Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/04032c8f-1d57-4c3b-9043-a0e7febf167d/0/AS216305.roa
File: AS216305.roa (raw, json)
Hash identifier: xX2Keb/SwEtX2RNC6q50Ag6HA4doVjSDrghcac3c8wE=
Subject key identifier: 9E:41:BC:60:A2:6F:FB:78:0A:D0:C0:74:51:E8:BC:BB:D3:C3:B3:C1
Certificate issuer: /CN=d5c3d5e70fc9ad10ba90d45dc66454e9e3a146a8
Certificate serial: 598C441FFD976C9AE82A1C7E02A475B9CD844710
Authority key identifier: D5:C3:D5:E7:0F:C9:AD:10:BA:90:D4:5D:C6:64:54:E9:E3:A1:46:A8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1cPV5w_JrRC6kNRdxmRU6eOhRqg.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/04032c8f-1d57-4c3b-9043-a0e7febf167d/0/AS216305.roa
Signing time: Mon 08 Apr 2024 20:11:42 +0000
ROA not before: Mon 08 Apr 2024 20:06:42 +0000
ROA not after: Mon 07 Apr 2025 20:11:42 +0000
asID: 216305
IP address blocks: 2a13:df80:6808::/48 maxlen: 48
2a13:df80:7d20::/44 maxlen: 64
2a13:df85:a200::/40 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
59:8c:44:1f:fd:97:6c:9a:e8:2a:1c:7e:02:a4:75:b9:cd:84:47:10
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d5c3d5e70fc9ad10ba90d45dc66454e9e3a146a8
Validity
Not Before: Apr 8 20:06:42 2024 GMT
Not After : Apr 7 20:11:42 2025 GMT
Subject: CN=9E41BC60A26FFB780AD0C07451E8BCBBD3C3B3C1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d3:ed:04:3f:26:4f:d8:8c:39:68:35:1f:e6:43:
65:ad:8d:df:9e:01:7b:29:1b:61:3c:53:52:1f:77:
cc:f3:59:ad:14:a6:30:95:c5:9d:f2:ab:a4:a7:fb:
3b:b6:f1:d3:66:1f:28:e8:20:f6:cd:d0:6a:06:72:
a3:1f:38:45:9a:1f:99:dc:af:be:ba:5b:88:2b:3a:
21:5d:64:b9:e5:37:80:8e:0e:25:63:c7:fc:66:3f:
4f:b0:77:f1:e8:70:0b:54:fb:0b:a9:06:53:5e:7a:
2c:e2:3d:9c:0c:e7:6f:46:c4:d0:06:04:09:d8:37:
cf:68:49:8e:41:3b:96:21:71:92:69:a8:40:b1:a6:
d8:41:62:ae:cf:e3:13:55:06:cb:39:04:4a:9c:6d:
63:49:ce:c8:57:05:1d:84:cb:72:c3:31:1a:4b:b8:
42:87:d6:e6:1a:52:f5:22:e4:56:6c:90:87:21:a0:
d5:56:b7:4c:00:dc:da:9d:53:93:e7:5a:72:0a:fc:
b7:7d:16:d9:05:c0:db:ad:cd:6a:3d:1b:b3:a9:56:
b3:a8:b1:8b:5f:60:1e:0d:d9:a8:ef:51:ce:52:45:
0d:88:03:d6:bb:0b:ed:f5:11:cf:14:e4:44:84:c7:
35:69:b5:6b:20:e2:f7:a4:7a:a6:a0:52:7f:99:71:
38:19
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9E:41:BC:60:A2:6F:FB:78:0A:D0:C0:74:51:E8:BC:BB:D3:C3:B3:C1
X509v3 Authority Key Identifier:
keyid:D5:C3:D5:E7:0F:C9:AD:10:BA:90:D4:5D:C6:64:54:E9:E3:A1:46:A8
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/04032c8f-1d57-4c3b-9043-a0e7febf167d/0/D5C3D5E70FC9AD10BA90D45DC66454E9E3A146A8.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1cPV5w_JrRC6kNRdxmRU6eOhRqg.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/04032c8f-1d57-4c3b-9043-a0e7febf167d/0/AS216305.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a13:df80:6808::/48
