Route Origin Authorization

$ rpki-client -vvf rpki.multacom.com/repo/MCOMCA/0/36342e32372e302e302f31392d3234203d3e203335393136.roa
File:                     36342e32372e302e302f31392d3234203d3e203335393136.roa (raw, json)
Hash identifier:          eYHWgZqzz2QTaaktQz6RZeH1zHY0Qa90HWoIorOYEAA=
Subject key identifier:   45:75:36:39:08:D0:5D:39:17:AC:06:B3:4B:51:3E:78:E0:71:64:44
Certificate issuer:       /CN=8901940597c48f785a91d7212b9ca71b1f1f20ade68568e5b1
Certificate serial:       5B1CD02930B6012DEC1A0268BB895D5E2FD462C7
Authority key identifier: DC:62:76:88:30:B1:B1:20:17:16:51:8D:5E:6A:65:25:B0:23:59:3A
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/4dc07ba6-d360-4ca5-a860-62e4e5476f84/8901940597c48f785a91d7212b9ca71b1f1f20ade68568e5b1.cer
Subject info access:      rsync://rpki.multacom.com/repo/MCOMCA/0/36342e32372e302e302f31392d3234203d3e203335393136.roa
Signing time:             Sun 30 Jul 2023 02:00:00 +0000
ROA not before:           Sun 30 Jul 2023 01:55:00 +0000
ROA not after:            Tue 30 Jul 2024 02:00:00 +0000
asID:                     35916
IP address blocks:        64.27.0.0/19 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:1c:d0:29:30:b6:01:2d:ec:1a:02:68:bb:89:5d:5e:2f:d4:62:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8901940597c48f785a91d7212b9ca71b1f1f20ade68568e5b1
        Validity
            Not Before: Jul 30 01:55:00 2023 GMT
            Not After : Jul 30 02:00:00 2024 GMT
        Subject: CN=3082010A0282010100F934F8A3AD29C655EB55915E147A8262D91848C76BBFA821FCB1CCDE808BDFE6F6ABD184CFF0ED234CE3C274391E250DC084436203E09BAF8301E2DBA19B932EED949DEC4F1A843F2B563656CF208804F905E1154933B1593D8F2B3346D8AC677E473B9FC3FC916639047800FFBFB1B86EED117D13D7B0EA42F4D7C79E7C631B75A6838B1FEB2867885B4C00D1EA20037113F1754B898D7687BFCEE4444D834D1382F2BC01A424B31E411D01BEB5573F4CA84AF451C5F19D4832BC0474B0CD4D1A1F7A7BBAFA3F5B6F685D52938B4DA5C473BE519F7BD7A6D87B698E2F297EE67C92B574FF1FBD3F0E4673FA496BCFACF5F92CB954E0FC8CFF498339EDB3A7CB0203010001
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f9:34:f8:a3:ad:29:c6:55:eb:55:91:5e:14:7a:
                    82:62:d9:18:48:c7:6b:bf:a8:21:fc:b1:cc:de:80:
                    8b:df:e6:f6:ab:d1:84:cf:f0:ed:23:4c:e3:c2:74:
                    39:1e:25:0d:c0:84:43:62:03:e0:9b:af:83:01:e2:
                    db:a1:9b:93:2e:ed:94:9d:ec:4f:1a:84:3f:2b:56:
                    36:56:cf:20:88:04:f9:05:e1:15:49:33:b1:59:3d:
                    8f:2b:33:46:d8:ac:67:7e:47:3b:9f:c3:fc:91:66:
                    39:04:78:00:ff:bf:b1:b8:6e:ed:11:7d:13:d7:b0:
                    ea:42:f4:d7:c7:9e:7c:63:1b:75:a6:83:8b:1f:eb:
                    28:67:88:5b:4c:00:d1:ea:20:03:71:13:f1:75:4b:
                    89:8d:76:87:bf:ce:e4:44:4d:83:4d:13:82:f2:bc:
                    01:a4:24:b3:1e:41:1d:01:be:b5:57:3f:4c:a8:4a:
                    f4:51:c5:f1:9d:48:32:bc:04:74:b0:cd:4d:1a:1f:
                    7a:7b:ba:fa:3f:5b:6f:68:5d:52:93:8b:4d:a5:c4:
                    73:be:51:9f:7b:d7:a6:d8:7b:69:8e:2f:29:7e:e6:
                    7c:92:b5:74:ff:1f:bd:3f:0e:46:73:fa:49:6b:cf:
                    ac:f5:f9:2c:b9:54:e0:fc:8c:ff:49:83:39:ed:b3:
                    a7:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:75:36:39:08:D0:5D:39:17:AC:06:B3:4B:51:3E:78:E0:71:64:44
            X509v3 Authority Key Identifier:
                keyid:DC:62:76:88:30:B1:B1:20:17:16:51:8D:5E:6A:65:25:B0:23:59:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.multacom.com/repo/MCOMCA/0/DC62768830B1B1201716518D5E6A6525B023593A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/4dc07ba6-d360-4ca5-a860-62e4e5476f84/8901940597c48f785a91d7212b9ca71b1f1f20ade68568e5b1.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.multacom.com/repo/MCOMCA/0/36342e32372e302e302f31392d3234203d3e203335393136.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.27.0.0/19

    Signature Algorithm: sha256WithRSAEncryption
         00:49:ef:4b:96:37:a8:29:ba:f7:5c:53:cc:2f:a1:73:b8:72:
         6e:8b:66:66:28:c2:cb:9a:0b:be:27:c7:72:4b:72:78:38:9f:
         3a:82:2d:99:fb:d5:b8:9c:72:c4:dd:31:d8:1b:13:da:45:18:
         93:a2:a4:1e:bc:81:12:c0:7a:c4:3e:5d:5e:41:ed:06:a7:24:
         8d:cd:0b:14:c5:ab:80:43:f2:3c:85:11:a6:76:a9:9c:2d:06:
         12:3d:75:48:25:16:78:1c:09:34:e5:e5:cf:52:0b:c0:84:f4:
         84:1a:1a:48:64:4b:1b:89:ac:dd:5c:2f:0b:2b:12:20:b3:df:
         ac:ed:f3:f5:a9:a7:3d:23:fe:64:c4:59:d0:04:75:c6:61:e4:
         2c:e4:1d:21:65:0f:91:5f:dd:47:a5:72:9c:61:4b:a8:9a:c3:
         5e:94:2e:6c:af:4e:c2:52:f6:1e:5d:a0:05:19:b4:d1:bf:91:
         93:41:a4:91:b8:57:e6:dc:31:02:83:4c:7d:29:43:fa:e2:18:
         8c:8e:3c:31:01:d5:12:ae:b0:b7:f2:91:8c:28:45:e6:6c:93:
         8c:3e:cd:ef:69:26:7a:7f:8e:d5:28:d5:95:96:7d:2c:c9:81:
         a2:68:c7:c8:9e:4a:1e:d8:6f:94:29:64:08:52:5c:9c:78:2f:
         35:2b:6f:f5
-----BEGIN CERTIFICATE-----
MIIHYjCCBkqgAwIBAgIUWxzQKTC2AS3sGgJou4ldXi/UYscwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyODkwMTk0MDU5N2M0OGY3ODVhOTFkNzIxMmI5Y2E3MWIx
ZjFmMjBhZGU2ODU2OGU1YjEwHhcNMjMwNzMwMDE1NTAwWhcNMjQwNzMwMDIwMDAw
