Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/04032c8f-1d57-4c3b-9043-a0e7febf167d/0/AS834.roa
File: AS834.roa (raw, json)
Hash identifier: KdNJ7NoziE6X0/89tWIEwly4ra4aTYZNmtlWDwIugV0=
Subject key identifier: A5:D0:4B:5E:A3:D4:A9:29:9C:17:BF:17:AE:8C:7A:B1:2C:B4:7A:77
Certificate issuer: /CN=d5c3d5e70fc9ad10ba90d45dc66454e9e3a146a8
Certificate serial: 2A9603DEB118AD624243ADC3553FFB9F9AEF79B9
Authority key identifier: D5:C3:D5:E7:0F:C9:AD:10:BA:90:D4:5D:C6:64:54:E9:E3:A1:46:A8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1cPV5w_JrRC6kNRdxmRU6eOhRqg.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/04032c8f-1d57-4c3b-9043-a0e7febf167d/0/AS834.roa
Signing time: Thu 21 Dec 2023 21:36:22 +0000
ROA not before: Thu 21 Dec 2023 21:31:22 +0000
ROA not after: Thu 19 Dec 2024 21:36:22 +0000
asID: 834
IP address blocks: 185.34.101.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
2a:96:03:de:b1:18:ad:62:42:43:ad:c3:55:3f:fb:9f:9a:ef:79:b9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d5c3d5e70fc9ad10ba90d45dc66454e9e3a146a8
Validity
Not Before: Dec 21 21:31:22 2023 GMT
Not After : Dec 19 21:36:22 2024 GMT
Subject: CN=A5D04B5EA3D4A9299C17BF17AE8C7AB12CB47A77
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:18:b1:95:df:6b:b8:9b:94:57:40:c4:db:8e:
1f:66:31:90:81:c4:b2:18:80:ad:03:e5:87:ea:b4:
fa:1b:b7:04:43:8a:9d:dc:bb:fa:ca:02:21:10:18:
dc:bf:63:bd:84:fb:70:42:7c:30:a0:83:6e:37:4d:
cb:12:e3:14:23:8d:33:b8:f5:6e:31:f4:26:b4:5b:
17:02:27:97:ee:e2:28:22:87:dd:f3:39:aa:75:24:
e0:df:a1:2b:bd:f2:49:13:fa:b4:c4:79:e2:70:5b:
0c:11:50:46:77:1a:a6:3c:cf:72:c4:36:96:ea:2b:
03:09:62:b1:cf:7f:bd:98:8b:5f:f8:cb:f0:ec:63:
9d:0c:48:14:dd:75:d9:03:c1:aa:4c:f0:2b:06:b4:
0f:79:9a:f4:59:e1:74:99:64:07:7d:88:41:a0:b0:
62:07:f9:9a:d8:30:b6:e0:18:29:93:89:0c:26:9d:
31:c9:a7:d3:7c:29:6e:1d:b5:ff:bb:4a:aa:13:f4:
87:57:bb:2f:6c:ff:14:53:e3:7c:dd:09:e3:e2:ab:
b4:3f:d1:cb:be:41:82:c7:f6:10:92:59:95:d6:11:
e5:cf:a7:39:36:c1:ef:5e:4c:52:68:21:7f:c5:3a:
21:0f:3a:f9:28:31:fa:a4:11:85:91:b0:e7:10:45:
79:df
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A5:D0:4B:5E:A3:D4:A9:29:9C:17:BF:17:AE:8C:7A:B1:2C:B4:7A:77
X509v3 Authority Key Identifier:
keyid:D5:C3:D5:E7:0F:C9:AD:10:BA:90:D4:5D:C6:64:54:E9:E3:A1:46:A8
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/04032c8f-1d57-4c3b-9043-a0e7febf167d/0/D5C3D5E70FC9AD10BA90D45DC66454E9E3A146A8.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1cPV5w_JrRC6kNRdxmRU6eOhRqg.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/04032c8f-1d57-4c3b-9043-a0e7febf167d/0/AS834.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.34.101.0/24
