Route Origin Authorization

$ rpki-client -vvf r.magellan.ipxo.com/repo/a6f2147a-de8a-4440-bca2-6d8b7c876fda-0/0/352e38332e3232302e302f32342d3234203d3e20313939363134.roa
File:                     352e38332e3232302e302f32342d3234203d3e20313939363134.roa (raw, json)
Hash identifier:          idyHfuSU2/iLO7etCQclCQXgFc1b2cro89JTUVUWcNM=
Subject key identifier:   2B:E3:9D:DA:E3:E9:22:B8:B6:F9:C1:A4:52:68:A2:9A:A8:28:0A:44
Certificate issuer:       /CN=2A2FB4DB0AA4D006958316872E467B554E0FD0BE
Certificate serial:       08E410193284AE3C9DE17B39B698A91B2DFF5F2F
Authority key identifier: 2A:2F:B4:DB:0A:A4:D0:06:95:83:16:87:2E:46:7B:55:4E:0F:D0:BE
Authority info access:    rsync://rsync.paas.rpki.ripe.net/repository/9df33a57-7e4f-4844-84e2-b7153b5511b4/0/2A2FB4DB0AA4D006958316872E467B554E0FD0BE.cer
Subject info access:      rsync://r.magellan.ipxo.com/repo/a6f2147a-de8a-4440-bca2-6d8b7c876fda-0/0/352e38332e3232302e302f32342d3234203d3e20313939363134.roa
Signing time:             Sat 09 Mar 2024 20:06:51 +0000
ROA not before:           Sat 09 Mar 2024 20:01:51 +0000
ROA not after:            Sat 08 Mar 2025 20:06:51 +0000
asID:                     199614
IP address blocks:        5.83.220.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://r.magellan.ipxo.com/repo/a6f2147a-de8a-4440-bca2-6d8b7c876fda-0/0/2A2FB4DB0AA4D006958316872E467B554E0FD0BE.crl
                          rsync://r.magellan.ipxo.com/repo/a6f2147a-de8a-4440-bca2-6d8b7c876fda-0/0/2A2FB4DB0AA4D006958316872E467B554E0FD0BE.mft
                          rsync://rsync.paas.rpki.ripe.net/repository/9df33a57-7e4f-4844-84e2-b7153b5511b4/0/2A2FB4DB0AA4D006958316872E467B554E0FD0BE.cer
                          rsync://rsync.paas.rpki.ripe.net/repository/9df33a57-7e4f-4844-84e2-b7153b5511b4/0/4502E63CE01CAD239AC397BC2BB5E6C347DCEEEA.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/9df33a57-7e4f-4844-84e2-b7153b5511b4/0/4502E63CE01CAD239AC397BC2BB5E6C347DCEEEA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RQLmPOAcrSOaw5e8K7Xmw0fc7uo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 13 Dec 2024 04:55:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:e4:10:19:32:84:ae:3c:9d:e1:7b:39:b6:98:a9:1b:2d:ff:5f:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2A2FB4DB0AA4D006958316872E467B554E0FD0BE
        Validity
            Not Before: Mar  9 20:01:51 2024 GMT
            Not After : Mar  8 20:06:51 2025 GMT
        Subject: CN=2BE39DDAE3E922B8B6F9C1A45268A29AA8280A44
