Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/04032c8f-1d57-4c3b-9043-a0e7febf167d/0/AS216389.roa
File: AS216389.roa (raw, json)
Hash identifier: YlHq3HwuLZ46+DdA1B3svCGLUUVdM4DSvmBgQ8F7gjg=
Subject key identifier: 94:D2:D0:C6:99:CF:54:EF:B5:BB:8A:56:E7:C4:93:60:4B:8D:FC:B4
Certificate issuer: /CN=d5c3d5e70fc9ad10ba90d45dc66454e9e3a146a8
Certificate serial: 6CD69AC99D0BD768454D4130B2F0D9D6137D8680
Authority key identifier: D5:C3:D5:E7:0F:C9:AD:10:BA:90:D4:5D:C6:64:54:E9:E3:A1:46:A8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1cPV5w_JrRC6kNRdxmRU6eOhRqg.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/04032c8f-1d57-4c3b-9043-a0e7febf167d/0/AS216389.roa
Signing time: Wed 20 Dec 2023 16:21:45 +0000
ROA not before: Wed 20 Dec 2023 16:16:45 +0000
ROA not after: Wed 18 Dec 2024 16:21:45 +0000
asID: 216389
IP address blocks: 2a13:df80:1d00::/40 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
6c:d6:9a:c9:9d:0b:d7:68:45:4d:41:30:b2:f0:d9:d6:13:7d:86:80
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d5c3d5e70fc9ad10ba90d45dc66454e9e3a146a8
Validity
Not Before: Dec 20 16:16:45 2023 GMT
Not After : Dec 18 16:21:45 2024 GMT
Subject: CN=94D2D0C699CF54EFB5BB8A56E7C493604B8DFCB4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:5f:67:07:d4:2c:68:ab:79:43:d7:e8:e5:94:
e7:f8:13:d7:c9:2c:d2:3f:aa:bd:a6:87:5f:7a:c0:
e0:f3:3e:68:e3:d7:8f:e8:b1:9f:25:34:29:a2:ea:
fc:44:c0:5f:cf:e1:2e:3c:2e:1f:16:37:68:37:a4:
7b:6c:16:c5:d5:d9:f2:8b:b1:c9:58:6b:8d:4b:28:
d2:65:c6:a5:c2:c7:30:3e:3c:75:1e:0b:19:74:ea:
6d:95:f7:6e:d4:b8:33:79:37:22:6c:45:f2:fa:45:
db:20:48:e5:46:ef:df:e4:fc:13:f2:74:5a:41:38:
ae:6b:25:8e:a8:2a:03:23:e2:68:2a:de:00:ca:f9:
51:93:05:4c:ef:ea:6a:68:2a:16:c5:53:c1:6b:c9:
f2:05:3e:d6:3b:cd:5b:41:6e:bc:3e:78:a8:31:73:
bb:e6:8a:e1:0c:56:b9:bc:ed:5a:71:eb:8e:fb:0f:
a2:a1:6c:8b:a0:5f:b1:89:30:1e:c2:2f:05:a0:ac:
f3:55:1a:83:2b:53:e9:c0:ba:3c:3d:89:ee:e9:82:
14:60:a3:ce:6e:8b:e3:3e:66:be:69:e4:5c:9e:e3:
5d:7d:17:36:92:ce:71:60:60:91:ce:b2:07:3b:99:
b3:20:2d:24:37:35:c9:13:e8:7c:d9:3c:58:26:18:
43:8f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
94:D2:D0:C6:99:CF:54:EF:B5:BB:8A:56:E7:C4:93:60:4B:8D:FC:B4
X509v3 Authority Key Identifier:
keyid:D5:C3:D5:E7:0F:C9:AD:10:BA:90:D4:5D:C6:64:54:E9:E3:A1:46:A8
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/04032c8f-1d57-4c3b-9043-a0e7febf167d/0/D5C3D5E70FC9AD10BA90D45DC66454E9E3A146A8.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1cPV5w_JrRC6kNRdxmRU6eOhRqg.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/04032c8f-1d57-4c3b-9043-a0e7febf167d/0/AS216389.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a13:df80:1d00::/40
