Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/dc2912-c7b0-4df4-9aa8-65332b47f5eb/1/IKb6n8sHD8fYXNSjwwDhNV8Lvz4.roa
File: IKb6n8sHD8fYXNSjwwDhNV8Lvz4.roa (raw, json)
Hash identifier: CMFsNtld4asXYajVIDKqif0hvRM6GFD6V6nmxr/Cmyg=
Subject key identifier: 20:A6:FA:9F:CB:07:0F:C7:D8:5C:D4:A3:C3:00:E1:35:5F:0B:BF:3E
Certificate issuer: /CN=c089423af1be03027196d1f81df22992978cda6e
Certificate serial: 06C013FC
Authority key identifier: C0:89:42:3A:F1:BE:03:02:71:96:D1:F8:1D:F2:29:92:97:8C:DA:6E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/wIlCOvG-AwJxltH4HfIpkpeM2m4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/27/dc2912-c7b0-4df4-9aa8-65332b47f5eb/1/IKb6n8sHD8fYXNSjwwDhNV8Lvz4.roa
Signing time: Sat 01 Jan 2022 11:03:15 +0000
ROA not before: Sat 01 Jan 2022 11:03:15 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 328543
IP address blocks: 185.249.60.0/22 maxlen: 23
2a0c:640::/29 maxlen: 29
2a0d:2480::/29 maxlen: 29
2a0c:f480::/29 maxlen: 29
2a0c:9380::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 113251324 (0x6c013fc)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c089423af1be03027196d1f81df22992978cda6e
Validity
Not Before: Jan 1 11:03:15 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=20a6fa9fcb070fc7d85cd4a3c300e1355f0bbf3e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e4:12:77:bd:ba:39:7b:9a:d3:0c:ff:c9:a8:b4:
ba:d4:59:23:82:f0:f1:9d:25:80:20:47:d8:b5:e9:
a4:b5:29:9c:34:b6:1d:a6:f3:97:62:2b:95:23:bd:
aa:01:5b:e9:af:0b:8c:32:8f:25:68:a5:b9:bd:b8:
33:73:f3:c3:91:ef:08:3b:cf:f4:94:0c:3f:30:f3:
50:23:80:ac:c2:0d:e7:1f:e7:9e:c1:0c:8d:a2:e1:
b9:d9:06:3b:41:18:ca:86:51:20:4f:a5:37:6b:44:
da:de:14:bd:b9:95:f7:1e:51:92:4a:4e:19:d9:18:
5a:ee:d7:73:3a:64:9b:a2:16:d6:26:b1:db:6d:c3:
d5:39:fd:9c:d7:af:81:7c:4d:99:4c:eb:6e:ed:f4:
21:7f:2b:44:0e:db:27:51:b5:8b:bd:20:c2:b1:e0:
02:23:2e:f7:b4:27:60:76:90:22:a6:10:f9:22:4b:
41:4b:aa:32:2d:28:fa:8f:79:a5:0a:74:48:02:d9:
34:80:3e:18:5c:68:73:32:fd:af:f8:b6:08:8d:3f:
d4:c4:07:89:9d:bf:57:da:b6:60:9e:1a:3e:49:3c:
1a:8e:b2:00:a6:bb:44:01:06:53:c1:ab:b4:ba:f6:
1b:0f:f7:d6:55:04:08:6b:e1:0e:63:32:de:c0:b6:
e7:1f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
20:A6:FA:9F:CB:07:0F:C7:D8:5C:D4:A3:C3:00:E1:35:5F:0B:BF:3E
X509v3 Authority Key Identifier:
keyid:C0:89:42:3A:F1:BE:03:02:71:96:D1:F8:1D:F2:29:92:97:8C:DA:6E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wIlCOvG-AwJxltH4HfIpkpeM2m4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/dc2912-c7b0-4df4-9aa8-65332b47f5eb/1/IKb6n8sHD8fYXNSjwwDhNV8Lvz4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/27/dc2912-c7b0-4df4-9aa8-65332b47f5eb/1/wIlCOvG-AwJxltH4HfIpkpeM2m4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.249.60.0/22
