Route Origin Authorization

$ rpki-client -vvf r.magellan.ipxo.com/repo/528a218f-ad28-40d2-bd7f-350eada3d705-0/0/AS200017.roa
File:                     AS200017.roa (raw, json)
Hash identifier:          0fLDqj0VedLimFdeiLYZU9Z0k79/dgkk4UUi4bBY9DM=
Subject key identifier:   52:BA:39:C2:C0:E0:72:54:3F:22:00:5F:C4:A6:73:72:10:27:05:21
Certificate issuer:       /CN=D34606949D385DB42714FE71274FAC9948EF279C
Certificate serial:       3EC9381EEC0E9BA984566480ED81B02AE5C15A71
Authority key identifier: D3:46:06:94:9D:38:5D:B4:27:14:FE:71:27:4F:AC:99:48:EF:27:9C
Authority info access:    rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/D34606949D385DB42714FE71274FAC9948EF279C.cer
Subject info access:      rsync://r.magellan.ipxo.com/repo/528a218f-ad28-40d2-bd7f-350eada3d705-0/0/AS200017.roa
Signing time:             Fri 26 Apr 2024 08:05:16 +0000
ROA not before:           Fri 26 Apr 2024 08:00:16 +0000
ROA not after:            Fri 25 Apr 2025 08:05:16 +0000
asID:                     200017
IP address blocks:        86.38.220.0/24 maxlen: 24
                          89.116.92.0/24 maxlen: 24
                          89.117.115.0/24 maxlen: 24
                          89.117.164.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://r.magellan.ipxo.com/repo/528a218f-ad28-40d2-bd7f-350eada3d705-0/0/D34606949D385DB42714FE71274FAC9948EF279C.crl
                          rsync://r.magellan.ipxo.com/repo/528a218f-ad28-40d2-bd7f-350eada3d705-0/0/D34606949D385DB42714FE71274FAC9948EF279C.mft
                          rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/D34606949D385DB42714FE71274FAC9948EF279C.cer
                          rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/9DF85997B1B9B358E1C43F36765AA0A4A02144AE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/9DF85997B1B9B358E1C43F36765AA0A4A02144AE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nfhZl7G5s1jhxD82dlqgpKAhRK4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 20:58:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3e:c9:38:1e:ec:0e:9b:a9:84:56:64:80:ed:81:b0:2a:e5:c1:5a:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=D34606949D385DB42714FE71274FAC9948EF279C
        Validity
            Not Before: Apr 26 08:00:16 2024 GMT
            Not After : Apr 25 08:05:16 2025 GMT
        Subject: CN=52BA39C2C0E072543F22005FC4A6737210270521
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:2b:f5:ac:5a:e2:9e:04:b4:43:91:cf:42:2d:
                    21:04:49:1d:a9:85:52:b2:a6:b3:0d:f6:cb:67:e8:
                    12:c1:ec:5c:cb:7f:93:1c:cf:69:b2:a6:38:76:78:
                    c6:74:23:73:5c:06:d6:80:11:a8:48:ef:d2:fa:d2:
                    71:c8:54:07:71:64:db:89:06:91:6a:f7:ad:e2:3c:
                    b8:5c:fd:99:1a:28:94:99:f1:c5:e2:e4:a2:0a:22:
                    36:dd:5d:40:52:99:20:57:b1:8c:73:8c:86:7e:d5:
                    73:85:46:93:87:b6:f4:85:6f:b7:66:19:d0:ec:f9:
                    08:6c:ce:7b:49:e1:42:12:5d:67:e8:2c:88:6d:70:
                    e3:7f:19:56:40:90:d0:bb:ff:fc:88:8b:61:34:f0:
                    84:8d:1e:11:24:e4:c5:21:d7:21:81:8e:cc:f0:73:
                    a8:70:86:19:21:e9:ff:0e:44:b8:1d:04:43:25:97:
                    54:ef:0c:9a:69:fe:05:df:85:da:b4:c5:4b:f3:90:
                    45:9c:3b:c5:a5:c5:bf:5f:52:cb:30:f7:3d:8b:80:
                    2e:7f:45:ea:27:4d:e2:97:2f:fc:dc:1f:85:69:0b:
                    ae:8f:67:66:d4:b9:2a:74:a7:e7:ad:10:21:e9:31:
                    df:f7:03:e4:c4:3f:6b:71:0c:22:dc:2c:08:f5:46:
                    37:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:BA:39:C2:C0:E0:72:54:3F:22:00:5F:C4:A6:73:72:10:27:05:21
