Route Origin Authorization

$ rpki-client -vvf rpki.multacom.com/repo/MCOMCA/0/34332e3232362e32342e302f32322d3234203d3e203335393136.roa
File:                     34332e3232362e32342e302f32322d3234203d3e203335393136.roa (raw, json)
Hash identifier:          3wkldXKtnn4JYYwkLIcvYSe0ZZHMTc5BuB3gsmVBxUY=
Subject key identifier:   5D:F8:80:E4:E4:78:58:8E:54:BE:6A:03:72:01:42:4B:B3:95:88:33
Certificate issuer:       /CN=8901940597c48f785a91d7212b9ca71b1f1f20ade68568e5b1
Certificate serial:       15C6FE24B72EAE887A09843B961CF8F091D2F299
Authority key identifier: DC:62:76:88:30:B1:B1:20:17:16:51:8D:5E:6A:65:25:B0:23:59:3A
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/4dc07ba6-d360-4ca5-a860-62e4e5476f84/8901940597c48f785a91d7212b9ca71b1f1f20ade68568e5b1.cer
Subject info access:      rsync://rpki.multacom.com/repo/MCOMCA/0/34332e3232362e32342e302f32322d3234203d3e203335393136.roa
Signing time:             Sat 29 Jul 2023 19:00:01 +0000
ROA not before:           Sat 29 Jul 2023 18:55:01 +0000
ROA not after:            Mon 29 Jul 2024 19:00:01 +0000
asID:                     35916
IP address blocks:        43.226.24.0/22 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            15:c6:fe:24:b7:2e:ae:88:7a:09:84:3b:96:1c:f8:f0:91:d2:f2:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8901940597c48f785a91d7212b9ca71b1f1f20ade68568e5b1
        Validity
            Not Before: Jul 29 18:55:01 2023 GMT
            Not After : Jul 29 19:00:01 2024 GMT
        Subject: CN=3082010A0282010100D2BA51DD63A35CA75435CA727569373510BEDB6DC37BA56DBE9EC687CE6A57407B2813AEB3B0E46E1E00074F56FAB22A87996176EC96758C1AA0F12190E249DE4A27BADD79D63DD33CD3DD0EABB38AFC883CFF9242DFB39A1BF3AA71C9B2D1AA31481F70A56C22F2D8C40B9FE92B4942B830E489556E820489F955266ACE5EEB2F05CB586CEDA6AEE2CF54635A16B724D574B7ABE5E8847E419A92E9081C32630371944149B74BA0D134BA028A0925076787AFC5FD047759A7A1B6AC8055F3BC3072734B3BB9E5229B979799CA2DCBE779FDBF4C7EB240F7EB9AED4B6456253B705058E38E0FAB9102AE480C33A4E7C4291B2C64809DC4814C6D8677EA7A0EAD0203010001
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:ba:51:dd:63:a3:5c:a7:54:35:ca:72:75:69:
                    37:35:10:be:db:6d:c3:7b:a5:6d:be:9e:c6:87:ce:
                    6a:57:40:7b:28:13:ae:b3:b0:e4:6e:1e:00:07:4f:
                    56:fa:b2:2a:87:99:61:76:ec:96:75:8c:1a:a0:f1:
                    21:90:e2:49:de:4a:27:ba:dd:79:d6:3d:d3:3c:d3:
                    dd:0e:ab:b3:8a:fc:88:3c:ff:92:42:df:b3:9a:1b:
                    f3:aa:71:c9:b2:d1:aa:31:48:1f:70:a5:6c:22:f2:
