Route Origin Authorization

$ rpki-client -vvf rpki.xindi.eu/repo/XINDI/0/326130623a326630303a3a2f33322d3332203d3e203438313132.roa
File:                     326130623a326630303a3a2f33322d3332203d3e203438313132.roa (raw, json)
Hash identifier:          xJFmnRKSAu9WMuJ2EG8WdzeovKbHBnDwsoyrNikpRug=
Subject key identifier:   AC:04:23:AA:21:CE:96:26:4F:DE:32:E9:8E:8E:3F:F9:C4:2C:BE:A1
Certificate issuer:       /CN=60183287eb08ece0c65fa49a3f45621c612ddbd1
Certificate serial:       69E8EA50B7C4F1670CDDC4A2FBCE5EDA26B52640
Authority key identifier: 60:18:32:87:EB:08:EC:E0:C6:5F:A4:9A:3F:45:62:1C:61:2D:DB:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer
Subject info access:      rsync://rpki.xindi.eu/repo/XINDI/0/326130623a326630303a3a2f33322d3332203d3e203438313132.roa
Signing time:             Thu 04 Apr 2024 18:54:24 +0000
ROA not before:           Thu 04 Apr 2024 18:49:24 +0000
ROA not after:            Thu 03 Apr 2025 18:54:24 +0000
asID:                     48112
IP address blocks:        2a0b:2f00::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.crl
                          rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 15:27:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            69:e8:ea:50:b7:c4:f1:67:0c:dd:c4:a2:fb:ce:5e:da:26:b5:26:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60183287eb08ece0c65fa49a3f45621c612ddbd1
        Validity
            Not Before: Apr  4 18:49:24 2024 GMT
            Not After : Apr  3 18:54:24 2025 GMT
        Subject: CN=AC0423AA21CE96264FDE32E98E8E3FF9C42CBEA1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:a1:18:c4:45:34:a8:04:bf:49:3e:b4:7e:22:
                    a5:2e:9e:f2:58:39:56:1b:a3:49:5b:d8:02:27:06:
                    bb:fa:57:9a:b2:34:62:ae:6b:bd:fd:6b:b4:bc:19:
                    98:01:4d:cf:3c:c2:a7:d3:4f:a9:ec:ad:22:26:6e:
                    53:3f:b8:a2:a1:e9:56:1b:9f:61:f4:33:d9:d3:9b:
                    3d:75:2e:4d:51:2b:df:51:35:a6:69:6d:0e:17:3c:
                    36:d7:01:96:0e:e6:ed:61:74:59:2d:41:fe:67:6a:
                    81:21:15:aa:ee:40:04:4a:4f:c5:67:5d:25:f7:ea:
                    bf:98:7a:b2:a9:45:a9:cf:50:83:da:f0:6f:13:f7:
                    d7:65:48:fa:92:ad:ac:37:69:1c:9f:e4:e4:7a:20:
                    20:e6:16:79:ba:18:4a:2f:cc:0d:93:06:36:f7:7f:
                    0f:dd:3a:16:74:93:16:29:8a:e5:b9:27:18:70:63:
                    8e:58:02:a8:78:23:6d:f3:98:91:a1:02:17:df:4c:
                    85:15:83:69:05:bd:7e:80:89:77:80:e2:f1:87:64:
                    9f:45:7c:ba:90:ba:98:00:0d:9a:dd:a6:7f:fa:e2:
                    d7:8f:51:16:51:cb:87:fa:0b:a1:59:2b:83:fb:ba:
                    c7:fe:b7:82:9f:ff:a4:33:8c:72:95:b2:99:b7:00:
                    50:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:04:23:AA:21:CE:96:26:4F:DE:32:E9:8E:8E:3F:F9:C4:2C:BE:A1
            X509v3 Authority Key Identifier:
                keyid:60:18:32:87:EB:08:EC:E0:C6:5F:A4:9A:3F:45:62:1C:61:2D:DB:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.xindi.eu/repo/XINDI/0/326130623a326630303a3a2f33322d3332203d3e203438313132.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:2f00::/32

    Signature Algorithm: sha256WithRSAEncryption
         69:c3:bf:c5:01:f1:d8:bc:50:d2:0f:26:47:f0:0f:6f:f7:89:
         75:69:36:05:df:f9:ba:41:a1:17:d9:59:e2:5c:05:aa:76:09:
         9b:45:6f:22:2e:70:d1:1a:ba:41:ab:52:3c:f8:9b:af:96:e9:
         f7:04:59:cf:0c:61:74:17:f0:bc:6b:29:99:07:8f:2d:55:b7:
         30:9a:0f:97:f6:8c:d0:4c:f0:db:3e:af:c2:70:07:db:48:ee:
         cf:a0:f3:69:d0:6b:99:46:17:29:5c:32:08:f0:6f:6e:80:ff:
         8d:0a:b2:34:fb:f9:90:27:8e:d0:7c:52:62:d3:24:5b:89:c2:
         b1:b1:78:76:49:c9:04:f5:8f:bf:ca:7e:64:1c:f9:6f:e2:b2:
         72:93:ce:54:3d:35:d1:f9:dc:be:bd:54:5b:2e:a5:e3:81:6b:
         8f:0d:52:7b:1c:e3:24:89:09:7d:ad:1e:34:f4:86:28:0a:39:
         13:ee:b9:6f:4d:40:cc:b8:60:59:ae:c3:14:1c:bb:ab:1d:95:
         ef:a4:5a:be:d0:f2:b4:5e:11:ab:cb:0d:83:d0:ad:4c:84:80:
         13:53:35:db:5a:2d:ff:15:38:b1:8c:b1:b5:06:c7:21:a0:d6:
         1e:d6:4f:ff:af:bf:25:49:22:83:03:80:af:42:c3:0c:57:87:
         01:5e:34:21
-----BEGIN CERTIFICATE-----
MIIExzCCA6+gAwIBAgIUaejqULfE8WcM3cSi+85e2ia1JkAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjAxODMyODdlYjA4ZWNlMGM2NWZhNDlhM2Y0NTYyMWM2
MTJkZGJkMTAeFw0yNDA0MDQxODQ5MjRaFw0yNTA0MDMxODU0MjRaMDMxMTAvBgNV
BAMTKEFDMDQyM0FBMjFDRTk2MjY0RkRFMzJFOThFOEUzRkY5QzQyQ0JFQTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUoRjERTSoBL9JPrR+IqUunvJY
OVYbo0lb2AInBrv6V5qyNGKua739a7S8GZgBTc88wqfTT6nsrSImblM/uKKh6VYb
n2H0M9nTmz11Lk1RK99RNaZpbQ4XPDbXAZYO5u1hdFktQf5naoEhFaruQARKT8Vn
XSX36r+YerKpRanPUIPa8G8T99dlSPqSraw3aRyf5OR6ICDmFnm6GEovzA2TBjb3
fw/dOhZ0kxYpiuW5JxhwY45YAqh4I23zmJGhAhffTIUVg2kFvX6AiXeA4vGHZJ9F
fLqQupgADZrdpn/64tePURZRy4f6C6FZK4P7usf+t4Kf/6QzjHKVspm3AFDRAgMB
AAGjggHRMIIBzTAdBgNVHQ4EFgQUrAQjqiHOliZP3jLpjo4/+cQsvqEwHwYDVR0j
BBgwFoAUYBgyh+sI7ODGX6SaP0ViHGEt29EwDgYDVR0PAQH/BAQDAgeAMGAGA1Ud
HwRZMFcwVaBToFGGT3JzeW5jOi8vcnBraS54aW5kaS5ldS9yZXBvL1hJTkRJLzAv
NjAxODMyODdFQjA4RUNFMEM2NUZBNDlBM0Y0NTYyMUM2MTJEREJEMS5jcmwwZAYI
KwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQv
cmVwb3NpdG9yeS9ERUZBVUxUL1lCZ3loLXNJN09ER1g2U2FQMFZpSEdFdDI5RS5j
ZXIwdwYIKwYBBQUHAQsEazBpMGcGCCsGAQUFBzALhltyc3luYzovL3Jwa2kueGlu
ZGkuZXUvcmVwby9YSU5ESS8wLzMyNjEzMDYyM2EzMjY2MzAzMDNhM2EyZjMzMzIy
ZDMzMzIyMDNkM2UyMDM0MzgzMTMxMzIucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYB
BQUHDgIwIAYIKwYBBQUHAQcBAf8EETAPMA0EAgACMAcDBQAqCy8AMA0GCSqGSIb3
DQEBCwUAA4IBAQBpw7/FAfHYvFDSDyZH8A9v94l1aTYF3/m6QaEX2VniXAWqdgmb
RW8iLnDRGrpBq1I8+Juvlun3BFnPDGF0F/C8aymZB48tVbcwmg+X9ozQTPDbPq/C
cAfbSO7PoPNp0GuZRhcpXDII8G9ugP+NCrI0+/mQJ47QfFJi0yRbicKxsXh2SckE
9Y+/yn5kHPlv4rJyk85UPTXR+dy+vVRbLqXjgWuPDVJ7HOMkiQl9rR409IYoCjkT
7rlvTUDMuGBZrsMUHLurHZXvpFq+0PK0XhGryw2D0K1MhIATUzXbWi3/FTixjLG1
BschoNYe1k//r78lSSKDA4CvQsMMV4cBXjQh
-----END CERTIFICATE-----