            X509v3 Authority Key Identifier:
                keyid:D3:46:06:94:9D:38:5D:B4:27:14:FE:71:27:4F:AC:99:48:EF:27:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://r.magellan.ipxo.com/repo/528a218f-ad28-40d2-bd7f-350eada3d705-0/0/D34606949D385DB42714FE71274FAC9948EF279C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/D34606949D385DB42714FE71274FAC9948EF279C.cer

            Subject Information Access:
                Signed Object - URI:rsync://r.magellan.ipxo.com/repo/528a218f-ad28-40d2-bd7f-350eada3d705-0/0/AS200017.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.38.220.0/24
                  89.116.92.0/24
                  89.117.115.0/24
                  89.117.164.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:78:f8:4b:e2:f3:0c:ef:5e:82:85:13:d7:a0:71:57:ef:2e:
         2d:46:8f:e0:60:2e:2b:15:7e:95:26:3a:c2:5c:3b:35:d5:df:
         58:cb:af:63:64:8f:94:0b:d2:26:ca:49:97:5c:1e:d5:d4:8f:
         62:85:cb:6e:e8:c3:a9:96:29:0e:41:e1:42:ff:d1:77:51:d7:
         f8:80:f9:ec:69:6c:43:9d:86:e1:49:fc:2d:15:8b:54:57:63:
         9f:4e:e1:b9:4e:83:c1:a2:61:42:45:5d:c2:2b:a3:35:ba:4e:
         c9:f3:48:cd:ea:92:62:6f:1f:99:3c:1c:f0:31:e4:99:df:b5:
         64:57:29:0f:db:f0:28:c2:92:97:e6:39:ef:ee:c1:84:15:ba:
         f6:bc:34:63:e2:ca:5f:3e:42:90:f7:c6:fd:33:e1:c6:1f:94:
         3c:62:a6:62:19:96:6d:53:81:69:81:90:35:8b:f5:51:2a:21:
         28:a8:6a:fb:77:09:b7:67:dc:3f:fa:ba:ef:da:a3:45:32:90:
         6f:b6:37:c0:01:24:fb:33:d2:55:1d:15:99:2f:f7:d3:21:58:
         7f:e5:3a:f7:55:2d:f2:04:c8:f7:8e:c8:3b:81:21:80:1a:ec:
         d6:1e:2a:73:70:d7:be:2e:46:5a:7a:6c:ce:82:be:13:3a:2e:
         06:db:02:9e
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgIUPsk4HuwOm6mEVmSA7YGwKuXBWnEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoRDM0NjA2OTQ5RDM4NURCNDI3MTRGRTcxMjc0RkFDOTk0
OEVGMjc5QzAeFw0yNDA0MjYwODAwMTZaFw0yNTA0MjUwODA1MTZaMDMxMTAvBgNV
BAMTKDUyQkEzOUMyQzBFMDcyNTQzRjIyMDA1RkM0QTY3MzcyMTAyNzA1MjEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOK/WsWuKeBLRDkc9CLSEESR2p
hVKyprMN9stn6BLB7FzLf5Mcz2mypjh2eMZ0I3NcBtaAEahI79L60nHIVAdxZNuJ
BpFq963iPLhc/ZkaKJSZ8cXi5KIKIjbdXUBSmSBXsYxzjIZ+1XOFRpOHtvSFb7dm
GdDs+QhszntJ4UISXWfoLIhtcON/GVZAkNC7//yIi2E08ISNHhEk5MUh1yGBjszw
c6hwhhkh6f8ORLgdBEMll1TvDJpp/gXfhdq0xUvzkEWcO8Wlxb9fUssw9z2LgC5/
ReonTeKXL/zcH4VpC66PZ2bUuSp0p+etECHpMd/3A+TEP2txDCLcLAj1Rjf5AgMB
AAGjggJBMIICPTAdBgNVHQ4EFgQUUro5wsDgclQ/IgBfxKZzchAnBSEwHwYDVR0j
BBgwFoAU00YGlJ04XbQnFP5xJ0+smUjvJ5wwDgYDVR0PAQH/BAQDAgeAMIGIBgNV
HR8EgYAwfjB8oHqgeIZ2cnN5bmM6Ly9yLm1hZ2VsbGFuLmlweG8uY29tL3JlcG8v
NTI4YTIxOGYtYWQyOC00MGQyLWJkN2YtMzUwZWFkYTNkNzA1LTAvMC9EMzQ2MDY5
NDlEMzg1REI0MjcxNEZFNzEyNzRGQUM5OTQ4RUYyNzlDLmNybDCBngYIKwYBBQUH
AQEEgZEwgY4wgYsGCCsGAQUFBzAChn9yc3luYzovL3JzeW5jLnBhYXMucnBraS5y
aXBlLm5ldC9yZXBvc2l0b3J5LzAwMmUwYmEzLWZlNjAtNDViMS05MTYwLTg2OGEy
ZjhhNDNiMS8zL0QzNDYwNjk0OUQzODVEQjQyNzE0RkU3MTI3NEZBQzk5NDhFRjI3
OUMuY2VyMHIGCCsGAQUFBwELBGYwZDBiBggrBgEFBQcwC4ZWcnN5bmM6Ly9yLm1h
Z2VsbGFuLmlweG8uY29tL3JlcG8vNTI4YTIxOGYtYWQyOC00MGQyLWJkN2YtMzUw
ZWFkYTNkNzA1LTAvMC9BUzIwMDAxNy5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEF
BQcOAjAxBggrBgEFBQcBBwEB/wQiMCAwHgQCAAEwGAMEAFYm3AMEAFl0XAMEAFl1
cwMEAFl1pDANBgkqhkiG9w0BAQsFAAOCAQEATHj4S+LzDO9egoUT16BxV+8uLUaP
4GAuKxV+lSY6wlw7NdXfWMuvY2SPlAvSJspJl1we1dSPYoXLbujDqZYpDkHhQv/R
d1HX+ID57GlsQ52G4Un8LRWLVFdjn07huU6DwaJhQkVdwiujNbpOyfNIzeqSYm8f
mTwc8DHkmd+1ZFcpD9vwKMKSl+Y57+7BhBW69rw0Y+LKXz5CkPfG/TPhxh+UPGKm
YhmWbVOBaYGQNYv1USohKKhq+3cJt2fcP/q679qjRTKQb7Y3wAEk+zPSVR0VmS/3
0yFYf+U691Ut8gTI947IO4EhgBrs1h4qc3DXvi5GWnpszoK+EzouBtsCng==
-----END CERTIFICATE-----
Generated at Fri Nov 22 06:33:22 2024 by rpki-client on console-ams.rpki-client.org