Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/04032c8f-1d57-4c3b-9043-a0e7febf167d/0/AS199025.roa
File: AS199025.roa (raw, json)
Hash identifier: OHsqI17B7IBf2azSQ6c77MmpJY0Wyt8EWGuElOix0oY=
Subject key identifier: 4B:A8:20:E8:1F:7C:4A:6B:9A:85:ED:A5:D0:7D:32:18:F5:76:85:DA
Certificate issuer: /CN=d5c3d5e70fc9ad10ba90d45dc66454e9e3a146a8
Certificate serial: 3E0C922F50685298DAB1693495D15624130CA7CF
Authority key identifier: D5:C3:D5:E7:0F:C9:AD:10:BA:90:D4:5D:C6:64:54:E9:E3:A1:46:A8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1cPV5w_JrRC6kNRdxmRU6eOhRqg.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/04032c8f-1d57-4c3b-9043-a0e7febf167d/0/AS199025.roa
Signing time: Mon 22 Jan 2024 17:23:47 +0000
ROA not before: Mon 22 Jan 2024 17:18:47 +0000
ROA not after: Mon 20 Jan 2025 17:23:47 +0000
asID: 199025
IP address blocks: 2a13:df80:2500::/48 maxlen: 48
2a13:df87:4003::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
3e:0c:92:2f:50:68:52:98:da:b1:69:34:95:d1:56:24:13:0c:a7:cf
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d5c3d5e70fc9ad10ba90d45dc66454e9e3a146a8
Validity
Not Before: Jan 22 17:18:47 2024 GMT
Not After : Jan 20 17:23:47 2025 GMT
Subject: CN=4BA820E81F7C4A6B9A85EDA5D07D3218F57685DA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cc:a3:c7:66:5a:e0:a3:bb:0f:bc:2e:a3:07:ef:
7c:cd:ea:ed:3a:33:a7:52:e6:37:dd:5e:b6:84:42:
80:eb:94:1b:fd:7c:44:5d:a3:65:d1:32:3a:fe:70:
89:9c:20:7d:e4:3e:51:13:9c:75:c8:b4:da:6d:53:
3e:0f:ad:31:5e:95:eb:b3:dd:9b:57:56:bb:17:bf:
78:90:99:ce:e9:a6:3a:82:39:93:24:00:39:8c:ba:
a9:b0:12:d4:64:a6:e9:c1:52:e1:09:93:d2:78:21:
98:1e:52:1a:ef:9e:56:8e:7c:0c:a9:cf:97:6a:7e:
11:f6:8c:b6:c2:47:35:50:aa:a6:7c:f1:a0:1c:30:
60:06:94:e0:83:56:dc:4e:1c:e9:08:12:c8:ee:74:
c7:fb:c3:7a:bd:4c:0d:55:77:0f:52:54:fd:18:c1:
19:a5:47:43:ef:9c:14:c0:29:98:27:c5:3a:f0:58:
25:8f:83:39:ec:3a:0e:29:e6:3b:0e:ee:36:28:47:
73:18:77:64:dd:3b:db:9c:74:51:44:dc:f9:3c:96:
73:8a:66:2e:17:e5:ba:47:b7:29:fa:ab:5e:e2:9a:
ac:66:8d:2d:53:ea:0a:22:dc:56:92:c5:b3:9a:fc:
fe:e9:37:6a:55:be:44:59:8a:b1:b1:e7:0e:ad:f2:
cf:09
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4B:A8:20:E8:1F:7C:4A:6B:9A:85:ED:A5:D0:7D:32:18:F5:76:85:DA
X509v3 Authority Key Identifier:
keyid:D5:C3:D5:E7:0F:C9:AD:10:BA:90:D4:5D:C6:64:54:E9:E3:A1:46:A8
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/04032c8f-1d57-4c3b-9043-a0e7febf167d/0/D5C3D5E70FC9AD10BA90D45DC66454E9E3A146A8.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1cPV5w_JrRC6kNRdxmRU6eOhRqg.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/04032c8f-1d57-4c3b-9043-a0e7febf167d/0/AS199025.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a13:df80:2500::/48
