Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/04032c8f-1d57-4c3b-9043-a0e7febf167d/0/AS44487.roa
File: AS44487.roa (raw, json)
Hash identifier: T2IjYuFIXAwegNgaAfz3gCxvtiCvBFNeuuhb38DqbLA=
Subject key identifier: 96:9F:AB:3C:F1:20:A5:AD:8E:DC:68:EC:51:5D:9D:53:D3:FD:61:C4
Certificate issuer: /CN=d5c3d5e70fc9ad10ba90d45dc66454e9e3a146a8
Certificate serial: 668CD3B3848B41AE94AEB329AF80A83285A38A76
Authority key identifier: D5:C3:D5:E7:0F:C9:AD:10:BA:90:D4:5D:C6:64:54:E9:E3:A1:46:A8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1cPV5w_JrRC6kNRdxmRU6eOhRqg.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/04032c8f-1d57-4c3b-9043-a0e7febf167d/0/AS44487.roa
Signing time: Fri 22 Mar 2024 21:44:08 +0000
ROA not before: Fri 22 Mar 2024 21:39:08 +0000
ROA not after: Fri 21 Mar 2025 21:44:08 +0000
asID: 44487
IP address blocks: 2a13:df85:ec01::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
66:8c:d3:b3:84:8b:41:ae:94:ae:b3:29:af:80:a8:32:85:a3:8a:76
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d5c3d5e70fc9ad10ba90d45dc66454e9e3a146a8
Validity
Not Before: Mar 22 21:39:08 2024 GMT
Not After : Mar 21 21:44:08 2025 GMT
Subject: CN=969FAB3CF120A5AD8EDC68EC515D9D53D3FD61C4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8a:cf:84:8b:61:e2:e8:ba:4a:1b:5e:f1:21:d2:
93:47:4d:64:18:0d:27:6f:f1:48:03:42:50:15:9d:
94:84:33:cf:4e:c4:1d:df:61:cd:2a:6d:33:17:5b:
a2:0d:8e:3b:e7:6a:75:31:bc:2a:1e:e7:b2:4d:03:
68:2b:12:01:dd:15:28:56:21:92:45:8b:b0:9d:f4:
c6:91:41:e9:8a:59:30:cd:16:28:56:98:f5:3e:ab:
21:84:b6:bf:bb:12:3f:84:05:a7:66:c8:6a:e6:6f:
cc:ee:9c:05:be:08:ce:1a:8b:dd:48:01:e9:ce:b0:
55:f1:54:7b:32:aa:9f:3e:58:5e:90:e4:80:df:3f:
04:4e:da:5b:70:1e:8b:e4:79:a0:79:1b:54:bf:bc:
07:53:8b:2a:64:a7:f1:fb:97:64:c7:f4:c5:a8:c8:
4f:dd:29:c6:b1:03:bf:96:29:1b:b8:65:e6:e9:78:
cb:47:f7:93:a5:08:b4:78:c1:7b:3c:f7:97:a8:64:
5e:ee:3f:14:e4:6f:68:08:4c:e5:02:17:c5:8f:51:
8d:1d:a3:e9:49:0f:ab:94:00:d3:cd:ac:54:3e:8e:
ab:0a:d2:81:b1:1d:94:f5:a4:35:17:6d:89:24:9a:
72:ac:ac:cd:2f:fb:80:65:9d:81:be:cd:16:e2:fb:
d1:8b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
96:9F:AB:3C:F1:20:A5:AD:8E:DC:68:EC:51:5D:9D:53:D3:FD:61:C4
X509v3 Authority Key Identifier:
keyid:D5:C3:D5:E7:0F:C9:AD:10:BA:90:D4:5D:C6:64:54:E9:E3:A1:46:A8
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/04032c8f-1d57-4c3b-9043-a0e7febf167d/0/D5C3D5E70FC9AD10BA90D45DC66454E9E3A146A8.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1cPV5w_JrRC6kNRdxmRU6eOhRqg.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/04032c8f-1d57-4c3b-9043-a0e7febf167d/0/AS44487.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a13:df85:ec01::/48
