Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/19205e7c-a881-4873-9188-e521b6af529c/0/323430303a646330303a65613a3a2f34382d3438203d3e203233393437.roa
File:                     323430303a646330303a65613a3a2f34382d3438203d3e203233393437.roa (raw, json)
Hash identifier:          kUTXZJ5QLGtSKj3wFaXgtor1wrB5znsx26BpQSoRNI4=
Subject key identifier:   CB:EC:BC:18:F3:94:5F:6F:9F:05:7B:33:EC:34:36:A2:8C:CD:74:C3
Certificate issuer:       /CN=C1AF8C999E9D06DADEBC387D78B305AB8716DC2F
Certificate serial:       572E24ED62C20CBFF6D65F1BC37BCD5510B2A686
Authority key identifier: C1:AF:8C:99:9E:9D:06:DA:DE:BC:38:7D:78:B3:05:AB:87:16:DC:2F
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/C1AF8C999E9D06DADEBC387D78B305AB8716DC2F.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/19205e7c-a881-4873-9188-e521b6af529c/0/323430303a646330303a65613a3a2f34382d3438203d3e203233393437.roa
Signing time:             Thu 10 Feb 2022 05:53:53 +0000
ROA not before:           Thu 10 Feb 2022 05:48:53 +0000
ROA not after:            Fri 10 Feb 2023 05:53:53 +0000
asID:                     23947
IP address blocks:        2400:dc00:ea::/48 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:2e:24:ed:62:c2:0c:bf:f6:d6:5f:1b:c3:7b:cd:55:10:b2:a6:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=C1AF8C999E9D06DADEBC387D78B305AB8716DC2F
        Validity
            Not Before: Feb 10 05:48:53 2022 GMT
            Not After : Feb 10 05:53:53 2023 GMT
        Subject: CN=3082010A0282010100E5E31DE26503DDD67B32604485B98765248FA5060865871BB3DF1F7FD157AD0456DD806DD7CC05D738346774A07D21609214C09287CF6133E312B009A535E631190BB4F2CA58B1D4AE162D350ACFF462B60FA35E8888DA20AAF02A68402F51CEB2B38D9B9531D3E6C048C8B531EBBB485EDD7177621CF9A1F6A87DD509EB761E220124FC998E3F89C58C38F5083E8E9B1731A57BBEA1F9B86D723F177FC69E8B721A750710027650A1965C07C202F30BB6CEDFD733A72BD18DDB8C86009219F4C829B8BB638E9AE0AEEA8DE0AF78FCF99C444F2CEED7806D9F6273DE4E1DA95988BA140D0B520522ABAA40CCBB489BF16DFC0D775EE4A81D80E153EF8A9E5A510203010001
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:e3:1d:e2:65:03:dd:d6:7b:32:60:44:85:b9:
                    87:65:24:8f:a5:06:08:65:87:1b:b3:df:1f:7f:d1:
                    57:ad:04:56:dd:80:6d:d7:cc:05:d7:38:34:67:74:
                    a0:7d:21:60:92:14:c0:92:87:cf:61:33:e3:12:b0:
                    09:a5:35:e6:31:19:0b:b4:f2:ca:58:b1:d4:ae:16:
                    2d:35:0a:cf:f4:62:b6:0f:a3:5e:88:88:da:20:aa:
                    f0:2a:68:40:2f:51:ce:b2:b3:8d:9b:95:31:d3:e6:
                    c0:48:c8:b5:31:eb:bb:48:5e:dd:71:77:62:1c:f9:
                    a1:f6:a8:7d:d5:09:eb:76:1e:22:01:24:fc:99:8e:
                    3f:89:c5:8c:38:f5:08:3e:8e:9b:17:31:a5:7b:be:
                    a1:f9:b8:6d:72:3f:17:7f:c6:9e:8b:72:1a:75:07:
                    10:02:76:50:a1:96:5c:07:c2:02:f3:0b:b6:ce:df:
                    d7:33:a7:2b:d1:8d:db:8c:86:00:92:19:f4:c8:29:
                    b8:bb:63:8e:9a:e0:ae:ea:8d:e0:af:78:fc:f9:9c:
                    44:4f:2c:ee:d7:80:6d:9f:62:73:de:4e:1d:a9:59:
                    88:ba:14:0d:0b:52:05:22:ab:aa:40:cc:bb:48:9b:
                    f1:6d:fc:0d:77:5e:e4:a8:1d:80:e1:53:ef:8a:9e:
                    5a:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:EC:BC:18:F3:94:5F:6F:9F:05:7B:33:EC:34:36:A2:8C:CD:74:C3
            X509v3 Authority Key Identifier:
                keyid:C1:AF:8C:99:9E:9D:06:DA:DE:BC:38:7D:78:B3:05:AB:87:16:DC:2F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/19205e7c-a881-4873-9188-e521b6af529c/0/C1AF8C999E9D06DADEBC387D78B305AB8716DC2F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/C1AF8C999E9D06DADEBC387D78B305AB8716DC2F.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/19205e7c-a881-4873-9188-e521b6af529c/0/323430303a646330303a65613a3a2f34382d3438203d3e203233393437.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2400:dc00:ea::/48

    Signature Algorithm: sha256WithRSAEncryption
         40:bc:54:15:14:27:7d:11:47:1b:c9:a9:4f:e6:0e:56:32:96:
         5d:e4:ce:cd:55:c3:bc:71:d4:3e:27:60:e5:b5:af:d4:7d:60:
         b0:9d:d8:fb:10:3f:4a:8a:3d:ff:3c:88:4d:53:70:66:72:a7:
         b3:17:da:a6:1f:c7:d6:0a:85:0e:6d:d5:73:a3:cb:f6:b4:27:
         aa:c6:c4:08:89:2a:53:5a:98:c3:ce:53:4b:57:11:fb:f8:b9:
         b3:50:e1:fd:e0:3b:ef:ac:71:3a:55:58:7a:11:18:b1:ff:5c:
         bc:7f:59:2e:5a:eb:34:e4:23:60:84:b2:14:17:19:f5:33:fe:
         d8:26:f7:6b:04:96:fa:e5:a5:49:52:97:0f:c4:4d:5a:9e:1a:
         56:f9:c7:9e:7c:d5:e7:60:cd:c1:1a:dc:51:f1:11:19:e6:92:
         25:3b:6b:86:09:fc:16:bc:4f:2f:cb:a7:79:76:79:7f:97:af:
         33:c5:b8:71:ff:89:07:90:34:46:de:82:2b:5a:1a:ca:ce:71:
         52:74:ff:a7:36:58:af:1a:1c:63:43:88:ed:13:9c:ea:5f:4b:
         82:05:31:ec:6b:40:a9:26:9b:d6:3b:89:87:b3:5b:ab:80:91:
         7d:cd:84:c0:dc:20:fd:05:68:ae:a0:ae:48:6c:15:27:5a:78:
         ba:b5:44:c3
-----BEGIN CERTIFICATE-----
MIIHKzCCBhOgAwIBAgIUVy4k7WLCDL/21l8bw3vNVRCypoYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQzFBRjhDOTk5RTlEMDZEQURFQkMzODdENzhCMzA1QUI4
