Route Origin Authorization

$ rpki-client -vvf rpki.multacom.com/repo/MCOMCA/0/32332e3233342e3139322e302f31382d3234203d3e203335393136.roa
File:                     32332e3233342e3139322e302f31382d3234203d3e203335393136.roa (raw, json)
Hash identifier:          wS0Inb3m7ibYoToD/T0nxMs3S21stblri0t0nruM+ao=
Subject key identifier:   DE:86:D3:AC:9D:28:51:B3:19:2B:67:30:79:6A:96:88:F6:52:05:20
Certificate issuer:       /CN=8901940597c48f785a91d7212b9ca71b1f1f20ade68568e5b1
Certificate serial:       53D29DE738860B24931990326C17A7D2C2A87B89
Authority key identifier: DC:62:76:88:30:B1:B1:20:17:16:51:8D:5E:6A:65:25:B0:23:59:3A
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/4dc07ba6-d360-4ca5-a860-62e4e5476f84/8901940597c48f785a91d7212b9ca71b1f1f20ade68568e5b1.cer
Subject info access:      rsync://rpki.multacom.com/repo/MCOMCA/0/32332e3233342e3139322e302f31382d3234203d3e203335393136.roa
Signing time:             Sat 29 Jul 2023 19:00:01 +0000
ROA not before:           Sat 29 Jul 2023 18:55:01 +0000
ROA not after:            Mon 29 Jul 2024 19:00:01 +0000
asID:                     35916
IP address blocks:        23.234.192.0/18 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:d2:9d:e7:38:86:0b:24:93:19:90:32:6c:17:a7:d2:c2:a8:7b:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8901940597c48f785a91d7212b9ca71b1f1f20ade68568e5b1
        Validity
            Not Before: Jul 29 18:55:01 2023 GMT
            Not After : Jul 29 19:00:01 2024 GMT
        Subject: CN=3082010A0282010100B808725CDF26F7DB27D982FB5EB533EF72155FFE0DA0A84E73FF657BFD2B904A89F1E6D16830F8F8EC9D28083310D26F6BF5537F427BA10FEF8E49EB3C1CD2693347E1D34BD2AE8713C02BAD368B90D933A9A6D3E093EC1222014BF1009D061A9D5AC94E10C1294AC6B1EE192231AF5F812337490F4ADF7E8E95A53FD8063923D22223C1D45A8A78E92A4F20C493B81E20E0B8543DDAA19C5E0E70A1D918790D7D78AC75BAD58FFFB73E42BBF773F087721A7C292A449E0737E63E7ABBF09BAF371DDBE6215B1D8F08510E8AA25F8FE37AF75435139C873815AA437BC46815B0849E9262A4A6D89C49BCEB179A85E5F8127664B0FF574FF89979FF91B4749B830203010001
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:08:72:5c:df:26:f7:db:27:d9:82:fb:5e:b5:
                    33:ef:72:15:5f:fe:0d:a0:a8:4e:73:ff:65:7b:fd:
                    2b:90:4a:89:f1:e6:d1:68:30:f8:f8:ec:9d:28:08:
                    33:10:d2:6f:6b:f5:53:7f:42:7b:a1:0f:ef:8e:49:
                    eb:3c:1c:d2:69:33:47:e1:d3:4b:d2:ae:87:13:c0:
                    2b:ad:36:8b:90:d9:33:a9:a6:d3:e0:93:ec:12:22:
                    01:4b:f1:00:9d:06:1a:9d:5a:c9:4e:10:c1:29:4a:
                    c6:b1:ee:19:22:31:af:5f:81:23:37:49:0f:4a:df:
                    7e:8e:95:a5:3f:d8:06:39:23:d2:22:23:c1:d4:5a:
                    8a:78:e9:2a:4f:20:c4:93:b8:1e:20:e0:b8:54:3d:
                    da:a1:9c:5e:0e:70:a1:d9:18:79:0d:7d:78:ac:75:
                    ba:d5:8f:ff:b7:3e:42:bb:f7:73:f0:87:72:1a:7c:
                    29:2a:44:9e:07:37:e6:3e:7a:bb:f0:9b:af:37:1d:
                    db:e6:21:5b:1d:8f:08:51:0e:8a:a2:5f:8f:e3:7a:
                    f7:54:35:13:9c:87:38:15:aa:43:7b:c4:68:15:b0:
                    84:9e:92:62:a4:a6:d8:9c:49:bc:eb:17:9a:85:e5:
                    f8:12:76:64:b0:ff:57:4f:f8:99:79:ff:91:b4:74:
                    9b:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:86:D3:AC:9D:28:51:B3:19:2B:67:30:79:6A:96:88:F6:52:05:20
            X509v3 Authority Key Identifier:
                keyid:DC:62:76:88:30:B1:B1:20:17:16:51:8D:5E:6A:65:25:B0:23:59:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.multacom.com/repo/MCOMCA/0/DC62768830B1B1201716518D5E6A6525B023593A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/4dc07ba6-d360-4ca5-a860-62e4e5476f84/8901940597c48f785a91d7212b9ca71b1f1f20ade68568e5b1.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.multacom.com/repo/MCOMCA/0/32332e3233342e3139322e302f31382d3234203d3e203335393136.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.234.192.0/18

    Signature Algorithm: sha256WithRSAEncryption
         7e:c7:b7:61:2a:2a:21:a4:b1:35:99:b6:ab:ff:62:fa:b1:fe:
         a7:a1:f5:df:d4:68:db:7b:e9:5f:33:a3:a1:6b:f4:f2:84:b0:
         69:ef:c8:d9:65:d9:fa:73:a3:ee:27:06:48:a8:3a:67:9d:e3:
         0f:7b:84:bd:6c:33:49:40:36:9f:7a:40:aa:2e:b5:26:d5:27:
         15:be:f5:e3:ab:66:4a:e7:0a:77:86:c5:1e:03:36:34:f0:a0:
         ac:11:d9:8d:04:e7:c3:09:e8:f1:f1:04:55:00:dc:86:a5:ea:
         32:a9:a7:32:29:1a:63:07:66:4e:c9:8c:2c:13:06:7f:87:72:
         42:61:68:76:dc:92:7f:f8:ca:6a:48:5b:b6:47:4f:93:c5:f5:
         b1:1a:20:5a:b8:0f:62:55:33:3b:fa:33:5a:7b:56:39:ae:29:
         cb:1d:9f:23:e3:2e:bb:31:90:35:8e:95:ba:79:8f:97:6b:20:
         ad:75:33:b1:5b:d3:6a:3c:31:55:1c:a8:b5:90:0d:a1:fd:93:
         a1:a0:97:c1:89:3f:e5:9d:03:6f:05:c2:9f:55:b0:4e:bf:4f:
         61:f6:58:68:78:8f:f5:11:8e:b6:9f:c8:15:37:cc:69:e4:50:
         11:b0:d4:5f:9e:7f:f0:2e:cc:b6:13:65:d6:07:4c:ed:3b:1e:
         dd:21:68:28
-----BEGIN CERTIFICATE-----
MIIHaDCCBlCgAwIBAgIUU9Kd5ziGCySTGZAybBen0sKoe4kwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyODkwMTk0MDU5N2M0OGY3ODVhOTFkNzIxMmI5Y2E3MWIx