Signature Algorithm: sha256WithRSAEncryption
95:12:52:ef:4d:79:a4:33:ca:4b:e5:91:d7:c5:70:6e:75:23:
70:e0:13:2f:e1:92:14:e7:4d:34:25:f7:76:0f:85:1f:f3:64:
a4:f0:99:52:b6:fd:a9:4d:cd:94:f8:2d:28:0f:71:ee:6b:08:
52:a7:e7:8c:86:5b:01:d7:71:12:b9:1c:72:8b:48:74:f1:48:
a6:6d:83:09:30:20:c9:34:7a:de:c0:38:37:40:72:2a:ea:a9:
90:10:e3:df:04:d1:81:f5:52:2a:9b:5b:42:67:ce:92:98:74:
0e:50:9d:7a:0e:74:62:fb:27:6a:14:36:ac:12:2f:33:7d:a3:
b9:0a:3b:e2:63:f3:27:aa:e9:3f:86:b2:a2:3c:6c:5b:2f:65:
bb:1b:cb:a0:ea:51:4c:30:54:ec:f6:8e:c2:eb:92:8a:81:d9:
73:ca:1b:bb:99:6f:7c:cc:b8:c0:5b:33:90:d5:ec:6c:66:e7:
43:2e:31:18:43:11:4c:f1:1c:cf:9c:4b:e1:7a:8b:53:15:19:
7b:17:3a:a3:1d:13:76:64:08:91:d6:1a:f1:b3:9c:af:41:5d:
92:35:d2:4b:15:54:38:d0:2a:c7:8e:d5:94:6e:60:fd:e0:76:
27:ed:2c:89:f0:b7:45:8c:20:ab:27:57:5b:31:8e:4d:3b:06:
e2:a9:00:16
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgIUZozTs4SLQa6UrrMpr4CoMoWjinYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDVjM2Q1ZTcwZmM5YWQxMGJhOTBkNDVkYzY2NDU0ZTll
M2ExNDZhODAeFw0yNDAzMjIyMTM5MDhaFw0yNTAzMjEyMTQ0MDhaMDMxMTAvBgNV
BAMTKDk2OUZBQjNDRjEyMEE1QUQ4RURDNjhFQzUxNUQ5RDUzRDNGRDYxQzQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCKz4SLYeLoukobXvEh0pNHTWQY
DSdv8UgDQlAVnZSEM89OxB3fYc0qbTMXW6INjjvnanUxvCoe57JNA2grEgHdFShW
IZJFi7Cd9MaRQemKWTDNFihWmPU+qyGEtr+7Ej+EBadmyGrmb8zunAW+CM4ai91I
AenOsFXxVHsyqp8+WF6Q5IDfPwRO2ltwHovkeaB5G1S/vAdTiypkp/H7l2TH9MWo
yE/dKcaxA7+WKRu4ZebpeMtH95OlCLR4wXs895eoZF7uPxTkb2gITOUCF8WPUY0d
o+lJD6uUANPNrFQ+jqsK0oGxHZT1pDUXbYkkmnKsrM0v+4BlnYG+zRbi+9GLAgMB
AAGjggIMMIICCDAdBgNVHQ4EFgQUlp+rPPEgpa2O3GjsUV2dU9P9YcQwHwYDVR0j
BBgwFoAU1cPV5w/JrRC6kNRdxmRU6eOhRqgwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDQwMzJjOGYtMWQ1Ny00YzNiLTkwNDMtYTBlN2ZlYmYx
NjdkLzAvRDVDM0Q1RTcwRkM5QUQxMEJBOTBENDVEQzY2NDU0RTlFM0ExNDZBOC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzFjUFY1d19KclJDNmtOUmR4bVJVNmVP
aFJxZy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA0MDMyYzhmLTFkNTct
NGMzYi05MDQzLWEwZTdmZWJmMTY3ZC8wL0FTNDQ0ODcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAqE9+F
7AEwDQYJKoZIhvcNAQELBQADggEBAJUSUu9NeaQzykvlkdfFcG51I3DgEy/hkhTn
TTQl93YPhR/zZKTwmVK2/alNzZT4LSgPce5rCFKn54yGWwHXcRK5HHKLSHTxSKZt
gwkwIMk0et7AODdAcirqqZAQ498E0YH1UiqbW0JnzpKYdA5QnXoOdGL7J2oUNqwS
LzN9o7kKO+Jj8yeq6T+GsqI8bFsvZbsby6DqUUwwVOz2jsLrkoqB2XPKG7uZb3zM
uMBbM5DV7Gxm50MuMRhDEUzxHM+cS+F6i1MVGXsXOqMdE3ZkCJHWGvGznK9BXZI1
0ksVVDjQKseO1ZRuYP3gdiftLInwt0WMIKsnV1sxjk07BuKpABY=
-----END CERTIFICATE-----
Generated at Tue May 21 14:01:40 2024 by rpki-client on console-fra.rpki-client.org