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:5f:5c:73:e3:05:fd:29:d2:75:d9:65:01:99:
                    68:6c:9e:ff:ea:ed:cb:b5:5d:ac:70:68:c1:6f:15:
                    96:48:d4:ca:7e:9f:97:7c:18:e7:5d:63:c7:63:6f:
                    90:f0:e6:f6:bc:1f:1e:03:47:32:1a:1f:fd:07:2d:
                    ec:d8:6e:2f:98:90:1b:73:5a:34:e6:75:a3:31:af:
                    7c:80:26:fd:62:78:b5:ca:d4:cb:b3:94:6c:75:61:
                    75:3f:e3:93:ad:eb:d8:cf:79:e6:c3:34:2c:4e:08:
                    18:fd:1d:dc:f7:ac:43:b7:9b:3d:ed:7a:5d:e9:c7:
                    e1:b0:cb:9c:3e:e8:11:8c:f9:b0:c5:77:93:3e:23:
                    2d:b9:8b:c7:12:b3:09:d5:ff:48:dd:cc:06:3e:73:
                    ef:43:3a:46:44:56:81:be:26:a1:3f:b4:a7:14:31:
                    e8:15:47:72:51:cc:a9:57:fb:9f:61:49:13:65:a8:
                    fb:48:6a:c5:53:75:08:58:b7:70:a2:ee:8f:8e:a0:
                    b0:b2:03:17:4a:3b:75:51:ea:88:43:b4:8c:88:37:
                    18:fe:2a:33:17:02:e5:3a:02:fb:82:41:5f:9d:f1:
                    1d:40:20:c8:ed:42:96:9c:a2:02:32:df:2d:57:2b:
                    ff:cd:75:5a:89:d9:ac:cc:90:e8:8a:eb:60:05:14:
                    88:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:E3:9D:DA:E3:E9:22:B8:B6:F9:C1:A4:52:68:A2:9A:A8:28:0A:44
            X509v3 Authority Key Identifier:
                keyid:2A:2F:B4:DB:0A:A4:D0:06:95:83:16:87:2E:46:7B:55:4E:0F:D0:BE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://r.magellan.ipxo.com/repo/a6f2147a-de8a-4440-bca2-6d8b7c876fda-0/0/2A2FB4DB0AA4D006958316872E467B554E0FD0BE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rsync.paas.rpki.ripe.net/repository/9df33a57-7e4f-4844-84e2-b7153b5511b4/0/2A2FB4DB0AA4D006958316872E467B554E0FD0BE.cer

            Subject Information Access:
                Signed Object - URI:rsync://r.magellan.ipxo.com/repo/a6f2147a-de8a-4440-bca2-6d8b7c876fda-0/0/352e38332e3232302e302f32342d3234203d3e20313939363134.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.83.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:78:32:fd:7d:4a:89:df:b3:27:01:56:34:2e:cc:d3:0e:04:
         ae:3d:84:9c:e4:d3:45:27:c8:b0:d8:d4:f8:49:75:d9:02:db:
         ee:ed:f2:75:cc:9d:bc:9a:2b:94:22:23:cf:70:c0:3d:e7:6a:
         0b:85:3d:3b:3b:7f:fe:a2:50:78:05:0f:b2:0e:27:c6:4d:a0:
         9c:b4:a9:53:f0:06:9e:52:48:39:0e:5d:39:c3:6d:90:dc:35:
         4e:39:3e:a0:02:2f:77:26:de:07:a6:19:0c:3c:d0:ce:49:b3:
         ea:f6:96:e5:3b:af:92:d6:e0:9e:fb:7c:df:10:f9:7e:42:04:
