Route Origin Authorization

$ rpki-client -vvf rpki.multacom.com/repo/MCOMCA/0/3139382e3231312e302e302f31382d3234203d3e203335393136.roa
File:                     3139382e3231312e302e302f31382d3234203d3e203335393136.roa (raw, json)
Hash identifier:          32YcF78kuvAKp2SVMViH8b6kbNd07x4F3PCKYhAO6t4=
Subject key identifier:   BA:F5:A0:AF:AF:F0:F2:A9:91:34:EA:05:A0:9D:B5:93:A7:05:56:C3
Certificate issuer:       /CN=8901940597c48f785a91d7212b9ca71b1f1f20ade68568e5b1
Certificate serial:       494126C0CD6010A44209A4AA9639008C30BA6B6F
Authority key identifier: DC:62:76:88:30:B1:B1:20:17:16:51:8D:5E:6A:65:25:B0:23:59:3A
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/4dc07ba6-d360-4ca5-a860-62e4e5476f84/8901940597c48f785a91d7212b9ca71b1f1f20ade68568e5b1.cer
Subject info access:      rsync://rpki.multacom.com/repo/MCOMCA/0/3139382e3231312e302e302f31382d3234203d3e203335393136.roa
Signing time:             Sat 29 Jul 2023 19:00:01 +0000
ROA not before:           Sat 29 Jul 2023 18:55:01 +0000
ROA not after:            Mon 29 Jul 2024 19:00:01 +0000
asID:                     35916
IP address blocks:        198.211.0.0/18 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            49:41:26:c0:cd:60:10:a4:42:09:a4:aa:96:39:00:8c:30:ba:6b:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8901940597c48f785a91d7212b9ca71b1f1f20ade68568e5b1
        Validity
            Not Before: Jul 29 18:55:01 2023 GMT
            Not After : Jul 29 19:00:01 2024 GMT
        Subject: CN=3082010A0282010100DE5D687B1A1BA5F09EAC93E79A4EC5D536C2969530967C9A0736E89321D3466145ABAB9D5927C8D84D4E08B56724B00F99DE5699B79A8DE645D611019C15516E588FD352BFCE9B9E650F16003A6C5BA75D8921C821DC6A5E3AD16F8B38C2692F7E20764E232E5C70EBA7D3D757E54951C80F026723F3481737D16CEFEEB27FFA953B84390BAAAD55EEA4B733193DCB458C1BE417F612B662683345A5738CC31A015E39449A99E5B2F6B0931424E2784D85C4E79639CA33EA12F46B4D97C3929F57DA419B1A88A7064FAC0439E253C45C77DE8F748AA21514CDAC62FFAC4FE318BD645E98A45F6C716CB1270F8F626B7CC41F9583C48A07350847257909F606630203010001
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:5d:68:7b:1a:1b:a5:f0:9e:ac:93:e7:9a:4e:
                    c5:d5:36:c2:96:95:30:96:7c:9a:07:36:e8:93:21:
                    d3:46:61:45:ab:ab:9d:59:27:c8:d8:4d:4e:08:b5:
                    67:24:b0:0f:99:de:56:99:b7:9a:8d:e6:45:d6:11:
                    01:9c:15:51:6e:58:8f:d3:52:bf:ce:9b:9e:65:0f:
                    16:00:3a:6c:5b:a7:5d:89:21:c8:21:dc:6a:5e:3a:
                    d1:6f:8b:38:c2:69:2f:7e:20:76:4e:23:2e:5c:70:
                    eb:a7:d3:d7:57:e5:49:51:c8:0f:02:67:23:f3:48:
                    17:37:d1:6c:ef:ee:b2:7f:fa:95:3b:84:39:0b:aa:
                    ad:55:ee:a4:b7:33:19:3d:cb:45:8c:1b:e4:17:f6:
                    12:b6:62:68:33:45:a5:73:8c:c3:1a:01:5e:39:44:
                    9a:99:e5:b2:f6:b0:93:14:24:e2:78:4d:85:c4:e7:
                    96:39:ca:33:ea:12:f4:6b:4d:97:c3:92:9f:57:da:
                    41:9b:1a:88:a7:06:4f:ac:04:39:e2:53:c4:5c:77:
                    de:8f:74:8a:a2:15:14:cd:ac:62:ff:ac:4f:e3:18:
                    bd:64:5e:98:a4:5f:6c:71:6c:b1:27:0f:8f:62:6b:
                    7c:c4:1f:95:83:c4:8a:07:35:08:47:25:79:09:f6:
                    06:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:F5:A0:AF:AF:F0:F2:A9:91:34:EA:05:A0:9D:B5:93:A7:05:56:C3
            X509v3 Authority Key Identifier:
                keyid:DC:62:76:88:30:B1:B1:20:17:16:51:8D:5E:6A:65:25:B0:23:59:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.multacom.com/repo/MCOMCA/0/DC62768830B1B1201716518D5E6A6525B023593A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/4dc07ba6-d360-4ca5-a860-62e4e5476f84/8901940597c48f785a91d7212b9ca71b1f1f20ade68568e5b1.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.multacom.com/repo/MCOMCA/0/3139382e3231312e302e302f31382d3234203d3e203335393136.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  198.211.0.0/18

    Signature Algorithm: sha256WithRSAEncryption
         21:63:15:73:11:26:d0:9d:52:64:f9:4b:15:c2:42:80:15:cb:
         8c:82:6a:3f:35:10:ee:07:9d:d2:17:cb:54:d0:27:a5:54:a6:
         ac:ad:3b:0e:88:e5:72:da:26:16:03:87:9e:50:06:f3:1a:b2:
         02:ab:49:74:22:b6:0b:58:11:ba:3c:5e:ad:80:46:6b:f6:37:
         14:5e:bc:d2:b5:ee:ef:ae:e4:0c:20:cb:4b:f6:d7:dd:4b:20:
         8c:58:45:7b:0b:d5:6b:d2:d1:3f:9d:d9:7b:e5:54:5b:63:c5:
         4a:9c:d4:90:71:22:93:4f:cc:95:cd:d0:3c:2f:f1:93:e2:db:
         aa:be:86:99:00:cb:ef:65:9e:09:24:8a:03:5a:22:80:ea:41:
         65:c3:ca:a9:8d:a7:af:5c:8f:fa:95:c4:b1:c4:0c:9d:3a:05:
         ef:d9:82:57:7d:09:ab:1d:d8:69:89:80:c9:63:ea:20:b9:67:
         22:e0:b5:e8:de:0d:81:5a:f5:6e:a6:29:68:1d:1a:30:8d:14:
         10:d9:28:a5:47:8b:07:07:de:f8:9e:2c:c5:e1:34:26:6e:fa:
         d1:34:f8:f1:4d:81:af:2d:72:5f:4d:ae:ab:d3:06:16:cc:a7:
         44:f6:77:63:6a:b2:1a:c3:12:16:c8:54:ae:47:84:28:b9:1f:
         e3:e3:f9:e1
-----BEGIN CERTIFICATE-----
MIIHZjCCBk6gAwIBAgIUSUEmwM1gEKRCCaSqljkAjDC6a28wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyODkwMTk0MDU5N2M0OGY3ODVhOTFkNzIxMmI5Y2E3MWIx
ZjFmMjBhZGU2ODU2OGU1YjEwHhcNMjMwNzI5MTg1NTAxWhcNMjQwNzI5MTkwMDAx
