Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/04032c8f-1d57-4c3b-9043-a0e7febf167d/0/AS23220.roa
File: AS23220.roa (raw, json)
Hash identifier: Iy1dPw0RJMi/MyR1mfOfqL+MhKmIep7B5sUGluJbQ+g=
Subject key identifier: 8E:22:32:19:AE:8D:C3:79:B3:7E:A6:C4:0D:36:1E:E5:91:C0:39:9B
Certificate issuer: /CN=d5c3d5e70fc9ad10ba90d45dc66454e9e3a146a8
Certificate serial: 017404437CDE0A7CA4BFD6C96A2A7AF462AFA075
Authority key identifier: D5:C3:D5:E7:0F:C9:AD:10:BA:90:D4:5D:C6:64:54:E9:E3:A1:46:A8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1cPV5w_JrRC6kNRdxmRU6eOhRqg.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/04032c8f-1d57-4c3b-9043-a0e7febf167d/0/AS23220.roa
Signing time: Wed 10 Jan 2024 16:07:48 +0000
ROA not before: Wed 10 Jan 2024 16:02:48 +0000
ROA not after: Wed 08 Jan 2025 16:07:48 +0000
asID: 23220
IP address blocks: 2a14:4487:100::/40 maxlen: 40
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:74:04:43:7c:de:0a:7c:a4:bf:d6:c9:6a:2a:7a:f4:62:af:a0:75
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d5c3d5e70fc9ad10ba90d45dc66454e9e3a146a8
Validity
Not Before: Jan 10 16:02:48 2024 GMT
Not After : Jan 8 16:07:48 2025 GMT
Subject: CN=8E223219AE8DC379B37EA6C40D361EE591C0399B
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9a:ca:2b:6a:25:ed:a8:e2:1c:65:6d:79:94:26:
67:f3:b1:d3:8d:1f:e0:8c:12:69:67:fd:78:a6:e7:
21:1f:85:1f:15:c6:56:32:93:73:e7:03:ad:fd:7e:
54:94:ab:bf:b0:4e:31:d5:8e:91:ff:21:d4:19:76:
7f:d9:f0:f1:93:cb:77:a7:a8:1d:83:48:d4:9b:03:
50:96:b2:39:2f:ee:48:55:e4:f9:2f:e5:8e:60:6c:
72:3d:6e:ed:3e:94:b4:20:74:5a:5c:c1:ed:92:b8:
52:7e:f0:14:8f:cd:1f:27:d9:ba:b8:92:dc:0f:9f:
71:ee:d2:f9:2b:cc:af:1c:ee:86:94:30:21:c4:47:
b2:65:79:39:f8:97:c1:bb:55:b7:ef:3e:21:f4:9f:
c3:de:91:4e:d7:4a:79:35:ce:43:72:4d:5d:04:30:
0d:7a:77:16:e5:b4:fb:97:a5:0e:6c:64:de:a6:f3:
b3:a8:38:93:4d:c2:99:bc:16:44:31:29:5f:25:c5:
5d:83:48:a3:c4:6a:38:0f:47:0a:4b:e5:d3:74:c1:
c2:4b:6e:dd:5b:f7:70:56:3d:7f:fc:89:31:7b:b8:
45:b1:3b:06:cb:ec:4a:2c:50:0d:61:04:f7:87:af:
b1:33:ad:fd:75:63:c4:3c:5f:db:6b:05:39:fc:4e:
2f:d3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8E:22:32:19:AE:8D:C3:79:B3:7E:A6:C4:0D:36:1E:E5:91:C0:39:9B
X509v3 Authority Key Identifier:
keyid:D5:C3:D5:E7:0F:C9:AD:10:BA:90:D4:5D:C6:64:54:E9:E3:A1:46:A8
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/04032c8f-1d57-4c3b-9043-a0e7febf167d/0/D5C3D5E70FC9AD10BA90D45DC66454E9E3A146A8.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1cPV5w_JrRC6kNRdxmRU6eOhRqg.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/04032c8f-1d57-4c3b-9043-a0e7febf167d/0/AS23220.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a14:4487:100::/40
