Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/04032c8f-1d57-4c3b-9043-a0e7febf167d/0/AS216386.roa
File: AS216386.roa (raw, json)
Hash identifier: n2hqR8+2u93QCNb85+hbWDQoZdZwCeAEOeD8zn/B1Fg=
Subject key identifier: 81:85:51:F2:0A:38:AC:F0:38:55:43:08:5C:2F:6B:EC:2C:7E:DE:80
Certificate issuer: /CN=d5c3d5e70fc9ad10ba90d45dc66454e9e3a146a8
Certificate serial: 3BEC801A7BEA4F3A768BF2AA3D09EAF3F2001D59
Authority key identifier: D5:C3:D5:E7:0F:C9:AD:10:BA:90:D4:5D:C6:64:54:E9:E3:A1:46:A8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1cPV5w_JrRC6kNRdxmRU6eOhRqg.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/04032c8f-1d57-4c3b-9043-a0e7febf167d/0/AS216386.roa
Signing time: Wed 20 Dec 2023 16:22:04 +0000
ROA not before: Wed 20 Dec 2023 16:17:04 +0000
ROA not after: Wed 18 Dec 2024 16:22:04 +0000
asID: 216386
IP address blocks: 2a13:df80:3807::/48 maxlen: 48
2a13:df80:6801::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
3b:ec:80:1a:7b:ea:4f:3a:76:8b:f2:aa:3d:09:ea:f3:f2:00:1d:59
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d5c3d5e70fc9ad10ba90d45dc66454e9e3a146a8
Validity
Not Before: Dec 20 16:17:04 2023 GMT
Not After : Dec 18 16:22:04 2024 GMT
Subject: CN=818551F20A38ACF0385543085C2F6BEC2C7EDE80
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:b4:cf:ae:aa:6f:ea:3d:1c:a5:1b:88:79:08:
70:36:5d:d7:d3:dc:1e:10:70:96:af:52:dd:10:f4:
70:9b:a1:c6:44:ca:3a:c3:cc:77:a8:c1:e7:c4:93:
3c:85:f0:ab:4a:f2:fb:a4:4d:65:cf:98:50:e6:43:
09:e3:9a:3b:23:8a:84:48:87:07:4a:46:7f:7e:69:
88:c0:f7:ea:f0:51:16:62:de:ea:e6:29:23:e7:63:
3f:a0:0e:9e:95:0c:ce:42:7c:a3:a4:5b:b0:03:c4:
a4:e6:11:35:98:db:5b:df:d4:79:cb:26:e3:ef:c6:
ac:44:6b:9a:80:f3:9f:d3:50:cb:c6:44:24:2c:b9:
e2:0d:c4:ba:1e:f0:b3:65:c5:38:e6:13:49:e4:93:
9f:c4:93:4f:50:bd:e4:0d:c7:b1:cb:f7:22:74:0d:
7f:37:6f:4b:45:55:75:c5:7f:b1:9f:b5:34:4c:e1:
64:04:04:22:ea:f0:49:c4:27:2c:64:19:dc:d0:1a:
99:a6:0e:b7:4d:20:50:33:35:57:d2:11:49:9f:a3:
33:13:ac:70:b2:d0:d1:1f:7c:86:93:c7:bc:52:a4:
b5:9b:b6:f6:81:ba:23:e4:bd:6f:01:7e:19:36:1d:
3c:e6:08:76:ba:2e:76:2a:60:53:09:90:a1:2c:3b:
fa:eb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
81:85:51:F2:0A:38:AC:F0:38:55:43:08:5C:2F:6B:EC:2C:7E:DE:80
X509v3 Authority Key Identifier:
keyid:D5:C3:D5:E7:0F:C9:AD:10:BA:90:D4:5D:C6:64:54:E9:E3:A1:46:A8
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/04032c8f-1d57-4c3b-9043-a0e7febf167d/0/D5C3D5E70FC9AD10BA90D45DC66454E9E3A146A8.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1cPV5w_JrRC6kNRdxmRU6eOhRqg.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/04032c8f-1d57-4c3b-9043-a0e7febf167d/0/AS216386.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a13:df80:3807::/48