NzE2REMyRjAeFw0yMjAyMTAwNTQ4NTNaFw0yMzAyMTAwNTUzNTNaMIICLTGCAikw
ggIlBgNVBAMTggIcMzA4MjAxMEEwMjgyMDEwMTAwRTVFMzFERTI2NTAzRERENjdC
MzI2MDQ0ODVCOTg3NjUyNDhGQTUwNjA4NjU4NzFCQjNERjFGN0ZEMTU3QUQwNDU2
REQ4MDZERDdDQzA1RDczODM0Njc3NEEwN0QyMTYwOTIxNEMwOTI4N0NGNjEzM0Uz
MTJCMDA5QTUzNUU2MzExOTBCQjRGMkNBNThCMUQ0QUUxNjJEMzUwQUNGRjQ2MkI2
MEZBMzVFODg4OERBMjBBQUYwMkE2ODQwMkY1MUNFQjJCMzhEOUI5NTMxRDNFNkMw
NDhDOEI1MzFFQkJCNDg1RURENzE3NzYyMUNGOUExRjZBODdERDUwOUVCNzYxRTIy
MDEyNEZDOTk4RTNGODlDNThDMzhGNTA4M0U4RTlCMTczMUE1N0JCRUExRjlCODZE
NzIzRjE3N0ZDNjlFOEI3MjFBNzUwNzEwMDI3NjUwQTE5NjVDMDdDMjAyRjMwQkI2
Q0VERkQ3MzNBNzJCRDE4RERCOEM4NjAwOTIxOUY0QzgyOUI4QkI2MzhFOUFFMEFF
RUE4REUwQUY3OEZDRjk5QzQ0NEYyQ0VFRDc4MDZEOUY2MjczREU0RTFEQTk1OTg4
QkExNDBEMEI1MjA1MjJBQkFBNDBDQ0JCNDg5QkYxNkRGQzBENzc1RUU0QTgxRDgw
RTE1M0VGOEE5RTVBNTEwMjAzMDEwMDAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEA5eMd4mUD3dZ7MmBEhbmHZSSPpQYIZYcbs98ff9FXrQRW3YBt18wF
1zg0Z3SgfSFgkhTAkofPYTPjErAJpTXmMRkLtPLKWLHUrhYtNQrP9GK2D6NeiIja
IKrwKmhAL1HOsrONm5Ux0+bASMi1Meu7SF7dcXdiHPmh9qh91Qnrdh4iAST8mY4/
icWMOPUIPo6bFzGle76h+bhtcj8Xf8aei3IadQcQAnZQoZZcB8IC8wu2zt/XM6cr
0Y3bjIYAkhn0yCm4u2OOmuCu6o3gr3j8+ZxETyzu14Btn2Jz3k4dqVmIuhQNC1IF
IquqQMy7SJvxbfwNd17kqB2A4VPvip5aUQIDAQABo4ICOTCCAjUwHQYDVR0OBBYE
FMvsvBjzlF9vnwV7M+w0NqKMzXTDMB8GA1UdIwQYMBaAFMGvjJmenQba3rw4fXiz
BauHFtwvMA4GA1UdDwEB/wQEAwIHgDCBhQYDVR0fBH4wfDB6oHigdoZ0cnN5bmM6
Ly9yZXBvLXJwa2kuaWRuaWMubmV0L3JlcG8vMTkyMDVlN2MtYTg4MS00ODczLTkx
ODgtZTUyMWI2YWY1MjljLzAvQzFBRjhDOTk5RTlEMDZEQURFQkMzODdENzhCMzA1
QUI4NzE2REMyRi5jcmwwdAYIKwYBBQUHAQEEaDBmMGQGCCsGAQUFBzAChlhyc3lu
YzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby9JRE5JQy1JRC8yL0MxQUY4Qzk5
OUU5RDA2REFERUJDMzg3RDc4QjMwNUFCODcxNkRDMkYuY2VyMIGmBggrBgEFBQcB
CwSBmTCBljCBkwYIKwYBBQUHMAuGgYZyc3luYzovL3JlcG8tcnBraS5pZG5pYy5u
ZXQvcmVwby8xOTIwNWU3Yy1hODgxLTQ4NzMtOTE4OC1lNTIxYjZhZjUyOWMvMC8z
MjM0MzAzMDNhNjQ2MzMwMzAzYTY1NjEzYTNhMmYzNDM4MmQzNDM4MjAzZDNlMjAz
MjMzMzkzNDM3LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUF
BwEHAQH/BBMwETAPBAIAAjAJAwcAJADcAADqMA0GCSqGSIb3DQEBCwUAA4IBAQBA
vFQVFCd9EUcbyalP5g5WMpZd5M7NVcO8cdQ+J2Dlta/UfWCwndj7ED9Kij3/PIhN
U3BmcqezF9qmH8fWCoUObdVzo8v2tCeqxsQIiSpTWpjDzlNLVxH7+LmzUOH94Dvv
rHE6VVh6ERix/1y8f1kuWus05CNghLIUFxn1M/7YJvdrBJb65aVJUpcPxE1anhpW
+ceefNXnYM3BGtxR8REZ5pIlO2uGCfwWvE8vy6d5dnl/l68zxbhx/4kHkDRG3oIr
WhrKznFSdP+nNlivGhxjQ4jtE5zqX0uCBTHsa0CpJpvWO4mHs1urgJF9zYTA3CD9
BWiuoK5IbBUnWni6tUTD
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:13:59 2023 by rpki-client on console-ams.rpki-client.org