Route Origin Authorization

$ rpki-client -vvf rpki.multacom.com/repo/MCOMCA/0/3231362e3132372e3139312e302f32342d3234203d3e20333935363831.roa
File:                     3231362e3132372e3139312e302f32342d3234203d3e20333935363831.roa (raw, json)
Hash identifier:          J+STAQJlcIsZCJdQE59GRQvxNDiLkwLLsp+DFSZdEW4=
Subject key identifier:   18:64:D1:D0:D4:E8:7B:F7:87:59:7E:47:02:9F:E3:9B:E4:63:88:EB
Certificate issuer:       /CN=8901940597c48f785a91d7212b9ca71b1f1f20ade68568e5b1
Certificate serial:       69261D71AC0A253059A64C78F3CC9DDC8AE4D08D
Authority key identifier: DC:62:76:88:30:B1:B1:20:17:16:51:8D:5E:6A:65:25:B0:23:59:3A
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/4dc07ba6-d360-4ca5-a860-62e4e5476f84/8901940597c48f785a91d7212b9ca71b1f1f20ade68568e5b1.cer
Subject info access:      rsync://rpki.multacom.com/repo/MCOMCA/0/3231362e3132372e3139312e302f32342d3234203d3e20333935363831.roa
Signing time:             Wed 24 May 2023 20:00:00 +0000
ROA not before:           Wed 24 May 2023 19:55:00 +0000
ROA not after:            Fri 24 May 2024 20:00:00 +0000
asID:                     395681
IP address blocks:        216.127.191.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            69:26:1d:71:ac:0a:25:30:59:a6:4c:78:f3:cc:9d:dc:8a:e4:d0:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8901940597c48f785a91d7212b9ca71b1f1f20ade68568e5b1
        Validity
            Not Before: May 24 19:55:00 2023 GMT
            Not After : May 24 20:00:00 2024 GMT
        Subject: CN=3082010A0282010100B8FA3E9A150BE15E3D45CB36CC20AFB1294FE01281E6781ED583281ED5270613A67B1EF8CCA47551AF75E932AA50593DB5D0E7B1FBB84589AAD05CA340C1479356BF0AB1ECAEB18DF5E0CF0697AD86DE1641E7BF1E2F647E29E436F674F4E462CD36B15BC561672295608CAAB841AA46B966A47E0BBD47817CF4069178375B2E0C88B72543A7EA8CD587DD81F929026FE61CA36888A51C0E81FB3CD3341D49BA30AD4C8964E1BE86DEE03CFD1EE7BFA593FE4FB88BE941A01C2A947BFC2B798B45FBAA72D78DC311563AA6DC71B12B749E276B35E6839B93BC85C4C016AFEC8A860455E4CAAA786431C755479D5DAFA32760600823797ADFA2BC29B8F406C96F0203010001
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:fa:3e:9a:15:0b:e1:5e:3d:45:cb:36:cc:20:
                    af:b1:29:4f:e0:12:81:e6:78:1e:d5:83:28:1e:d5:
                    27:06:13:a6:7b:1e:f8:cc:a4:75:51:af:75:e9:32:
                    aa:50:59:3d:b5:d0:e7:b1:fb:b8:45:89:aa:d0:5c:
                    a3:40:c1:47:93:56:bf:0a:b1:ec:ae:b1:8d:f5:e0:
                    cf:06:97:ad:86:de:16:41:e7:bf:1e:2f:64:7e:29:
                    e4:36:f6:74:f4:e4:62:cd:36:b1:5b:c5:61:67:22:
                    95:60:8c:aa:b8:41:aa:46:b9:66:a4:7e:0b:bd:47:
                    81:7c:f4:06:91:78:37:5b:2e:0c:88:b7:25:43:a7:
                    ea:8c:d5:87:dd:81:f9:29:02:6f:e6:1c:a3:68:88:
                    a5:1c:0e:81:fb:3c:d3:34:1d:49:ba:30:ad:4c:89:
                    64:e1:be:86:de:e0:3c:fd:1e:e7:bf:a5:93:fe:4f:
                    b8:8b:e9:41:a0:1c:2a:94:7b:fc:2b:79:8b:45:fb:
                    aa:72:d7:8d:c3:11:56:3a:a6:dc:71:b1:2b:74:9e:
                    27:6b:35:e6:83:9b:93:bc:85:c4:c0:16:af:ec:8a:
                    86:04:55:e4:ca:aa:78:64:31:c7:55:47:9d:5d:af:
                    a3:27:60:60:08:23:79:7a:df:a2:bc:29:b8:f4:06:
                    c9:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:64:D1:D0:D4:E8:7B:F7:87:59:7E:47:02:9F:E3:9B:E4:63:88:EB
            X509v3 Authority Key Identifier:
                keyid:DC:62:76:88:30:B1:B1:20:17:16:51:8D:5E:6A:65:25:B0:23:59:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.multacom.com/repo/MCOMCA/0/DC62768830B1B1201716518D5E6A6525B023593A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/4dc07ba6-d360-4ca5-a860-62e4e5476f84/8901940597c48f785a91d7212b9ca71b1f1f20ade68568e5b1.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.multacom.com/repo/MCOMCA/0/3231362e3132372e3139312e302f32342d3234203d3e20333935363831.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.127.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:7f:48:de:7d:c2:34:71:13:13:b7:16:f5:87:00:6c:49:f0:
         b4:dd:2f:ce:db:50:57:dc:a8:94:40:13:07:22:d9:b7:b6:96:
         b1:b7:a5:de:52:5b:fb:32:b8:11:c7:c8:b2:34:d2:b1:0b:40:
         a9:56:aa:8d:bb:f8:d6:08:8c:52:d8:10:c7:86:24:11:7f:a9:
         d8:ff:ed:10:c2:4d:7d:2e:0d:b9:fc:26:ec:a9:e7:2b:55:0b:
         b9:af:1e:a0:87:a5:91:e4:6e:b7:f5:88:3b:b9:e2:8c:ea:67:
         1a:d2:f6:cf:9f:13:58:a9:02:09:ee:8b:53:57:99:c4:a5:65:
         d5:e5:c5:e4:91:11:9f:70:28:f9:65:eb:39:d7:c9:25:46:00:
         7c:45:77:4a:ab:42:11:29:67:0a:9e:fc:fa:6c:a4:3d:6c:b0:
         7a:67:93:9f:68:14:87:e6:33:dd:ea:8d:78:37:fc:bd:13:b0:
         2a:be:81:07:8c:d6:01:39:ca:71:91:8e:fc:db:42:a6:9b:62:
         97:ec:e4:b8:32:bc:ad:22:69:a1:33:84:4d:fa:fb:66:65:3d:
         00:78:9f:d0:c3:c5:68:15:76:58:8f:3b:bc:06:67:c5:1d:ef:
         88:c9:a3:a7:86:8b:44:32:cb:e8:8b:6a:f3:f5:44:3f:15:95:
         a0:f9:5a:28
-----BEGIN CERTIFICATE-----
MIIHbTCCBlWgAwIBAgIUaSYdcawKJTBZpkx488yd3Irk0I0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyODkwMTk0MDU5N2M0OGY3ODVhOTFkNzIxMmI5Y2E3MWIx