                    d8:c4:0b:9f:e9:2b:49:42:b8:30:e4:89:55:6e:82:
                    04:89:f9:55:26:6a:ce:5e:eb:2f:05:cb:58:6c:ed:
                    a6:ae:e2:cf:54:63:5a:16:b7:24:d5:74:b7:ab:e5:
                    e8:84:7e:41:9a:92:e9:08:1c:32:63:03:71:94:41:
                    49:b7:4b:a0:d1:34:ba:02:8a:09:25:07:67:87:af:
                    c5:fd:04:77:59:a7:a1:b6:ac:80:55:f3:bc:30:72:
                    73:4b:3b:b9:e5:22:9b:97:97:99:ca:2d:cb:e7:79:
                    fd:bf:4c:7e:b2:40:f7:eb:9a:ed:4b:64:56:25:3b:
                    70:50:58:e3:8e:0f:ab:91:02:ae:48:0c:33:a4:e7:
                    c4:29:1b:2c:64:80:9d:c4:81:4c:6d:86:77:ea:7a:
                    0e:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:F8:80:E4:E4:78:58:8E:54:BE:6A:03:72:01:42:4B:B3:95:88:33
            X509v3 Authority Key Identifier:
                keyid:DC:62:76:88:30:B1:B1:20:17:16:51:8D:5E:6A:65:25:B0:23:59:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.multacom.com/repo/MCOMCA/0/DC62768830B1B1201716518D5E6A6525B023593A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/4dc07ba6-d360-4ca5-a860-62e4e5476f84/8901940597c48f785a91d7212b9ca71b1f1f20ade68568e5b1.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.multacom.com/repo/MCOMCA/0/34332e3232362e32342e302f32322d3234203d3e203335393136.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.226.24.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b8:7a:1d:0d:e0:d3:4f:e7:54:da:ac:1a:70:86:53:17:d0:0d:
         ad:8f:ab:bc:af:ed:5d:89:2e:2f:79:5f:a2:cd:56:94:63:4b:
         a1:b6:83:50:85:02:8c:d2:ea:a3:7e:e7:4f:96:76:1d:1a:7f:
         59:cb:78:a5:f1:ab:ac:77:bc:6b:33:95:8c:f4:b0:a8:6e:90:
         55:36:5b:a1:d0:33:a3:a6:6b:2b:e8:aa:c8:40:31:7a:c2:20:
         62:b0:22:16:34:ff:a2:c4:3c:3e:70:4b:c7:3e:31:6a:e6:35:
         51:5a:58:1e:70:2e:7a:ee:76:48:1f:ff:04:05:3e:c7:0b:08:
         bf:65:d4:eb:4c:73:11:de:50:f9:ee:9b:ce:6e:83:f7:25:25:
         a1:4b:af:e0:49:69:8a:c7:99:d1:9e:c8:cf:08:c3:03:a2:7d:
         36:56:6d:4b:f2:52:a0:9d:d7:b4:01:c7:87:8f:c2:dc:ed:c9:
         d2:95:65:35:5d:23:70:12:56:85:cd:8f:28:e1:e8:38:ee:a6:
         3f:48:ad:90:49:6c:31:33:31:bc:f6:32:1b:2f:a3:c2:09:ba:
         4d:7b:48:7b:5c:35:4f:55:75:e4:af:11:50:7a:74:26:f2:59:
         0c:77:f6:67:30:8a:37:8b:72:14:c5:19:3a:eb:eb:af:28:bc:
         1a:ea:62:d3
-----BEGIN CERTIFICATE-----
MIIHZjCCBk6gAwIBAgIUFcb+JLcuroh6CYQ7lhz48JHS8pkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyODkwMTk0MDU5N2M0OGY3ODVhOTFkNzIxMmI5Y2E3MWIx
ZjFmMjBhZGU2ODU2OGU1YjEwHhcNMjMwNzI5MTg1NTAxWhcNMjQwNzI5MTkwMDAx
