Route Origin Authorization

$ rpki-client -vvf rpki.multacom.com/repo/MCOMCA/0/3231362e32342e3234302e302f32302d3234203d3e203335393136.roa
File:                     3231362e32342e3234302e302f32302d3234203d3e203335393136.roa (raw, json)
Hash identifier:          hdbBGKAsuMj/ntZre0+uoIzcY9Enm4y+MHmo1CXk/y4=
Subject key identifier:   C2:F4:6A:A4:8E:D7:CA:C5:BD:DF:97:56:A0:F2:DE:17:86:F3:D2:FD
Certificate issuer:       /CN=8901940597c48f785a91d7212b9ca71b1f1f20ade68568e5b1
Certificate serial:       538F29F98013F811F91E169CA1920E4853553D98
Authority key identifier: DC:62:76:88:30:B1:B1:20:17:16:51:8D:5E:6A:65:25:B0:23:59:3A
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/4dc07ba6-d360-4ca5-a860-62e4e5476f84/8901940597c48f785a91d7212b9ca71b1f1f20ade68568e5b1.cer
Subject info access:      rsync://rpki.multacom.com/repo/MCOMCA/0/3231362e32342e3234302e302f32302d3234203d3e203335393136.roa
Signing time:             Sun 30 Jul 2023 02:00:00 +0000
ROA not before:           Sun 30 Jul 2023 01:55:00 +0000
ROA not after:            Tue 30 Jul 2024 02:00:00 +0000
asID:                     35916
IP address blocks:        216.24.240.0/20 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:8f:29:f9:80:13:f8:11:f9:1e:16:9c:a1:92:0e:48:53:55:3d:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8901940597c48f785a91d7212b9ca71b1f1f20ade68568e5b1
        Validity
            Not Before: Jul 30 01:55:00 2023 GMT
            Not After : Jul 30 02:00:00 2024 GMT
        Subject: CN=3082010A0282010100C1205526E7CD7F78362327CE41EC81A8AE3EC920F2E1A2114A43597FC7500140CC9949533D2F06725173A4BF4BFB2FB73C9157AE7C0F5C47C2233895627386512FBD8D145CEAD63B4CFF5CD9A94C9576C58803874FFB8B7D1ADD005914624AD20082986D75A6A9D6B3DAF676BB6CDE1CAE1DF881E171129225AEA74F66EE93A6639A9F99851AAFA654F50963998E9DD4F91B55D7D9767F33443DBF2DCE653656D4EB297021D8859B85D0004FE644026E25DA1F9746734A3343B78624CE6C4FA3854CE90D16A3CEB100F54E027F8C23502F4D9B0FE740376B3EA7015C0C029FB06EE03154C69E9814A671824F5BEE07E45A16A0ACC6D73D69C8F5A09183B3F3150203010001
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:20:55:26:e7:cd:7f:78:36:23:27:ce:41:ec:
                    81:a8:ae:3e:c9:20:f2:e1:a2:11:4a:43:59:7f:c7:
                    50:01:40:cc:99:49:53:3d:2f:06:72:51:73:a4:bf:
                    4b:fb:2f:b7:3c:91:57:ae:7c:0f:5c:47:c2:23:38:
                    95:62:73:86:51:2f:bd:8d:14:5c:ea:d6:3b:4c:ff:
                    5c:d9:a9:4c:95:76:c5:88:03:87:4f:fb:8b:7d:1a:
                    dd:00:59:14:62:4a:d2:00:82:98:6d:75:a6:a9:d6:
                    b3:da:f6:76:bb:6c:de:1c:ae:1d:f8:81:e1:71:12:
                    92:25:ae:a7:4f:66:ee:93:a6:63:9a:9f:99:85:1a:
                    af:a6:54:f5:09:63:99:8e:9d:d4:f9:1b:55:d7:d9:
                    76:7f:33:44:3d:bf:2d:ce:65:36:56:d4:eb:29:70:
                    21:d8:85:9b:85:d0:00:4f:e6:44:02:6e:25:da:1f:
                    97:46:73:4a:33:43:b7:86:24:ce:6c:4f:a3:85:4c:
                    e9:0d:16:a3:ce:b1:00:f5:4e:02:7f:8c:23:50:2f:
                    4d:9b:0f:e7:40:37:6b:3e:a7:01:5c:0c:02:9f:b0:
                    6e:e0:31:54:c6:9e:98:14:a6:71:82:4f:5b:ee:07:
                    e4:5a:16:a0:ac:c6:d7:3d:69:c8:f5:a0:91:83:b3:
                    f3:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:F4:6A:A4:8E:D7:CA:C5:BD:DF:97:56:A0:F2:DE:17:86:F3:D2:FD
            X509v3 Authority Key Identifier:
                keyid:DC:62:76:88:30:B1:B1:20:17:16:51:8D:5E:6A:65:25:B0:23:59:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.multacom.com/repo/MCOMCA/0/DC62768830B1B1201716518D5E6A6525B023593A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/4dc07ba6-d360-4ca5-a860-62e4e5476f84/8901940597c48f785a91d7212b9ca71b1f1f20ade68568e5b1.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.multacom.com/repo/MCOMCA/0/3231362e32342e3234302e302f32302d3234203d3e203335393136.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.24.240.0/20

    Signature Algorithm: sha256WithRSAEncryption
         af:cd:e2:b1:a1:f9:35:0b:0d:59:32:52:38:d3:33:fb:ac:7c:
         a1:e4:21:71:1b:d1:1b:5d:66:52:4e:5c:d6:b4:26:a2:79:f3:
         08:0d:6b:5d:0d:86:df:dc:19:7f:b9:c4:f2:df:34:b2:2c:8d:
         c5:8a:c5:59:aa:7a:5a:89:4f:13:7a:cf:e1:5f:d3:fc:7e:c3:
         ac:c6:d4:85:a0:72:de:9f:3b:42:91:87:1e:65:a4:db:f0:d8:
         2c:10:70:e2:8a:f8:aa:9a:b5:78:06:6c:68:03:ef:4e:12:cf:
         9c:a5:29:06:c7:18:6c:a7:da:3b:54:b8:fd:01:00:6c:6d:7b:
         f7:1b:b1:ac:ae:39:41:c0:0b:ba:4c:92:15:c7:b3:e6:c4:2e:
         a6:80:28:be:04:81:02:0f:54:19:80:4e:ab:ab:30:50:bf:76:
         d3:ae:da:93:a8:36:e3:03:a0:44:e3:de:d3:03:ca:d2:af:7a:
         67:4a:02:9a:89:95:4b:80:8b:ab:de:35:8f:a3:bf:71:08:eb:
         bf:ec:b1:43:73:59:b5:5d:3f:07:9d:c6:8e:a0:7d:46:73:7a:
         c7:fd:4b:95:10:59:0e:a3:bc:a5:bc:ea:79:11:c1:82:aa:ec:
         fb:6e:de:e4:63:45:cc:37:1b:28:27:29:e1:06:d0:e0:f7:44:
         25:45:2b:21
-----BEGIN CERTIFICATE-----
MIIHaDCCBlCgAwIBAgIUU48p+YAT+BH5HhacoZIOSFNVPZgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyODkwMTk0MDU5N2M0OGY3ODVhOTFkNzIxMmI5Y2E3MWIx
