Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/19205e7c-a881-4873-9188-e521b6af529c/0/323430303a646330303a343030363a3a2f34382d3438203d3e20313331313131.roa
File:                     323430303a646330303a343030363a3a2f34382d3438203d3e20313331313131.roa (raw, json)
Hash identifier:          l3S0wwRZwDmRTNPAtngfM6UZ31574nhapI9zk+dFHno=
Subject key identifier:   FB:6A:B0:B2:93:AA:86:2B:82:E4:0B:60:3A:AE:A2:DB:F4:47:96:A9
Certificate issuer:       /CN=C1AF8C999E9D06DADEBC387D78B305AB8716DC2F
Certificate serial:       1F537DC0EC9AB69236AA3D4307B83028EE91C286
Authority key identifier: C1:AF:8C:99:9E:9D:06:DA:DE:BC:38:7D:78:B3:05:AB:87:16:DC:2F
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/C1AF8C999E9D06DADEBC387D78B305AB8716DC2F.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/19205e7c-a881-4873-9188-e521b6af529c/0/323430303a646330303a343030363a3a2f34382d3438203d3e20313331313131.roa
Signing time:             Wed 09 Feb 2022 07:45:22 +0000
ROA not before:           Wed 09 Feb 2022 07:40:22 +0000
ROA not after:            Thu 09 Feb 2023 07:45:22 +0000
asID:                     131111
IP address blocks:        2400:dc00:4006::/48 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1f:53:7d:c0:ec:9a:b6:92:36:aa:3d:43:07:b8:30:28:ee:91:c2:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=C1AF8C999E9D06DADEBC387D78B305AB8716DC2F
        Validity
            Not Before: Feb  9 07:40:22 2022 GMT
            Not After : Feb  9 07:45:22 2023 GMT
        Subject: CN=3082010A0282010100DAD70ECE29FC719F953056BDD8DDEF1138A4E3A38741D77E88AB6651E807739DED9E4FEC492FA9995EC90C68D9AF5C1E096744C3CA89659E77EE661981C4EC773867604239D3316EA238CFDB8708875CCB41F23CD65F5CB79BDEC6B97E0A19642F3E06ADFCAF44594E158355C975F7DE1AC6222A32F335196BF567D925BED481C8B012E7DE11DBC7617EFADF86CF7D6603F7583F84826C86A9B9C147EC3076DD0AFB2C4A7F4BC369FACD3508C6C4F010D20EFA0F753D2CD5F484A4BCE439A8713081AA375FF28B0BE1E23E2C540368F91780FD302C0AAB7B3AFB1CD0DD6CC8290B0882B56637FDE094A8A7DDA38DD068F826B945D9BA095D873FA8423B393F9B0203010001
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:d7:0e:ce:29:fc:71:9f:95:30:56:bd:d8:dd:
                    ef:11:38:a4:e3:a3:87:41:d7:7e:88:ab:66:51:e8:
                    07:73:9d:ed:9e:4f:ec:49:2f:a9:99:5e:c9:0c:68:
                    d9:af:5c:1e:09:67:44:c3:ca:89:65:9e:77:ee:66:
                    19:81:c4:ec:77:38:67:60:42:39:d3:31:6e:a2:38:
                    cf:db:87:08:87:5c:cb:41:f2:3c:d6:5f:5c:b7:9b:
                    de:c6:b9:7e:0a:19:64:2f:3e:06:ad:fc:af:44:59:
                    4e:15:83:55:c9:75:f7:de:1a:c6:22:2a:32:f3:35:
                    19:6b:f5:67:d9:25:be:d4:81:c8:b0:12:e7:de:11:
                    db:c7:61:7e:fa:df:86:cf:7d:66:03:f7:58:3f:84:
                    82:6c:86:a9:b9:c1:47:ec:30:76:dd:0a:fb:2c:4a:
                    7f:4b:c3:69:fa:cd:35:08:c6:c4:f0:10:d2:0e:fa:
                    0f:75:3d:2c:d5:f4:84:a4:bc:e4:39:a8:71:30:81:
                    aa:37:5f:f2:8b:0b:e1:e2:3e:2c:54:03:68:f9:17:
                    80:fd:30:2c:0a:ab:7b:3a:fb:1c:d0:dd:6c:c8:29:
                    0b:08:82:b5:66:37:fd:e0:94:a8:a7:dd:a3:8d:d0:
                    68:f8:26:b9:45:d9:ba:09:5d:87:3f:a8:42:3b:39:
                    3f:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:6A:B0:B2:93:AA:86:2B:82:E4:0B:60:3A:AE:A2:DB:F4:47:96:A9
            X509v3 Authority Key Identifier:
                keyid:C1:AF:8C:99:9E:9D:06:DA:DE:BC:38:7D:78:B3:05:AB:87:16:DC:2F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/19205e7c-a881-4873-9188-e521b6af529c/0/C1AF8C999E9D06DADEBC387D78B305AB8716DC2F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/C1AF8C999E9D06DADEBC387D78B305AB8716DC2F.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/19205e7c-a881-4873-9188-e521b6af529c/0/323430303a646330303a343030363a3a2f34382d3438203d3e20313331313131.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2400:dc00:4006::/48

    Signature Algorithm: sha256WithRSAEncryption
         26:e0:0c:59:06:5e:9f:d2:14:58:ab:a8:96:08:2c:7f:f8:ff:
         41:15:5e:9c:47:a7:fe:cb:8e:8e:ce:9c:b3:62:eb:45:d5:35:
         4f:5f:a1:f3:da:f1:bc:f2:74:0d:b2:a7:b5:da:cb:b2:a3:3f:
         9b:ec:2b:75:17:a9:66:f0:70:e5:97:60:15:46:b7:30:08:d2:
         8e:e3:b4:36:65:12:d8:c8:e4:1e:29:5f:3c:f6:2d:76:2e:ff:
         0f:f7:95:c8:e7:2f:d4:7d:64:62:25:41:2a:d7:83:86:d4:f0:
         d7:b1:65:6f:6f:3b:a4:80:7f:ab:8f:d0:d9:0e:eb:fa:90:cd:
         d6:2d:7d:a7:45:8f:c0:be:6b:cc:e0:79:ac:12:a7:5d:94:cf:
         04:41:ce:09:46:fd:87:3a:69:11:3f:5c:85:b8:76:d5:1b:83:
         c7:45:bd:83:74:55:8d:11:66:d6:69:a6:c8:c8:88:9a:c3:c3:
         6b:e0:2f:bb:2d:3f:d6:ce:b5:53:cd:ee:77:17:6f:fc:27:b0:
         6b:2b:54:28:cb:d8:02:24:28:40:20:5a:5b:55:dc:1d:34:94:
         4a:45:e0:1f:4e:58:7a:43:56:16:0f:da:ef:b4:db:2a:29:60:
         46:34:d9:3d:10:1e:c0:7f:91:6c:80:8e:4d:31:7e:55:b3:a3:
         ef:ad:da:1d
-----BEGIN CERTIFICATE-----
MIIHMTCCBhmgAwIBAgIUH1N9wOyatpI2qj1DB7gwKO6RwoYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQzFBRjhDOTk5RTlEMDZEQURFQkMzODdENzhCMzA1QUI4
