Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/04032c8f-1d57-4c3b-9043-a0e7febf167d/0/AS210912.roa
File: AS210912.roa (raw, json)
Hash identifier: rzhrj0oqmS63JJWWauHyOmPKCa57S7rJ6+KKe81D1c8=
Subject key identifier: 05:3B:1F:1A:99:ED:D7:1E:74:79:49:B6:76:C2:BE:73:DF:C4:ED:DE
Certificate issuer: /CN=d5c3d5e70fc9ad10ba90d45dc66454e9e3a146a8
Certificate serial: 7CAC0DB3EA818929B8630D9EE90D1BE14528CC0A
Authority key identifier: D5:C3:D5:E7:0F:C9:AD:10:BA:90:D4:5D:C6:64:54:E9:E3:A1:46:A8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1cPV5w_JrRC6kNRdxmRU6eOhRqg.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/04032c8f-1d57-4c3b-9043-a0e7febf167d/0/AS210912.roa
Signing time: Sun 21 Jan 2024 18:24:07 +0000
ROA not before: Sun 21 Jan 2024 18:19:07 +0000
ROA not after: Sun 19 Jan 2025 18:24:07 +0000
asID: 210912
IP address blocks: 2a13:df80:71::/48 maxlen: 48
2a13:df87:1000::/36 maxlen: 36
2a13:df87:3000::/36 maxlen: 36
2a13:df87:4000::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
7c:ac:0d:b3:ea:81:89:29:b8:63:0d:9e:e9:0d:1b:e1:45:28:cc:0a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d5c3d5e70fc9ad10ba90d45dc66454e9e3a146a8
Validity
Not Before: Jan 21 18:19:07 2024 GMT
Not After : Jan 19 18:24:07 2025 GMT
Subject: CN=053B1F1A99EDD71E747949B676C2BE73DFC4EDDE
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c5:91:2c:8d:50:0b:72:3b:ac:aa:94:a5:fb:6c:
ef:ca:c1:1a:70:ba:c0:40:74:19:66:6f:a4:92:d9:
e8:83:79:b5:f5:4f:c3:8e:81:2d:d9:75:27:b6:25:
86:2c:9b:86:bf:e3:ca:b7:fe:e1:fa:df:3e:14:46:
c0:d8:84:7b:84:7d:5e:8c:ac:60:43:68:47:ba:c4:
e4:c1:ef:80:7a:8d:00:9f:b7:d3:dd:52:45:0e:e0:
76:64:1d:65:a5:10:2e:b3:7a:9e:21:36:48:69:cd:
41:f7:5c:e1:23:7c:ae:26:d4:92:5b:22:3b:1c:e5:
64:dc:0c:4f:4e:97:4c:35:00:e8:3a:02:29:b0:10:
09:4f:8e:e3:92:16:a5:e6:ac:8b:d5:de:88:28:43:
9a:dd:20:7c:ca:fb:07:f9:52:3e:97:a5:92:b4:1e:
11:38:cc:97:81:9b:32:30:b8:b8:97:63:e1:2f:ef:
f0:a6:32:f3:69:f4:be:b5:a2:93:70:3a:7e:ef:a4:
fd:c2:f0:6e:9a:82:10:3c:34:54:ec:5a:81:23:30:
9a:64:38:72:bc:c6:e4:c6:64:1c:ff:67:c1:65:1f:
a5:f6:be:16:32:47:11:86:08:1d:50:56:82:1d:40:
31:44:cf:8f:c6:91:10:5c:81:44:54:bb:13:21:2d:
54:73
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
05:3B:1F:1A:99:ED:D7:1E:74:79:49:B6:76:C2:BE:73:DF:C4:ED:DE
X509v3 Authority Key Identifier:
keyid:D5:C3:D5:E7:0F:C9:AD:10:BA:90:D4:5D:C6:64:54:E9:E3:A1:46:A8
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/04032c8f-1d57-4c3b-9043-a0e7febf167d/0/D5C3D5E70FC9AD10BA90D45DC66454E9E3A146A8.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1cPV5w_JrRC6kNRdxmRU6eOhRqg.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/04032c8f-1d57-4c3b-9043-a0e7febf167d/0/AS210912.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a13:df80:71::/48
