Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/19205e7c-a881-4873-9188-e521b6af529c/0/323430303a646330303a343030333a3a2f34382d3438203d3e20313331373032.roa
File:                     323430303a646330303a343030333a3a2f34382d3438203d3e20313331373032.roa (raw, json)
Hash identifier:          F/OX5oX0TL4mjfiIZqNbs3x00KalCUK7yGH+avraR+4=
Subject key identifier:   A8:37:76:12:07:48:F6:93:7E:50:5C:04:08:26:98:1C:92:E5:34:61
Certificate issuer:       /CN=C1AF8C999E9D06DADEBC387D78B305AB8716DC2F
Certificate serial:       32A685CED7FE7F44D7555B058D24FA0E6FC53F02
Authority key identifier: C1:AF:8C:99:9E:9D:06:DA:DE:BC:38:7D:78:B3:05:AB:87:16:DC:2F
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/C1AF8C999E9D06DADEBC387D78B305AB8716DC2F.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/19205e7c-a881-4873-9188-e521b6af529c/0/323430303a646330303a343030333a3a2f34382d3438203d3e20313331373032.roa
Signing time:             Wed 09 Feb 2022 11:02:36 +0000
ROA not before:           Wed 09 Feb 2022 10:57:36 +0000
ROA not after:            Thu 09 Feb 2023 11:02:36 +0000
asID:                     131702
IP address blocks:        2400:dc00:4003::/48 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:a6:85:ce:d7:fe:7f:44:d7:55:5b:05:8d:24:fa:0e:6f:c5:3f:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=C1AF8C999E9D06DADEBC387D78B305AB8716DC2F
        Validity
            Not Before: Feb  9 10:57:36 2022 GMT
            Not After : Feb  9 11:02:36 2023 GMT
        Subject: CN=3082010A0282010100C74B4296F396B3BC84C8A500C354D4ABA86F2DFC5B1D1FF2F1C7435A45AE7BE644FDC6F4E039F0EFD5E6B704B04B6B1604F5F3E9FDC0F516B1FF0CC03466AF8B8D700C54524821610CCCA351C3AE23986551E59D1417477B8567FC4A94F2BBEED7CEF30BEAEAB8A91DC8DF3D33D7721F90777E7AD741429D0903A6D6277C017E3E2FA5FC7BFCD48E463844AD565E856CBFBBC4891AF6A06FECED14521EAAE5F3ADFC0764C8D0EF235D68228D811DFB531E8AC4DC515D9506C5D00086BC08BE60D47D340B1A98E4A64F24DE67E60CBF7424429FFBC4C2166D02F15B1E0F2217F179E3F1618FFC5EE83CA304BEDF74D99B175F325B76DB6EEE1D85C579CE2697490203010001
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:4b:42:96:f3:96:b3:bc:84:c8:a5:00:c3:54:
                    d4:ab:a8:6f:2d:fc:5b:1d:1f:f2:f1:c7:43:5a:45:
                    ae:7b:e6:44:fd:c6:f4:e0:39:f0:ef:d5:e6:b7:04:
                    b0:4b:6b:16:04:f5:f3:e9:fd:c0:f5:16:b1:ff:0c:
                    c0:34:66:af:8b:8d:70:0c:54:52:48:21:61:0c:cc:
                    a3:51:c3:ae:23:98:65:51:e5:9d:14:17:47:7b:85:
                    67:fc:4a:94:f2:bb:ee:d7:ce:f3:0b:ea:ea:b8:a9:
                    1d:c8:df:3d:33:d7:72:1f:90:77:7e:7a:d7:41:42:
                    9d:09:03:a6:d6:27:7c:01:7e:3e:2f:a5:fc:7b:fc:
                    d4:8e:46:38:44:ad:56:5e:85:6c:bf:bb:c4:89:1a:
                    f6:a0:6f:ec:ed:14:52:1e:aa:e5:f3:ad:fc:07:64:
                    c8:d0:ef:23:5d:68:22:8d:81:1d:fb:53:1e:8a:c4:
                    dc:51:5d:95:06:c5:d0:00:86:bc:08:be:60:d4:7d:
                    34:0b:1a:98:e4:a6:4f:24:de:67:e6:0c:bf:74:24:
                    42:9f:fb:c4:c2:16:6d:02:f1:5b:1e:0f:22:17:f1:
                    79:e3:f1:61:8f:fc:5e:e8:3c:a3:04:be:df:74:d9:
                    9b:17:5f:32:5b:76:db:6e:ee:1d:85:c5:79:ce:26:
                    97:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:37:76:12:07:48:F6:93:7E:50:5C:04:08:26:98:1C:92:E5:34:61
            X509v3 Authority Key Identifier:
                keyid:C1:AF:8C:99:9E:9D:06:DA:DE:BC:38:7D:78:B3:05:AB:87:16:DC:2F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/19205e7c-a881-4873-9188-e521b6af529c/0/C1AF8C999E9D06DADEBC387D78B305AB8716DC2F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/C1AF8C999E9D06DADEBC387D78B305AB8716DC2F.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/19205e7c-a881-4873-9188-e521b6af529c/0/323430303a646330303a343030333a3a2f34382d3438203d3e20313331373032.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2400:dc00:4003::/48

    Signature Algorithm: sha256WithRSAEncryption
         0f:d2:d6:e1:ae:3b:82:48:1b:83:24:49:ad:b6:1b:f0:9b:42:
         4c:c3:6d:38:5d:eb:05:87:18:79:4b:da:e6:15:a2:95:69:02:
         a9:03:30:a0:d3:60:71:c2:83:e7:96:b6:02:fc:03:f9:0e:be:
         9e:0f:5e:5e:bf:32:46:22:b1:d3:7d:87:e9:a2:e6:55:46:69:
         26:22:8d:fb:50:5f:43:f8:02:56:a4:4a:72:43:05:39:61:f6:
         cd:a3:3f:14:29:e0:4d:f5:bf:c4:46:36:a2:7b:4a:1e:85:ae:
         a8:6c:7c:ec:65:02:56:61:b0:8b:5c:b9:2b:d8:aa:2f:a4:54:
         93:db:43:ef:cb:5f:34:23:13:96:02:4a:ac:d9:6c:50:2a:e0:
         90:8e:ec:a3:aa:ae:ce:a3:28:e7:a5:d9:a0:73:e4:6f:9f:21:
         d4:57:7c:d0:ee:8b:22:64:d1:08:75:da:07:ef:e6:62:de:17:
         86:49:fa:14:5f:6b:47:88:52:79:d4:5c:de:5e:6f:d8:e6:80:
         9f:98:9f:3b:5e:af:94:a1:9a:0e:9c:24:e9:93:38:b0:88:a8:
         d9:c8:a9:83:ca:60:e5:95:73:cd:58:2e:64:bc:e5:fd:8f:c4:
         70:5c:ec:1f:82:e3:35:32:27:63:c6:bb:e5:06:51:8b:f8:e0:
         33:8b:08:fb
-----BEGIN CERTIFICATE-----
MIIHMTCCBhmgAwIBAgIUMqaFztf+f0TXVVsFjST6Dm/FPwIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQzFBRjhDOTk5RTlEMDZEQURFQkMzODdENzhCMzA1QUI4
