Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/04032c8f-1d57-4c3b-9043-a0e7febf167d/0/AS197993.roa
File: AS197993.roa (raw, json)
Hash identifier: mIsDSQWEFW5LorcS1HhchlxzLBLenK37VnsksheqM+c=
Subject key identifier: 0D:14:B1:4D:64:D1:7D:09:60:63:29:86:ED:59:DD:84:22:0C:C7:46
Certificate issuer: /CN=d5c3d5e70fc9ad10ba90d45dc66454e9e3a146a8
Certificate serial: 18A01A240BAE1520A01AE76BB1BE568164DB2614
Authority key identifier: D5:C3:D5:E7:0F:C9:AD:10:BA:90:D4:5D:C6:64:54:E9:E3:A1:46:A8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1cPV5w_JrRC6kNRdxmRU6eOhRqg.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/04032c8f-1d57-4c3b-9043-a0e7febf167d/0/AS197993.roa
Signing time: Wed 20 Dec 2023 16:21:41 +0000
ROA not before: Wed 20 Dec 2023 16:16:41 +0000
ROA not after: Wed 18 Dec 2024 16:21:41 +0000
asID: 197993
IP address blocks: 2a13:df80:fbf0::/48 maxlen: 48
2a13:df80:fbf2::/48 maxlen: 48
2a13:df80:fbf3::/48 maxlen: 48
2a13:df80:fbff::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
18:a0:1a:24:0b:ae:15:20:a0:1a:e7:6b:b1:be:56:81:64:db:26:14
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d5c3d5e70fc9ad10ba90d45dc66454e9e3a146a8
Validity
Not Before: Dec 20 16:16:41 2023 GMT
Not After : Dec 18 16:21:41 2024 GMT
Subject: CN=0D14B14D64D17D0960632986ED59DD84220CC746
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:09:c7:4a:db:17:f0:9c:54:85:82:2b:68:79:
9d:a3:eb:b8:8c:fd:16:83:e0:a0:07:41:7d:09:60:
60:16:f1:1a:dc:12:7c:f5:49:e2:76:1a:de:02:80:
ec:e4:15:11:b5:0f:8a:0c:31:92:56:06:61:5d:00:
e6:6b:8f:67:3f:11:87:e4:84:4e:a1:aa:2a:c0:54:
ca:91:e9:9c:f8:77:12:e7:0f:45:f2:a4:d6:db:ce:
18:f3:a8:d1:f7:b9:f4:62:b9:a3:63:c8:f3:96:35:
3c:63:62:3f:cd:43:c7:51:ef:5f:47:2d:5c:64:c5:
1e:be:dc:91:3a:fe:e7:3f:7e:96:4a:61:cd:dc:9f:
f4:01:e0:81:6c:7b:8b:7e:b9:b5:34:2f:df:be:c7:
ac:fa:b8:16:e7:6e:e9:5f:1a:63:8d:23:45:35:0e:
a2:14:3d:ad:05:f5:40:26:a5:4a:f8:9d:2f:b2:d8:
a0:11:2f:ca:84:36:de:dc:a1:d5:b5:c4:57:99:5e:
c0:2e:2c:e2:54:b5:3b:af:02:4c:b0:1d:b5:3c:5a:
d9:d0:ef:27:2d:43:48:4f:66:9b:4a:fe:80:e1:9f:
1e:8f:f8:97:d7:86:7f:ed:ed:9a:03:68:a2:0f:3a:
9e:5d:69:a1:69:ab:0a:f4:c3:b5:66:9f:aa:52:33:
fb:8d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0D:14:B1:4D:64:D1:7D:09:60:63:29:86:ED:59:DD:84:22:0C:C7:46
X509v3 Authority Key Identifier:
keyid:D5:C3:D5:E7:0F:C9:AD:10:BA:90:D4:5D:C6:64:54:E9:E3:A1:46:A8
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/04032c8f-1d57-4c3b-9043-a0e7febf167d/0/D5C3D5E70FC9AD10BA90D45DC66454E9E3A146A8.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1cPV5w_JrRC6kNRdxmRU6eOhRqg.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/04032c8f-1d57-4c3b-9043-a0e7febf167d/0/AS197993.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a13:df80:fbf0::/48
