Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/19205e7c-a881-4873-9188-e521b6af529c/0/323430303a646330303a343030333a3a2f34382d3438203d3e20313331313131.roa
File:                     323430303a646330303a343030333a3a2f34382d3438203d3e20313331313131.roa (raw, json)
Hash identifier:          nvWVbbYjGHHNUAB1zZql9mebB75SElsG+5DYxO4r+LM=
Subject key identifier:   5A:AE:AC:EA:48:FA:7F:6C:F3:5C:A0:8C:88:72:CB:CD:A2:06:A6:5D
Certificate issuer:       /CN=C1AF8C999E9D06DADEBC387D78B305AB8716DC2F
Certificate serial:       30199003096A940E783BE63944A1DA1994077150
Authority key identifier: C1:AF:8C:99:9E:9D:06:DA:DE:BC:38:7D:78:B3:05:AB:87:16:DC:2F
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/C1AF8C999E9D06DADEBC387D78B305AB8716DC2F.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/19205e7c-a881-4873-9188-e521b6af529c/0/323430303a646330303a343030333a3a2f34382d3438203d3e20313331313131.roa
Signing time:             Wed 09 Feb 2022 07:46:01 +0000
ROA not before:           Wed 09 Feb 2022 07:41:01 +0000
ROA not after:            Thu 09 Feb 2023 07:46:01 +0000
asID:                     131111
IP address blocks:        2400:dc00:4003::/48 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            30:19:90:03:09:6a:94:0e:78:3b:e6:39:44:a1:da:19:94:07:71:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=C1AF8C999E9D06DADEBC387D78B305AB8716DC2F
        Validity
            Not Before: Feb  9 07:41:01 2022 GMT
            Not After : Feb  9 07:46:01 2023 GMT
        Subject: CN=3082010A0282010100F9107D232F7C97BA0AF2FABAA7199F322586923D4AC4F93525DBE835C21AB78275907D2DBBA92B9713DDBA76F8ADC0114701F96E4A6F65A305F2766FBC41E8C2B92844E6E716853CA34FA5DF9E27FD733769861EB5193C06856CC69AEA4638E478449A3DE53BA774BF1C18E01ACF15D54580FF05EA257B7E371FD42392CB24648EE41AA542B31A93EA16B8339EEB4BEC3F9FD545B720A088E34CFCB98E2E5A6B6A9F85D44915D937789AEB22C3D5718670412A7AC663E2859D734730E4CD4320D825FA84CFA66E62F11ED72D7722531E38B8543F2350ED0777864EA3395EC80A2ACD844DE1DCA331FCCEDD667BECD8CB7E31D35B8ACE19AA69533190B8E3E4E50203010001
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f9:10:7d:23:2f:7c:97:ba:0a:f2:fa:ba:a7:19:
                    9f:32:25:86:92:3d:4a:c4:f9:35:25:db:e8:35:c2:
                    1a:b7:82:75:90:7d:2d:bb:a9:2b:97:13:dd:ba:76:
                    f8:ad:c0:11:47:01:f9:6e:4a:6f:65:a3:05:f2:76:
                    6f:bc:41:e8:c2:b9:28:44:e6:e7:16:85:3c:a3:4f:
                    a5:df:9e:27:fd:73:37:69:86:1e:b5:19:3c:06:85:
                    6c:c6:9a:ea:46:38:e4:78:44:9a:3d:e5:3b:a7:74:
                    bf:1c:18:e0:1a:cf:15:d5:45:80:ff:05:ea:25:7b:
                    7e:37:1f:d4:23:92:cb:24:64:8e:e4:1a:a5:42:b3:
                    1a:93:ea:16:b8:33:9e:eb:4b:ec:3f:9f:d5:45:b7:
                    20:a0:88:e3:4c:fc:b9:8e:2e:5a:6b:6a:9f:85:d4:
                    49:15:d9:37:78:9a:eb:22:c3:d5:71:86:70:41:2a:
                    7a:c6:63:e2:85:9d:73:47:30:e4:cd:43:20:d8:25:
                    fa:84:cf:a6:6e:62:f1:1e:d7:2d:77:22:53:1e:38:
                    b8:54:3f:23:50:ed:07:77:86:4e:a3:39:5e:c8:0a:
                    2a:cd:84:4d:e1:dc:a3:31:fc:ce:dd:66:7b:ec:d8:
                    cb:7e:31:d3:5b:8a:ce:19:aa:69:53:31:90:b8:e3:
                    e4:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:AE:AC:EA:48:FA:7F:6C:F3:5C:A0:8C:88:72:CB:CD:A2:06:A6:5D
            X509v3 Authority Key Identifier:
                keyid:C1:AF:8C:99:9E:9D:06:DA:DE:BC:38:7D:78:B3:05:AB:87:16:DC:2F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/19205e7c-a881-4873-9188-e521b6af529c/0/C1AF8C999E9D06DADEBC387D78B305AB8716DC2F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/C1AF8C999E9D06DADEBC387D78B305AB8716DC2F.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/19205e7c-a881-4873-9188-e521b6af529c/0/323430303a646330303a343030333a3a2f34382d3438203d3e20313331313131.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2400:dc00:4003::/48

    Signature Algorithm: sha256WithRSAEncryption
         28:91:3a:02:a7:39:db:41:83:2e:7a:3b:fe:19:1d:cc:71:3b:
         d0:7e:16:f2:35:f2:36:1d:f2:5e:e0:5e:31:3d:fa:73:da:89:
         67:3c:c1:60:e9:a5:8b:ed:68:4e:d8:3e:16:3d:a4:70:25:c5:
         ca:5e:57:fa:bd:43:39:7c:91:d3:22:c2:7d:fd:a5:07:87:9f:
         47:fd:13:15:95:e8:4f:3e:4c:55:2b:ca:ae:d8:56:30:ae:04:
         fc:8d:c8:25:50:67:8e:77:17:72:1c:b9:bb:bc:09:a0:9d:2e:
         73:40:ed:9b:9b:81:1f:f1:88:eb:3d:c0:24:f0:14:27:5f:cc:
         52:4a:f6:89:d4:7f:f8:d1:82:47:83:f7:a8:45:ef:45:09:c0:
         45:c0:81:58:dd:56:d5:5e:ad:05:ec:5f:b3:61:44:e5:89:8e:
         3b:98:ea:26:34:61:e8:70:b5:52:89:80:a2:42:6c:83:a4:33:
         c7:86:62:a5:b0:12:df:15:b8:f5:66:c8:b2:34:a9:6b:f5:28:
         7f:06:1f:44:ab:60:d2:5c:64:44:18:00:fe:66:32:90:db:31:
         27:f2:3b:b6:0c:e2:96:c2:7c:35:85:2e:14:3b:fe:b3:68:d5:
         2f:36:3b:d2:d2:2c:bd:f3:17:22:fa:85:b5:d5:78:b5:b3:02:
         f3:75:ea:8e
-----BEGIN CERTIFICATE-----
MIIHMTCCBhmgAwIBAgIUMBmQAwlqlA54O+Y5RKHaGZQHcVAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQzFBRjhDOTk5RTlEMDZEQURFQkMzODdENzhCMzA1QUI4
