Route Origin Authorization

$ rpki-client -vvf rpki.multacom.com/repo/MCOMCA/0/37322e34342e36342e302f32302d3234203d3e203335393136.roa
File:                     37322e34342e36342e302f32302d3234203d3e203335393136.roa (raw, json)
Hash identifier:          6EM15auVws5xx1kIONCo0pQNc66yP2J+KwITnduWxo4=
Subject key identifier:   35:4B:EB:29:04:36:55:17:AF:33:99:73:3C:A8:2E:D7:AF:83:0C:EB
Certificate issuer:       /CN=8901940597c48f785a91d7212b9ca71b1f1f20ade68568e5b1
Certificate serial:       57A63F579E359BBB689CEED1EAC7D768FDC6C165
Authority key identifier: DC:62:76:88:30:B1:B1:20:17:16:51:8D:5E:6A:65:25:B0:23:59:3A
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/4dc07ba6-d360-4ca5-a860-62e4e5476f84/8901940597c48f785a91d7212b9ca71b1f1f20ade68568e5b1.cer
Subject info access:      rsync://rpki.multacom.com/repo/MCOMCA/0/37322e34342e36342e302f32302d3234203d3e203335393136.roa
Signing time:             Sun 30 Jul 2023 02:00:00 +0000
ROA not before:           Sun 30 Jul 2023 01:55:00 +0000
ROA not after:            Tue 30 Jul 2024 02:00:00 +0000
asID:                     35916
IP address blocks:        72.44.64.0/20 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:a6:3f:57:9e:35:9b:bb:68:9c:ee:d1:ea:c7:d7:68:fd:c6:c1:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8901940597c48f785a91d7212b9ca71b1f1f20ade68568e5b1
        Validity
            Not Before: Jul 30 01:55:00 2023 GMT
            Not After : Jul 30 02:00:00 2024 GMT
        Subject: CN=3082010A0282010100A20D4476CF76F0105F8ED760B20F3FD71C81ED850BFC3B581CA1DE78AB41010146D281B78FD7EC6EE45B98A5C95F85B01FEEF2E82D168A6F26EFA4C968BDFE6E7C3FBC9E1B9FC0F2EEAE03C5580ABC9D9D31DD969DC0D4DA600ECDD5194819261D2A94C3444510BAB40A38F604DE8570543E6F90AB4BDD7BEC95EB1CCD325178B42833294E569E8A314C69AE56F3E993ADC624C5E16B5CCFE482D67A6B911B2F58F54169E1286741385FBCBEE6FF4A627178AF0D3870D517D28DE97620025531E1654D5B15D1329CBAC2FF0BE724ED4282E691A4172A698B473B1B2EC4851ADD8797714209BD9A64554A1E05278C7CA05C97EFA360309082BDBEB82AEA1E9E550203010001
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:0d:44:76:cf:76:f0:10:5f:8e:d7:60:b2:0f:
                    3f:d7:1c:81:ed:85:0b:fc:3b:58:1c:a1:de:78:ab:
                    41:01:01:46:d2:81:b7:8f:d7:ec:6e:e4:5b:98:a5:
                    c9:5f:85:b0:1f:ee:f2:e8:2d:16:8a:6f:26:ef:a4:
                    c9:68:bd:fe:6e:7c:3f:bc:9e:1b:9f:c0:f2:ee:ae:
                    03:c5:58:0a:bc:9d:9d:31:dd:96:9d:c0:d4:da:60:
                    0e:cd:d5:19:48:19:26:1d:2a:94:c3:44:45:10:ba:
                    b4:0a:38:f6:04:de:85:70:54:3e:6f:90:ab:4b:dd:
                    7b:ec:95:eb:1c:cd:32:51:78:b4:28:33:29:4e:56:
                    9e:8a:31:4c:69:ae:56:f3:e9:93:ad:c6:24:c5:e1:
                    6b:5c:cf:e4:82:d6:7a:6b:91:1b:2f:58:f5:41:69:
                    e1:28:67:41:38:5f:bc:be:e6:ff:4a:62:71:78:af:
                    0d:38:70:d5:17:d2:8d:e9:76:20:02:55:31:e1:65:
                    4d:5b:15:d1:32:9c:ba:c2:ff:0b:e7:24:ed:42:82:
                    e6:91:a4:17:2a:69:8b:47:3b:1b:2e:c4:85:1a:dd:
                    87:97:71:42:09:bd:9a:64:55:4a:1e:05:27:8c:7c:
                    a0:5c:97:ef:a3:60:30:90:82:bd:be:b8:2a:ea:1e:
                    9e:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:4B:EB:29:04:36:55:17:AF:33:99:73:3C:A8:2E:D7:AF:83:0C:EB
            X509v3 Authority Key Identifier:
                keyid:DC:62:76:88:30:B1:B1:20:17:16:51:8D:5E:6A:65:25:B0:23:59:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.multacom.com/repo/MCOMCA/0/DC62768830B1B1201716518D5E6A6525B023593A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/746e0111-fafb-430f-b778-d204cfcd99a8/4dc07ba6-d360-4ca5-a860-62e4e5476f84/8901940597c48f785a91d7212b9ca71b1f1f20ade68568e5b1.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.multacom.com/repo/MCOMCA/0/37322e34342e36342e302f32302d3234203d3e203335393136.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  72.44.64.0/20

    Signature Algorithm: sha256WithRSAEncryption
         7c:f0:86:24:af:72:9a:75:2e:b3:3e:c4:38:9e:44:12:c4:95:
         f3:e8:23:ba:45:53:c3:f4:3b:68:bc:61:67:58:28:03:64:ae:
         0d:ce:1e:f3:85:b7:b8:b5:4d:3c:79:56:8f:e5:46:a6:cc:54:
         68:e9:30:b2:6c:36:c5:ab:75:46:6d:fa:3c:a5:87:02:c0:8a:
         cb:94:33:7e:05:40:34:5b:c6:3e:50:cd:9f:97:40:e3:5a:ce:
         10:ab:f8:8c:6d:c9:8d:d5:55:f9:d2:e0:f3:7c:1e:a4:fa:5e:
         2e:82:6e:a2:65:c3:93:28:77:9c:9c:d7:25:ff:2c:fd:3b:53:
         52:4e:f0:78:2f:c7:b7:33:96:2f:73:77:94:ec:5d:23:13:5e:
         83:28:ec:af:9a:dc:62:ce:eb:a1:6e:8e:61:fa:b0:00:32:e0:
         c3:70:68:02:a8:69:3f:88:28:08:6e:e9:8b:31:98:1f:5c:d4:
         af:a4:31:29:01:a1:77:02:71:16:06:52:31:b0:5d:8a:6a:c5:
         3a:f7:a8:6b:74:49:f4:4a:f4:aa:10:15:c0:20:5b:50:82:63:
         52:60:2c:6e:81:3f:a8:76:7b:9f:6b:19:24:f5:88:a2:db:25:
         27:da:30:2c:c7:6d:4c:b7:a2:1f:0d:82:9d:80:cd:ba:9e:97:
         17:26:31:bb
-----BEGIN CERTIFICATE-----
MIIHZDCCBkygAwIBAgIUV6Y/V541m7tonO7R6sfXaP3GwWUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyODkwMTk0MDU5N2M0OGY3ODVhOTFkNzIxMmI5Y2E3MWIx
ZjFmMjBhZGU2ODU2OGU1YjEwHhcNMjMwNzMwMDE1NTAwWhcNMjQwNzMwMDIwMDAw
