DC2F
Certificate serial:       4BC284A2020B7AE5C6D1F4E73D19D25170D48A03
Authority key identifier: C1:AF:8C:99:9E:9D:06:DA:DE:BC:38:7D:78:B3:05:AB:87:16:DC:2F
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/C1AF8C999E9D06DADEBC387D78B305AB8716DC2F.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/19205e7c-a881-4873-9188-e521b6af529c/0/323430303a646330303a343130313a3a2f34382d3438203d3e20313331313131.roa
Signing time:             Sat 25 Sep 2021 22:02:45 +0000
ROA not before:           Sat 25 Sep 2021 21:57:45 +0000
ROA not after:            Sun 25 Sep 2022 22:02:45 +0000
asID:                     131111
IP address blocks:        2400:dc00:4101::/48 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4b:c2:84:a2:02:0b:7a:e5:c6:d1:f4:e7:3d:19:d2:51:70:d4:8a:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=C1AF8C999E9D06DADEBC387D78B305AB8716DC2F
        Validity
            Not Before: Sep 25 21:57:45 2021 GMT
            Not After : Sep 25 22:02:45 2022 GMT
        Subject: CN=3082010A0282010100D7143A91B7087CCAB420D1C9112912F74E00555210C1FE8BAC485695E97EEC1C881D30AD250A440EE12D83E54177D89418E68F798348C210AF3912586FD0022548BB9DDE064BC22A3FEB4D3F84DEE7AE816FB367F57FF243FEE688AD56607AFB5AA685ED58560A1988F8F6C7BF8513B623343C9ABF13814C4E870661D95CD031F1987461455E2C503AF682B154AA8B91A48E1ADE04B565C56574B4B67E136A4CA5781443ED920EA6BCB9DF8B3BF5774FA166EF2CFC4B5F7C17461E2106642CE3BDF599AE8A9F09B75D8BEACAA25233701AA1F7A0F4DC57DCE6153B824658845D19D4065814B936B730B779017706773BBDEE83DC5E2B01DEECD38F34F5335B950203010001
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:14:3a:91:b7:08:7c:ca:b4:20:d1:c9:11:29:
                    12:f7:4e:00:55:52:10:c1:fe:8b:ac:48:56:95:e9:
                    7e:ec:1c:88:1d:30:ad:25:0a:44:0e:e1:2d:83:e5:
                    41:77:d8:94:18:e6:8f:79:83:48:c2:10:af:39:12:
                    58:6f:d0:02:25:48:bb:9d:de:06:4b:c2:2a:3f:eb:
                    4d:3f:84:de:e7:ae:81:6f:b3:67:f5:7f:f2:43:fe:
                    e6:88:ad:56:60:7a:fb:5a:a6:85:ed:58:56:0a:19:
                    88:f8:f6:c7:bf:85:13:b6:23:34:3c:9a:bf:13:81:
                    4c:4e:87:06:61:d9:5c:d0:31:f1:98:74:61:45:5e:
                    2c:50:3a:f6:82:b1:54:aa:8b:91:a4:8e:1a:de:04:
                    b5:65:c5:65:74:b4:b6:7e:13:6a:4c:a5:78:14:43:
                    ed:92:0e:a6:bc:b9:df:8b:3b:f5:77:4f:a1:66:ef:
                    2c:fc:4b:5f:7c:17:46:1e:21:06:64:2c:e3:bd:f5:
                    99:ae:8a:9f:09:b7:5d:8b:ea:ca:a2:52:33:70:1a:
                    a1:f7:a0:f4:dc:57:dc:e6:15:3b:82:46:58:84:5d:
                    19:d4:06:58:14:b9:36:b7:30:b7:79:01:77:06:77:
                    3b:bd:ee:83:dc:5e:2b:01:de:ec:d3:8f:34:f5:33:
                    5b:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:AA:2B:A4:79:F9:9E:57:7C:B3:9A:89:6B:03:77:40:4D:BE:41:90
            X509v3 Authority Key Identifier:
                keyid:C1:AF:8C:99:9E:9D:06:DA:DE:BC:38:7D:78:B3:05:AB:87:16:DC:2F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/19205e7c-a881-4873-9188-e521b6af529c/0/C1AF8C999E9D06DADEBC387D78B305AB8716DC2F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/C1AF8C999E9D06DADEBC387D78B305AB8716DC2F.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/19205e7c-a881-4873-9188-e521b6af529c/0/323430303a646330303a343130313a3a2f34382d3438203d3e20313331313131.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2400:dc00:4101::/48

    Signature Algorithm: sha256WithRSAEncryption
         96:60:c8:6e:db:91:5d:cc:0e:e7:42:f8:45:40:ad:16:88:23:
         cb:f9:5b:e6:87:c1:76:18:3c:eb:d2:4d:52:ae:82:0a:d6:f9:
         41:b8:f2:e1:4b:81:ba:2e:55:26:b8:4b:fb:98:89:fa:82:d3:
         d2:08:5a:73:20:a2:f6:c5:f9:12:48:71:78:41:8e:df:0c:94:
         68:98:b9:d4:fe:07:a1:be:a6:ae:07:02:50:f7:32:14:ed:bd:
         6d:55:98:e7:38:fe:e4:6a:2a:24:be:5f:dc:4a:d2:73:65:57:
         c9:40:10:c4:a3:26:e5:30:b8:07:be:62:a8:42:26:15:05:17:
         87:41:2b:e4:25:bf:7a:d6:fb:83:3f:79:7b:d3:dd:1d:bd:d0:
         a5:9f:42:fe:1f:fa:5f:68:19:c2:06:e5:ca:eb:42:4c:8b:52:
         15:dc:85:2a:d2:9d:43:50:3e:40:7d:84:4c:db:8b:78:ff:ea:
         0c:5e:29:a3:95:c7:7f:d3:3e:f3:65:fa:28:a9:bc:7e:56:07:
         77:b0:49:56:f8:cc:81:e7:40:c8:4e:04:17:87:2a:84:b3:2b:
         0a:fe:64:dc:b8:96:25:98:5e:9b:4c:07:e3:a3:cf:d9:ca:ce:
         34:44:85:41:c3:8e:7a:e3:53:64:23:2a:c3:2d:27:02:0a:68:
         61:4d:de:fa
-----BEGIN CERTIFICATE-----
MIIHMTCCBhmgAwIBAgIUS8KEogILeuXG0fTnPRnSUXDUigMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQzFBRjhDOTk5RTlEMDZEQURFQkMzODdENzhCMzA1QUI4
NzE2REMyRjAeFw0yMTA5MjUyMTU3NDVaFw0yMjA5MjUyMjAyNDVaMIICLTGCAikw
ggIlBgNVBAMTggIcMzA4MjAxMEEwMjgyMDEwMTAwRDcxNDNBOTFCNzA4N0NDQUI0
MjBEMUM5MTEyOTEyRjc0RTAwNTU1MjEwQzFGRThCQUM0ODU2OTVFOTdFRUMxQzg4