WjCCAi0xggIpMIICJQYDVQQDE4ICHDMwODIwMTBBMDI4MjAxMDEwMEY5MzRGOEEz
QUQyOUM2NTVFQjU1OTE1RTE0N0E4MjYyRDkxODQ4Qzc2QkJGQTgyMUZDQjFDQ0RF
ODA4QkRGRTZGNkFCRDE4NENGRjBFRDIzNENFM0MyNzQzOTFFMjUwREMwODQ0MzYy
MDNFMDlCQUY4MzAxRTJEQkExOUI5MzJFRUQ5NDlERUM0RjFBODQzRjJCNTYzNjU2
Q0YyMDg4MDRGOTA1RTExNTQ5MzNCMTU5M0Q4RjJCMzM0NkQ4QUM2NzdFNDczQjlG
QzNGQzkxNjYzOTA0NzgwMEZGQkZCMUI4NkVFRDExN0QxM0Q3QjBFQTQyRjREN0M3
OUU3QzYzMUI3NUE2ODM4QjFGRUIyODY3ODg1QjRDMDBEMUVBMjAwMzcxMTNGMTc1
NEI4OThENzY4N0JGQ0VFNDQ0NEQ4MzREMTM4MkYyQkMwMUE0MjRCMzFFNDExRDAx
QkVCNTU3M0Y0Q0E4NEFGNDUxQzVGMTlENDgzMkJDMDQ3NEIwQ0Q0RDFBMUY3QTdC
QkFGQTNGNUI2RjY4NUQ1MjkzOEI0REE1QzQ3M0JFNTE5RjdCRDdBNkQ4N0I2OThF
MkYyOTdFRTY3QzkyQjU3NEZGMUZCRDNGMEU0NjczRkE0OTZCQ0ZBQ0Y1RjkyQ0I5
NTRFMEZDOENGRjQ5ODMzOUVEQjNBN0NCMDIwMzAxMDAwMTCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAPk0+KOtKcZV61WRXhR6gmLZGEjHa7+oIfyxzN6A
i9/m9qvRhM/w7SNM48J0OR4lDcCEQ2ID4JuvgwHi26Gbky7tlJ3sTxqEPytWNlbP
IIgE+QXhFUkzsVk9jyszRtisZ35HO5/D/JFmOQR4AP+/sbhu7RF9E9ew6kL018ee
fGMbdaaDix/rKGeIW0wA0eogA3ET8XVLiY12h7/O5ERNg00TgvK8AaQksx5BHQG+
tVc/TKhK9FHF8Z1IMrwEdLDNTRofenu6+j9bb2hdUpOLTaXEc75Rn3vXpth7aY4v
KX7mfJK1dP8fvT8ORnP6SWvPrPX5LLlU4PyM/0mDOe2zp8sCAwEAAaOCAmYwggJi
MB0GA1UdDgQWBBRFdTY5CNBdOResBrNLUT544HFkRDAfBgNVHSMEGDAWgBTcYnaI
MLGxIBcWUY1eamUlsCNZOjAOBgNVHQ8BAf8EBAMCB4AwZQYDVR0fBF4wXDBaoFig
VoZUcnN5bmM6Ly9ycGtpLm11bHRhY29tLmNvbS9yZXBvL01DT01DQS8wL0RDNjI3
Njg4MzBCMUIxMjAxNzE2NTE4RDVFNkE2NTI1QjAyMzU5M0EuY3JsMIHzBggrBgEF
BQcBAQSB5jCB4zCB4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQv
cmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMt
MjE3MWRhMjE1N2QzLzc0NmUwMTExLWZhZmItNDMwZi1iNzc4LWQyMDRjZmNkOTlh
OC80ZGMwN2JhNi1kMzYwLTRjYTUtYTg2MC02MmU0ZTU0NzZmODQvODkwMTk0MDU5
N2M0OGY3ODVhOTFkNzIxMmI5Y2E3MWIxZjFmMjBhZGU2ODU2OGU1YjEuY2VyMHgG
CCsGAQUFBwELBGwwajBoBggrBgEFBQcwC4ZccnN5bmM6Ly9ycGtpLm11bHRhY29t
LmNvbS9yZXBvL01DT01DQS8wLzM2MzQyZTMyMzcyZTMwMmUzMDJmMzEzOTJkMzIz
NDIwM2QzZTIwMzMzNTM5MzEzNi5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcO
AjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBUAbADANBgkqhkiG9w0BAQsF
AAOCAQEAAEnvS5Y3qCm691xTzC+hc7hybotmZijCy5oLvifHcktyeDifOoItmfvV
uJxyxN0x2BsT2kUYk6KkHryBEsB6xD5dXkHtBqckjc0LFMWrgEPyPIURpnapnC0G
Ej11SCUWeBwJNOXlz1ILwIT0hBoaSGRLG4ms3VwvCysSILPfrO3z9amnPSP+ZMRZ
0AR1xmHkLOQdIWUPkV/dR6VynGFLqJrDXpQubK9OwlL2Hl2gBRm00b+Rk0GkkbhX
5twxAoNMfSlD+uIYjI48MQHVEq6wt/KRjChF5myTjD7N72kmen+O1SjVlZZ9LMmB
omjHyJ5KHthvlClkCFJcnHgvNStv9Q==
-----END CERTIFICATE-----
Generated at Wed Aug 9 22:59:11 2023 by rpki-client on console-ams.rpki-client.org