Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/04032c8f-1d57-4c3b-9043-a0e7febf167d/0/AS211851.roa
File: AS211851.roa (raw, json)
Hash identifier: tA70dGkXNg7I5EyRe2+1hA4fF/z6pOL9GGmXjhpI6Fw=
Subject key identifier: F1:B4:16:4A:2A:C3:95:49:76:D4:52:DF:BE:F1:C2:73:E2:87:75:29
Certificate issuer: /CN=d5c3d5e70fc9ad10ba90d45dc66454e9e3a146a8
Certificate serial: 26919106CED70D6A6119D4D886915D55B9307443
Authority key identifier: D5:C3:D5:E7:0F:C9:AD:10:BA:90:D4:5D:C6:64:54:E9:E3:A1:46:A8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1cPV5w_JrRC6kNRdxmRU6eOhRqg.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/04032c8f-1d57-4c3b-9043-a0e7febf167d/0/AS211851.roa
Signing time: Wed 20 Dec 2023 16:22:03 +0000
ROA not before: Wed 20 Dec 2023 16:17:03 +0000
ROA not after: Wed 18 Dec 2024 16:22:03 +0000
asID: 211851
IP address blocks: 2a13:df80:3f0::/44 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
26:91:91:06:ce:d7:0d:6a:61:19:d4:d8:86:91:5d:55:b9:30:74:43
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d5c3d5e70fc9ad10ba90d45dc66454e9e3a146a8
Validity
Not Before: Dec 20 16:17:03 2023 GMT
Not After : Dec 18 16:22:03 2024 GMT
Subject: CN=F1B4164A2AC3954976D452DFBEF1C273E2877529
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9d:93:61:ce:18:3a:9a:aa:36:82:fb:94:4c:a3:
c1:19:6a:91:53:5f:2b:51:8d:0a:7c:50:89:ff:c2:
a6:d2:bb:6c:c0:95:32:62:4f:55:6d:76:9c:a3:74:
f4:89:f0:9d:e7:31:fe:2e:a1:3e:02:95:98:9a:5b:
08:f4:12:5c:60:a1:ac:99:89:3e:5c:6d:a2:e8:5b:
25:74:80:1b:47:b4:90:c3:6d:c0:56:1e:8d:1f:e0:
b7:52:e9:be:82:0e:ee:ea:c1:11:9a:37:ef:48:8b:
6b:85:0e:14:6c:d3:7c:c7:f0:3a:3b:be:1b:2e:e0:
0c:a8:94:7b:fd:5f:8b:c8:1e:22:6b:a2:70:7c:10:
be:31:10:82:13:d7:ed:40:93:62:02:51:dc:35:0b:
32:ac:a7:dc:eb:8c:f6:0d:87:75:cf:90:b9:48:87:
d4:56:51:03:d8:ed:48:a9:9a:3a:e0:9f:48:ab:8d:
ac:6f:d2:8a:88:3b:b2:10:ea:eb:d7:4f:6c:80:40:
dd:88:9f:c2:f6:94:37:5d:e0:8e:c9:12:3b:71:0b:
ef:a7:8a:68:ff:ce:ba:f0:30:ef:24:b7:0f:f7:8f:
dd:82:92:0e:d5:98:90:af:36:42:92:b9:2d:2c:3d:
7b:9b:6b:87:79:d5:83:d6:87:d7:0e:c1:27:4a:7a:
e8:93
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F1:B4:16:4A:2A:C3:95:49:76:D4:52:DF:BE:F1:C2:73:E2:87:75:29
X509v3 Authority Key Identifier:
keyid:D5:C3:D5:E7:0F:C9:AD:10:BA:90:D4:5D:C6:64:54:E9:E3:A1:46:A8
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/04032c8f-1d57-4c3b-9043-a0e7febf167d/0/D5C3D5E70FC9AD10BA90D45DC66454E9E3A146A8.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1cPV5w_JrRC6kNRdxmRU6eOhRqg.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/04032c8f-1d57-4c3b-9043-a0e7febf167d/0/AS211851.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a13:df80:3f0::/44
