Route Origin Authorization

$ rpki-client -vvf rpki.multacom.com/repo/MCOMCA/0/3130302e34322e36342e302f32302d3234203d3e203335393136.roa
File:                     3130302e34322e36342e302f32302d3234203d3e203335393136.roa (raw, json)
Hash identifier:          pen1mf768omxsbO2HMt5UnxYRtXkghWbBLzZmVHAZH4=
Subject key identifier:   40:A5:59:52:BA:86:15:CB:34:6D:8E:D2:55:60:C4:03:7F:88:2A:19
Certificate issuer:       /CN=8901940597c48f785a91d7212b9ca71b1f1f20ade68568e5b1
Certificate serial:       3342C52BD5CF2B8464A2B770CB4D791891A1F37F
Authority key identifier: DC:62:76:88:30:B1:B1:20:17:16:51:8D:5E:6A:65:25:B0:23:59:3A
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/4dc07ba6-d360-4ca5-a860-62e4e5476f84/8901940597c48f785a91d7212b9ca71b1f1f20ade68568e5b1.cer
Subject info access:      rsync://rpki.multacom.com/repo/MCOMCA/0/3130302e34322e36342e302f32302d3234203d3e203335393136.roa
Signing time:             Sun 30 Jul 2023 01:00:00 +0000
ROA not before:           Sun 30 Jul 2023 00:55:00 +0000
ROA not after:            Tue 30 Jul 2024 01:00:00 +0000
asID:                     35916
IP address blocks:        100.42.64.0/20 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:42:c5:2b:d5:cf:2b:84:64:a2:b7:70:cb:4d:79:18:91:a1:f3:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8901940597c48f785a91d7212b9ca71b1f1f20ade68568e5b1
        Validity
            Not Before: Jul 30 00:55:00 2023 GMT
            Not After : Jul 30 01:00:00 2024 GMT
        Subject: CN=3082010A0282010100C49F56DCA6E31886BADDFEF810A59F5BF975C88AE8F1A8475CD03DD0A419D47161776AAEDE17B282A5EEEB53900F4398EC9F7DF5C14098C5907AE2A7899C453F8909E26B3B5869A0DA257D27BA4F7D9FE28DD4F1B902620D5DECDCECDF296B2640614145D0558808ED88EC4F39838EA4F704F51B7BE5332F0C215DEAD52FBB526DB65B6CE478691261454DCBDE939B862A9E29EB8709C8B6EFCDA28DCC4C4478E17F75977859F2495462CE740951D9748F78FB6ABF2A2F0C53EA5228FC0F16DDCE61365136C6A355472F2D6D749A228E729D49A7F3041AEDC81844033BA4F6E60979D2516D0FF2FD9C44289CE5CAF7E4D8F1A0D2FEC63730C18D0B7565095D110203010001
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:9f:56:dc:a6:e3:18:86:ba:dd:fe:f8:10:a5:
                    9f:5b:f9:75:c8:8a:e8:f1:a8:47:5c:d0:3d:d0:a4:
                    19:d4:71:61:77:6a:ae:de:17:b2:82:a5:ee:eb:53:
                    90:0f:43:98:ec:9f:7d:f5:c1:40:98:c5:90:7a:e2:
                    a7:89:9c:45:3f:89:09:e2:6b:3b:58:69:a0:da:25:
                    7d:27:ba:4f:7d:9f:e2:8d:d4:f1:b9:02:62:0d:5d:
                    ec:dc:ec:df:29:6b:26:40:61:41:45:d0:55:88:08:
                    ed:88:ec:4f:39:83:8e:a4:f7:04:f5:1b:7b:e5:33:
                    2f:0c:21:5d:ea:d5:2f:bb:52:6d:b6:5b:6c:e4:78:
                    69:12:61:45:4d:cb:de:93:9b:86:2a:9e:29:eb:87:
                    09:c8:b6:ef:cd:a2:8d:cc:4c:44:78:e1:7f:75:97:
                    78:59:f2:49:54:62:ce:74:09:51:d9:74:8f:78:fb:
                    6a:bf:2a:2f:0c:53:ea:52:28:fc:0f:16:dd:ce:61:
                    36:51:36:c6:a3:55:47:2f:2d:6d:74:9a:22:8e:72:
                    9d:49:a7:f3:04:1a:ed:c8:18:44:03:3b:a4:f6:e6:
                    09:79:d2:51:6d:0f:f2:fd:9c:44:28:9c:e5:ca:f7:
                    e4:d8:f1:a0:d2:fe:c6:37:30:c1:8d:0b:75:65:09:
                    5d:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:A5:59:52:BA:86:15:CB:34:6D:8E:D2:55:60:C4:03:7F:88:2A:19
            X509v3 Authority Key Identifier:
                keyid:DC:62:76:88:30:B1:B1:20:17:16:51:8D:5E:6A:65:25:B0:23:59:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.multacom.com/repo/MCOMCA/0/DC62768830B1B1201716518D5E6A6525B023593A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/4dc07ba6-d360-4ca5-a860-62e4e5476f84/8901940597c48f785a91d7212b9ca71b1f1f20ade68568e5b1.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.multacom.com/repo/MCOMCA/0/3130302e34322e36342e302f32302d3234203d3e203335393136.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  100.42.64.0/20

    Signature Algorithm: sha256WithRSAEncryption
         87:7b:f0:9d:7a:ab:27:bf:68:f3:72:01:5b:59:2d:97:9a:4f:
         7c:ba:ac:fc:3d:28:72:e1:b3:b6:74:6a:d3:64:c4:42:9c:19:
         5f:f5:1a:1a:a9:68:b2:61:1d:91:2f:b6:ef:9e:bc:6d:1d:3d:
         25:24:14:a8:e9:a2:08:47:11:2b:b3:5a:50:03:31:3a:d7:40:
         f6:98:29:2c:53:15:f2:66:aa:9d:0f:57:f6:95:ac:aa:df:d9:
         ca:76:68:d5:0f:52:3a:45:07:bb:7c:90:5e:88:0c:1b:dd:fc:
         7d:13:3a:85:20:3c:b1:19:c6:e6:76:c2:d1:04:65:a8:e2:dc:
         81:eb:e3:4b:05:84:8a:17:85:fd:c5:6a:fe:cf:7a:97:d5:93:
         70:79:90:a4:4d:0b:74:79:b8:44:7b:55:24:00:99:0a:6f:ca:
         2d:6e:dd:36:04:ef:49:21:dc:81:93:9b:64:ed:87:0d:c5:af:
         f4:bc:e3:d7:23:ef:43:46:92:27:bc:0f:85:13:d3:fa:7a:cf:
         d8:ca:54:f7:ad:91:5c:3a:7f:08:cf:5f:f1:e2:63:11:48:53:
         ec:c0:ef:22:a7:12:06:1b:33:62:a3:9f:db:41:6b:c0:d5:48:
         24:46:c4:ff:c8:47:63:1e:ab:de:47:6d:12:f0:9a:a3:b7:78:
         40:e4:3c:04
-----BEGIN CERTIFICATE-----
MIIHZjCCBk6gAwIBAgIUM0LFK9XPK4Rkordwy015GJGh838wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyODkwMTk0MDU5N2M0OGY3ODVhOTFkNzIxMmI5Y2E3MWIx
ZjFmMjBhZGU2ODU2OGU1YjEwHhcNMjMwNzMwMDA1NTAwWhcNMjQwNzMwMDEwMDAw