WjCCAi0xggIpMIICJQYDVQQDE4ICHDMwODIwMTBBMDI4MjAxMDEwMEEyMEQ0NDc2
Q0Y3NkYwMTA1RjhFRDc2MEIyMEYzRkQ3MUM4MUVEODUwQkZDM0I1ODFDQTFERTc4
QUI0MTAxMDE0NkQyODFCNzhGRDdFQzZFRTQ1Qjk4QTVDOTVGODVCMDFGRUVGMkU4
MkQxNjhBNkYyNkVGQTRDOTY4QkRGRTZFN0MzRkJDOUUxQjlGQzBGMkVFQUUwM0M1
NTgwQUJDOUQ5RDMxREQ5NjlEQzBENERBNjAwRUNERDUxOTQ4MTkyNjFEMkE5NEMz
NDQ0NTEwQkFCNDBBMzhGNjA0REU4NTcwNTQzRTZGOTBBQjRCREQ3QkVDOTVFQjFD
Q0QzMjUxNzhCNDI4MzMyOTRFNTY5RThBMzE0QzY5QUU1NkYzRTk5M0FEQzYyNEM1
RTE2QjVDQ0ZFNDgyRDY3QTZCOTExQjJGNThGNTQxNjlFMTI4Njc0MTM4NUZCQ0JF
RTZGRjRBNjI3MTc4QUYwRDM4NzBENTE3RDI4REU5NzYyMDAyNTUzMUUxNjU0RDVC
MTVEMTMyOUNCQUMyRkYwQkU3MjRFRDQyODJFNjkxQTQxNzJBNjk4QjQ3M0IxQjJF
QzQ4NTFBREQ4Nzk3NzE0MjA5QkQ5QTY0NTU0QTFFMDUyNzhDN0NBMDVDOTdFRkEz
NjAzMDkwODJCREJFQjgyQUVBMUU5RTU1MDIwMzAxMDAwMTCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAKINRHbPdvAQX47XYLIPP9ccge2FC/w7WByh3nir
QQEBRtKBt4/X7G7kW5ilyV+FsB/u8ugtFopvJu+kyWi9/m58P7yeG5/A8u6uA8VY
CrydnTHdlp3A1NpgDs3VGUgZJh0qlMNERRC6tAo49gTehXBUPm+Qq0vde+yV6xzN
MlF4tCgzKU5WnooxTGmuVvPpk63GJMXha1zP5ILWemuRGy9Y9UFp4ShnQThfvL7m
/0picXivDThw1RfSjel2IAJVMeFlTVsV0TKcusL/C+ck7UKC5pGkFyppi0c7Gy7E
hRrdh5dxQgm9mmRVSh4FJ4x8oFyX76NgMJCCvb64KuoenlUCAwEAAaOCAmgwggJk
MB0GA1UdDgQWBBQ1S+spBDZVF68zmXM8qC7Xr4MM6zAfBgNVHSMEGDAWgBTcYnaI
MLGxIBcWUY1eamUlsCNZOjAOBgNVHQ8BAf8EBAMCB4AwZQYDVR0fBF4wXDBaoFig
VoZUcnN5bmM6Ly9ycGtpLm11bHRhY29tLmNvbS9yZXBvL01DT01DQS8wL0RDNjI3
Njg4MzBCMUIxMjAxNzE2NTE4RDVFNkE2NTI1QjAyMzU5M0EuY3JsMIHzBggrBgEF
BQcBAQSB5jCB4zCB4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQv
cmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMt
MjE3MWRhMjE1N2QzLzc0NmUwMTExLWZhZmItNDMwZi1iNzc4LWQyMDRjZmNkOTlh
OC80ZGMwN2JhNi1kMzYwLTRjYTUtYTg2MC02MmU0ZTU0NzZmODQvODkwMTk0MDU5
N2M0OGY3ODVhOTFkNzIxMmI5Y2E3MWIxZjFmMjBhZGU2ODU2OGU1YjEuY2VyMHoG
CCsGAQUFBwELBG4wbDBqBggrBgEFBQcwC4ZecnN5bmM6Ly9ycGtpLm11bHRhY29t
LmNvbS9yZXBvL01DT01DQS8wLzM3MzIyZTM0MzQyZTM2MzQyZTMwMmYzMjMwMmQz
MjM0MjAzZDNlMjAzMzM1MzkzMTM2LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUF
Bw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQESCxAMA0GCSqGSIb3DQEB
CwUAA4IBAQB88IYkr3KadS6zPsQ4nkQSxJXz6CO6RVPD9DtovGFnWCgDZK4Nzh7z
hbe4tU08eVaP5UamzFRo6TCybDbFq3VGbfo8pYcCwIrLlDN+BUA0W8Y+UM2fl0Dj
Ws4Qq/iMbcmN1VX50uDzfB6k+l4ugm6iZcOTKHecnNcl/yz9O1NSTvB4L8e3M5Yv
c3eU7F0jE16DKOyvmtxizuuhbo5h+rAAMuDDcGgCqGk/iCgIbumLMZgfXNSvpDEp
AaF3AnEWBlIxsF2KasU696hrdEn0SvSqEBXAIFtQgmNSYCxugT+odnufaxkk9Yii
2yUn2jAsx21Mt6IfDYKdgM26npcXJjG7
-----END CERTIFICATE-----
Generated at Wed Aug 9 22:55:20 2023 by rpki-client on console-fra.rpki-client.org