Route Origin Authorization

$ rpki-client -vvf r.magellan.ipxo.com/repo/a6f2147a-de8a-4440-bca2-6d8b7c876fda-0/0/352e38332e3230382e302f32332d3233203d3e20343030393039.roa
File:                     352e38332e3230382e302f32332d3233203d3e20343030393039.roa (raw, json)
Hash identifier:          yLBbxpNe9I7WiPjJuGa1iOpvcurshHQXSZBBlvKjRVM=
Subject key identifier:   0F:D1:10:52:FF:6B:83:8A:CC:88:17:E4:B5:64:C9:C7:66:70:9A:CA
Certificate issuer:       /CN=2A2FB4DB0AA4D006958316872E467B554E0FD0BE
Certificate serial:       5FBC656295E0ED1F4A5B4C51EEAA3F45D11D75D6
Authority key identifier: 2A:2F:B4:DB:0A:A4:D0:06:95:83:16:87:2E:46:7B:55:4E:0F:D0:BE
Authority info access:    rsync://rsync.paas.rpki.ripe.net/repository/9df33a57-7e4f-4844-84e2-b7153b5511b4/0/2A2FB4DB0AA4D006958316872E467B554E0FD0BE.cer
Subject info access:      rsync://r.magellan.ipxo.com/repo/a6f2147a-de8a-4440-bca2-6d8b7c876fda-0/0/352e38332e3230382e302f32332d3233203d3e20343030393039.roa
Signing time:             Sat 24 Feb 2024 20:54:08 +0000
ROA not before:           Sat 24 Feb 2024 20:49:08 +0000
ROA not after:            Sat 22 Feb 2025 20:54:08 +0000
asID:                     400909
IP address blocks:        5.83.208.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://r.magellan.ipxo.com/repo/a6f2147a-de8a-4440-bca2-6d8b7c876fda-0/0/2A2FB4DB0AA4D006958316872E467B554E0FD0BE.crl
                          rsync://r.magellan.ipxo.com/repo/a6f2147a-de8a-4440-bca2-6d8b7c876fda-0/0/2A2FB4DB0AA4D006958316872E467B554E0FD0BE.mft
                          rsync://rsync.paas.rpki.ripe.net/repository/9df33a57-7e4f-4844-84e2-b7153b5511b4/0/2A2FB4DB0AA4D006958316872E467B554E0FD0BE.cer
                          rsync://rsync.paas.rpki.ripe.net/repository/9df33a57-7e4f-4844-84e2-b7153b5511b4/0/4502E63CE01CAD239AC397BC2BB5E6C347DCEEEA.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/9df33a57-7e4f-4844-84e2-b7153b5511b4/0/4502E63CE01CAD239AC397BC2BB5E6C347DCEEEA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RQLmPOAcrSOaw5e8K7Xmw0fc7uo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 11:57:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5f:bc:65:62:95:e0:ed:1f:4a:5b:4c:51:ee:aa:3f:45:d1:1d:75:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2A2FB4DB0AA4D006958316872E467B554E0FD0BE
        Validity
            Not Before: Feb 24 20:49:08 2024 GMT
            Not After : Feb 22 20:54:08 2025 GMT
        Subject: CN=0FD11052FF6B838ACC8817E4B564C9C766709ACA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:5d:ec:51:52:4f:df:df:40:33:4a:5e:87:cf:
