Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/04032c8f-1d57-4c3b-9043-a0e7febf167d/0/AS44446.roa
File: AS44446.roa (raw, json)
Hash identifier: mBJPXGaP3KfphpELXGh8hWyvFDYG1bwruP6g4A8kMEM=
Subject key identifier: 8E:DD:CF:50:E6:63:70:4D:1D:72:E9:02:16:FE:BB:8D:3A:D8:39:99
Certificate issuer: /CN=d5c3d5e70fc9ad10ba90d45dc66454e9e3a146a8
Certificate serial: 3304F121C20FBFD76897E926D7D69A28157A43F2
Authority key identifier: D5:C3:D5:E7:0F:C9:AD:10:BA:90:D4:5D:C6:64:54:E9:E3:A1:46:A8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1cPV5w_JrRC6kNRdxmRU6eOhRqg.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/04032c8f-1d57-4c3b-9043-a0e7febf167d/0/AS44446.roa
Signing time: Sat 11 May 2024 10:31:35 +0000
ROA not before: Sat 11 May 2024 10:26:35 +0000
ROA not after: Sat 10 May 2025 10:31:35 +0000
asID: 44446
IP address blocks: 2a13:df80:3b00::/40 maxlen: 40
2a13:df80:3b00::/40 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
33:04:f1:21:c2:0f:bf:d7:68:97:e9:26:d7:d6:9a:28:15:7a:43:f2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d5c3d5e70fc9ad10ba90d45dc66454e9e3a146a8
Validity
Not Before: May 11 10:26:35 2024 GMT
Not After : May 10 10:31:35 2025 GMT
Subject: CN=8EDDCF50E663704D1D72E90216FEBB8D3AD83999
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:94:96:1c:ab:8c:ff:ed:82:c6:d6:3a:67:55:
53:a0:53:8e:c8:20:3e:52:e4:92:28:d0:a9:7a:f4:
31:48:03:73:28:3e:c5:0e:bf:71:8b:1d:be:a3:c4:
06:e3:7a:a3:b6:ab:dd:a0:83:5d:33:39:15:a0:1c:
b2:7a:d2:da:a4:68:11:36:6d:31:a1:f4:5d:b7:bb:
ce:c2:0e:8d:ae:04:69:10:44:78:4d:28:22:87:72:
3c:22:ff:70:bc:01:18:42:81:90:36:cd:c2:67:98:
86:48:b4:fe:02:32:a1:53:89:08:95:8d:6c:47:ba:
a0:40:28:4b:5e:99:a4:4f:af:a8:80:d6:e7:98:6c:
cf:5b:a7:fe:a2:25:dd:a2:7c:89:5e:4b:88:18:43:
fe:d8:1a:54:8d:1d:f3:7f:5e:0c:23:6b:01:77:d3:
65:5c:d3:7e:fc:c7:1b:b2:64:0c:3e:22:21:94:ec:
93:ca:19:29:a7:33:1a:5d:74:b3:1b:21:e4:08:96:
24:41:26:f0:5a:68:b2:21:70:13:82:35:2a:a2:b7:
c6:18:bc:4b:48:92:33:c0:1b:cd:01:40:28:96:17:
b4:e9:c0:24:c8:fa:d8:de:07:bb:cb:6d:bb:e3:97:
f4:53:b3:d2:4c:68:f2:e7:8d:31:6d:7f:2f:1d:9f:
d8:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8E:DD:CF:50:E6:63:70:4D:1D:72:E9:02:16:FE:BB:8D:3A:D8:39:99
X509v3 Authority Key Identifier:
keyid:D5:C3:D5:E7:0F:C9:AD:10:BA:90:D4:5D:C6:64:54:E9:E3:A1:46:A8
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/04032c8f-1d57-4c3b-9043-a0e7febf167d/0/D5C3D5E70FC9AD10BA90D45DC66454E9E3A146A8.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1cPV5w_JrRC6kNRdxmRU6eOhRqg.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/04032c8f-1d57-4c3b-9043-a0e7febf167d/0/AS44446.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a13:df80:3b00::/40