Signature Algorithm: sha256WithRSAEncryption
95:d1:d7:bb:4e:26:91:8a:50:9b:0d:b9:fb:12:f3:0c:df:1e:
5c:e3:ca:70:01:35:be:c2:4f:e9:58:d6:e0:35:a0:62:ad:9a:
5e:2a:de:b8:cb:ce:ae:d0:47:5f:09:c4:d6:d7:a4:06:60:60:
dd:fd:11:64:29:f6:78:96:5f:11:b6:57:41:5a:79:07:65:c6:
cb:83:91:23:dc:93:3e:81:14:0d:e7:5d:f0:bc:fa:85:b8:e5:
38:c1:68:5e:db:b8:30:07:e0:91:15:9f:f7:cb:b0:78:6a:bc:
cb:23:96:6a:61:7e:a9:35:33:f7:4d:07:e7:f9:a2:79:88:57:
f0:50:bc:1e:a0:8e:36:0b:90:68:f8:f3:2f:63:c6:3d:57:fe:
96:d2:62:fb:75:db:f7:4d:f8:6b:3a:f0:f2:64:d8:11:4d:39:
32:62:49:a8:6b:88:44:4a:ea:20:4b:86:da:3c:d8:16:3d:c6:
fa:16:3a:ee:03:dc:4e:90:6b:36:b1:55:3e:ad:bb:33:d4:96:
99:32:34:6f:3a:f2:2c:7f:04:1e:1e:52:d0:e8:00:b6:1a:eb:
67:22:da:1f:1c:9e:b7:7e:7f:c1:8e:27:7b:9a:79:21:db:24:
58:f1:1c:19:84:4b:d1:e9:75:e1:22:cc:db:32:6d:76:8f:08:
b8:6d:91:37
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgIUAXQEQ3zeCnykv9bJaip69GKvoHUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDVjM2Q1ZTcwZmM5YWQxMGJhOTBkNDVkYzY2NDU0ZTll
M2ExNDZhODAeFw0yNDAxMTAxNjAyNDhaFw0yNTAxMDgxNjA3NDhaMDMxMTAvBgNV
BAMTKDhFMjIzMjE5QUU4REMzNzlCMzdFQTZDNDBEMzYxRUU1OTFDMDM5OUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCayitqJe2o4hxlbXmUJmfzsdON
H+CMEmln/Xim5yEfhR8VxlYyk3PnA639flSUq7+wTjHVjpH/IdQZdn/Z8PGTy3en
qB2DSNSbA1CWsjkv7khV5Pkv5Y5gbHI9bu0+lLQgdFpcwe2SuFJ+8BSPzR8n2bq4
ktwPn3Hu0vkrzK8c7oaUMCHER7JleTn4l8G7VbfvPiH0n8PekU7XSnk1zkNyTV0E
MA16dxbltPuXpQ5sZN6m87OoOJNNwpm8FkQxKV8lxV2DSKPEajgPRwpL5dN0wcJL
bt1b93BWPX/8iTF7uEWxOwbL7EosUA1hBPeHr7Ezrf11Y8Q8X9trBTn8Ti/TAgMB
AAGjggILMIICBzAdBgNVHQ4EFgQUjiIyGa6Nw3mzfqbEDTYe5ZHAOZswHwYDVR0j
BBgwFoAU1cPV5w/JrRC6kNRdxmRU6eOhRqgwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDQwMzJjOGYtMWQ1Ny00YzNiLTkwNDMtYTBlN2ZlYmYx
NjdkLzAvRDVDM0Q1RTcwRkM5QUQxMEJBOTBENDVEQzY2NDU0RTlFM0ExNDZBOC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzFjUFY1d19KclJDNmtOUmR4bVJVNmVP
aFJxZy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA0MDMyYzhmLTFkNTct
NGMzYi05MDQzLWEwZTdmZWJmMTY3ZC8wL0FTMjMyMjAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgACMAgDBgAqFESH
ATANBgkqhkiG9w0BAQsFAAOCAQEAldHXu04mkYpQmw25+xLzDN8eXOPKcAE1vsJP
6VjW4DWgYq2aXireuMvOrtBHXwnE1tekBmBg3f0RZCn2eJZfEbZXQVp5B2XGy4OR
I9yTPoEUDedd8Lz6hbjlOMFoXtu4MAfgkRWf98uweGq8yyOWamF+qTUz900H5/mi
eYhX8FC8HqCONguQaPjzL2PGPVf+ltJi+3Xb9034azrw8mTYEU05MmJJqGuIRErq
IEuG2jzYFj3G+hY67gPcTpBrNrFVPq27M9SWmTI0bzryLH8EHh5S0OgAthrrZyLa
Hxyet35/wY4ne5p5IdskWPEcGYRL0el14SLM2zJtdo8IuG2RNw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 20:00:53 2024 by rpki-client on console-ams.rpki-client.org