Route Origin Authorization

$ rpki-client -vvf rpki.multacom.com/repo/MCOMCA/0/3139382e35322e39362e302f31392d3234203d3e203335393136.roa
File:                     3139382e35322e39362e302f31392d3234203d3e203335393136.roa (raw, json)
Hash identifier:          JunGQrqtpF1JyoOpZfE0m9t6YlmxY8WYpGf/j1X6DTY=
Subject key identifier:   A8:4B:D5:38:CA:35:51:FF:80:F7:FD:E7:F9:18:50:76:AB:FA:15:DE
Certificate issuer:       /CN=8901940597c48f785a91d7212b9ca71b1f1f20ade68568e5b1
Certificate serial:       7E0DD7EE5E730F1AF7A1A58F543798E1BCE133B3
Authority key identifier: DC:62:76:88:30:B1:B1:20:17:16:51:8D:5E:6A:65:25:B0:23:59:3A
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/4dc07ba6-d360-4ca5-a860-62e4e5476f84/8901940597c48f785a91d7212b9ca71b1f1f20ade68568e5b1.cer
Subject info access:      rsync://rpki.multacom.com/repo/MCOMCA/0/3139382e35322e39362e302f31392d3234203d3e203335393136.roa
Signing time:             Sun 30 Jul 2023 03:00:00 +0000
ROA not before:           Sun 30 Jul 2023 02:55:00 +0000
ROA not after:            Tue 30 Jul 2024 03:00:00 +0000
asID:                     35916
IP address blocks:        198.52.96.0/19 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7e:0d:d7:ee:5e:73:0f:1a:f7:a1:a5:8f:54:37:98:e1:bc:e1:33:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8901940597c48f785a91d7212b9ca71b1f1f20ade68568e5b1
        Validity
            Not Before: Jul 30 02:55:00 2023 GMT
            Not After : Jul 30 03:00:00 2024 GMT
        Subject: CN=3082010A0282010100B277CBF8229F5E4E29F231441CAADADF804B4FE82D3CDEA477917CDA9D59BB1F5DF74FE7459194C095CDBDC73B5013713EAC0B6525B69BBCEEEF6396A06EA8D052D87C13CFE86AB4179263A44C884E905AE1557D77E748BAC68622D9B0C8EBF28325019E33D009D2B4175E24E6E34010A886CB65B49E98DC614C1AECA2B04770CDC6E2D83743185AD49A4763F73325387253C75E2A816C00E5EE2E78994F78B074A9D2F7F74F1C44D4618289E06DD6C3AFAF26F80CBF8028003F5ECD7667735D7721EBFBC5B97CB3B919D1757292EB90905932D75D2071E42029F401BD830A763E9D0D1692A097D197FFDA3C1DC657825A53D42A696E76F860E7FA887C4751D50203010001
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:77:cb:f8:22:9f:5e:4e:29:f2:31:44:1c:aa:
                    da:df:80:4b:4f:e8:2d:3c:de:a4:77:91:7c:da:9d:
                    59:bb:1f:5d:f7:4f:e7:45:91:94:c0:95:cd:bd:c7:
                    3b:50:13:71:3e:ac:0b:65:25:b6:9b:bc:ee:ef:63:
                    96:a0:6e:a8:d0:52:d8:7c:13:cf:e8:6a:b4:17:92:
                    63:a4:4c:88:4e:90:5a:e1:55:7d:77:e7:48:ba:c6:
                    86:22:d9:b0:c8:eb:f2:83:25:01:9e:33:d0:09:d2:
                    b4:17:5e:24:e6:e3:40:10:a8:86:cb:65:b4:9e:98:
                    dc:61:4c:1a:ec:a2:b0:47:70:cd:c6:e2:d8:37:43:
                    18:5a:d4:9a:47:63:f7:33:25:38:72:53:c7:5e:2a:
                    81:6c:00:e5:ee:2e:78:99:4f:78:b0:74:a9:d2:f7:
                    f7:4f:1c:44:d4:61:82:89:e0:6d:d6:c3:af:af:26:
                    f8:0c:bf:80:28:00:3f:5e:cd:76:67:73:5d:77:21:
                    eb:fb:c5:b9:7c:b3:b9:19:d1:75:72:92:eb:90:90:
                    59:32:d7:5d:20:71:e4:20:29:f4:01:bd:83:0a:76:
                    3e:9d:0d:16:92:a0:97:d1:97:ff:da:3c:1d:c6:57:
                    82:5a:53:d4:2a:69:6e:76:f8:60:e7:fa:88:7c:47:
                    51:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:4B:D5:38:CA:35:51:FF:80:F7:FD:E7:F9:18:50:76:AB:FA:15:DE
            X509v3 Authority Key Identifier:
                keyid:DC:62:76:88:30:B1:B1:20:17:16:51:8D:5E:6A:65:25:B0:23:59:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.multacom.com/repo/MCOMCA/0/DC62768830B1B1201716518D5E6A6525B023593A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/4dc07ba6-d360-4ca5-a860-62e4e5476f84/8901940597c48f785a91d7212b9ca71b1f1f20ade68568e5b1.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.multacom.com/repo/MCOMCA/0/3139382e35322e39362e302f31392d3234203d3e203335393136.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  198.52.96.0/19

    Signature Algorithm: sha256WithRSAEncryption
         3a:cc:83:8f:65:2e:91:9e:1d:b8:98:9c:98:a9:80:c5:83:08:
         02:96:a6:78:75:94:c3:1c:76:13:06:45:03:97:21:32:86:85:
         e5:50:8d:44:d6:dd:5e:36:00:3a:50:c3:c1:c8:ba:ec:eb:d9:
         8a:71:8c:3d:cc:d5:66:4e:ad:82:fe:30:c9:0b:08:2c:fc:e5:
         57:38:0f:5b:51:2f:8e:35:37:2b:28:43:08:5e:9c:64:eb:f2:
         8c:7e:d8:b7:50:d6:a6:be:26:d2:78:a1:f0:b0:24:f9:dc:d4:
         8a:b9:14:0d:92:03:51:31:0d:34:20:22:5d:36:7a:1f:52:04:
         b4:77:bc:c4:4b:b1:f4:c5:7e:d3:c1:04:de:7a:73:a2:6e:c7:
         08:63:06:56:0a:ec:4a:07:47:66:e5:7e:66:f2:16:ad:1f:75:
         4b:4b:11:01:17:63:1a:38:45:7d:f6:59:c3:8b:8b:9d:a2:79:
         c5:92:91:ee:c4:4d:a4:c9:2d:32:88:34:d5:c8:52:94:a3:d4:
         57:58:0e:76:72:5d:b3:26:e2:cf:25:d3:72:66:a3:0f:38:d8:
         58:3b:f6:a4:26:0a:be:d5:e8:4e:5b:36:9b:00:61:55:d4:b8:
         f4:d3:62:c6:c9:a9:7a:94:1a:4d:b2:d4:eb:e7:59:b6:71:ca:
         c8:16:cf:e2
-----BEGIN CERTIFICATE-----
MIIHZjCCBk6gAwIBAgIUfg3X7l5zDxr3oaWPVDeY4bzhM7MwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyODkwMTk0MDU5N2M0OGY3ODVhOTFkNzIxMmI5Y2E3MWIx
ZjFmMjBhZGU2ODU2OGU1YjEwHhcNMjMwNzMwMDI1NTAwWhcNMjQwNzMwMDMwMDAw