NzE2REMyRjAeFw0yMjAyMDkxMDU3MzZaFw0yMzAyMDkxMTAyMzZaMIICLTGCAikw
ggIlBgNVBAMTggIcMzA4MjAxMEEwMjgyMDEwMTAwQzc0QjQyOTZGMzk2QjNCQzg0
QzhBNTAwQzM1NEQ0QUJBODZGMkRGQzVCMUQxRkYyRjFDNzQzNUE0NUFFN0JFNjQ0
RkRDNkY0RTAzOUYwRUZENUU2QjcwNEIwNEI2QjE2MDRGNUYzRTlGREMwRjUxNkIx
RkYwQ0MwMzQ2NkFGOEI4RDcwMEM1NDUyNDgyMTYxMENDQ0EzNTFDM0FFMjM5ODY1
NTFFNTlEMTQxNzQ3N0I4NTY3RkM0QTk0RjJCQkVFRDdDRUYzMEJFQUVBQjhBOTFE
QzhERjNEMzNENzcyMUY5MDc3N0U3QUQ3NDE0MjlEMDkwM0E2RDYyNzdDMDE3RTNF
MkZBNUZDN0JGQ0Q0OEU0NjM4NDRBRDU2NUU4NTZDQkZCQkM0ODkxQUY2QTA2RkVD
RUQxNDUyMUVBQUU1RjNBREZDMDc2NEM4RDBFRjIzNUQ2ODIyOEQ4MTFERkI1MzFF
OEFDNERDNTE1RDk1MDZDNUQwMDA4NkJDMDhCRTYwRDQ3RDM0MEIxQTk4RTRBNjRG
MjRERTY3RTYwQ0JGNzQyNDQyOUZGQkM0QzIxNjZEMDJGMTVCMUUwRjIyMTdGMTc5
RTNGMTYxOEZGQzVFRTgzQ0EzMDRCRURGNzREOTlCMTc1RjMyNUI3NkRCNkVFRTFE
ODVDNTc5Q0UyNjk3NDkwMjAzMDEwMDAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAx0tClvOWs7yEyKUAw1TUq6hvLfxbHR/y8cdDWkWue+ZE/cb04Dnw
79XmtwSwS2sWBPXz6f3A9Rax/wzANGavi41wDFRSSCFhDMyjUcOuI5hlUeWdFBdH
e4Vn/EqU8rvu187zC+rquKkdyN89M9dyH5B3fnrXQUKdCQOm1id8AX4+L6X8e/zU
jkY4RK1WXoVsv7vEiRr2oG/s7RRSHqrl8638B2TI0O8jXWgijYEd+1MeisTcUV2V
BsXQAIa8CL5g1H00CxqY5KZPJN5n5gy/dCRCn/vEwhZtAvFbHg8iF/F54/Fhj/xe
6DyjBL7fdNmbF18yW3bbbu4dhcV5ziaXSQIDAQABo4ICPzCCAjswHQYDVR0OBBYE
FKg3dhIHSPaTflBcBAgmmByS5TRhMB8GA1UdIwQYMBaAFMGvjJmenQba3rw4fXiz
BauHFtwvMA4GA1UdDwEB/wQEAwIHgDCBhQYDVR0fBH4wfDB6oHigdoZ0cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vMTkyMDVlN2MtYTg4MS00ODczLTkx
ODgtZTUyMWI2YWY1MjljLzAvQzFBRjhDOTk5RTlEMDZEQURFQkMzODdENzhCMzA1
QUI4NzE2REMyRi5jcmwwdAYIKwYBBQUHAQEEaDBmMGQGCCsGAQUFBzAChlhyc3lu
YzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby9JRE5JQy1JRC8yL0MxQUY4Qzk5
OUU5RDA2REFERUJDMzg3RDc4QjMwNUFCODcxNkRDMkYuY2VyMIGsBggrBgEFBQcB
CwSBnzCBnDCBmQYIKwYBBQUHMAuGgYxyc3luYzovL3JlcG8tcnBraS5pZG5pYy5u
ZXQvcmVwby8xOTIwNWU3Yy1hODgxLTQ4NzMtOTE4OC1lNTIxYjZhZjUyOWMvMC8z
MjM0MzAzMDNhNjQ2MzMwMzAzYTM0MzAzMDMzM2EzYTJmMzQzODJkMzQzODIwM2Qz
ZTIwMzEzMzMxMzczMDMyLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIG
CCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAJADcAEADMA0GCSqGSIb3DQEBCwUA
A4IBAQAP0tbhrjuCSBuDJEmtthvwm0JMw204XesFhxh5S9rmFaKVaQKpAzCg02Bx
woPnlrYC/AP5Dr6eD15evzJGIrHTfYfpouZVRmkmIo37UF9D+AJWpEpyQwU5YfbN
oz8UKeBN9b/ERjaie0oeha6obHzsZQJWYbCLXLkr2KovpFST20Pvy180IxOWAkqs
2WxQKuCQjuyjqq7Ooyjnpdmgc+RvnyHUV3zQ7osiZNEIddoH7+Zi3heGSfoUX2tH
iFJ51FzeXm/Y5oCfmJ87Xq+UoZoOnCTpkziwiKjZyKmDymDllXPNWC5kvOX9j8Rw
XOwfguM1MidjxrvlBlGL+OAziwj7
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:13:59 2023 by rpki-client on console-ams.rpki-client.org