Signature Algorithm: sha256WithRSAEncryption
a9:0a:41:ac:53:d1:4d:9b:70:29:da:9f:3f:c5:a7:ac:73:2d:
e4:b4:3e:4d:86:62:6a:4f:62:81:40:7c:36:4c:8e:7b:59:8e:
bb:c0:f8:b1:24:c4:a9:61:43:bd:3f:24:65:20:3c:28:06:5f:
4c:2e:88:ce:82:a5:0c:50:5c:94:1a:d9:c0:62:dd:8e:3f:9d:
41:e7:06:b9:af:8b:ab:73:ac:ec:28:7f:45:0f:78:97:06:ae:
47:e2:a1:57:07:0e:a5:02:93:0a:8f:95:d3:26:ea:e9:8e:34:
19:e9:51:28:99:1b:7b:72:e6:3a:ed:73:81:0c:3a:f8:75:6d:
db:63:24:a5:ab:db:76:d1:d8:1b:bf:cd:88:60:6e:35:f6:ed:
1d:63:59:2c:3f:7a:d1:1b:63:5c:dc:90:d5:e1:fa:c5:ef:ce:
71:ee:eb:5b:94:c1:f9:be:ef:94:4c:6e:34:3a:85:4c:28:28:
dd:c7:ce:f8:63:66:ab:9c:c6:5b:e7:39:75:f0:b8:f1:d1:d7:
9e:62:46:28:d9:aa:a8:1c:d3:49:41:8c:38:4d:45:b8:35:c3:
1e:64:64:99:fe:60:6e:3b:d3:4a:19:79:f3:bf:b1:4f:7a:2f:
df:71:15:22:6a:11:46:5d:c3:23:70:8f:81:57:5a:03:cc:8c:
7f:3d:b0:84
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUJpGRBs7XDWphGdTYhpFdVbkwdEMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDVjM2Q1ZTcwZmM5YWQxMGJhOTBkNDVkYzY2NDU0ZTll
M2ExNDZhODAeFw0yMzEyMjAxNjE3MDNaFw0yNDEyMTgxNjIyMDNaMDMxMTAvBgNV
BAMTKEYxQjQxNjRBMkFDMzk1NDk3NkQ0NTJERkJFRjFDMjczRTI4Nzc1MjkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCdk2HOGDqaqjaC+5RMo8EZapFT
XytRjQp8UIn/wqbSu2zAlTJiT1VtdpyjdPSJ8J3nMf4uoT4ClZiaWwj0ElxgoayZ
iT5cbaLoWyV0gBtHtJDDbcBWHo0f4LdS6b6CDu7qwRGaN+9Ii2uFDhRs03zH8Do7
vhsu4AyolHv9X4vIHiJronB8EL4xEIIT1+1Ak2ICUdw1CzKsp9zrjPYNh3XPkLlI
h9RWUQPY7Uipmjrgn0irjaxv0oqIO7IQ6uvXT2yAQN2In8L2lDdd4I7JEjtxC++n
imj/zrrwMO8ktw/3j92Ckg7VmJCvNkKSuS0sPXuba4d51YPWh9cOwSdKeuiTAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQU8bQWSirDlUl21FLfvvHCc+KHdSkwHwYDVR0j
BBgwFoAU1cPV5w/JrRC6kNRdxmRU6eOhRqgwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDQwMzJjOGYtMWQ1Ny00YzNiLTkwNDMtYTBlN2ZlYmYx
NjdkLzAvRDVDM0Q1RTcwRkM5QUQxMEJBOTBENDVEQzY2NDU0RTlFM0ExNDZBOC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzFjUFY1d19KclJDNmtOUmR4bVJVNmVP
aFJxZy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA0MDMyYzhmLTFkNTct
NGMzYi05MDQzLWEwZTdmZWJmMTY3ZC8wL0FTMjExODUxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhPf
gAPwMA0GCSqGSIb3DQEBCwUAA4IBAQCpCkGsU9FNm3Ap2p8/xaescy3ktD5NhmJq
T2KBQHw2TI57WY67wPixJMSpYUO9PyRlIDwoBl9MLojOgqUMUFyUGtnAYt2OP51B
5wa5r4urc6zsKH9FD3iXBq5H4qFXBw6lApMKj5XTJurpjjQZ6VEomRt7cuY67XOB
DDr4dW3bYySlq9t20dgbv82IYG419u0dY1ksP3rRG2Nc3JDV4frF785x7utblMH5
vu+UTG40OoVMKCjdx874Y2arnMZb5zl18Ljx0deeYkYo2aqoHNNJQYw4TUW4NcMe
ZGSZ/mBuO9NKGXnzv7FPei/fcRUiahFGXcMjcI+BV1oDzIx/PbCE
-----END CERTIFICATE-----
Generated at Tue May 21 15:21:40 2024 by rpki-client on console-ams.rpki-client.org