ZjFmMjBhZGU2ODU2OGU1YjEwHhcNMjMwNzMwMDE1NTAwWhcNMjQwNzMwMDIwMDAw
WjCCAi0xggIpMIICJQYDVQQDE4ICHDMwODIwMTBBMDI4MjAxMDEwMEMxMjA1NTI2
RTdDRDdGNzgzNjIzMjdDRTQxRUM4MUE4QUUzRUM5MjBGMkUxQTIxMTRBNDM1OTdG
Qzc1MDAxNDBDQzk5NDk1MzNEMkYwNjcyNTE3M0E0QkY0QkZCMkZCNzNDOTE1N0FF
N0MwRjVDNDdDMjIzMzg5NTYyNzM4NjUxMkZCRDhEMTQ1Q0VBRDYzQjRDRkY1Q0Q5
QTk0Qzk1NzZDNTg4MDM4NzRGRkI4QjdEMUFERDAwNTkxNDYyNEFEMjAwODI5ODZE
NzVBNkE5RDZCM0RBRjY3NkJCNkNERTFDQUUxREY4ODFFMTcxMTI5MjI1QUVBNzRG
NjZFRTkzQTY2MzlBOUY5OTg1MUFBRkE2NTRGNTA5NjM5OThFOURENEY5MUI1NUQ3
RDk3NjdGMzM0NDNEQkYyRENFNjUzNjU2RDRFQjI5NzAyMUQ4ODU5Qjg1RDAwMDRG
RTY0NDAyNkUyNURBMUY5NzQ2NzM0QTMzNDNCNzg2MjRDRTZDNEZBMzg1NENFOTBE
MTZBM0NFQjEwMEY1NEUwMjdGOEMyMzUwMkY0RDlCMEZFNzQwMzc2QjNFQTcwMTVD
MEMwMjlGQjA2RUUwMzE1NEM2OUU5ODE0QTY3MTgyNEY1QkVFMDdFNDVBMTZBMEFD
QzZENzNENjlDOEY1QTA5MTgzQjNGMzE1MDIwMzAxMDAwMTCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAMEgVSbnzX94NiMnzkHsgaiuPskg8uGiEUpDWX/H
UAFAzJlJUz0vBnJRc6S/S/svtzyRV658D1xHwiM4lWJzhlEvvY0UXOrWO0z/XNmp
TJV2xYgDh0/7i30a3QBZFGJK0gCCmG11pqnWs9r2drts3hyuHfiB4XESkiWup09m
7pOmY5qfmYUar6ZU9QljmY6d1PkbVdfZdn8zRD2/Lc5lNlbU6ylwIdiFm4XQAE/m
RAJuJdofl0ZzSjNDt4YkzmxPo4VM6Q0Wo86xAPVOAn+MI1AvTZsP50A3az6nAVwM
Ap+wbuAxVMaemBSmcYJPW+4H5FoWoKzG1z1pyPWgkYOz8xUCAwEAAaOCAmwwggJo
MB0GA1UdDgQWBBTC9GqkjtfKxb3fl1ag8t4XhvPS/TAfBgNVHSMEGDAWgBTcYnaI
MLGxIBcWUY1eamUlsCNZOjAOBgNVHQ8BAf8EBAMCB4AwZQYDVR0fBF4wXDBaoFig
VoZUcnN5bmM6Ly9ycGtpLm11bHRhY29tLmNvbS9yZXBvL01DT01DQS8wL0RDNjI3
Njg4MzBCMUIxMjAxNzE2NTE4RDVFNkE2NTI1QjAyMzU5M0EuY3JsMIHzBggrBgEF
BQcBAQSB5jCB4zCB4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQv
cmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMt
MjE3MWRhMjE1N2QzLzc0NmUwMTExLWZhZmItNDMwZi1iNzc4LWQyMDRjZmNkOTlh
OC80ZGMwN2JhNi1kMzYwLTRjYTUtYTg2MC02MmU0ZTU0NzZmODQvODkwMTk0MDU5
N2M0OGY3ODVhOTFkNzIxMmI5Y2E3MWIxZjFmMjBhZGU2ODU2OGU1YjEuY2VyMH4G
CCsGAQUFBwELBHIwcDBuBggrBgEFBQcwC4ZicnN5bmM6Ly9ycGtpLm11bHRhY29t
LmNvbS9yZXBvL01DT01DQS8wLzMyMzEzNjJlMzIzNDJlMzIzNDMwMmUzMDJmMzIz
MDJkMzIzNDIwM2QzZTIwMzMzNTM5MzEzNi5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBNgY8DANBgkqhkiG
9w0BAQsFAAOCAQEAr83isaH5NQsNWTJSONMz+6x8oeQhcRvRG11mUk5c1rQmonnz
CA1rXQ2G39wZf7nE8t80siyNxYrFWap6WolPE3rP4V/T/H7DrMbUhaBy3p87QpGH
HmWk2/DYLBBw4or4qpq1eAZsaAPvThLPnKUpBscYbKfaO1S4/QEAbG179xuxrK45
QcALukySFcez5sQupoAovgSBAg9UGYBOq6swUL92067ak6g24wOgROPe0wPK0q96
Z0oCmomVS4CLq941j6O/cQjrv+yxQ3NZtV0/B53GjqB9RnN6x/1LlRBZDqO8pbzq
eRHBgqrs+27e5GNFzDcbKCcp4QbQ4PdEJUUrIQ==
-----END CERTIFICATE-----
Generated at Wed Aug 9 22:55:20 2023 by rpki-client on console-fra.rpki-client.org