WjCCAi0xggIpMIICJQYDVQQDE4ICHDMwODIwMTBBMDI4MjAxMDEwMEM0OUY1NkRD
QTZFMzE4ODZCQURERkVGODEwQTU5RjVCRjk3NUM4OEFFOEYxQTg0NzVDRDAzREQw
QTQxOUQ0NzE2MTc3NkFBRURFMTdCMjgyQTVFRUVCNTM5MDBGNDM5OEVDOUY3REY1
QzE0MDk4QzU5MDdBRTJBNzg5OUM0NTNGODkwOUUyNkIzQjU4NjlBMERBMjU3RDI3
QkE0RjdEOUZFMjhERDRGMUI5MDI2MjBENURFQ0RDRUNERjI5NkIyNjQwNjE0MTQ1
RDA1NTg4MDhFRDg4RUM0RjM5ODM4RUE0RjcwNEY1MUI3QkU1MzMyRjBDMjE1REVB
RDUyRkJCNTI2REI2NUI2Q0U0Nzg2OTEyNjE0NTREQ0JERTkzOUI4NjJBOUUyOUVC
ODcwOUM4QjZFRkNEQTI4RENDNEM0NDc4RTE3Rjc1OTc3ODU5RjI0OTU0NjJDRTc0
MDk1MUQ5NzQ4Rjc4RkI2QUJGMkEyRjBDNTNFQTUyMjhGQzBGMTZERENFNjEzNjUx
MzZDNkEzNTU0NzJGMkQ2RDc0OUEyMjhFNzI5RDQ5QTdGMzA0MUFFREM4MTg0NDAz
M0JBNEY2RTYwOTc5RDI1MTZEMEZGMkZEOUM0NDI4OUNFNUNBRjdFNEQ4RjFBMEQy
RkVDNjM3MzBDMThEMEI3NTY1MDk1RDExMDIwMzAxMDAwMTCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAMSfVtym4xiGut3++BCln1v5dciK6PGoR1zQPdCk
GdRxYXdqrt4XsoKl7utTkA9DmOyfffXBQJjFkHrip4mcRT+JCeJrO1hpoNolfSe6
T32f4o3U8bkCYg1d7Nzs3ylrJkBhQUXQVYgI7YjsTzmDjqT3BPUbe+UzLwwhXerV
L7tSbbZbbOR4aRJhRU3L3pObhiqeKeuHCci2782ijcxMRHjhf3WXeFnySVRiznQJ
Udl0j3j7ar8qLwxT6lIo/A8W3c5hNlE2xqNVRy8tbXSaIo5ynUmn8wQa7cgYRAM7
pPbmCXnSUW0P8v2cRCic5cr35NjxoNL+xjcwwY0LdWUJXRECAwEAAaOCAmowggJm
MB0GA1UdDgQWBBRApVlSuoYVyzRtjtJVYMQDf4gqGTAfBgNVHSMEGDAWgBTcYnaI
MLGxIBcWUY1eamUlsCNZOjAOBgNVHQ8BAf8EBAMCB4AwZQYDVR0fBF4wXDBaoFig
VoZUcnN5bmM6Ly9ycGtpLm11bHRhY29tLmNvbS9yZXBvL01DT01DQS8wL0RDNjI3
Njg4MzBCMUIxMjAxNzE2NTE4RDVFNkE2NTI1QjAyMzU5M0EuY3JsMIHzBggrBgEF
BQcBAQSB5jCB4zCB4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQv
cmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMt
MjE3MWRhMjE1N2QzLzc0NmUwMTExLWZhZmItNDMwZi1iNzc4LWQyMDRjZmNkOTlh
OC80ZGMwN2JhNi1kMzYwLTRjYTUtYTg2MC02MmU0ZTU0NzZmODQvODkwMTk0MDU5
N2M0OGY3ODVhOTFkNzIxMmI5Y2E3MWIxZjFmMjBhZGU2ODU2OGU1YjEuY2VyMHwG
CCsGAQUFBwELBHAwbjBsBggrBgEFBQcwC4ZgcnN5bmM6Ly9ycGtpLm11bHRhY29t
LmNvbS9yZXBvL01DT01DQS8wLzMxMzAzMDJlMzQzMjJlMzYzNDJlMzAyZjMyMzAy
ZDMyMzQyMDNkM2UyMDMzMzUzOTMxMzYucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYB
BQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBARkKkAwDQYJKoZIhvcN
AQELBQADggEBAId78J16qye/aPNyAVtZLZeaT3y6rPw9KHLhs7Z0atNkxEKcGV/1
GhqpaLJhHZEvtu+evG0dPSUkFKjpoghHESuzWlADMTrXQPaYKSxTFfJmqp0PV/aV
rKrf2cp2aNUPUjpFB7t8kF6IDBvd/H0TOoUgPLEZxuZ2wtEEZaji3IHr40sFhIoX
hf3Fav7PepfVk3B5kKRNC3R5uER7VSQAmQpvyi1u3TYE70kh3IGTm2Tthw3Fr/S8
49cj70NGkie8D4UT0/p6z9jKVPetkVw6fwjPX/HiYxFIU+zA7yKnEgYbM2Kjn9tB
a8DVSCRGxP/IR2Meq95HbRLwmqO3eEDkPAQ=
-----END CERTIFICATE-----
Generated at Wed Aug 9 22:59:11 2023 by rpki-client on console-ams.rpki-client.org