IPv6:
2a0c:640::/29
2a0c:9380::/29
2a0c:f480::/29
2a0d:2480::/29
Signature Algorithm: sha256WithRSAEncryption
81:0f:b5:e4:89:b8:49:b8:66:1e:80:96:b8:46:79:78:f5:30:
54:9f:4d:23:69:a9:25:1a:77:cb:c1:c8:f6:45:bf:82:26:f1:
3f:40:8f:fb:2b:ef:45:cd:63:b1:d0:dc:86:4c:ae:50:d5:24:
43:32:9b:2c:7b:ca:4f:ed:29:d5:c4:4f:67:ce:b3:34:e7:b5:
05:d6:4f:3e:2a:2a:8a:d8:4f:33:9b:4f:55:ed:df:7a:9d:53:
93:7a:df:82:dd:41:19:78:f7:b7:12:ec:a4:d5:b8:3a:e6:3b:
8d:e7:b5:35:25:e6:da:22:4e:8b:b2:fc:03:cd:e5:8e:39:b9:
9f:4d:26:37:19:53:ee:2b:6f:f2:92:d0:e5:9b:8d:67:92:38:
4a:52:f9:d8:10:58:23:08:2b:79:6b:84:f6:33:d0:c6:96:9f:
f3:3f:6e:5d:bc:56:7b:f7:e5:a4:55:63:13:a3:7d:3e:ab:04:
dd:65:be:e5:75:c5:cd:71:f3:48:83:21:bf:6e:92:90:8a:d3:
d6:0a:68:47:5c:a5:08:33:36:6d:d0:e7:12:cc:61:bf:cd:66:
72:f2:8c:e9:2f:b7:39:2e:51:54:10:61:8f:cb:b4:3b:08:4d:
f3:3f:46:db:de:92:ad:b6:06:6b:c3:11:28:d2:b7:58:c6:1c:
4c:fa:a6:a8
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgIEBsAT/DANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhj
MDg5NDIzYWYxYmUwMzAyNzE5NmQxZjgxZGYyMjk5Mjk3OGNkYTZlMB4XDTIyMDEw
MTExMDMxNVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMjBhNmZhOWZjYjA3
MGZjN2Q4NWNkNGEzYzMwMGUxMzU1ZjBiYmYzZTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAOQSd726OXua0wz/yai0utRZI4Lw8Z0lgCBH2LXppLUpnDS2
Habzl2IrlSO9qgFb6a8LjDKPJWilub24M3Pzw5HvCDvP9JQMPzDzUCOArMIN5x/n
nsEMjaLhudkGO0EYyoZRIE+lN2tE2t4UvbmV9x5RkkpOGdkYWu7Xczpkm6IW1iax
223D1Tn9nNevgXxNmUzrbu30IX8rRA7bJ1G1i70gwrHgAiMu97QnYHaQIqYQ+SJL
QUuqMi0o+o95pQp0SALZNIA+GFxoczL9r/i2CI0/1MQHiZ2/V9q2YJ4aPkk8Go6y
AKa7RAEGU8GrtLr2Gw/31lUECGvhDmMy3sC25x8CAwEAAaOCAi0wggIpMB0GA1Ud
DgQWBBQgpvqfywcPx9hc1KPDAOE1Xwu/PjAfBgNVHSMEGDAWgBTAiUI68b4DAnGW
0fgd8imSl4zabjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3dJbENPdkctQXdKeGx0SDRIZklwa3BlTTJtNC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMjcvZGMyOTEyLWM3YjAtNGRmNC05YWE4LTY1MzMyYjQ3ZjVlYi8x
L0lLYjZuOHNIRDhmWVhOU2p3d0RoTlY4THZ6NC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjcv
ZGMyOTEyLWM3YjAtNGRmNC05YWE4LTY1MzMyYjQ3ZjVlYi8xL3dJbENPdkctQXdK
eGx0SDRIZklwa3BlTTJtNC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBD
BggrBgEFBQcBBwEB/wQ0MDIwDAQCAAEwBgMEArn5PDAiBAIAAjAcAwUDKgwGQAMF
AyoMk4ADBQMqDPSAAwUDKg0kgDANBgkqhkiG9w0BAQsFAAOCAQEAgQ+15Im4Sbhm
HoCWuEZ5ePUwVJ9NI2mpJRp3y8HI9kW/gibxP0CP+yvvRc1jsdDchkyuUNUkQzKb
LHvKT+0p1cRPZ86zNOe1BdZPPioqithPM5tPVe3fep1Tk3rfgt1BGXj3txLspNW4
OuY7jee1NSXm2iJOi7L8A83ljjm5n00mNxlT7itv8pLQ5ZuNZ5I4SlL52BBYIwgr
eWuE9jPQxpaf8z9uXbxWe/flpFVjE6N9PqsE3WW+5XXFzXHzSIMhv26SkIrT1gpo
R1ylCDM2bdDnEsxhv81mcvKM6S+3OS5RVBBhj8u0OwhN8z9G296SrbYGa8MRKNK3
WMYcTPqmqA==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:49:20 2023 by rpki-client on console-ams.rpki-client.org