Route Origin Authorization

$ rpki-client -vvf rpki.xindi.eu/repo/XINDI/0/39312e3230382e3137392e302f32342d3234203d3e203339303032.roa
File:                     39312e3230382e3137392e302f32342d3234203d3e203339303032.roa (raw, json)
Hash identifier:          FlUQwN6XcUdUpfxDINa19B5T/R+sVXP92T3PfMLwgDI=
Subject key identifier:   03:AD:8D:5C:70:BA:42:7D:A9:D5:DF:79:1A:6A:F3:9A:1E:CF:C3:B4
Certificate issuer:       /CN=60183287eb08ece0c65fa49a3f45621c612ddbd1
Certificate serial:       2735CE898F8B6A92A1085C92E3FE2BA850DE456D
Authority key identifier: 60:18:32:87:EB:08:EC:E0:C6:5F:A4:9A:3F:45:62:1C:61:2D:DB:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer
Subject info access:      rsync://rpki.xindi.eu/repo/XINDI/0/39312e3230382e3137392e302f32342d3234203d3e203339303032.roa
Signing time:             Wed 09 Jul 2025 13:37:42 +0000
ROA not before:           Wed 09 Jul 2025 13:32:42 +0000
ROA not after:            Wed 08 Jul 2026 13:37:42 +0000
asID:                     39002
IP address blocks:        91.208.179.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.crl
                          rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 30 Jul 2025 07:49:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            27:35:ce:89:8f:8b:6a:92:a1:08:5c:92:e3:fe:2b:a8:50:de:45:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60183287eb08ece0c65fa49a3f45621c612ddbd1
        Validity
            Not Before: Jul  9 13:32:42 2025 GMT
            Not After : Jul  8 13:37:42 2026 GMT
        Subject: CN=03AD8D5C70BA427DA9D5DF791A6AF39A1ECFC3B4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:71:3c:ee:08:df:65:07:b2:b9:90:a5:ff:b2:
                    9e:14:76:90:bc:01:db:68:21:5e:f2:0c:27:8d:48:
                    91:c1:4f:1c:ae:6a:21:ed:87:72:67:98:36:35:00:
                    c9:14:73:5c:27:73:e9:68:ad:30:01:5f:27:4b:96:
                    3e:59:aa:29:9d:81:b0:02:35:fa:c9:d2:1e:b4:33:
                    d9:c5:48:c3:de:b0:0a:f4:75:e4:46:5c:65:0b:ce:
                    39:b5:66:66:b3:b8:0c:05:8c:f7:28:69:37:5b:56:
                    4b:f2:cd:94:8d:1c:d6:05:9c:60:e7:37:2a:70:fc:
                    0a:5b:84:3c:86:78:d8:d8:6f:1e:f0:41:34:13:bd:
                    1f:b5:94:8e:78:bd:d6:da:f4:3a:3c:70:c4:5f:57:
                    bb:78:54:02:1a:0b:fe:69:eb:c7:3e:66:c5:3a:76:
                    1d:44:2f:bb:7f:d3:81:f5:ff:3e:67:62:a1:49:58:
                    95:af:9a:d7:8f:17:de:ca:a7:7e:ff:45:2e:58:36:
                    7b:57:30:8b:8c:00:06:f8:09:25:03:2a:54:ec:e4:
                    8c:14:95:d4:cf:2f:35:44:16:ec:c7:5f:70:fd:56:
                    ad:ae:6a:92:e8:c1:1b:97:92:5b:99:06:de:01:ba:
                    97:30:04:79:41:94:32:0d:81:cd:29:9b:b1:21:76:
                    24:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:AD:8D:5C:70:BA:42:7D:A9:D5:DF:79:1A:6A:F3:9A:1E:CF:C3:B4
            X509v3 Authority Key Identifier:
                keyid:60:18:32:87:EB:08:EC:E0:C6:5F:A4:9A:3F:45:62:1C:61:2D:DB:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.xindi.eu/repo/XINDI/0/39312e3230382e3137392e302f32342d3234203d3e203339303032.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.208.179.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ce:00:cc:fd:cd:e9:86:bf:a1:b6:3f:e8:4b:33:a5:6b:22:10:
         29:95:c0:2d:14:e5:fd:10:d7:48:0a:e1:12:ef:82:aa:28:19:
         d3:3e:46:01:fc:25:d9:d5:a0:4b:38:41:e3:fc:66:b1:5d:f8:
         04:dc:fe:85:d8:5a:c3:75:1b:32:7b:27:64:f9:2a:30:65:e8:
         ce:7a:e5:77:10:0f:b6:dd:52:f1:51:ea:54:55:f9:16:f5:80:
         8d:93:73:c1:83:b5:3a:cd:ab:c0:ef:d4:11:63:2e:83:dd:12:
         2d:82:57:9c:12:66:9e:f3:4d:39:ed:f8:c5:92:ae:a0:55:11:
         3b:47:a3:59:37:52:36:82:9a:db:a3:da:2e:4d:99:ec:72:bf:
         5c:ae:77:34:cc:b8:83:78:a3:02:44:58:08:eb:8f:d7:bb:04:
         02:eb:33:5c:6f:09:09:db:f2:67:24:3a:4a:77:c1:87:00:4a:
         8a:4f:05:04:00:4d:50:36:83:83:20:36:99:68:a1:5e:51:f7:
         94:b1:f8:8f:d1:07:90:38:54:94:aa:a1:60:9b:8e:ed:1d:07:
         dc:01:da:bd:49:ba:ae:4f:11:70:be:31:2d:7c:71:26:ca:d4:
         ce:e9:50:22:6c:18:35:a1:d6:5a:25:2a:ab:66:3c:d5:82:9e:
         3a:8e:99:65
-----BEGIN CERTIFICATE-----
MIIEyDCCA7CgAwIBAgIUJzXOiY+LapKhCFyS4/4rqFDeRW0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjAxODMyODdlYjA4ZWNlMGM2NWZhNDlhM2Y0NTYyMWM2
MTJkZGJkMTAeFw0yNTA3MDkxMzMyNDJaFw0yNjA3MDgxMzM3NDJaMDMxMTAvBgNV
BAMTKDAzQUQ4RDVDNzBCQTQyN0RBOUQ1REY3OTFBNkFGMzlBMUVDRkMzQjQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpcTzuCN9lB7K5kKX/sp4UdpC8
AdtoIV7yDCeNSJHBTxyuaiHth3JnmDY1AMkUc1wnc+lorTABXydLlj5ZqimdgbAC
NfrJ0h60M9nFSMPesAr0deRGXGULzjm1ZmazuAwFjPcoaTdbVkvyzZSNHNYFnGDn
Nypw/ApbhDyGeNjYbx7wQTQTvR+1lI54vdba9Do8cMRfV7t4VAIaC/5p68c+ZsU6
dh1EL7t/04H1/z5nYqFJWJWvmtePF97Kp37/RS5YNntXMIuMAAb4CSUDKlTs5IwU
ldTPLzVEFuzHX3D9Vq2uapLowRuXkluZBt4BupcwBHlBlDINgc0pm7EhdiTxAgMB
AAGjggHSMIIBzjAdBgNVHQ4EFgQUA62NXHC6Qn2p1d95Gmrzmh7Pw7QwHwYDVR0j
BBgwFoAUYBgyh+sI7ODGX6SaP0ViHGEt29EwDgYDVR0PAQH/BAQDAgeAMGAGA1Ud
HwRZMFcwVaBToFGGT3JzeW5jOi8vcnBraS54aW5kaS5ldS9yZXBvL1hJTkRJLzAv
NjAxODMyODdFQjA4RUNFMEM2NUZBNDlBM0Y0NTYyMUM2MTJEREJEMS5jcmwwZAYI
KwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQv
cmVwb3NpdG9yeS9ERUZBVUxUL1lCZ3loLXNJN09ER1g2U2FQMFZpSEdFdDI5RS5j
ZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jwa2kueGlu
ZGkuZXUvcmVwby9YSU5ESS8wLzM5MzEyZTMyMzAzODJlMzEzNzM5MmUzMDJmMzIz
NDJkMzIzNDIwM2QzZTIwMzMzOTMwMzAzMi5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFvQszANBgkqhkiG
9w0BAQsFAAOCAQEAzgDM/c3phr+htj/oSzOlayIQKZXALRTl/RDXSArhEu+CqigZ
0z5GAfwl2dWgSzhB4/xmsV34BNz+hdhaw3UbMnsnZPkqMGXoznrldxAPtt1S8VHq
VFX5FvWAjZNzwYO1Os2rwO/UEWMug90SLYJXnBJmnvNNOe34xZKuoFURO0ejWTdS
NoKa26PaLk2Z7HK/XK53NMy4g3ijAkRYCOuP17sEAuszXG8JCdvyZyQ6SnfBhwBK
ik8FBABNUDaDgyA2mWihXlH3lLH4j9EHkDhUlKqhYJuO7R0H3AHavUm6rk8RcL4x
LXxxJsrUzulQImwYNaHWWiUqq2Y81YKeOo6ZZQ==
-----END CERTIFICATE-----