NzE2REMyRjAeFw0yMjAyMDkwNzQxMDFaFw0yMzAyMDkwNzQ2MDFaMIICLTGCAikw
ggIlBgNVBAMTggIcMzA4MjAxMEEwMjgyMDEwMTAwRjkxMDdEMjMyRjdDOTdCQTBB
RjJGQUJBQTcxOTlGMzIyNTg2OTIzRDRBQzRGOTM1MjVEQkU4MzVDMjFBQjc4Mjc1
OTA3RDJEQkJBOTJCOTcxM0REQkE3NkY4QURDMDExNDcwMUY5NkU0QTZGNjVBMzA1
RjI3NjZGQkM0MUU4QzJCOTI4NDRFNkU3MTY4NTNDQTM0RkE1REY5RTI3RkQ3MzM3
Njk4NjFFQjUxOTNDMDY4NTZDQzY5QUVBNDYzOEU0Nzg0NDlBM0RFNTNCQTc3NEJG
MUMxOEUwMUFDRjE1RDU0NTgwRkYwNUVBMjU3QjdFMzcxRkQ0MjM5MkNCMjQ2NDhF
RTQxQUE1NDJCMzFBOTNFQTE2QjgzMzlFRUI0QkVDM0Y5RkQ1NDVCNzIwQTA4OEUz
NENGQ0I5OEUyRTVBNkI2QTlGODVENDQ5MTVEOTM3Nzg5QUVCMjJDM0Q1NzE4Njcw
NDEyQTdBQzY2M0UyODU5RDczNDczMEU0Q0Q0MzIwRDgyNUZBODRDRkE2NkU2MkYx
MUVENzJENzcyMjUzMUUzOEI4NTQzRjIzNTBFRDA3Nzc4NjRFQTMzOTVFQzgwQTJB
Q0Q4NDRERTFEQ0EzMzFGQ0NFREQ2NjdCRUNEOENCN0UzMUQzNUI4QUNFMTlBQTY5
NTMzMTkwQjhFM0U0RTUwMjAzMDEwMDAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEA+RB9Iy98l7oK8vq6pxmfMiWGkj1KxPk1JdvoNcIat4J1kH0tu6kr
lxPdunb4rcARRwH5bkpvZaMF8nZvvEHowrkoRObnFoU8o0+l354n/XM3aYYetRk8
BoVsxprqRjjkeESaPeU7p3S/HBjgGs8V1UWA/wXqJXt+Nx/UI5LLJGSO5BqlQrMa
k+oWuDOe60vsP5/VRbcgoIjjTPy5ji5aa2qfhdRJFdk3eJrrIsPVcYZwQSp6xmPi
hZ1zRzDkzUMg2CX6hM+mbmLxHtctdyJTHji4VD8jUO0Hd4ZOozleyAoqzYRN4dyj
MfzO3WZ77NjLfjHTW4rOGappUzGQuOPk5QIDAQABo4ICPzCCAjswHQYDVR0OBBYE
FFqurOpI+n9s81ygjIhyy82iBqZdMB8GA1UdIwQYMBaAFMGvjJmenQba3rw4fXiz
BauHFtwvMA4GA1UdDwEB/wQEAwIHgDCBhQYDVR0fBH4wfDB6oHigdoZ0cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vMTkyMDVlN2MtYTg4MS00ODczLTkx
ODgtZTUyMWI2YWY1MjljLzAvQzFBRjhDOTk5RTlEMDZEQURFQkMzODdENzhCMzA1
QUI4NzE2REMyRi5jcmwwdAYIKwYBBQUHAQEEaDBmMGQGCCsGAQUFBzAChlhyc3lu
YzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby9JRE5JQy1JRC8yL0MxQUY4Qzk5
OUU5RDA2REFERUJDMzg3RDc4QjMwNUFCODcxNkRDMkYuY2VyMIGsBggrBgEFBQcB
CwSBnzCBnDCBmQYIKwYBBQUHMAuGgYxyc3luYzovL3JlcG8tcnBraS5pZG5pYy5u
ZXQvcmVwby8xOTIwNWU3Yy1hODgxLTQ4NzMtOTE4OC1lNTIxYjZhZjUyOWMvMC8z
MjM0MzAzMDNhNjQ2MzMwMzAzYTM0MzAzMDMzM2EzYTJmMzQzODJkMzQzODIwM2Qz
ZTIwMzEzMzMxMzEzMTMxLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIG
CCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAJADcAEADMA0GCSqGSIb3DQEBCwUA
A4IBAQAokToCpznbQYMuejv+GR3McTvQfhbyNfI2HfJe4F4xPfpz2olnPMFg6aWL
7WhO2D4WPaRwJcXKXlf6vUM5fJHTIsJ9/aUHh59H/RMVlehPPkxVK8qu2FYwrgT8
jcglUGeOdxdyHLm7vAmgnS5zQO2bm4Ef8YjrPcAk8BQnX8xSSvaJ1H/40YJHg/eo
Re9FCcBFwIFY3VbVXq0F7F+zYUTliY47mOomNGHocLVSiYCiQmyDpDPHhmKlsBLf
Fbj1ZsiyNKlr9Sh/Bh9Eq2DSXGREGAD+ZjKQ2zEn8ju2DOKWwnw1hS4UO/6zaNUv
NjvS0iy98xci+oW11Xi1swLzdeqO
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:37:01 2024 by rpki-client on console-fra.rpki-client.org