Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/04032c8f-1d57-4c3b-9043-a0e7febf167d/0/AS215898.roa
File: AS215898.roa (raw, json)
Hash identifier: 18SA6tHNuZwof+ezDfRYR3bEaJ1OHVvCX+7RgzLM818=
Subject key identifier: C7:DD:25:99:3C:C6:CC:52:65:49:06:E8:8C:C3:F0:29:A3:0C:4C:02
Certificate issuer: /CN=d5c3d5e70fc9ad10ba90d45dc66454e9e3a146a8
Certificate serial: 2618E3122483DFE3679C82B3C08C565E8764E565
Authority key identifier: D5:C3:D5:E7:0F:C9:AD:10:BA:90:D4:5D:C6:64:54:E9:E3:A1:46:A8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1cPV5w_JrRC6kNRdxmRU6eOhRqg.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/04032c8f-1d57-4c3b-9043-a0e7febf167d/0/AS215898.roa
Signing time: Wed 20 Dec 2023 16:22:04 +0000
ROA not before: Wed 20 Dec 2023 16:17:04 +0000
ROA not after: Wed 18 Dec 2024 16:22:04 +0000
asID: 215898
IP address blocks: 2a13:df85:bd00::/40 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
26:18:e3:12:24:83:df:e3:67:9c:82:b3:c0:8c:56:5e:87:64:e5:65
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d5c3d5e70fc9ad10ba90d45dc66454e9e3a146a8
Validity
Not Before: Dec 20 16:17:04 2023 GMT
Not After : Dec 18 16:22:04 2024 GMT
Subject: CN=C7DD25993CC6CC52654906E88CC3F029A30C4C02
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:95:ed:6b:c2:61:d6:e7:c1:1d:a1:1c:cb:10:
b5:04:6d:8b:e1:ab:3a:a2:71:aa:20:a1:e7:3e:a5:
4f:a7:82:ee:9f:ef:2c:0c:bd:78:8a:25:b2:7d:72:
e1:d3:41:ec:80:42:4d:72:7e:43:fd:f0:d2:4d:41:
55:3a:41:61:77:26:a5:b1:d9:ae:b5:b6:66:01:c0:
4a:a8:c6:c9:1d:da:b7:e8:0b:8f:9d:d5:55:d7:c2:
84:ef:59:24:27:63:8e:d3:7d:b9:d1:ae:d8:bd:f9:
47:1a:c5:14:04:ae:30:1d:8c:ef:b0:cf:eb:4f:b0:
83:06:7f:f4:13:18:9d:d2:d5:0b:8f:dd:e2:22:0d:
8d:5f:45:75:7f:f6:5e:be:a2:04:b1:a3:20:7e:12:
53:e1:f9:07:c3:31:37:7d:79:7b:91:4f:41:90:ce:
f2:a4:c1:38:c8:95:1a:51:eb:2f:bd:62:95:2e:ac:
06:6b:a8:42:77:e0:7d:c5:08:55:e9:b6:ee:fc:95:
7c:a4:3f:65:c0:db:52:15:38:3c:5b:7a:4b:73:a3:
dc:8d:12:e4:58:ea:60:18:8e:9f:b9:81:5f:d0:f7:
3e:b5:2e:32:f5:f2:b8:72:79:17:06:6e:21:29:cc:
7a:fb:03:d5:42:48:08:bc:91:63:8b:53:5d:8e:70:
e8:13
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C7:DD:25:99:3C:C6:CC:52:65:49:06:E8:8C:C3:F0:29:A3:0C:4C:02
X509v3 Authority Key Identifier:
keyid:D5:C3:D5:E7:0F:C9:AD:10:BA:90:D4:5D:C6:64:54:E9:E3:A1:46:A8
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/04032c8f-1d57-4c3b-9043-a0e7febf167d/0/D5C3D5E70FC9AD10BA90D45DC66454E9E3A146A8.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1cPV5w_JrRC6kNRdxmRU6eOhRqg.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/04032c8f-1d57-4c3b-9043-a0e7febf167d/0/AS215898.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a13:df85:bd00::/40