Signature Algorithm: sha256WithRSAEncryption
8c:1c:21:60:d4:91:1f:29:0f:41:a6:59:4a:a3:a2:74:06:8c:
70:a2:a9:6f:71:6a:70:0e:dc:48:8c:16:ff:09:f9:78:9a:f7:
2e:85:e5:80:28:84:b7:17:bc:11:1d:50:fa:c1:7a:19:2d:dd:
a0:c2:69:20:08:86:ec:19:30:67:5f:12:10:5d:1b:39:ea:f0:
aa:53:6c:93:2a:9f:ac:0f:7b:b7:22:fc:8b:8f:26:dd:a3:16:
97:d6:2c:7e:58:09:e6:a5:08:ea:57:eb:61:aa:c5:b9:33:aa:
9a:86:35:d0:2b:04:f1:d2:37:12:be:1d:92:41:fc:b4:fc:16:
63:0a:61:2f:e1:04:79:55:c9:84:66:1e:65:28:d3:6f:04:86:
dd:e1:f4:89:c4:b5:7f:9c:c3:e9:d3:27:3f:9f:e1:0d:64:8b:
0f:86:ce:cf:b9:f4:9c:39:b5:35:c9:31:00:7d:f7:d3:5d:09:
01:4b:81:9c:23:7f:a1:6f:40:ec:79:d5:27:a5:8e:74:88:4f:
17:b3:43:b4:ea:12:ef:20:1a:2a:17:72:e7:a5:6a:3f:96:20:
c7:56:b2:7a:91:ea:7f:31:a6:a9:4d:10:9f:57:32:be:42:71:
a9:79:26:d6:3c:cf:11:9f:d3:da:0e:13:fa:57:1a:eb:0e:70:
08:81:ae:bd
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgIUbNaayZ0L12hFTUEwsvDZ1hN9hoAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDVjM2Q1ZTcwZmM5YWQxMGJhOTBkNDVkYzY2NDU0ZTll
M2ExNDZhODAeFw0yMzEyMjAxNjE2NDVaFw0yNDEyMTgxNjIxNDVaMDMxMTAvBgNV
BAMTKDk0RDJEMEM2OTlDRjU0RUZCNUJCOEE1NkU3QzQ5MzYwNEI4REZDQjQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCnX2cH1Cxoq3lD1+jllOf4E9fJ
LNI/qr2mh196wODzPmjj14/osZ8lNCmi6vxEwF/P4S48Lh8WN2g3pHtsFsXV2fKL
sclYa41LKNJlxqXCxzA+PHUeCxl06m2V927UuDN5NyJsRfL6RdsgSOVG79/k/BPy
dFpBOK5rJY6oKgMj4mgq3gDK+VGTBUzv6mpoKhbFU8FryfIFPtY7zVtBbrw+eKgx
c7vmiuEMVrm87Vpx6477D6KhbIugX7GJMB7CLwWgrPNVGoMrU+nAujw9ie7pghRg
o85ui+M+Zr5p5Fye4119FzaSznFgYJHOsgc7mbMgLSQ3NckT6HzZPFgmGEOPAgMB
AAGjggIMMIICCDAdBgNVHQ4EFgQUlNLQxpnPVO+1u4pW58STYEuN/LQwHwYDVR0j
BBgwFoAU1cPV5w/JrRC6kNRdxmRU6eOhRqgwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDQwMzJjOGYtMWQ1Ny00YzNiLTkwNDMtYTBlN2ZlYmYx
NjdkLzAvRDVDM0Q1RTcwRkM5QUQxMEJBOTBENDVEQzY2NDU0RTlFM0ExNDZBOC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzFjUFY1d19KclJDNmtOUmR4bVJVNmVP
aFJxZy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA0MDMyYzhmLTFkNTct
NGMzYi05MDQzLWEwZTdmZWJmMTY3ZC8wL0FTMjE2Mzg5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhPf
gB0wDQYJKoZIhvcNAQELBQADggEBAIwcIWDUkR8pD0GmWUqjonQGjHCiqW9xanAO
3EiMFv8J+Xia9y6F5YAohLcXvBEdUPrBehkt3aDCaSAIhuwZMGdfEhBdGznq8KpT
bJMqn6wPe7ci/IuPJt2jFpfWLH5YCealCOpX62GqxbkzqpqGNdArBPHSNxK+HZJB
/LT8FmMKYS/hBHlVyYRmHmUo028Eht3h9InEtX+cw+nTJz+f4Q1kiw+Gzs+59Jw5
tTXJMQB999NdCQFLgZwjf6FvQOx51SeljnSITxezQ7TqEu8gGioXcuelaj+WIMdW
snqR6n8xpqlNEJ9XMr5Ccal5JtY8zxGf09oOE/pXGusOcAiBrr0=
-----END CERTIFICATE-----
Generated at Tue May 21 14:01:40 2024 by rpki-client on console-fra.rpki-client.org