2a13:df87:1000::/36
2a13:df87:3000::-2a13:df87:4000:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
55:cd:27:2a:a1:c6:44:1c:1e:50:d5:e0:45:ee:d3:0c:da:79:
65:69:0d:84:86:a8:65:fc:a8:39:2a:20:be:14:50:8b:72:86:
e9:41:e8:5b:21:ea:a9:96:17:ed:af:b9:a8:a4:0a:0f:ec:b3:
7a:25:22:aa:28:a4:9c:a6:ee:a4:4d:02:b3:c8:b2:ea:89:f2:
6e:00:65:f7:31:d2:04:76:f9:00:af:97:4b:3f:77:d1:a7:fd:
3f:a6:01:b3:41:2f:b3:b2:f1:ef:ac:9c:74:54:f6:7d:63:8f:
2b:b4:ec:44:1a:5d:fd:9f:b5:1d:ad:a0:47:88:43:59:bd:0e:
0f:bc:73:f1:6b:e3:2b:78:76:5a:15:00:f1:3d:e9:d1:4d:39:
01:4d:e8:21:e1:76:76:d9:79:95:e0:9a:63:ef:88:a9:7a:ec:
84:85:5f:14:d3:b6:f9:93:29:ad:6f:d0:10:3f:e0:c5:be:63:
6d:93:b7:48:c3:7f:69:be:10:eb:1c:07:21:52:bd:2d:5b:7d:
5f:b7:d3:91:29:ca:9f:eb:58:c0:a6:3f:27:a9:6e:1a:44:57:
8f:0f:9e:c5:56:62:21:d6:e6:dc:18:52:34:a4:0f:76:ee:57:
41:b2:07:aa:b9:e8:04:36:2a:e0:9d:a3:63:48:b1:31:11:81:
7f:6f:eb:82
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgIUfKwNs+qBiSm4Yw2e6Q0b4UUozAowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDVjM2Q1ZTcwZmM5YWQxMGJhOTBkNDVkYzY2NDU0ZTll
M2ExNDZhODAeFw0yNDAxMjExODE5MDdaFw0yNTAxMTkxODI0MDdaMDMxMTAvBgNV
BAMTKDA1M0IxRjFBOTlFREQ3MUU3NDc5NDlCNjc2QzJCRTczREZDNEVEREUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFkSyNUAtyO6yqlKX7bO/KwRpw
usBAdBlmb6SS2eiDebX1T8OOgS3ZdSe2JYYsm4a/48q3/uH63z4URsDYhHuEfV6M
rGBDaEe6xOTB74B6jQCft9PdUkUO4HZkHWWlEC6zep4hNkhpzUH3XOEjfK4m1JJb
Ijsc5WTcDE9Ol0w1AOg6AimwEAlPjuOSFqXmrIvV3ogoQ5rdIHzK+wf5Uj6XpZK0
HhE4zJeBmzIwuLiXY+Ev7/CmMvNp9L61opNwOn7vpP3C8G6aghA8NFTsWoEjMJpk
OHK8xuTGZBz/Z8FlH6X2vhYyRxGGCB1QVoIdQDFEz4/GkRBcgURUuxMhLVRzAgMB
AAGjggIoMIICJDAdBgNVHQ4EFgQUBTsfGpnt1x50eUm2dsK+c9/E7d4wHwYDVR0j
BBgwFoAU1cPV5w/JrRC6kNRdxmRU6eOhRqgwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDQwMzJjOGYtMWQ1Ny00YzNiLTkwNDMtYTBlN2ZlYmYx
NjdkLzAvRDVDM0Q1RTcwRkM5QUQxMEJBOTBENDVEQzY2NDU0RTlFM0ExNDZBOC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzFjUFY1d19KclJDNmtOUmR4bVJVNmVP
aFJxZy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA0MDMyYzhmLTFkNTct
NGMzYi05MDQzLWEwZTdmZWJmMTY3ZC8wL0FTMjEwOTEyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAAjAkAwcAKhPf
gABxAwYEKhPfhxAwEQMGBCoT34cwAwcAKhPfh0AAMA0GCSqGSIb3DQEBCwUAA4IB
AQBVzScqocZEHB5Q1eBF7tMM2nllaQ2Ehqhl/Kg5KiC+FFCLcobpQehbIeqplhft
r7mopAoP7LN6JSKqKKScpu6kTQKzyLLqifJuAGX3MdIEdvkAr5dLP3fRp/0/pgGz
QS+zsvHvrJx0VPZ9Y48rtOxEGl39n7UdraBHiENZvQ4PvHPxa+MreHZaFQDxPenR
TTkBTegh4XZ22XmV4Jpj74ipeuyEhV8U07b5kymtb9AQP+DFvmNtk7dIw39pvhDr
HAchUr0tW31ft9ORKcqf61jApj8nqW4aRFePD57FVmIh1ubcGFI0pA927ldBsgeq
uegENirgnaNjSLExEYF/b+uC
-----END CERTIFICATE-----
Generated at Tue May 21 15:21:40 2024 by rpki-client on console-ams.rpki-client.org