Signature Algorithm: sha256WithRSAEncryption
59:1a:c5:80:e4:a3:1c:18:1d:4e:d8:e5:aa:c1:ec:53:7a:fe:
c1:8b:23:1f:75:f8:c9:e1:87:74:39:f4:51:31:27:9e:ed:c2:
16:70:34:4a:66:21:23:28:4a:49:41:89:e9:13:c1:91:30:40:
40:c6:b6:c6:d8:54:ca:6a:08:8c:80:a0:50:2a:eb:75:2f:d6:
fa:bd:0b:1b:10:48:84:e9:bb:13:5f:48:06:42:df:18:4a:cc:
f3:bd:55:b0:85:5c:13:57:58:51:e9:76:f6:dd:b7:63:b9:5c:
40:96:a8:53:41:d7:27:72:41:d7:da:93:9c:1c:5c:16:03:b0:
8f:9d:d4:f9:47:07:85:49:e5:7f:aa:6a:b4:50:d4:db:98:d0:
b2:f1:fc:b4:17:03:a7:12:3a:5b:ca:c0:e7:8d:fa:c9:0a:a0:
80:6a:25:e0:75:f4:0f:13:3d:ee:11:4d:b5:8a:9d:e8:da:6e:
f2:16:f9:e9:10:7e:c1:fd:78:23:d9:da:e1:8a:4e:06:b1:f1:
13:e1:86:85:02:6c:b8:20:45:38:4e:a5:02:3d:a2:7d:f7:16:
87:72:f8:99:82:50:19:a2:27:25:b2:f3:8d:63:02:33:8f:94:
18:2a:b5:4d:b2:a5:9b:2f:cf:ed:79:08:66:39:98:4b:d0:a2:
2d:d4:10:7d
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgIUJhjjEiSD3+NnnIKzwIxWXodk5WUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDVjM2Q1ZTcwZmM5YWQxMGJhOTBkNDVkYzY2NDU0ZTll
M2ExNDZhODAeFw0yMzEyMjAxNjE3MDRaFw0yNDEyMTgxNjIyMDRaMDMxMTAvBgNV
BAMTKEM3REQyNTk5M0NDNkNDNTI2NTQ5MDZFODhDQzNGMDI5QTMwQzRDMDIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5le1rwmHW58EdoRzLELUEbYvh
qzqicaogoec+pU+ngu6f7ywMvXiKJbJ9cuHTQeyAQk1yfkP98NJNQVU6QWF3JqWx
2a61tmYBwEqoxskd2rfoC4+d1VXXwoTvWSQnY47TfbnRrti9+UcaxRQErjAdjO+w
z+tPsIMGf/QTGJ3S1QuP3eIiDY1fRXV/9l6+ogSxoyB+ElPh+QfDMTd9eXuRT0GQ
zvKkwTjIlRpR6y+9YpUurAZrqEJ34H3FCFXptu78lXykP2XA21IVODxbektzo9yN
EuRY6mAYjp+5gV/Q9z61LjL18rhyeRcGbiEpzHr7A9VCSAi8kWOLU12OcOgTAgMB
AAGjggIMMIICCDAdBgNVHQ4EFgQUx90lmTzGzFJlSQbojMPwKaMMTAIwHwYDVR0j
BBgwFoAU1cPV5w/JrRC6kNRdxmRU6eOhRqgwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDQwMzJjOGYtMWQ1Ny00YzNiLTkwNDMtYTBlN2ZlYmYx
NjdkLzAvRDVDM0Q1RTcwRkM5QUQxMEJBOTBENDVEQzY2NDU0RTlFM0ExNDZBOC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzFjUFY1d19KclJDNmtOUmR4bVJVNmVP
aFJxZy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA0MDMyYzhmLTFkNTct
NGMzYi05MDQzLWEwZTdmZWJmMTY3ZC8wL0FTMjE1ODk4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhPf
hb0wDQYJKoZIhvcNAQELBQADggEBAFkaxYDkoxwYHU7Y5arB7FN6/sGLIx91+Mnh
h3Q59FExJ57twhZwNEpmISMoSklBiekTwZEwQEDGtsbYVMpqCIyAoFAq63Uv1vq9
CxsQSITpuxNfSAZC3xhKzPO9VbCFXBNXWFHpdvbdt2O5XECWqFNB1ydyQdfak5wc
XBYDsI+d1PlHB4VJ5X+qarRQ1NuY0LLx/LQXA6cSOlvKwOeN+skKoIBqJeB19A8T
Pe4RTbWKnejabvIW+ekQfsH9eCPZ2uGKTgax8RPhhoUCbLggRThOpQI9on33Fody
+JmCUBmiJyWy841jAjOPlBgqtU2ypZsvz+15CGY5mEvQoi3UEH0=
-----END CERTIFICATE-----
Generated at Tue May 21 14:01:40 2024 by rpki-client on console-fra.rpki-client.org