ZjFmMjBhZGU2ODU2OGU1YjEwHhcNMjMwNzI5MTg1NTAxWhcNMjQwNzI5MTkwMDAx
WjCCAi0xggIpMIICJQYDVQQDE4ICHDMwODIwMTBBMDI4MjAxMDEwMEI4MDg3MjVD
REYyNkY3REIyN0Q5ODJGQjVFQjUzM0VGNzIxNTVGRkUwREEwQTg0RTczRkY2NTdC
RkQyQjkwNEE4OUYxRTZEMTY4MzBGOEY4RUM5RDI4MDgzMzEwRDI2RjZCRjU1MzdG
NDI3QkExMEZFRjhFNDlFQjNDMUNEMjY5MzM0N0UxRDM0QkQyQUU4NzEzQzAyQkFE
MzY4QjkwRDkzM0E5QTZEM0UwOTNFQzEyMjIwMTRCRjEwMDlEMDYxQTlENUFDOTRF
MTBDMTI5NEFDNkIxRUUxOTIyMzFBRjVGODEyMzM3NDkwRjRBREY3RThFOTVBNTNG
RDgwNjM5MjNEMjIyMjNDMUQ0NUE4QTc4RTkyQTRGMjBDNDkzQjgxRTIwRTBCODU0
M0REQUExOUM1RTBFNzBBMUQ5MTg3OTBEN0Q3OEFDNzVCQUQ1OEZGRkI3M0U0MkJC
Rjc3M0YwODc3MjFBN0MyOTJBNDQ5RTA3MzdFNjNFN0FCQkYwOUJBRjM3MUREQkU2
MjE1QjFEOEYwODUxMEU4QUEyNUY4RkUzN0FGNzU0MzUxMzlDODczODE1QUE0MzdC
QzQ2ODE1QjA4NDlFOTI2MkE0QTZEODlDNDlCQ0VCMTc5QTg1RTVGODEyNzY2NEIw
RkY1NzRGRjg5OTc5RkY5MUI0NzQ5QjgzMDIwMzAxMDAwMTCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBALgIclzfJvfbJ9mC+161M+9yFV/+DaCoTnP/ZXv9
K5BKifHm0Wgw+PjsnSgIMxDSb2v1U39Ce6EP745J6zwc0mkzR+HTS9KuhxPAK602
i5DZM6mm0+CT7BIiAUvxAJ0GGp1ayU4QwSlKxrHuGSIxr1+BIzdJD0rffo6VpT/Y
Bjkj0iIjwdRainjpKk8gxJO4HiDguFQ92qGcXg5wodkYeQ19eKx1utWP/7c+Qrv3
c/CHchp8KSpEngc35j56u/Cbrzcd2+YhWx2PCFEOiqJfj+N691Q1E5yHOBWqQ3vE
aBWwhJ6SYqSm2JxJvOsXmoXl+BJ2ZLD/V0/4mXn/kbR0m4MCAwEAAaOCAmwwggJo
MB0GA1UdDgQWBBTehtOsnShRsxkrZzB5apaI9lIFIDAfBgNVHSMEGDAWgBTcYnaI
MLGxIBcWUY1eamUlsCNZOjAOBgNVHQ8BAf8EBAMCB4AwZQYDVR0fBF4wXDBaoFig
VoZUcnN5bmM6Ly9ycGtpLm11bHRhY29tLmNvbS9yZXBvL01DT01DQS8wL0RDNjI3
Njg4MzBCMUIxMjAxNzE2NTE4RDVFNkE2NTI1QjAyMzU5M0EuY3JsMIHzBggrBgEF
BQcBAQSB5jCB4zCB4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQv
cmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMt
MjE3MWRhMjE1N2QzLzc0NmUwMTExLWZhZmItNDMwZi1iNzc4LWQyMDRjZmNkOTlh
OC80ZGMwN2JhNi1kMzYwLTRjYTUtYTg2MC02MmU0ZTU0NzZmODQvODkwMTk0MDU5
N2M0OGY3ODVhOTFkNzIxMmI5Y2E3MWIxZjFmMjBhZGU2ODU2OGU1YjEuY2VyMH4G
CCsGAQUFBwELBHIwcDBuBggrBgEFBQcwC4ZicnN5bmM6Ly9ycGtpLm11bHRhY29t
LmNvbS9yZXBvL01DT01DQS8wLzMyMzMyZTMyMzMzNDJlMzEzOTMyMmUzMDJmMzEz
ODJkMzIzNDIwM2QzZTIwMzMzNTM5MzEzNi5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBhfqwDANBgkqhkiG
9w0BAQsFAAOCAQEAfse3YSoqIaSxNZm2q/9i+rH+p6H139Ro23vpXzOjoWv08oSw
ae/I2WXZ+nOj7icGSKg6Z53jD3uEvWwzSUA2n3pAqi61JtUnFb7146tmSucKd4bF
HgM2NPCgrBHZjQTnwwno8fEEVQDchqXqMqmnMikaYwdmTsmMLBMGf4dyQmFodtyS
f/jKakhbtkdPk8X1sRogWrgPYlUzO/ozWntWOa4pyx2fI+MuuzGQNY6VunmPl2sg
rXUzsVvTajwxVRyotZANof2ToaCXwYk/5Z0DbwXCn1WwTr9PYfZYaHiP9RGOtp/I
FTfMaeRQEbDUX55/8C7MthNl1gdM7Tse3SFoKA==
-----END CERTIFICATE-----
Generated at Wed Aug 9 22:55:20 2023 by rpki-client on console-fra.rpki-client.org