2a13:df80:fbf2::/47
2a13:df80:fbff::/48
Signature Algorithm: sha256WithRSAEncryption
5d:63:92:c0:5b:0b:a9:73:26:c1:8d:2e:db:02:98:73:4f:26:
7d:1d:17:61:91:cf:97:87:b3:d7:de:ac:21:1c:4d:e8:53:e3:
b3:f0:32:de:2e:f8:30:02:16:83:63:d1:90:05:a3:64:30:bd:
25:8d:ef:c9:84:1e:3b:94:f8:3d:b3:9e:bf:31:45:f5:a0:ae:
7d:10:63:ac:cd:57:d7:f0:55:06:5f:e3:52:38:cb:40:2f:12:
1f:0f:2a:e0:66:1a:48:dc:77:07:f6:9c:cb:15:cb:4b:f4:ba:
d9:e3:62:95:4f:94:9d:80:f1:e0:17:ab:c4:41:67:57:41:14:
8e:f3:2c:96:6e:5c:30:eb:e6:c8:8d:0f:8e:1f:71:90:b1:d1:
25:16:22:6b:84:7e:2c:8f:e1:3e:8e:6e:60:bb:93:0c:8d:2a:
11:36:15:64:ba:39:f5:9a:09:44:08:c2:47:b4:6e:5c:dc:d5:
de:93:3e:c7:b7:94:c7:3f:73:eb:bc:62:d4:83:b1:f7:4a:d9:
3a:01:68:48:ef:b0:ff:86:a2:b7:e0:ee:54:6d:de:99:57:5f:
8f:8d:8c:f7:ae:8e:e6:6d:d9:5d:25:11:a9:01:88:f5:7e:d6:
45:c5:8b:61:68:da:22:37:15:72:db:c6:97:5b:ec:9c:8d:41:
27:51:1f:53
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgIUGKAaJAuuFSCgGudrsb5WgWTbJhQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDVjM2Q1ZTcwZmM5YWQxMGJhOTBkNDVkYzY2NDU0ZTll
M2ExNDZhODAeFw0yMzEyMjAxNjE2NDFaFw0yNDEyMTgxNjIxNDFaMDMxMTAvBgNV
BAMTKDBEMTRCMTRENjREMTdEMDk2MDYzMjk4NkVENTlERDg0MjIwQ0M3NDYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxCcdK2xfwnFSFgitoeZ2j67iM
/RaD4KAHQX0JYGAW8RrcEnz1SeJ2Gt4CgOzkFRG1D4oMMZJWBmFdAOZrj2c/EYfk
hE6hqirAVMqR6Zz4dxLnD0XypNbbzhjzqNH3ufRiuaNjyPOWNTxjYj/NQ8dR719H
LVxkxR6+3JE6/uc/fpZKYc3cn/QB4IFse4t+ubU0L9++x6z6uBbnbulfGmONI0U1
DqIUPa0F9UAmpUr4nS+y2KARL8qENt7codW1xFeZXsAuLOJUtTuvAkywHbU8WtnQ
7yctQ0hPZptK/oDhnx6P+JfXhn/t7ZoDaKIPOp5daaFpqwr0w7Vmn6pSM/uNAgMB
AAGjggIfMIICGzAdBgNVHQ4EFgQUDRSxTWTRfQlgYymG7VndhCIMx0YwHwYDVR0j
BBgwFoAU1cPV5w/JrRC6kNRdxmRU6eOhRqgwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDQwMzJjOGYtMWQ1Ny00YzNiLTkwNDMtYTBlN2ZlYmYx
NjdkLzAvRDVDM0Q1RTcwRkM5QUQxMEJBOTBENDVEQzY2NDU0RTlFM0ExNDZBOC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzFjUFY1d19KclJDNmtOUmR4bVJVNmVP
aFJxZy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA0MDMyYzhmLTFkNTct
NGMzYi05MDQzLWEwZTdmZWJmMTY3ZC8wL0FTMTk3OTkzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzAhBAIAAjAbAwcAKhPf
gPvwAwcBKhPfgPvyAwcAKhPfgPv/MA0GCSqGSIb3DQEBCwUAA4IBAQBdY5LAWwup
cybBjS7bAphzTyZ9HRdhkc+Xh7PX3qwhHE3oU+Oz8DLeLvgwAhaDY9GQBaNkML0l
je/JhB47lPg9s56/MUX1oK59EGOszVfX8FUGX+NSOMtALxIfDyrgZhpI3HcH9pzL
FctL9LrZ42KVT5SdgPHgF6vEQWdXQRSO8yyWblww6+bIjQ+OH3GQsdElFiJrhH4s
j+E+jm5gu5MMjSoRNhVkujn1mglECMJHtG5c3NXekz7Ht5THP3PrvGLUg7H3Stk6
AWhI77D/hqK34O5Ubd6ZV1+PjYz3ro7mbdldJRGpAYj1ftZFxYthaNoiNxVy28aX
W+ycjUEnUR9T
-----END CERTIFICATE-----
Generated at Tue May 21 15:21:40 2024 by rpki-client on console-ams.rpki-client.org