                    b9:18:f5:62:6f:bb:4b:03:b4:f7:87:64:16:71:ba:
                    ce:64:da:2f:00:48:5d:9e:2c:f9:82:b8:8d:3d:1e:
                    ec:50:d4:94:e1:ca:24:90:09:22:97:bf:79:bd:d2:
                    80:22:35:a6:0d:1e:a2:87:91:4a:4b:77:3e:fc:59:
                    a9:3b:e0:d5:0e:8b:3e:4e:30:1a:de:28:7e:40:48:
                    33:37:e5:e0:a6:71:fb:30:a6:24:0b:ef:df:3d:a1:
                    01:6a:ac:00:e4:5c:e0:32:1d:fe:30:95:e8:79:39:
                    18:64:5b:f7:d0:87:f3:34:f1:ea:76:94:fc:c0:d6:
                    80:7c:11:2a:e4:85:e9:99:e2:5e:6a:1a:cd:88:15:
                    48:ff:c7:70:f7:7b:fe:0a:b9:c3:56:7b:95:f1:62:
                    86:55:4b:b6:43:ca:9e:de:5e:22:76:d1:b7:ea:cf:
                    95:cb:8f:6d:7a:cc:c1:8b:d8:1d:aa:8f:7e:80:53:
                    d8:c7:a4:ea:74:5e:92:7e:84:33:7c:03:1c:90:a7:
                    a2:17:ee:f9:d8:d8:9a:c8:1b:f5:d9:f0:ed:d7:58:
                    97:83:fa:bd:02:ba:71:c3:90:d7:29:23:ca:cd:b4:
                    c0:e7:5b:69:d8:98:47:c9:67:37:11:83:15:ac:c4:
                    89:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:D1:10:52:FF:6B:83:8A:CC:88:17:E4:B5:64:C9:C7:66:70:9A:CA
            X509v3 Authority Key Identifier:
                keyid:2A:2F:B4:DB:0A:A4:D0:06:95:83:16:87:2E:46:7B:55:4E:0F:D0:BE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://r.magellan.ipxo.com/repo/a6f2147a-de8a-4440-bca2-6d8b7c876fda-0/0/2A2FB4DB0AA4D006958316872E467B554E0FD0BE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rsync.paas.rpki.ripe.net/repository/9df33a57-7e4f-4844-84e2-b7153b5511b4/0/2A2FB4DB0AA4D006958316872E467B554E0FD0BE.cer

            Subject Information Access:
                Signed Object - URI:rsync://r.magellan.ipxo.com/repo/a6f2147a-de8a-4440-bca2-6d8b7c876fda-0/0/352e38332e3230382e302f32332d3233203d3e20343030393039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.83.208.0/23

    Signature Algorithm: sha256WithRSAEncryption
         34:b4:ca:76:c6:6c:dc:07:34:23:f2:83:fd:78:e9:19:cb:4f:
         43:40:db:ba:ff:07:45:b4:88:5b:6b:31:87:76:c7:bc:b2:f3:
         08:95:3d:26:62:fb:c6:30:b9:81:e3:87:7c:76:cc:32:2b:b1:
         40:c7:6c:45:e7:9c:82:c7:9b:9f:fa:e6:3f:ee:64:a8:7d:67:
         e2:ad:b5:c9:f6:10:b9:94:71:d4:a9:16:57:61:ae:52:85:19:
         14:8a:ad:66:b0:74:60:95:e7:8e:be:1f:8e:cc:72:a8:3c:f4:
         4d:1e:d1:71:f3:a2:f5:bd:3d:2f:b4:94:95:6e:be:8b:8e:54:
         f1:be:0c:80:bb:0c:0b:71:f2:d7:a0:ae:c8:30:de:6c:01:fc:
         a7:b5:cb:45:a8:4b:4f:d0:46:7d:23:fe:66:59:1e:4a:96:51:
         44:b3:e6:90:eb:6f:2b:2e:09:48:c6:53:c7:42:04:8c:19:83:
         c8:2a:28:87:52:52:45:7d:e9:e8:c1:42:cd:d1:c6:eb:ca:c2:
         a9:5b:c0:a3:a0:0e:75:5c:f4:f6:a9:07:e0:a3:59:59:56:10:
         30:4a:7b:09:c4:b4:d6:f8:29:bf:fb:9c:98:b2:16:a2:45:1b:
         e9:23:fa:a8:10:4b:ec:e0:f8:77:cb:c8:b2:34:ed:f4:f2:30:
         dc:59:83:c1
-----BEGIN CERTIFICATE-----
MIIFVjCCBD6gAwIBAgIUX7xlYpXg7R9KW0xR7qo/RdEdddYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMkEyRkI0REIwQUE0RDAwNjk1ODMxNjg3MkU0NjdCNTU0
RTBGRDBCRTAeFw0yNDAyMjQyMDQ5MDhaFw0yNTAyMjIyMDU0MDhaMDMxMTAvBgNV
BAMTKDBGRDExMDUyRkY2QjgzOEFDQzg4MTdFNEI1NjRDOUM3NjY3MDlBQ0EwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTXexRUk/f30AzSl6Hz7kY9WJv
u0sDtPeHZBZxus5k2i8ASF2eLPmCuI09HuxQ1JThyiSQCSKXv3m90oAiNaYNHqKH
kUpLdz78Wak74NUOiz5OMBreKH5ASDM35eCmcfswpiQL7989oQFqrADkXOAyHf4w
leh5ORhkW/fQh/M08ep2lPzA1oB8ESrkhemZ4l5qGs2IFUj/x3D3e/4KucNWe5Xx
YoZVS7ZDyp7eXiJ20bfqz5XLj216zMGL2B2qj36AU9jHpOp0XpJ+hDN8AxyQp6IX
7vnY2JrIG/XZ8O3XWJeD+r0CunHDkNcpI8rNtMDnW2nYmEfJZzcRgxWsxIlLAgMB
AAGjggJgMIICXDAdBgNVHQ4EFgQUD9EQUv9rg4rMiBfktWTJx2ZwmsowHwYDVR0j
BBgwFoAUKi+02wqk0AaVgxaHLkZ7VU4P0L4wDgYDVR0PAQH/BAQDAgeAMIGIBgNV
HR8EgYAwfjB8oHqgeIZ2cnN5bmM6Ly9yLm1hZ2VsbGFuLmlweG8uY29tL3JlcG8v
YTZmMjE0N2EtZGU4YS00NDQwLWJjYTItNmQ4YjdjODc2ZmRhLTAvMC8yQTJGQjRE
QjBBQTREMDA2OTU4MzE2ODcyRTQ2N0I1NTRFMEZEMEJFLmNybDCBngYIKwYBBQUH
AQEEgZEwgY4wgYsGCCsGAQUFBzAChn9yc3luYzovL3JzeW5jLnBhYXMucnBraS5y
aXBlLm5ldC9yZXBvc2l0b3J5LzlkZjMzYTU3LTdlNGYtNDg0NC04NGUyLWI3MTUz
YjU1MTFiNC8wLzJBMkZCNERCMEFBNEQwMDY5NTgzMTY4NzJFNDY3QjU1NEUwRkQw
QkUuY2VyMIGiBggrBgEFBQcBCwSBlTCBkjCBjwYIKwYBBQUHMAuGgYJyc3luYzov
L3IubWFnZWxsYW4uaXB4by5jb20vcmVwby9hNmYyMTQ3YS1kZThhLTQ0NDAtYmNh
Mi02ZDhiN2M4NzZmZGEtMC8wLzM1MmUzODMzMmUzMjMwMzgyZTMwMmYzMjMzMmQz
MjMzMjAzZDNlMjAzNDMwMzAzOTMwMzkucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYB
BQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAEFU9AwDQYJKoZIhvcN
AQELBQADggEBADS0ynbGbNwHNCPyg/146RnLT0NA27r/B0W0iFtrMYd2x7yy8wiV
PSZi+8YwuYHjh3x2zDIrsUDHbEXnnILHm5/65j/uZKh9Z+Kttcn2ELmUcdSpFldh
rlKFGRSKrWawdGCV546+H47Mcqg89E0e0XHzovW9PS+0lJVuvouOVPG+DIC7DAtx
8tegrsgw3mwB/Ke1y0WoS0/QRn0j/mZZHkqWUUSz5pDrbysuCUjGU8dCBIwZg8gq
KIdSUkV96ejBQs3RxuvKwqlbwKOgDnVc9PapB+CjWVlWEDBKewnEtNb4Kb/7nJiy
FqJFG+kj+qgQS+zg+HfLyLI07fTyMNxZg8E=
-----END CERTIFICATE-----
Generated at Mon Nov 25 17:55:28 2024 by rpki-client on console-fra.rpki-client.org