WjCCAi0xggIpMIICJQYDVQQDE4ICHDMwODIwMTBBMDI4MjAxMDEwMEQyQkE1MURE
NjNBMzVDQTc1NDM1Q0E3Mjc1NjkzNzM1MTBCRURCNkRDMzdCQTU2REJFOUVDNjg3
Q0U2QTU3NDA3QjI4MTNBRUIzQjBFNDZFMUUwMDA3NEY1NkZBQjIyQTg3OTk2MTc2
RUM5Njc1OEMxQUEwRjEyMTkwRTI0OURFNEEyN0JBREQ3OUQ2M0REMzNDRDNERDBF
QUJCMzhBRkM4ODNDRkY5MjQyREZCMzlBMUJGM0FBNzFDOUIyRDFBQTMxNDgxRjcw
QTU2QzIyRjJEOEM0MEI5RkU5MkI0OTQyQjgzMEU0ODk1NTZFODIwNDg5Rjk1NTI2
NkFDRTVFRUIyRjA1Q0I1ODZDRURBNkFFRTJDRjU0NjM1QTE2QjcyNEQ1NzRCN0FC
RTVFODg0N0U0MTlBOTJFOTA4MUMzMjYzMDM3MTk0NDE0OUI3NEJBMEQxMzRCQTAy
OEEwOTI1MDc2Nzg3QUZDNUZEMDQ3NzU5QTdBMUI2QUM4MDU1RjNCQzMwNzI3MzRC
M0JCOUU1MjI5Qjk3OTc5OUNBMkRDQkU3NzlGREJGNEM3RUIyNDBGN0VCOUFFRDRC
NjQ1NjI1M0I3MDUwNThFMzhFMEZBQjkxMDJBRTQ4MEMzM0E0RTdDNDI5MUIyQzY0
ODA5REM0ODE0QzZEODY3N0VBN0EwRUFEMDIwMzAxMDAwMTCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBANK6Ud1jo1ynVDXKcnVpNzUQvtttw3ulbb6exofO
aldAeygTrrOw5G4eAAdPVvqyKoeZYXbslnWMGqDxIZDiSd5KJ7rdedY90zzT3Q6r
s4r8iDz/kkLfs5ob86pxybLRqjFIH3ClbCLy2MQLn+krSUK4MOSJVW6CBIn5VSZq
zl7rLwXLWGztpq7iz1RjWha3JNV0t6vl6IR+QZqS6QgcMmMDcZRBSbdLoNE0ugKK
CSUHZ4evxf0Ed1mnobasgFXzvDByc0s7ueUim5eXmcoty+d5/b9MfrJA9+ua7Utk
ViU7cFBY444Pq5ECrkgMM6TnxCkbLGSAncSBTG2Gd+p6Dq0CAwEAAaOCAmowggJm
MB0GA1UdDgQWBBRd+IDk5HhYjlS+agNyAUJLs5WIMzAfBgNVHSMEGDAWgBTcYnaI
MLGxIBcWUY1eamUlsCNZOjAOBgNVHQ8BAf8EBAMCB4AwZQYDVR0fBF4wXDBaoFig
VoZUcnN5bmM6Ly9ycGtpLm11bHRhY29tLmNvbS9yZXBvL01DT01DQS8wL0RDNjI3
Njg4MzBCMUIxMjAxNzE2NTE4RDVFNkE2NTI1QjAyMzU5M0EuY3JsMIHzBggrBgEF
BQcBAQSB5jCB4zCB4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQv
cmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMt
MjE3MWRhMjE1N2QzLzc0NmUwMTExLWZhZmItNDMwZi1iNzc4LWQyMDRjZmNkOTlh
OC80ZGMwN2JhNi1kMzYwLTRjYTUtYTg2MC02MmU0ZTU0NzZmODQvODkwMTk0MDU5
N2M0OGY3ODVhOTFkNzIxMmI5Y2E3MWIxZjFmMjBhZGU2ODU2OGU1YjEuY2VyMHwG
CCsGAQUFBwELBHAwbjBsBggrBgEFBQcwC4ZgcnN5bmM6Ly9ycGtpLm11bHRhY29t
LmNvbS9yZXBvL01DT01DQS8wLzM0MzMyZTMyMzIzNjJlMzIzNDJlMzAyZjMyMzIy
ZDMyMzQyMDNkM2UyMDMzMzUzOTMxMzYucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYB
BQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAIr4hgwDQYJKoZIhvcN
AQELBQADggEBALh6HQ3g00/nVNqsGnCGUxfQDa2Pq7yv7V2JLi95X6LNVpRjS6G2
g1CFAozS6qN+50+Wdh0af1nLeKXxq6x3vGszlYz0sKhukFU2W6HQM6OmayvoqshA
MXrCIGKwIhY0/6LEPD5wS8c+MWrmNVFaWB5wLnrudkgf/wQFPscLCL9l1OtMcxHe
UPnum85ug/clJaFLr+BJaYrHmdGeyM8IwwOifTZWbUvyUqCd17QBx4ePwtztydKV
ZTVdI3ASVoXNjyjh6Djupj9IrZBJbDEzMbz2Mhsvo8IJuk17SHtcNU9VdeSvEVB6
dCbyWQx39mcwijeLchTFGTrr668ovBrqYtM=
-----END CERTIFICATE-----
Generated at Wed Aug 9 22:59:11 2023 by rpki-client on console-ams.rpki-client.org