Signature Algorithm: sha256WithRSAEncryption
ad:24:7e:fe:40:58:da:ca:68:ea:95:63:00:7e:8c:0f:4b:9d:
a7:e0:51:f7:6b:64:9f:d5:be:6f:67:4c:d5:13:6d:9e:5b:e4:
da:43:80:d0:75:a4:8d:ad:ae:b3:10:dd:c2:ee:85:c6:d9:9b:
b7:42:0c:0d:34:96:18:16:73:bf:92:95:6c:6d:f5:09:90:f6:
31:ab:16:fc:0e:41:44:1e:56:75:f3:96:ef:2f:c2:30:be:22:
dc:0f:fd:63:39:0d:84:52:95:b9:c7:54:dd:be:bd:99:46:eb:
ce:1b:3b:be:b0:82:07:b9:da:6e:cc:ef:18:a5:b6:0b:dc:2c:
7d:d5:6c:94:99:74:24:72:54:1a:79:d9:02:33:ef:a4:d7:42:
49:4e:e1:e1:91:70:89:b6:6a:e0:0d:bb:04:11:23:b5:1e:74:
49:dc:66:18:b9:88:be:fc:16:00:52:fa:93:5a:2d:b9:19:f2:
28:2e:2d:8d:08:1d:8b:11:04:17:3a:b3:b0:69:12:97:70:07:
1e:c8:48:8d:c9:14:1a:ff:5b:14:34:f6:f2:77:76:cb:10:8d:
59:3b:02:fe:73:62:95:53:fe:a3:aa:5f:44:8e:01:a9:cf:a3:
a1:47:3f:bf:74:bb:1a:4a:5b:0f:b0:2e:cb:95:17:4f:95:23:
5c:07:fc:89
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgIUMwTxIcIPv9dol+km19aaKBV6Q/IwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDVjM2Q1ZTcwZmM5YWQxMGJhOTBkNDVkYzY2NDU0ZTll
M2ExNDZhODAeFw0yNDA1MTExMDI2MzVaFw0yNTA1MTAxMDMxMzVaMDMxMTAvBgNV
BAMTKDhFRERDRjUwRTY2MzcwNEQxRDcyRTkwMjE2RkVCQjhEM0FEODM5OTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCllJYcq4z/7YLG1jpnVVOgU47I
ID5S5JIo0Kl69DFIA3MoPsUOv3GLHb6jxAbjeqO2q92gg10zORWgHLJ60tqkaBE2
bTGh9F23u87CDo2uBGkQRHhNKCKHcjwi/3C8ARhCgZA2zcJnmIZItP4CMqFTiQiV
jWxHuqBAKEtemaRPr6iA1ueYbM9bp/6iJd2ifIleS4gYQ/7YGlSNHfN/XgwjawF3
02Vc0378xxuyZAw+IiGU7JPKGSmnMxpddLMbIeQIliRBJvBaaLIhcBOCNSqit8YY
vEtIkjPAG80BQCiWF7TpwCTI+tjeB7vLbbvjl/RTs9JMaPLnjTFtfy8dn9htAgMB
AAGjggILMIICBzAdBgNVHQ4EFgQUjt3PUOZjcE0dcukCFv67jTrYOZkwHwYDVR0j
BBgwFoAU1cPV5w/JrRC6kNRdxmRU6eOhRqgwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDQwMzJjOGYtMWQ1Ny00YzNiLTkwNDMtYTBlN2ZlYmYx
NjdkLzAvRDVDM0Q1RTcwRkM5QUQxMEJBOTBENDVEQzY2NDU0RTlFM0ExNDZBOC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzFjUFY1d19KclJDNmtOUmR4bVJVNmVP
aFJxZy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA0MDMyYzhmLTFkNTct
NGMzYi05MDQzLWEwZTdmZWJmMTY3ZC8wL0FTNDQ0NDYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgACMAgDBgAqE9+A
OzANBgkqhkiG9w0BAQsFAAOCAQEArSR+/kBY2spo6pVjAH6MD0udp+BR92tkn9W+
b2dM1RNtnlvk2kOA0HWkja2usxDdwu6Fxtmbt0IMDTSWGBZzv5KVbG31CZD2MasW
/A5BRB5WdfOW7y/CML4i3A/9YzkNhFKVucdU3b69mUbrzhs7vrCCB7nabszvGKW2
C9wsfdVslJl0JHJUGnnZAjPvpNdCSU7h4ZFwibZq4A27BBEjtR50SdxmGLmIvvwW
AFL6k1otuRnyKC4tjQgdixEEFzqzsGkSl3AHHshIjckUGv9bFDT28nd2yxCNWTsC
/nNilVP+o6pfRI4Bqc+joUc/v3S7GkpbD7Auy5UXT5UjXAf8iQ==
-----END CERTIFICATE-----
Generated at Tue May 21 15:21:41 2024 by rpki-client on console-ams.rpki-client.org