WjCCAi0xggIpMIICJQYDVQQDE4ICHDMwODIwMTBBMDI4MjAxMDEwMERFNUQ2ODdC
MUExQkE1RjA5RUFDOTNFNzlBNEVDNUQ1MzZDMjk2OTUzMDk2N0M5QTA3MzZFODkz
MjFEMzQ2NjE0NUFCQUI5RDU5MjdDOEQ4NEQ0RTA4QjU2NzI0QjAwRjk5REU1Njk5
Qjc5QThERTY0NUQ2MTEwMTlDMTU1MTZFNTg4RkQzNTJCRkNFOUI5RTY1MEYxNjAw
M0E2QzVCQTc1RDg5MjFDODIxREM2QTVFM0FEMTZGOEIzOEMyNjkyRjdFMjA3NjRF
MjMyRTVDNzBFQkE3RDNENzU3RTU0OTUxQzgwRjAyNjcyM0YzNDgxNzM3RDE2Q0VG
RUVCMjdGRkE5NTNCODQzOTBCQUFBRDU1RUVBNEI3MzMxOTNEQ0I0NThDMUJFNDE3
RjYxMkI2NjI2ODMzNDVBNTczOENDMzFBMDE1RTM5NDQ5QTk5RTVCMkY2QjA5MzE0
MjRFMjc4NEQ4NUM0RTc5NjM5Q0EzM0VBMTJGNDZCNEQ5N0MzOTI5RjU3REE0MTlC
MUE4OEE3MDY0RkFDMDQzOUUyNTNDNDVDNzdERThGNzQ4QUEyMTUxNENEQUM2MkZG
QUM0RkUzMThCRDY0NUU5OEE0NUY2QzcxNkNCMTI3MEY4RjYyNkI3Q0M0MUY5NTgz
QzQ4QTA3MzUwODQ3MjU3OTA5RjYwNjYzMDIwMzAxMDAwMTCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAN5daHsaG6XwnqyT55pOxdU2wpaVMJZ8mgc26JMh
00ZhRaurnVknyNhNTgi1ZySwD5neVpm3mo3mRdYRAZwVUW5Yj9NSv86bnmUPFgA6
bFunXYkhyCHcal460W+LOMJpL34gdk4jLlxw66fT11flSVHIDwJnI/NIFzfRbO/u
sn/6lTuEOQuqrVXupLczGT3LRYwb5Bf2ErZiaDNFpXOMwxoBXjlEmpnlsvawkxQk
4nhNhcTnljnKM+oS9GtNl8OSn1faQZsaiKcGT6wEOeJTxFx33o90iqIVFM2sYv+s
T+MYvWRemKRfbHFssScPj2JrfMQflYPEigc1CEcleQn2BmMCAwEAAaOCAmowggJm
MB0GA1UdDgQWBBS69aCvr/DyqZE06gWgnbWTpwVWwzAfBgNVHSMEGDAWgBTcYnaI
MLGxIBcWUY1eamUlsCNZOjAOBgNVHQ8BAf8EBAMCB4AwZQYDVR0fBF4wXDBaoFig
VoZUcnN5bmM6Ly9ycGtpLm11bHRhY29tLmNvbS9yZXBvL01DT01DQS8wL0RDNjI3
Njg4MzBCMUIxMjAxNzE2NTE4RDVFNkE2NTI1QjAyMzU5M0EuY3JsMIHzBggrBgEF
BQcBAQSB5jCB4zCB4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQv
cmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMt
MjE3MWRhMjE1N2QzLzc0NmUwMTExLWZhZmItNDMwZi1iNzc4LWQyMDRjZmNkOTlh
OC80ZGMwN2JhNi1kMzYwLTRjYTUtYTg2MC02MmU0ZTU0NzZmODQvODkwMTk0MDU5
N2M0OGY3ODVhOTFkNzIxMmI5Y2E3MWIxZjFmMjBhZGU2ODU2OGU1YjEuY2VyMHwG
CCsGAQUFBwELBHAwbjBsBggrBgEFBQcwC4ZgcnN5bmM6Ly9ycGtpLm11bHRhY29t
LmNvbS9yZXBvL01DT01DQS8wLzMxMzkzODJlMzIzMTMxMmUzMDJlMzAyZjMxMzgy
ZDMyMzQyMDNkM2UyMDMzMzUzOTMxMzYucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYB
BQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAbG0wAwDQYJKoZIhvcN
AQELBQADggEBACFjFXMRJtCdUmT5SxXCQoAVy4yCaj81EO4HndIXy1TQJ6VUpqyt
Ow6I5XLaJhYDh55QBvMasgKrSXQitgtYEbo8Xq2ARmv2NxRevNK17u+u5Awgy0v2
191LIIxYRXsL1WvS0T+d2XvlVFtjxUqc1JBxIpNPzJXN0Dwv8ZPi26q+hpkAy+9l
ngkkigNaIoDqQWXDyqmNp69cj/qVxLHEDJ06Be/Zgld9Casd2GmJgMlj6iC5ZyLg
tejeDYFa9W6mKWgdGjCNFBDZKKVHiwcH3vieLMXhNCZu+tE0+PFNga8tcl9NrqvT
BhbMp0T2d2NqshrDEhbIVK5HhCi5H+Pj+eE=
-----END CERTIFICATE-----
Generated at Wed Aug 9 22:55:20 2023 by rpki-client on console-fra.rpki-client.org