         3d:36:9f:49:4e:2c:35:e3:c8:56:10:50:b7:e6:1c:02:35:9f:
         d1:60:4d:4c:a0:96:22:24:9b:81:36:92:f4:b6:ed:b0:cc:29:
         d9:1c:4e:79:0e:e4:e2:9a:d7:a0:db:2e:77:4f:e2:84:50:9e:
         10:71:37:e3:ab:7f:01:40:2a:31:75:75:65:b7:58:0a:44:e8:
         62:20:b2:0e:62:3a:13:b1:cf:91:5f:12:e1:8c:4c:2a:5f:3e:
         b6:20:d8:17:5d:fd:c4:e5:87:cb:30:31:b8:6a:5c:f6:c0:37:
         9e:1b:ba:bd:e6:50:3b:e4:bf:d3:ab:46:6c:83:2f:7b:bb:f6:
         93:39:78:e6
-----BEGIN CERTIFICATE-----
MIIFVjCCBD6gAwIBAgIUCOQQGTKErjyd4Xs5tpipGy3/Xy8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMkEyRkI0REIwQUE0RDAwNjk1ODMxNjg3MkU0NjdCNTU0
RTBGRDBCRTAeFw0yNDAzMDkyMDAxNTFaFw0yNTAzMDgyMDA2NTFaMDMxMTAvBgNV
BAMTKDJCRTM5RERBRTNFOTIyQjhCNkY5QzFBNDUyNjhBMjlBQTgyODBBNDQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCeX1xz4wX9KdJ12WUBmWhsnv/q
7cu1XaxwaMFvFZZI1Mp+n5d8GOddY8djb5Dw5va8Hx4DRzIaH/0HLezYbi+YkBtz
WjTmdaMxr3yAJv1ieLXK1MuzlGx1YXU/45Ot69jPeebDNCxOCBj9Hdz3rEO3mz3t
el3px+Gwy5w+6BGM+bDFd5M+Iy25i8cSswnV/0jdzAY+c+9DOkZEVoG+JqE/tKcU
MegVR3JRzKlX+59hSRNlqPtIasVTdQhYt3Ci7o+OoLCyAxdKO3VR6ohDtIyINxj+
KjMXAuU6AvuCQV+d8R1AIMjtQpacogIy3y1XK//NdVqJ2azMkOiK62AFFIhrAgMB
AAGjggJgMIICXDAdBgNVHQ4EFgQUK+Od2uPpIri2+cGkUmiimqgoCkQwHwYDVR0j
BBgwFoAUKi+02wqk0AaVgxaHLkZ7VU4P0L4wDgYDVR0PAQH/BAQDAgeAMIGIBgNV
HR8EgYAwfjB8oHqgeIZ2cnN5bmM6Ly9yLm1hZ2VsbGFuLmlweG8uY29tL3JlcG8v
YTZmMjE0N2EtZGU4YS00NDQwLWJjYTItNmQ4YjdjODc2ZmRhLTAvMC8yQTJGQjRE
QjBBQTREMDA2OTU4MzE2ODcyRTQ2N0I1NTRFMEZEMEJFLmNybDCBngYIKwYBBQUH
AQEEgZEwgY4wgYsGCCsGAQUFBzAChn9yc3luYzovL3JzeW5jLnBhYXMucnBraS5y
aXBlLm5ldC9yZXBvc2l0b3J5LzlkZjMzYTU3LTdlNGYtNDg0NC04NGUyLWI3MTUz
YjU1MTFiNC8wLzJBMkZCNERCMEFBNEQwMDY5NTgzMTY4NzJFNDY3QjU1NEUwRkQw
QkUuY2VyMIGiBggrBgEFBQcBCwSBlTCBkjCBjwYIKwYBBQUHMAuGgYJyc3luYzov
L3IubWFnZWxsYW4uaXB4by5jb20vcmVwby9hNmYyMTQ3YS1kZThhLTQ0NDAtYmNh
Mi02ZDhiN2M4NzZmZGEtMC8wLzM1MmUzODMzMmUzMjMyMzAyZTMwMmYzMjM0MmQz
MjM0MjAzZDNlMjAzMTM5MzkzNjMxMzQucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYB
BQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAFU9wwDQYJKoZIhvcN
AQELBQADggEBAJp4Mv19SonfsycBVjQuzNMOBK49hJzk00UnyLDY1PhJddkC2+7t
8nXMnbyaK5QiI89wwD3naguFPTs7f/6iUHgFD7IOJ8ZNoJy0qVPwBp5SSDkOXTnD
bZDcNU45PqACL3cm3gemGQw80M5Js+r2luU7r5LW4J77fN8Q+X5CBD02n0lOLDXj
yFYQULfmHAI1n9FgTUygliIkm4E2kvS27bDMKdkcTnkO5OKa16DbLndP4oRQnhBx
N+OrfwFAKjF1dWW3WApE6GIgsg5iOhOxz5FfEuGMTCpfPrYg2Bdd/cTlh8swMbhq
XPbAN54bur3mUDvkv9OrRmyDL3u79pM5eOY=
-----END CERTIFICATE-----
Generated at Thu Dec 12 11:54:15 2024 by rpki-client on console-fra.rpki-client.org