Route Origin Authorization

$ rpki-client -vvf rpki.multacom.com/repo/MCOMCA/0/3139382e3134382e39362e302f31392d3234203d3e203335393136.roa
File:                     3139382e3134382e39362e302f31392d3234203d3e203335393136.roa (raw, json)
Hash identifier:          4dt0anaW5l2CfDREaLd8tWRVWSgxpu97mSdKjjshFho=
Subject key identifier:   EC:FF:59:E1:2B:62:C0:61:88:6D:D7:9F:97:86:30:D8:9D:E7:65:30
Certificate issuer:       /CN=8901940597c48f785a91d7212b9ca71b1f1f20ade68568e5b1
Certificate serial:       333321208A2E7BAFDCCA9EF6432F1D9895224F78
Authority key identifier: DC:62:76:88:30:B1:B1:20:17:16:51:8D:5E:6A:65:25:B0:23:59:3A
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/4dc07ba6-d360-4ca5-a860-62e4e5476f84/8901940597c48f785a91d7212b9ca71b1f1f20ade68568e5b1.cer
Subject info access:      rsync://rpki.multacom.com/repo/MCOMCA/0/3139382e3134382e39362e302f31392d3234203d3e203335393136.roa
Signing time:             Sun 30 Jul 2023 02:00:00 +0000
ROA not before:           Sun 30 Jul 2023 01:55:00 +0000
ROA not after:            Tue 30 Jul 2024 02:00:00 +0000
asID:                     35916
IP address blocks:        198.148.96.0/19 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:33:21:20:8a:2e:7b:af:dc:ca:9e:f6:43:2f:1d:98:95:22:4f:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8901940597c48f785a91d7212b9ca71b1f1f20ade68568e5b1
        Validity
            Not Before: Jul 30 01:55:00 2023 GMT
            Not After : Jul 30 02:00:00 2024 GMT
        Subject: CN=3082010A0282010100AAF01F39EF7210CA05E1036E18CCA966375230FA15DA64A0D2281CE6EA2A24254CD619DA21B331ED7A0D8C5627DDCB7C77C125B6773CCBEBC819605D064BD8F85538C5C570E598C4FABE5980B55E20F91B658FE3A421952BEB96405C0DF972BDB544D14BB9DB6451C0FD8A74150BF3B4EC9B5C36CBC13BF12A0C7FA5A275EE607336A87081FEBE7C7E9385CE758EB8A3F7AB1043810C81098866D9699302B8087D2D1F4A9897586C838155BCB558FB77B6725A24881F4CCCFAFFC3B676C4B532713DADD16AEB2BC5BA722C7B297143B7D2A03B94B51C3C66048CF8F69ABE1E6ADBEFD9E5166A1BB0DE78BDBFD836BC2A9BDA37CBE3DCCCAC176C5946797D53EF0203010001
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:f0:1f:39:ef:72:10:ca:05:e1:03:6e:18:cc:
                    a9:66:37:52:30:fa:15:da:64:a0:d2:28:1c:e6:ea:
                    2a:24:25:4c:d6:19:da:21:b3:31:ed:7a:0d:8c:56:
                    27:dd:cb:7c:77:c1:25:b6:77:3c:cb:eb:c8:19:60:
                    5d:06:4b:d8:f8:55:38:c5:c5:70:e5:98:c4:fa:be:
                    59:80:b5:5e:20:f9:1b:65:8f:e3:a4:21:95:2b:eb:
                    96:40:5c:0d:f9:72:bd:b5:44:d1:4b:b9:db:64:51:
                    c0:fd:8a:74:15:0b:f3:b4:ec:9b:5c:36:cb:c1:3b:
                    f1:2a:0c:7f:a5:a2:75:ee:60:73:36:a8:70:81:fe:
                    be:7c:7e:93:85:ce:75:8e:b8:a3:f7:ab:10:43:81:
                    0c:81:09:88:66:d9:69:93:02:b8:08:7d:2d:1f:4a:
                    98:97:58:6c:83:81:55:bc:b5:58:fb:77:b6:72:5a:
                    24:88:1f:4c:cc:fa:ff:c3:b6:76:c4:b5:32:71:3d:
                    ad:d1:6a:eb:2b:c5:ba:72:2c:7b:29:71:43:b7:d2:
                    a0:3b:94:b5:1c:3c:66:04:8c:f8:f6:9a:be:1e:6a:
                    db:ef:d9:e5:16:6a:1b:b0:de:78:bd:bf:d8:36:bc:
                    2a:9b:da:37:cb:e3:dc:cc:ac:17:6c:59:46:79:7d:
                    53:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:FF:59:E1:2B:62:C0:61:88:6D:D7:9F:97:86:30:D8:9D:E7:65:30
            X509v3 Authority Key Identifier:
                keyid:DC:62:76:88:30:B1:B1:20:17:16:51:8D:5E:6A:65:25:B0:23:59:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.multacom.com/repo/MCOMCA/0/DC62768830B1B1201716518D5E6A6525B023593A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/4dc07ba6-d360-4ca5-a860-62e4e5476f84/8901940597c48f785a91d7212b9ca71b1f1f20ade68568e5b1.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.multacom.com/repo/MCOMCA/0/3139382e3134382e39362e302f31392d3234203d3e203335393136.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  198.148.96.0/19

    Signature Algorithm: sha256WithRSAEncryption
         03:b9:7b:19:e8:5d:35:e0:92:92:f4:53:8f:32:ac:a8:1a:68:
         ba:25:a3:25:fb:22:20:52:26:8e:3f:58:85:40:6f:9d:1a:3c:
         b1:99:61:57:bf:67:91:89:b1:e4:ce:da:e1:28:ef:10:1a:ad:
         72:21:60:d5:7a:07:e9:3a:d5:7c:f2:a0:ed:af:e9:b5:78:ef:
         aa:dd:c2:40:07:cc:72:af:bf:84:b3:67:8f:9c:51:2b:d2:a2:
         38:e9:5b:9c:ad:d1:9e:e4:18:cd:2f:e6:93:e1:e1:14:f6:33:
         3e:14:43:69:b2:62:c8:86:a9:37:3d:0e:6d:cf:22:bc:07:5e:
         1d:5f:56:0e:97:c4:79:ad:20:f1:9f:d9:a5:bd:8c:42:b7:03:
         c2:d8:93:01:c6:76:d1:92:be:a1:07:2b:2a:d5:76:63:84:d8:
         94:c8:54:fb:23:e4:9a:52:ec:7d:70:67:6e:e4:c9:a1:3e:61:
         b7:75:e3:02:bf:d7:f3:15:11:6a:7c:e3:6f:ff:31:45:1b:7e:
         cd:25:90:c7:f0:83:07:94:2c:90:99:ea:fd:37:34:dc:b3:f6:
         7b:72:11:b8:44:d3:32:36:6f:46:38:c0:6a:24:7f:52:d2:b7:
         a2:5b:c3:7f:d1:df:46:6d:0f:c8:cf:cc:e6:9c:44:7a:d3:6d:
         6f:79:da:d1
-----BEGIN CERTIFICATE-----
MIIHaDCCBlCgAwIBAgIUMzMhIIoue6/cyp72Qy8dmJUiT3gwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyODkwMTk0MDU5N2M0OGY3ODVhOTFkNzIxMmI5Y2E3MWIx