MUQzMEFEMjUwQTQ0MEVFMTJEODNFNTQxNzdEODk0MThFNjhGNzk4MzQ4QzIxMEFG
MzkxMjU4NkZEMDAyMjU0OEJCOURERTA2NEJDMjJBM0ZFQjREM0Y4NERFRTdBRTgx
NkZCMzY3RjU3RkYyNDNGRUU2ODhBRDU2NjA3QUZCNUFBNjg1RUQ1ODU2MEExOTg4
RjhGNkM3QkY4NTEzQjYyMzM0M0M5QUJGMTM4MTRDNEU4NzA2NjFEOTVDRDAzMUYx
OTg3NDYxNDU1RTJDNTAzQUY2ODJCMTU0QUE4QjkxQTQ4RTFBREUwNEI1NjVDNTY1
NzRCNEI2N0UxMzZBNENBNTc4MTQ0M0VEOTIwRUE2QkNCOURGOEIzQkY1Nzc0RkEx
NjZFRjJDRkM0QjVGN0MxNzQ2MUUyMTA2NjQyQ0UzQkRGNTk5QUU4QTlGMDlCNzVE
OEJFQUNBQTI1MjMzNzAxQUExRjdBMEY0REM1N0RDRTYxNTNCODI0NjU4ODQ1RDE5
RDQwNjU4MTRCOTM2QjczMEI3NzkwMTc3MDY3NzNCQkRFRTgzREM1RTJCMDFERUVD
RDM4RjM0RjUzMzVCOTUwMjAzMDEwMDAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEA1xQ6kbcIfMq0INHJESkS904AVVIQwf6LrEhWlel+7ByIHTCtJQpE
DuEtg+VBd9iUGOaPeYNIwhCvORJYb9ACJUi7nd4GS8IqP+tNP4Te566Bb7Nn9X/y
Q/7miK1WYHr7WqaF7VhWChmI+PbHv4UTtiM0PJq/E4FMTocGYdlc0DHxmHRhRV4s
UDr2grFUqouRpI4a3gS1ZcVldLS2fhNqTKV4FEPtkg6mvLnfizv1d0+hZu8s/Etf
fBdGHiEGZCzjvfWZroqfCbddi+rKolIzcBqh96D03Ffc5hU7gkZYhF0Z1AZYFLk2
tzC3eQF3Bnc7ve6D3F4rAd7s04809TNblQIDAQABo4ICPzCCAjswHQYDVR0OBBYE
FNSqK6R5+Z5XfLOaiWsDd0BNvkGQMB8GA1UdIwQYMBaAFMGvjJmenQba3rw4fXiz
BauHFtwvMA4GA1UdDwEB/wQEAwIHgDCBhQYDVR0fBH4wfDB6oHigdoZ0cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vMTkyMDVlN2MtYTg4MS00ODczLTkx
ODgtZTUyMWI2YWY1MjljLzAvQzFBRjhDOTk5RTlEMDZEQURFQkMzODdENzhCMzA1
QUI4NzE2REMyRi5jcmwwdAYIKwYBBQUHAQEEaDBmMGQGCCsGAQUFBzAChlhyc3lu
YzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby9JRE5JQy1JRC8yL0MxQUY4Qzk5
OUU5RDA2REFERUJDMzg3RDc4QjMwNUFCODcxNkRDMkYuY2VyMIGsBggrBgEFBQcB
CwSBnzCBnDCBmQYIKwYBBQUHMAuGgYxyc3luYzovL3JlcG8tcnBraS5pZG5pYy5u
ZXQvcmVwby8xOTIwNWU3Yy1hODgxLTQ4NzMtOTE4OC1lNTIxYjZhZjUyOWMvMC8z
MjM0MzAzMDNhNjQ2MzMwMzAzYTM0MzEzMDMxM2EzYTJmMzQzODJkMzQzODIwM2Qz
ZTIwMzEzMzMxMzEzMTMxLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIG
CCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAJADcAEEBMA0GCSqGSIb3DQEBCwUA
A4IBAQCWYMhu25FdzA7nQvhFQK0WiCPL+Vvmh8F2GDzr0k1SroIK1vlBuPLhS4G6
LlUmuEv7mIn6gtPSCFpzIKL2xfkSSHF4QY7fDJRomLnU/gehvqauBwJQ9zIU7b1t
VZjnOP7kaiokvl/cStJzZVfJQBDEoyblMLgHvmKoQiYVBReHQSvkJb961vuDP3l7
090dvdCln0L+H/pfaBnCBuXK60JMi1IV3IUq0p1DUD5AfYRM24t4/+oMXimjlcd/
0z7zZfooqbx+Vgd3sElW+MyB50DITgQXhyqEsysK/mTcuJYlmF6bTAfjo8/Zys40
RIVBw45641NkIyrDLScCCmhhTd76
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:13:59 2023 by rpki-client on console-ams.rpki-client.org