Route Origin Authorization

$ rpki-client -vvf r.magellan.ipxo.com/repo/528a218f-ad28-40d2-bd7f-350eada3d705-0/0/AS205220.roa
File:                     AS205220.roa (raw, json)
Hash identifier:          wxXtHHGN3GYrfPDTeTiuSFv8MyTsTsLC+yNmnTwu3Ng=
Subject key identifier:   2C:80:C1:44:F5:CF:39:A9:65:8C:8D:F9:25:71:99:E1:01:55:11:FD
Certificate issuer:       /CN=D34606949D385DB42714FE71274FAC9948EF279C
Certificate serial:       0359C43220AE608A7FBF67EA412864AD4E95EFB3
Authority key identifier: D3:46:06:94:9D:38:5D:B4:27:14:FE:71:27:4F:AC:99:48:EF:27:9C
Authority info access:    rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/D34606949D385DB42714FE71274FAC9948EF279C.cer
Subject info access:      rsync://r.magellan.ipxo.com/repo/528a218f-ad28-40d2-bd7f-350eada3d705-0/0/AS205220.roa
Signing time:             Tue 12 Nov 2024 18:43:27 +0000
ROA not before:           Tue 12 Nov 2024 18:38:27 +0000
ROA not after:            Tue 11 Nov 2025 18:43:27 +0000
asID:                     205220
IP address blocks:        89.116.148.0/23 maxlen: 24
                          89.117.24.0/23 maxlen: 24
                          89.117.70.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://r.magellan.ipxo.com/repo/528a218f-ad28-40d2-bd7f-350eada3d705-0/0/D34606949D385DB42714FE71274FAC9948EF279C.crl
                          rsync://r.magellan.ipxo.com/repo/528a218f-ad28-40d2-bd7f-350eada3d705-0/0/D34606949D385DB42714FE71274FAC9948EF279C.mft
                          rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/D34606949D385DB42714FE71274FAC9948EF279C.cer
                          rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/9DF85997B1B9B358E1C43F36765AA0A4A02144AE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/9DF85997B1B9B358E1C43F36765AA0A4A02144AE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nfhZl7G5s1jhxD82dlqgpKAhRK4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 11 Dec 2024 06:33:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:59:c4:32:20:ae:60:8a:7f:bf:67:ea:41:28:64:ad:4e:95:ef:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=D34606949D385DB42714FE71274FAC9948EF279C
        Validity
            Not Before: Nov 12 18:38:27 2024 GMT
            Not After : Nov 11 18:43:27 2025 GMT
        Subject: CN=2C80C144F5CF39A9658C8DF9257199E1015511FD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:61:c9:07:e7:3e:ab:fa:92:d6:e5:4a:d9:a6:
                    16:bc:b3:60:94:c3:f0:8e:d7:87:95:56:63:6a:19:
                    c6:7e:b6:bf:f0:e0:10:6c:bc:65:71:26:a6:ee:c8:
                    50:7c:d0:4e:ac:a8:a2:ed:f3:28:00:4c:57:5c:af:
                    72:7c:96:01:f2:75:33:ca:4a:a7:a3:9b:35:fb:75:
                    16:af:4f:95:67:7e:54:50:f5:b0:59:6b:b3:ca:f3:
                    3a:38:ac:77:ad:78:6d:e2:d9:f3:13:47:bb:af:99:
                    ed:c8:7d:1b:69:a8:7c:49:0f:8a:ba:68:d8:3f:56:
                    db:49:cb:d3:62:cf:49:15:22:cd:79:ce:28:e8:e8:
                    82:7d:75:0c:33:48:19:92:be:04:d5:53:50:70:89:
                    b1:37:bc:ad:e7:96:13:57:53:b6:f4:52:05:9a:4a:
                    45:b0:83:50:b7:43:88:2f:e4:f5:02:33:8b:83:e6:
                    4e:fa:73:46:39:1a:a0:4d:31:a1:ae:db:47:e0:94:
                    3e:f5:d6:21:1a:68:c2:cd:88:54:a1:ab:28:51:1e:
                    0e:a7:ac:fc:ba:09:20:41:c6:53:0b:16:64:b7:74:
                    25:33:1d:94:33:19:4f:e4:6f:a8:e0:13:e3:79:f6:
                    25:9c:ce:1a:5c:cb:94:8c:12:56:2f:e6:b5:e3:87:
                    11:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:80:C1:44:F5:CF:39:A9:65:8C:8D:F9:25:71:99:E1:01:55:11:FD
            X509v3 Authority Key Identifier:
                keyid:D3:46:06:94:9D:38:5D:B4:27:14:FE:71:27:4F:AC:99:48:EF:27:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://r.magellan.ipxo.com/repo/528a218f-ad28-40d2-bd7f-350eada3d705-0/0/D34606949D385DB42714FE71274FAC9948EF279C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/D34606949D385DB42714FE71274FAC9948EF279C.cer

            Subject Information Access:
                Signed Object - URI:rsync://r.magellan.ipxo.com/repo/528a218f-ad28-40d2-bd7f-350eada3d705-0/0/AS205220.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.116.148.0/23
                  89.117.24.0/23
                  89.117.70.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3b:76:11:56:6f:50:fa:88:35:68:5e:d7:77:46:86:4f:be:b1:
         2a:28:ac:62:fe:4a:50:cd:62:86:c0:59:d3:b7:63:e0:19:17:
         fe:82:4d:73:1e:11:fd:cc:8b:32:06:9f:dd:50:dd:66:89:30:
         f7:8b:8e:69:e6:ba:46:d6:f6:47:08:40:24:84:25:dc:7a:56:
         0a:e5:e6:d2:98:4e:ab:f0:85:c2:da:a8:af:51:17:04:42:33:
         af:46:c6:44:d0:25:ce:b8:a4:75:17:18:6c:5e:85:2b:c7:d4:
         fa:f9:61:ad:48:f1:ce:c3:ba:61:7d:14:93:1b:ee:81:a2:f3:
         fb:ba:58:3e:f9:30:5b:5e:86:e9:87:e1:96:e9:46:fb:98:20:
         99:c1:9c:db:a6:b0:a5:ad:9e:b3:78:42:bc:e6:33:60:64:ec:
         8f:89:36:3e:3a:28:0e:3d:c7:80:a3:40:5c:ea:40:22:91:f8:
         5e:60:55:37:73:e0:6d:25:35:0d:a2:72:9b:97:91:cd:f0:f8:
         f3:1e:11:40:a8:16:62:c5:7b:c0:1d:ff:e8:6d:45:7f:27:dd:
         f9:fa:df:81:cb:e1:a7:8d:00:f4:b5:0b:33:70:ef:72:ea:37:
         c0:e9:00:29:21:13:28:ca:ac:1f:a1:19:73:7a:44:8c:e0:98:
         54:94:ff:0d
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUA1nEMiCuYIp/v2fqQShkrU6V77MwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoRDM0NjA2OTQ5RDM4NURCNDI3MTRGRTcxMjc0RkFDOTk0
OEVGMjc5QzAeFw0yNDExMTIxODM4MjdaFw0yNTExMTExODQzMjdaMDMxMTAvBgNV
BAMTKDJDODBDMTQ0RjVDRjM5QTk2NThDOERGOTI1NzE5OUUxMDE1NTExRkQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+YckH5z6r+pLW5UrZpha8s2CU
w/CO14eVVmNqGcZ+tr/w4BBsvGVxJqbuyFB80E6sqKLt8ygATFdcr3J8lgHydTPK
SqejmzX7dRavT5VnflRQ9bBZa7PK8zo4rHeteG3i2fMTR7uvme3IfRtpqHxJD4q6
aNg/VttJy9Niz0kVIs15zijo6IJ9dQwzSBmSvgTVU1BwibE3vK3nlhNXU7b0UgWa
SkWwg1C3Q4gv5PUCM4uD5k76c0Y5GqBNMaGu20fglD711iEaaMLNiFShqyhRHg6n
rPy6CSBBxlMLFmS3dCUzHZQzGU/kb6jgE+N59iWczhpcy5SMElYv5rXjhxEDAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQULIDBRPXPOalljI35JXGZ4QFVEf0wHwYDVR0j
BBgwFoAU00YGlJ04XbQnFP5xJ0+smUjvJ5wwDgYDVR0PAQH/BAQDAgeAMIGIBgNV
HR8EgYAwfjB8oHqgeIZ2cnN5bmM6Ly9yLm1hZ2VsbGFuLmlweG8uY29tL3JlcG8v
NTI4YTIxOGYtYWQyOC00MGQyLWJkN2YtMzUwZWFkYTNkNzA1LTAvMC9EMzQ2MDY5
NDlEMzg1REI0MjcxNEZFNzEyNzRGQUM5OTQ4RUYyNzlDLmNybDCBngYIKwYBBQUH
AQEEgZEwgY4wgYsGCCsGAQUFBzAChn9yc3luYzovL3JzeW5jLnBhYXMucnBraS5y
aXBlLm5ldC9yZXBvc2l0b3J5LzAwMmUwYmEzLWZlNjAtNDViMS05MTYwLTg2OGEy
ZjhhNDNiMS8zL0QzNDYwNjk0OUQzODVEQjQyNzE0RkU3MTI3NEZBQzk5NDhFRjI3
OUMuY2VyMHIGCCsGAQUFBwELBGYwZDBiBggrBgEFBQcwC4ZWcnN5bmM6Ly9yLm1h
Z2VsbGFuLmlweG8uY29tL3JlcG8vNTI4YTIxOGYtYWQyOC00MGQyLWJkN2YtMzUw
ZWFkYTNkNzA1LTAvMC9BUzIwNTIyMC5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEF
BQcOAjArBggrBgEFBQcBBwEB/wQcMBowGAQCAAEwEgMEAVl0lAMEAVl1GAMEAVl1
RjANBgkqhkiG9w0BAQsFAAOCAQEAO3YRVm9Q+og1aF7Xd0aGT76xKiisYv5KUM1i
hsBZ07dj4BkX/oJNcx4R/cyLMgaf3VDdZokw94uOaea6Rtb2RwhAJIQl3HpWCuXm
0phOq/CFwtqor1EXBEIzr0bGRNAlzrikdRcYbF6FK8fU+vlhrUjxzsO6YX0Ukxvu
gaLz+7pYPvkwW16G6YfhlulG+5ggmcGc26awpa2es3hCvOYzYGTsj4k2PjooDj3H
gKNAXOpAIpH4XmBVN3PgbSU1DaJym5eRzfD48x4RQKgWYsV7wB3/6G1Ffyfd+frf
gcvhp40A9LULM3Dvcuo3wOkAKSETKMqsH6EZc3pEjOCYVJT/DQ==
-----END CERTIFICATE-----
Generated at Tue Dec 10 15:36:18 2024 by rpki-client on console-fra.rpki-client.org