ZjFmMjBhZGU2ODU2OGU1YjEwHhcNMjMwNzMwMDE1NTAwWhcNMjQwNzMwMDIwMDAw
WjCCAi0xggIpMIICJQYDVQQDE4ICHDMwODIwMTBBMDI4MjAxMDEwMEFBRjAxRjM5
RUY3MjEwQ0EwNUUxMDM2RTE4Q0NBOTY2Mzc1MjMwRkExNURBNjRBMEQyMjgxQ0U2
RUEyQTI0MjU0Q0Q2MTlEQTIxQjMzMUVEN0EwRDhDNTYyN0REQ0I3Qzc3QzEyNUI2
NzczQ0NCRUJDODE5NjA1RDA2NEJEOEY4NTUzOEM1QzU3MEU1OThDNEZBQkU1OTgw
QjU1RTIwRjkxQjY1OEZFM0E0MjE5NTJCRUI5NjQwNUMwREY5NzJCREI1NDREMTRC
QjlEQjY0NTFDMEZEOEE3NDE1MEJGM0I0RUM5QjVDMzZDQkMxM0JGMTJBMEM3RkE1
QTI3NUVFNjA3MzM2QTg3MDgxRkVCRTdDN0U5Mzg1Q0U3NThFQjhBM0Y3QUIxMDQz
ODEwQzgxMDk4ODY2RDk2OTkzMDJCODA4N0QyRDFGNEE5ODk3NTg2QzgzODE1NUJD
QjU1OEZCNzdCNjcyNUEyNDg4MUY0Q0NDRkFGRkMzQjY3NkM0QjUzMjcxM0RBREQx
NkFFQjJCQzVCQTcyMkM3QjI5NzE0M0I3RDJBMDNCOTRCNTFDM0M2NjA0OENGOEY2
OUFCRTFFNkFEQkVGRDlFNTE2NkExQkIwREU3OEJEQkZEODM2QkMyQTlCREEzN0NC
RTNEQ0NDQUMxNzZDNTk0Njc5N0Q1M0VGMDIwMzAxMDAwMTCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAKrwHznvchDKBeEDbhjMqWY3UjD6FdpkoNIoHObq
KiQlTNYZ2iGzMe16DYxWJ93LfHfBJbZ3PMvryBlgXQZL2PhVOMXFcOWYxPq+WYC1
XiD5G2WP46QhlSvrlkBcDflyvbVE0Uu522RRwP2KdBUL87Tsm1w2y8E78SoMf6Wi
de5gczaocIH+vnx+k4XOdY64o/erEEOBDIEJiGbZaZMCuAh9LR9KmJdYbIOBVby1
WPt3tnJaJIgfTMz6/8O2dsS1MnE9rdFq6yvFunIseylxQ7fSoDuUtRw8ZgSM+Paa
vh5q2+/Z5RZqG7DeeL2/2Da8KpvaN8vj3MysF2xZRnl9U+8CAwEAAaOCAmwwggJo
MB0GA1UdDgQWBBTs/1nhK2LAYYht15+XhjDYnedlMDAfBgNVHSMEGDAWgBTcYnaI
MLGxIBcWUY1eamUlsCNZOjAOBgNVHQ8BAf8EBAMCB4AwZQYDVR0fBF4wXDBaoFig
VoZUcnN5bmM6Ly9ycGtpLm11bHRhY29tLmNvbS9yZXBvL01DT01DQS8wL0RDNjI3
Njg4MzBCMUIxMjAxNzE2NTE4RDVFNkE2NTI1QjAyMzU5M0EuY3JsMIHzBggrBgEF
BQcBAQSB5jCB4zCB4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQv
cmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMt
MjE3MWRhMjE1N2QzLzc0NmUwMTExLWZhZmItNDMwZi1iNzc4LWQyMDRjZmNkOTlh
OC80ZGMwN2JhNi1kMzYwLTRjYTUtYTg2MC02MmU0ZTU0NzZmODQvODkwMTk0MDU5
N2M0OGY3ODVhOTFkNzIxMmI5Y2E3MWIxZjFmMjBhZGU2ODU2OGU1YjEuY2VyMH4G
CCsGAQUFBwELBHIwcDBuBggrBgEFBQcwC4ZicnN5bmM6Ly9ycGtpLm11bHRhY29t
LmNvbS9yZXBvL01DT01DQS8wLzMxMzkzODJlMzEzNDM4MmUzOTM2MmUzMDJmMzEz
OTJkMzIzNDIwM2QzZTIwMzMzNTM5MzEzNi5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBcaUYDANBgkqhkiG
9w0BAQsFAAOCAQEAA7l7GehdNeCSkvRTjzKsqBpouiWjJfsiIFImjj9YhUBvnRo8
sZlhV79nkYmx5M7a4SjvEBqtciFg1XoH6TrVfPKg7a/ptXjvqt3CQAfMcq+/hLNn
j5xRK9KiOOlbnK3RnuQYzS/mk+HhFPYzPhRDabJiyIapNz0Obc8ivAdeHV9WDpfE
ea0g8Z/Zpb2MQrcDwtiTAcZ20ZK+oQcrKtV2Y4TYlMhU+yPkmlLsfXBnbuTJoT5h
t3XjAr/X8xURanzjb/8xRRt+zSWQx/CDB5QskJnq/Tc03LP2e3IRuETTMjZvRjjA
aiR/UtK3olvDf9HfRm0PyM/M5pxEetNtb3na0Q==
-----END CERTIFICATE-----
Generated at Wed Aug 9 22:59:11 2023 by rpki-client on console-ams.rpki-client.org