2a13:df87:4003::/48
Signature Algorithm: sha256WithRSAEncryption
3d:f7:b2:ce:39:1e:19:6b:5e:6c:0d:b0:60:c4:1b:4c:cf:d5:
b6:1c:51:fa:89:9f:c1:1c:14:b1:eb:cd:84:2e:e9:eb:44:39:
d3:ba:dc:8c:cd:b4:af:53:8a:a3:69:d6:8b:71:b2:d0:ee:de:
3c:eb:41:03:a1:02:91:40:31:2d:96:6b:54:e7:f5:32:63:83:
4e:af:21:56:62:15:70:77:92:b4:33:14:d7:94:09:ae:81:de:
cb:06:76:44:f2:c5:5a:8f:c5:df:c0:8f:13:c2:d3:6f:6b:68:
a4:71:ab:eb:6b:d6:6f:09:7f:fb:f1:e4:73:06:c4:34:c2:e2:
f7:66:d6:2c:60:e9:45:42:94:6a:1e:f4:88:c5:34:14:e8:7a:
69:e3:88:3e:5e:69:e9:7e:4f:bb:1b:ec:1a:9d:ee:74:c4:26:
38:24:49:f7:e2:6d:43:84:54:d3:b8:85:44:90:68:50:bb:2f:
c1:7f:27:f0:80:38:53:6e:eb:6b:47:81:8f:ba:54:ef:d2:5d:
4d:a2:1d:c2:13:f4:a8:a1:d9:c9:7e:05:4a:57:67:d9:fa:b5:
b3:ec:f1:46:f2:b2:14:03:cc:f6:29:87:3e:ef:1d:0c:90:7d:
47:f0:0a:3c:51:0e:55:97:ce:dd:ff:d2:ba:10:5f:16:2e:5b:
24:4d:0b:a6
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUPgySL1BoUpjasWk0ldFWJBMMp88wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDVjM2Q1ZTcwZmM5YWQxMGJhOTBkNDVkYzY2NDU0ZTll
M2ExNDZhODAeFw0yNDAxMjIxNzE4NDdaFw0yNTAxMjAxNzIzNDdaMDMxMTAvBgNV
BAMTKDRCQTgyMEU4MUY3QzRBNkI5QTg1RURBNUQwN0QzMjE4RjU3Njg1REEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMo8dmWuCjuw+8LqMH73zN6u06
M6dS5jfdXraEQoDrlBv9fERdo2XRMjr+cImcIH3kPlETnHXItNptUz4PrTFeleuz
3ZtXVrsXv3iQmc7ppjqCOZMkADmMuqmwEtRkpunBUuEJk9J4IZgeUhrvnlaOfAyp
z5dqfhH2jLbCRzVQqqZ88aAcMGAGlOCDVtxOHOkIEsjudMf7w3q9TA1Vdw9SVP0Y
wRmlR0PvnBTAKZgnxTrwWCWPgznsOg4p5jsO7jYoR3MYd2TdO9ucdFFE3Pk8lnOK
Zi4X5bpHtyn6q17imqxmjS1T6goi3FaSxbOa/P7pN2pVvkRZirGx5w6t8s8JAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUS6gg6B98Smuahe2l0H0yGPV2hdowHwYDVR0j
BBgwFoAU1cPV5w/JrRC6kNRdxmRU6eOhRqgwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDQwMzJjOGYtMWQ1Ny00YzNiLTkwNDMtYTBlN2ZlYmYx
NjdkLzAvRDVDM0Q1RTcwRkM5QUQxMEJBOTBENDVEQzY2NDU0RTlFM0ExNDZBOC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzFjUFY1d19KclJDNmtOUmR4bVJVNmVP
aFJxZy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA0MDMyYzhmLTFkNTct
NGMzYi05MDQzLWEwZTdmZWJmMTY3ZC8wL0FTMTk5MDI1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKhPf
gCUAAwcAKhPfh0ADMA0GCSqGSIb3DQEBCwUAA4IBAQA997LOOR4Za15sDbBgxBtM
z9W2HFH6iZ/BHBSx682ELunrRDnTutyMzbSvU4qjadaLcbLQ7t4860EDoQKRQDEt
lmtU5/UyY4NOryFWYhVwd5K0MxTXlAmugd7LBnZE8sVaj8XfwI8TwtNva2ikcavr
a9ZvCX/78eRzBsQ0wuL3ZtYsYOlFQpRqHvSIxTQU6Hpp44g+Xmnpfk+7G+wane50
xCY4JEn34m1DhFTTuIVEkGhQuy/BfyfwgDhTbutrR4GPulTv0l1Noh3CE/SoodnJ
fgVKV2fZ+rWz7PFG8rIUA8z2KYc+7x0MkH1H8Ao8UQ5Vl87d/9K6EF8WLlskTQum
-----END CERTIFICATE-----
Generated at Tue May 21 14:01:40 2024 by rpki-client on console-fra.rpki-client.org