2a13:df80:7d20::/44
2a13:df85:a200::/40
Signature Algorithm: sha256WithRSAEncryption
52:d9:eb:38:a8:5e:1a:96:5a:9c:44:78:4d:63:1f:81:f5:f9:
48:79:ac:f2:8f:d8:db:ae:a3:a1:8e:5b:d7:27:df:75:b4:af:
16:a2:da:d1:01:3f:47:fa:d3:c4:93:74:60:ab:11:39:6b:70:
00:43:80:da:4d:3d:55:1c:91:72:fa:86:95:60:9a:b6:79:44:
54:13:1c:35:20:06:b3:7d:4f:35:d4:f6:1f:59:a8:cb:4b:9f:
d2:b7:09:65:71:71:6d:24:02:6d:44:c4:ea:48:74:7e:9a:bf:
5d:3c:c2:1c:8f:4e:87:55:72:b2:e0:64:0d:e0:01:a5:09:82:
04:a4:86:0e:c9:20:61:00:5b:1b:e8:bf:e1:c5:d5:1f:f1:bd:
a2:90:2a:dc:26:96:03:2c:4a:b9:99:01:ab:0c:de:cd:84:74:
8d:99:cc:6e:6a:bf:81:88:c7:39:93:66:8d:2d:b2:f9:0c:46:
e4:e3:a6:a1:44:08:66:47:c3:7f:b2:70:ba:11:16:18:91:4a:
95:03:2e:50:a4:6f:99:93:4d:b9:69:c0:ed:91:a3:48:84:4b:
55:84:e4:c9:30:ff:b7:c5:a6:23:f3:f1:7e:08:64:f9:eb:4d:
53:f1:3c:e7:f8:a1:0e:bb:2e:be:a0:2a:e0:69:10:8f:0a:55:
a5:5e:f4:98
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgIUWYxEH/2XbJroKhx+AqR1uc2ERxAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDVjM2Q1ZTcwZmM5YWQxMGJhOTBkNDVkYzY2NDU0ZTll
M2ExNDZhODAeFw0yNDA0MDgyMDA2NDJaFw0yNTA0MDcyMDExNDJaMDMxMTAvBgNV
BAMTKDlFNDFCQzYwQTI2RkZCNzgwQUQwQzA3NDUxRThCQ0JCRDNDM0IzQzEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDT7QQ/Jk/YjDloNR/mQ2Wtjd+e
AXspG2E8U1Ifd8zzWa0UpjCVxZ3yq6Sn+zu28dNmHyjoIPbN0GoGcqMfOEWaH5nc
r766W4grOiFdZLnlN4CODiVjx/xmP0+wd/HocAtU+wupBlNeeiziPZwM529GxNAG
BAnYN89oSY5BO5YhcZJpqECxpthBYq7P4xNVBss5BEqcbWNJzshXBR2Ey3LDMRpL
uEKH1uYaUvUi5FZskIchoNVWt0wA3NqdU5PnWnIK/Ld9FtkFwNutzWo9G7OpVrOo
sYtfYB4N2ajvUc5SRQ2IA9a7C+31Ec8U5ESExzVptWsg4vekeqagUn+ZcTgZAgMB
AAGjggIeMIICGjAdBgNVHQ4EFgQUnkG8YKJv+3gK0MB0Uei8u9PDs8EwHwYDVR0j
BBgwFoAU1cPV5w/JrRC6kNRdxmRU6eOhRqgwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDQwMzJjOGYtMWQ1Ny00YzNiLTkwNDMtYTBlN2ZlYmYx
NjdkLzAvRDVDM0Q1RTcwRkM5QUQxMEJBOTBENDVEQzY2NDU0RTlFM0ExNDZBOC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzFjUFY1d19KclJDNmtOUmR4bVJVNmVP
aFJxZy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA0MDMyYzhmLTFkNTct
NGMzYi05MDQzLWEwZTdmZWJmMTY3ZC8wL0FTMjE2MzA1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAAjAaAwcAKhPf
gGgIAwcEKhPfgH0gAwYAKhPfhaIwDQYJKoZIhvcNAQELBQADggEBAFLZ6zioXhqW
WpxEeE1jH4H1+Uh5rPKP2Nuuo6GOW9cn33W0rxai2tEBP0f608STdGCrETlrcABD
gNpNPVUckXL6hpVgmrZ5RFQTHDUgBrN9TzXU9h9ZqMtLn9K3CWVxcW0kAm1ExOpI
dH6av108whyPTodVcrLgZA3gAaUJggSkhg7JIGEAWxvov+HF1R/xvaKQKtwmlgMs
SrmZAasM3s2EdI2ZzG5qv4GIxzmTZo0tsvkMRuTjpqFECGZHw3+ycLoRFhiRSpUD
LlCkb5mTTblpwO2Ro0iES1WE5Mkw/7fFpiPz8X4IZPnrTVPxPOf4oQ67Lr6gKuBp
EI8KVaVe9Jg=
-----END CERTIFICATE-----
Generated at Tue May 21 15:21:40 2024 by rpki-client on console-ams.rpki-client.org