2a13:df80:6801::/48
Signature Algorithm: sha256WithRSAEncryption
4d:4f:4f:d9:52:8d:73:42:03:eb:df:74:36:f2:0e:23:b1:39:
c9:9a:af:dd:af:7a:00:7e:c5:73:a7:ad:13:04:77:82:22:9c:
29:8b:f1:ef:88:fe:85:67:bb:53:77:c1:fa:ef:88:04:c7:d3:
3b:21:73:de:e0:c0:b6:60:9b:07:be:77:cd:98:04:80:1d:2a:
bd:dc:1e:5b:23:2e:ec:44:36:da:5d:4d:1a:34:2d:1a:4d:20:
71:41:7a:6b:9b:6f:18:ef:82:4e:da:5d:69:78:98:8e:bd:c0:
d7:c4:be:49:fe:af:d0:bf:1c:6f:85:f2:57:f8:b3:93:f0:f4:
63:a8:18:66:a5:2a:3f:be:91:29:37:c8:55:09:59:81:32:54:
b5:b3:10:b3:f0:05:b1:56:77:0f:6a:50:99:ed:a8:ec:fe:3d:
e0:e6:3a:e2:dc:77:c5:2f:64:7b:37:9b:fb:fd:45:93:80:92:
d1:fd:81:ca:40:ac:c4:6e:70:eb:3a:de:54:0d:7f:f1:9d:e2:
35:42:96:b2:e2:fc:e6:d4:c0:56:55:f5:0c:7e:25:c5:17:9b:
d5:f3:59:3d:79:b4:f5:de:26:30:1d:85:50:7b:b8:e0:70:be:
34:d2:ab:dd:38:7a:84:04:1c:28:31:4f:45:aa:f3:2f:3b:b7:
bb:58:62:7c
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUO+yAGnvqTzp2i/KqPQnq8/IAHVkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDVjM2Q1ZTcwZmM5YWQxMGJhOTBkNDVkYzY2NDU0ZTll
M2ExNDZhODAeFw0yMzEyMjAxNjE3MDRaFw0yNDEyMTgxNjIyMDRaMDMxMTAvBgNV
BAMTKDgxODU1MUYyMEEzOEFDRjAzODU1NDMwODVDMkY2QkVDMkM3RURFODAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCgtM+uqm/qPRylG4h5CHA2XdfT
3B4QcJavUt0Q9HCbocZEyjrDzHeowefEkzyF8KtK8vukTWXPmFDmQwnjmjsjioRI
hwdKRn9+aYjA9+rwURZi3urmKSPnYz+gDp6VDM5CfKOkW7ADxKTmETWY21vf1HnL
JuPvxqxEa5qA85/TUMvGRCQsueINxLoe8LNlxTjmE0nkk5/Ek09QveQNx7HL9yJ0
DX83b0tFVXXFf7GftTRM4WQEBCLq8EnEJyxkGdzQGpmmDrdNIFAzNVfSEUmfozMT
rHCy0NEffIaTx7xSpLWbtvaBuiPkvW8Bfhk2HTzmCHa6LnYqYFMJkKEsO/rrAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUgYVR8go4rPA4VUMIXC9r7Cx+3oAwHwYDVR0j
BBgwFoAU1cPV5w/JrRC6kNRdxmRU6eOhRqgwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDQwMzJjOGYtMWQ1Ny00YzNiLTkwNDMtYTBlN2ZlYmYx
NjdkLzAvRDVDM0Q1RTcwRkM5QUQxMEJBOTBENDVEQzY2NDU0RTlFM0ExNDZBOC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzFjUFY1d19KclJDNmtOUmR4bVJVNmVP
aFJxZy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA0MDMyYzhmLTFkNTct
NGMzYi05MDQzLWEwZTdmZWJmMTY3ZC8wL0FTMjE2Mzg2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKhPf
gDgHAwcAKhPfgGgBMA0GCSqGSIb3DQEBCwUAA4IBAQBNT0/ZUo1zQgPr33Q28g4j
sTnJmq/dr3oAfsVzp60TBHeCIpwpi/HviP6FZ7tTd8H674gEx9M7IXPe4MC2YJsH
vnfNmASAHSq93B5bIy7sRDbaXU0aNC0aTSBxQXprm28Y74JO2l1peJiOvcDXxL5J
/q/QvxxvhfJX+LOT8PRjqBhmpSo/vpEpN8hVCVmBMlS1sxCz8AWxVncPalCZ7ajs
/j3g5jri3HfFL2R7N5v7/UWTgJLR/YHKQKzEbnDrOt5UDX/xneI1Qpay4vzm1MBW
VfUMfiXFF5vV81k9ebT13iYwHYVQe7jgcL400qvdOHqEBBwoMU9FqvMvO7e7WGJ8
-----END CERTIFICATE-----
Generated at Tue May 21 15:21:41 2024 by rpki-client on console-ams.rpki-client.org