NzE2REMyRjAeFw0yMjAyMDkwNzQwMjJaFw0yMzAyMDkwNzQ1MjJaMIICLTGCAikw
ggIlBgNVBAMTggIcMzA4MjAxMEEwMjgyMDEwMTAwREFENzBFQ0UyOUZDNzE5Rjk1
MzA1NkJERDhEREVGMTEzOEE0RTNBMzg3NDFENzdFODhBQjY2NTFFODA3NzM5REVE
OUU0RkVDNDkyRkE5OTk1RUM5MEM2OEQ5QUY1QzFFMDk2NzQ0QzNDQTg5NjU5RTc3
RUU2NjE5ODFDNEVDNzczODY3NjA0MjM5RDMzMTZFQTIzOENGREI4NzA4ODc1Q0NC
NDFGMjNDRDY1RjVDQjc5QkRFQzZCOTdFMEExOTY0MkYzRTA2QURGQ0FGNDQ1OTRF
MTU4MzU1Qzk3NUY3REUxQUM2MjIyQTMyRjMzNTE5NkJGNTY3RDkyNUJFRDQ4MUM4
QjAxMkU3REUxMURCQzc2MTdFRkFERjg2Q0Y3RDY2MDNGNzU4M0Y4NDgyNkM4NkE5
QjlDMTQ3RUMzMDc2REQwQUZCMkM0QTdGNEJDMzY5RkFDRDM1MDhDNkM0RjAxMEQy
MEVGQTBGNzUzRDJDRDVGNDg0QTRCQ0U0MzlBODcxMzA4MUFBMzc1RkYyOEIwQkUx
RTIzRTJDNTQwMzY4RjkxNzgwRkQzMDJDMEFBQjdCM0FGQjFDRDBERDZDQzgyOTBC
MDg4MkI1NjYzN0ZERTA5NEE4QTdEREEzOEREMDY4RjgyNkI5NDVEOUJBMDk1RDg3
M0ZBODQyM0IzOTNGOUIwMjAzMDEwMDAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEA2tcOzin8cZ+VMFa92N3vETik46OHQdd+iKtmUegHc53tnk/sSS+p
mV7JDGjZr1weCWdEw8qJZZ537mYZgcTsdzhnYEI50zFuojjP24cIh1zLQfI81l9c
t5vexrl+ChlkLz4GrfyvRFlOFYNVyXX33hrGIioy8zUZa/Vn2SW+1IHIsBLn3hHb
x2F++t+Gz31mA/dYP4SCbIapucFH7DB23Qr7LEp/S8Np+s01CMbE8BDSDvoPdT0s
1fSEpLzkOahxMIGqN1/yiwvh4j4sVANo+ReA/TAsCqt7Ovsc0N1syCkLCIK1Zjf9
4JSop92jjdBo+Ca5Rdm6CV2HP6hCOzk/mwIDAQABo4ICPzCCAjswHQYDVR0OBBYE
FPtqsLKTqoYrguQLYDquotv0R5apMB8GA1UdIwQYMBaAFMGvjJmenQba3rw4fXiz
BauHFtwvMA4GA1UdDwEB/wQEAwIHgDCBhQYDVR0fBH4wfDB6oHigdoZ0cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vMTkyMDVlN2MtYTg4MS00ODczLTkx
ODgtZTUyMWI2YWY1MjljLzAvQzFBRjhDOTk5RTlEMDZEQURFQkMzODdENzhCMzA1
QUI4NzE2REMyRi5jcmwwdAYIKwYBBQUHAQEEaDBmMGQGCCsGAQUFBzAChlhyc3lu
YzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby9JRE5JQy1JRC8yL0MxQUY4Qzk5
OUU5RDA2REFERUJDMzg3RDc4QjMwNUFCODcxNkRDMkYuY2VyMIGsBggrBgEFBQcB
CwSBnzCBnDCBmQYIKwYBBQUHMAuGgYxyc3luYzovL3JlcG8tcnBraS5pZG5pYy5u
ZXQvcmVwby8xOTIwNWU3Yy1hODgxLTQ4NzMtOTE4OC1lNTIxYjZhZjUyOWMvMC8z
MjM0MzAzMDNhNjQ2MzMwMzAzYTM0MzAzMDM2M2EzYTJmMzQzODJkMzQzODIwM2Qz
ZTIwMzEzMzMxMzEzMTMxLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIG
CCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAJADcAEAGMA0GCSqGSIb3DQEBCwUA
A4IBAQAm4AxZBl6f0hRYq6iWCCx/+P9BFV6cR6f+y46OzpyzYutF1TVPX6Hz2vG8
8nQNsqe12suyoz+b7Ct1F6lm8HDll2AVRrcwCNKO47Q2ZRLYyOQeKV889i12Lv8P
95XI5y/UfWRiJUEq14OG1PDXsWVvbzukgH+rj9DZDuv6kM3WLX2nRY/AvmvM4Hms
EqddlM8EQc4JRv2HOmkRP1yFuHbVG4PHRb2DdFWNEWbWaabIyIiaw8Nr4C+7LT/W
zrVTze53F2/8J7BrK1Qoy9gCJChAIFpbVdwdNJRKReAfTlh6Q1YWD9rvtNsqKWBG
NNk9EB7Af5FsgI5NMX5Vs6Pvrdod
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:37:01 2024 by rpki-client on console-fra.rpki-client.org