WjCCAi0xggIpMIICJQYDVQQDE4ICHDMwODIwMTBBMDI4MjAxMDEwMEIyNzdDQkY4
MjI5RjVFNEUyOUYyMzE0NDFDQUFEQURGODA0QjRGRTgyRDNDREVBNDc3OTE3Q0RB
OUQ1OUJCMUY1REY3NEZFNzQ1OTE5NEMwOTVDREJEQzczQjUwMTM3MTNFQUMwQjY1
MjVCNjlCQkNFRUVGNjM5NkEwNkVBOEQwNTJEODdDMTNDRkU4NkFCNDE3OTI2M0E0
NEM4ODRFOTA1QUUxNTU3RDc3RTc0OEJBQzY4NjIyRDlCMEM4RUJGMjgzMjUwMTlF
MzNEMDA5RDJCNDE3NUUyNEU2RTM0MDEwQTg4NkNCNjVCNDlFOThEQzYxNEMxQUVD
QTJCMDQ3NzBDREM2RTJEODM3NDMxODVBRDQ5QTQ3NjNGNzMzMjUzODcyNTNDNzVF
MkE4MTZDMDBFNUVFMkU3ODk5NEY3OEIwNzRBOUQyRjdGNzRGMUM0NEQ0NjE4Mjg5
RTA2REQ2QzNBRkFGMjZGODBDQkY4MDI4MDAzRjVFQ0Q3NjY3NzM1RDc3MjFFQkZC
QzVCOTdDQjNCOTE5RDE3NTcyOTJFQjkwOTA1OTMyRDc1RDIwNzFFNDIwMjlGNDAx
QkQ4MzBBNzYzRTlEMEQxNjkyQTA5N0QxOTdGRkRBM0MxREM2NTc4MjVBNTNENDJB
Njk2RTc2Rjg2MEU3RkE4ODdDNDc1MUQ1MDIwMzAxMDAwMTCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBALJ3y/gin15OKfIxRByq2t+AS0/oLTzepHeRfNqd
WbsfXfdP50WRlMCVzb3HO1ATcT6sC2Ultpu87u9jlqBuqNBS2HwTz+hqtBeSY6RM
iE6QWuFVfXfnSLrGhiLZsMjr8oMlAZ4z0AnStBdeJObjQBCohstltJ6Y3GFMGuyi
sEdwzcbi2DdDGFrUmkdj9zMlOHJTx14qgWwA5e4ueJlPeLB0qdL3908cRNRhgong
bdbDr68m+Ay/gCgAP17NdmdzXXch6/vFuXyzuRnRdXKS65CQWTLXXSBx5CAp9AG9
gwp2Pp0NFpKgl9GX/9o8HcZXglpT1Cppbnb4YOf6iHxHUdUCAwEAAaOCAmowggJm
MB0GA1UdDgQWBBSoS9U4yjVR/4D3/ef5GFB2q/oV3jAfBgNVHSMEGDAWgBTcYnaI
MLGxIBcWUY1eamUlsCNZOjAOBgNVHQ8BAf8EBAMCB4AwZQYDVR0fBF4wXDBaoFig
VoZUcnN5bmM6Ly9ycGtpLm11bHRhY29tLmNvbS9yZXBvL01DT01DQS8wL0RDNjI3
Njg4MzBCMUIxMjAxNzE2NTE4RDVFNkE2NTI1QjAyMzU5M0EuY3JsMIHzBggrBgEF
BQcBAQSB5jCB4zCB4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQv
cmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMt
MjE3MWRhMjE1N2QzLzc0NmUwMTExLWZhZmItNDMwZi1iNzc4LWQyMDRjZmNkOTlh
OC80ZGMwN2JhNi1kMzYwLTRjYTUtYTg2MC02MmU0ZTU0NzZmODQvODkwMTk0MDU5
N2M0OGY3ODVhOTFkNzIxMmI5Y2E3MWIxZjFmMjBhZGU2ODU2OGU1YjEuY2VyMHwG
CCsGAQUFBwELBHAwbjBsBggrBgEFBQcwC4ZgcnN5bmM6Ly9ycGtpLm11bHRhY29t
LmNvbS9yZXBvL01DT01DQS8wLzMxMzkzODJlMzUzMjJlMzkzNjJlMzAyZjMxMzky
ZDMyMzQyMDNkM2UyMDMzMzUzOTMxMzYucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYB
BQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAXGNGAwDQYJKoZIhvcN
AQELBQADggEBADrMg49lLpGeHbiYnJipgMWDCAKWpnh1lMMcdhMGRQOXITKGheVQ
jUTW3V42ADpQw8HIuuzr2YpxjD3M1WZOrYL+MMkLCCz85Vc4D1tRL441NysoQwhe
nGTr8ox+2LdQ1qa+JtJ4ofCwJPnc1Iq5FA2SA1ExDTQgIl02eh9SBLR3vMRLsfTF
ftPBBN56c6JuxwhjBlYK7EoHR2blfmbyFq0fdUtLEQEXYxo4RX32WcOLi52iecWS
ke7ETaTJLTKINNXIUpSj1FdYDnZyXbMm4s8l03Jmow842Fg79qQmCr7V6E5bNpsA
YVXUuPTTYsbJqXqUGk2y1OvnWbZxysgWz+I=
-----END CERTIFICATE-----
Generated at Wed Aug 9 22:55:20 2023 by rpki-client on console-fra.rpki-client.org