ZjFmMjBhZGU2ODU2OGU1YjEwHhcNMjMwNTI0MTk1NTAwWhcNMjQwNTI0MjAwMDAw
WjCCAi0xggIpMIICJQYDVQQDE4ICHDMwODIwMTBBMDI4MjAxMDEwMEI4RkEzRTlB
MTUwQkUxNUUzRDQ1Q0IzNkNDMjBBRkIxMjk0RkUwMTI4MUU2NzgxRUQ1ODMyODFF
RDUyNzA2MTNBNjdCMUVGOENDQTQ3NTUxQUY3NUU5MzJBQTUwNTkzREI1RDBFN0Ix
RkJCODQ1ODlBQUQwNUNBMzQwQzE0NzkzNTZCRjBBQjFFQ0FFQjE4REY1RTBDRjA2
OTdBRDg2REUxNjQxRTdCRjFFMkY2NDdFMjlFNDM2RjY3NEY0RTQ2MkNEMzZCMTVC
QzU2MTY3MjI5NTYwOENBQUI4NDFBQTQ2Qjk2NkE0N0UwQkJENDc4MTdDRjQwNjkx
NzgzNzVCMkUwQzg4QjcyNTQzQTdFQThDRDU4N0REODFGOTI5MDI2RkU2MUNBMzY4
ODhBNTFDMEU4MUZCM0NEMzM0MUQ0OUJBMzBBRDRDODk2NEUxQkU4NkRFRTAzQ0ZE
MUVFN0JGQTU5M0ZFNEZCODhCRTk0MUEwMUMyQTk0N0JGQzJCNzk4QjQ1RkJBQTcy
RDc4REMzMTE1NjNBQTZEQzcxQjEyQjc0OUUyNzZCMzVFNjgzOUI5M0JDODVDNEMw
MTZBRkVDOEE4NjA0NTVFNENBQUE3ODY0MzFDNzU1NDc5RDVEQUZBMzI3NjA2MDA4
MjM3OTdBREZBMkJDMjlCOEY0MDZDOTZGMDIwMzAxMDAwMTCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBALj6PpoVC+FePUXLNswgr7EpT+ASgeZ4HtWDKB7V
JwYTpnse+MykdVGvdekyqlBZPbXQ57H7uEWJqtBco0DBR5NWvwqx7K6xjfXgzwaX
rYbeFkHnvx4vZH4p5Db2dPTkYs02sVvFYWcilWCMqrhBqka5ZqR+C71HgXz0BpF4
N1suDIi3JUOn6ozVh92B+SkCb+Yco2iIpRwOgfs80zQdSbowrUyJZOG+ht7gPP0e
57+lk/5PuIvpQaAcKpR7/Ct5i0X7qnLXjcMRVjqm3HGxK3SeJ2s15oObk7yFxMAW
r+yKhgRV5MqqeGQxx1VHnV2voydgYAgjeXrforwpuPQGyW8CAwEAAaOCAnEwggJt
MB0GA1UdDgQWBBQYZNHQ1Oh794dZfkcCn+Ob5GOI6zAfBgNVHSMEGDAWgBTcYnaI
MLGxIBcWUY1eamUlsCNZOjAOBgNVHQ8BAf8EBAMCB4AwZQYDVR0fBF4wXDBaoFig
VoZUcnN5bmM6Ly9ycGtpLm11bHRhY29tLmNvbS9yZXBvL01DT01DQS8wL0RDNjI3
Njg4MzBCMUIxMjAxNzE2NTE4RDVFNkE2NTI1QjAyMzU5M0EuY3JsMIHzBggrBgEF
BQcBAQSB5jCB4zCB4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQv
cmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMt
MjE3MWRhMjE1N2QzLzc0NmUwMTExLWZhZmItNDMwZi1iNzc4LWQyMDRjZmNkOTlh
OC80ZGMwN2JhNi1kMzYwLTRjYTUtYTg2MC02MmU0ZTU0NzZmODQvODkwMTk0MDU5
N2M0OGY3ODVhOTFkNzIxMmI5Y2E3MWIxZjFmMjBhZGU2ODU2OGU1YjEuY2VyMIGC
BggrBgEFBQcBCwR2MHQwcgYIKwYBBQUHMAuGZnJzeW5jOi8vcnBraS5tdWx0YWNv
bS5jb20vcmVwby9NQ09NQ0EvMC8zMjMxMzYyZTMxMzIzNzJlMzEzOTMxMmUzMDJm
MzIzNDJkMzIzNDIwM2QzZTIwMzMzOTM1MzYzODMxLnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2H+/MA0G
CSqGSIb3DQEBCwUAA4IBAQB5f0jefcI0cRMTtxb1hwBsSfC03S/O21BX3KiUQBMH
Itm3tpaxt6XeUlv7MrgRx8iyNNKxC0CpVqqNu/jWCIxS2BDHhiQRf6nY/+0Qwk19
Lg25/CbsqecrVQu5rx6gh6WR5G639Yg7ueKM6mca0vbPnxNYqQIJ7otTV5nEpWXV
5cXkkRGfcCj5Zes518klRgB8RXdKq0IRKWcKnvz6bKQ9bLB6Z5OfaBSH5jPd6o14
N/y9E7AqvoEHjNYBOcpxkY7820Kmm2KX7OS4MrytImmhM4RN+vtmZT0AeJ/Qw8Vo
FXZYjzu8BmfFHe+IyaOnhotEMsvoi2rz9UQ/FZWg+Voo
-----END CERTIFICATE-----
Generated at Wed Aug 9 22:55:20 2023 by rpki-client on console-fra.rpki-client.org