Signature Algorithm: sha256WithRSAEncryption
6b:0d:0e:d9:b2:7a:3d:0d:8b:e0:4c:31:4c:e3:73:29:82:4b:
32:ae:75:2c:7c:03:66:e6:c7:4d:fa:95:77:1c:6b:97:66:93:
82:fd:d8:b9:e2:c2:ae:05:ed:ab:81:bf:c2:de:e8:a8:5c:d9:
11:79:9e:0b:ae:fd:03:48:a9:4a:ba:bc:f3:8a:77:06:01:a1:
b6:ff:60:c6:27:97:79:45:b6:8a:fc:d4:52:a6:b5:3b:d6:2f:
47:ad:85:97:eb:f9:a8:e4:60:e9:d0:2e:de:68:34:32:73:b5:
13:39:45:af:05:04:8b:9c:23:16:a0:31:73:b8:33:02:a9:21:
96:f3:28:e7:d6:d0:99:a5:2b:89:e0:77:c7:39:02:2e:9e:0e:
77:fd:f9:8e:83:99:11:81:4f:9d:a3:d5:fd:70:68:28:59:37:
b0:53:00:ed:fe:bf:3a:12:3a:f7:eb:2f:f7:85:4b:61:12:b9:
ab:d5:3e:8c:87:a5:49:db:cd:53:0a:4b:69:5a:90:14:b7:75:
21:0e:01:a1:cf:b9:88:22:b5:e8:43:e8:b0:71:99:bf:6e:ef:
57:2c:dc:f4:17:cf:73:0e:0f:0a:cf:25:db:dd:72:24:09:29:
a2:f0:11:f4:bd:77:25:fd:e6:e9:ee:b3:cf:c5:42:26:ba:7c:
85:74:37:53
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgIUKpYD3rEYrWJCQ63DVT/7n5rvebkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDVjM2Q1ZTcwZmM5YWQxMGJhOTBkNDVkYzY2NDU0ZTll
M2ExNDZhODAeFw0yMzEyMjEyMTMxMjJaFw0yNDEyMTkyMTM2MjJaMDMxMTAvBgNV
BAMTKEE1RDA0QjVFQTNENEE5Mjk5QzE3QkYxN0FFOEM3QUIxMkNCNDdBNzcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqGLGV32u4m5RXQMTbjh9mMZCB
xLIYgK0D5YfqtPobtwRDip3cu/rKAiEQGNy/Y72E+3BCfDCgg243TcsS4xQjjTO4
9W4x9Ca0WxcCJ5fu4igih93zOap1JODfoSu98kkT+rTEeeJwWwwRUEZ3GqY8z3LE
NpbqKwMJYrHPf72Yi1/4y/DsY50MSBTdddkDwapM8CsGtA95mvRZ4XSZZAd9iEGg
sGIH+ZrYMLbgGCmTiQwmnTHJp9N8KW4dtf+7SqoT9IdXuy9s/xRT43zdCePiq7Q/
0cu+QYLH9hCSWZXWEeXPpzk2we9eTFJoIX/FOiEPOvkoMfqkEYWRsOcQRXnfAgMB
AAGjggIHMIICAzAdBgNVHQ4EFgQUpdBLXqPUqSmcF78Xrox6sSy0encwHwYDVR0j
BBgwFoAU1cPV5w/JrRC6kNRdxmRU6eOhRqgwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDQwMzJjOGYtMWQ1Ny00YzNiLTkwNDMtYTBlN2ZlYmYx
NjdkLzAvRDVDM0Q1RTcwRkM5QUQxMEJBOTBENDVEQzY2NDU0RTlFM0ExNDZBOC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzFjUFY1d19KclJDNmtOUmR4bVJVNmVP
aFJxZy5jZXIweAYIKwYBBQUHAQsEbDBqMGgGCCsGAQUFBzALhlxyc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA0MDMyYzhmLTFkNTct
NGMzYi05MDQzLWEwZTdmZWJmMTY3ZC8wL0FTODM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuSJlMA0G
CSqGSIb3DQEBCwUAA4IBAQBrDQ7Zsno9DYvgTDFM43MpgksyrnUsfANm5sdN+pV3
HGuXZpOC/di54sKuBe2rgb/C3uioXNkReZ4Lrv0DSKlKurzzincGAaG2/2DGJ5d5
RbaK/NRSprU71i9HrYWX6/mo5GDp0C7eaDQyc7UTOUWvBQSLnCMWoDFzuDMCqSGW
8yjn1tCZpSuJ4HfHOQIung53/fmOg5kRgU+do9X9cGgoWTewUwDt/r86Ejr36y/3
hUthErmr1T6Mh6VJ281TCktpWpAUt3UhDgGhz7mIIrXoQ+iwcZm/bu9XLNz0F89z
Dg8KzyXb3XIkCSmi8BH0vXcl/ebp7rPPxUImunyFdDdT
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:05:08 2024 by rpki-client on console-fra.rpki-client.org