Route Origin Authorization

$ rpki-client -vvf rpki.xindi.eu/repo/XINDI/0/3138352e3137332e31362e302f32322d3232203d3e203438313132.roa
File:                     3138352e3137332e31362e302f32322d3232203d3e203438313132.roa (raw, json)
Hash identifier:          g85O2vSXo1lriv58wuGvhiw3CUYccBMxt4uYGgDPhh0=
Subject key identifier:   8B:4A:A1:7A:D3:9A:41:2F:1E:1A:DB:FD:6B:CE:E5:F5:D6:57:27:A0
Certificate issuer:       /CN=60183287eb08ece0c65fa49a3f45621c612ddbd1
Certificate serial:       4FF546B06C0F5504AE80F4E3B44A479F5B73BDE3
Authority key identifier: 60:18:32:87:EB:08:EC:E0:C6:5F:A4:9A:3F:45:62:1C:61:2D:DB:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer
Subject info access:      rsync://rpki.xindi.eu/repo/XINDI/0/3138352e3137332e31362e302f32322d3232203d3e203438313132.roa
Signing time:             Wed 27 Sep 2023 11:50:59 +0000
ROA not before:           Wed 27 Sep 2023 11:45:59 +0000
ROA not after:            Wed 25 Sep 2024 11:50:59 +0000
asID:                     48112
IP address blocks:        185.173.16.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.crl
                          rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 13:06:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4f:f5:46:b0:6c:0f:55:04:ae:80:f4:e3:b4:4a:47:9f:5b:73:bd:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60183287eb08ece0c65fa49a3f45621c612ddbd1
        Validity
            Not Before: Sep 27 11:45:59 2023 GMT
            Not After : Sep 25 11:50:59 2024 GMT
        Subject: CN=8B4AA17AD39A412F1E1ADBFD6BCEE5F5D65727A0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:25:56:ca:01:df:5b:fc:c0:47:a9:31:37:42:
                    f2:d7:04:ce:1d:3c:d8:f2:38:00:1e:91:12:6f:58:
                    25:f8:92:90:13:62:e1:dd:66:c5:03:c6:e0:e9:77:
                    56:81:43:6a:0d:84:c6:17:9b:4b:ec:ab:fd:bc:86:
                    da:aa:55:57:59:de:e7:4a:74:13:26:55:70:4f:c5:
                    1f:fa:34:26:d2:c0:8e:f4:34:7a:27:4e:7f:90:7e:
                    c2:af:ae:9c:38:e7:7c:fe:79:7a:25:f1:27:bc:cc:
                    c2:54:a7:60:cc:ad:df:fc:88:20:64:79:97:02:11:
                    d2:8a:39:de:d8:0c:fd:e6:13:f5:70:b4:84:9e:f0:
                    47:17:3b:7a:2f:f6:12:d9:4f:ed:b3:2d:85:1a:48:
                    0d:e4:9e:62:3a:7f:44:a0:70:cb:cc:1b:b9:f8:65:
                    0f:e2:d0:02:c2:be:41:12:d4:18:02:75:51:6c:61:
                    fd:bf:96:28:82:96:24:0d:4e:74:d1:58:1c:b2:dc:
                    e0:de:f3:79:54:44:4f:8b:8e:e1:5e:a6:00:c2:6e:
                    88:81:e3:57:70:d2:3b:2b:33:82:99:12:10:46:5e:
                    41:5c:a1:d0:ee:4f:ee:1b:4d:6f:7d:fa:f8:89:61:
                    00:91:6d:b7:fb:71:41:00:2c:38:b7:de:e5:fb:e6:
                    66:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:4A:A1:7A:D3:9A:41:2F:1E:1A:DB:FD:6B:CE:E5:F5:D6:57:27:A0
            X509v3 Authority Key Identifier:
                keyid:60:18:32:87:EB:08:EC:E0:C6:5F:A4:9A:3F:45:62:1C:61:2D:DB:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.xindi.eu/repo/XINDI/0/3138352e3137332e31362e302f32322d3232203d3e203438313132.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.173.16.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5e:10:e4:5c:36:17:ad:13:6f:93:7a:9b:4c:85:13:1d:bd:3e:
         23:88:d7:01:84:18:d4:e4:b8:b6:92:38:80:2f:8c:9e:0c:e1:
         32:09:f9:41:0c:0c:c8:ce:0c:fa:db:8c:bc:b4:63:b5:fc:f8:
         7d:53:97:0a:d0:22:eb:5f:e1:b0:09:75:e5:21:a1:bd:60:fb:
         33:44:75:81:cf:07:97:22:33:68:4b:8d:9f:5a:e3:34:37:f0:
         2e:62:46:da:91:2d:27:2c:18:cb:02:ef:78:b1:75:89:85:9c:
         ef:bf:22:af:55:40:c4:8d:b3:43:ca:f5:a6:cd:30:b1:6d:7a:
         d7:88:09:a5:46:9a:ef:57:bc:00:0b:72:35:46:db:74:75:09:
         8b:ea:2b:b1:c9:25:b2:69:77:d8:5f:c5:8b:02:c8:87:c9:b2:
         93:d3:4c:99:33:6d:0b:c0:76:03:bf:76:af:4f:cf:f2:b3:95:
         12:41:9d:f6:3a:93:06:70:0a:dc:49:ec:06:b2:95:7e:b3:82:
         a3:60:10:ec:2f:51:bc:ae:40:3c:d1:81:65:f2:33:ea:bb:5a:
         a2:21:eb:97:e3:b8:9d:71:c8:bb:b4:31:53:30:8c:0a:a8:f7:
         46:c7:20:44:d5:35:d8:00:88:62:87:a5:a3:fe:15:59:6d:73:
         fb:bd:41:ba
-----BEGIN CERTIFICATE-----
MIIEyDCCA7CgAwIBAgIUT/VGsGwPVQSugPTjtEpHn1tzveMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjAxODMyODdlYjA4ZWNlMGM2NWZhNDlhM2Y0NTYyMWM2
MTJkZGJkMTAeFw0yMzA5MjcxMTQ1NTlaFw0yNDA5MjUxMTUwNTlaMDMxMTAvBgNV
BAMTKDhCNEFBMTdBRDM5QTQxMkYxRTFBREJGRDZCQ0VFNUY1RDY1NzI3QTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCVJVbKAd9b/MBHqTE3QvLXBM4d
PNjyOAAekRJvWCX4kpATYuHdZsUDxuDpd1aBQ2oNhMYXm0vsq/28htqqVVdZ3udK
dBMmVXBPxR/6NCbSwI70NHonTn+QfsKvrpw453z+eXol8Se8zMJUp2DMrd/8iCBk
eZcCEdKKOd7YDP3mE/VwtISe8EcXO3ov9hLZT+2zLYUaSA3knmI6f0SgcMvMG7n4
ZQ/i0ALCvkES1BgCdVFsYf2/liiCliQNTnTRWByy3ODe83lURE+LjuFepgDCboiB
41dw0jsrM4KZEhBGXkFcodDuT+4bTW99+viJYQCRbbf7cUEALDi33uX75mZBAgMB
AAGjggHSMIIBzjAdBgNVHQ4EFgQUi0qhetOaQS8eGtv9a87l9dZXJ6AwHwYDVR0j
BBgwFoAUYBgyh+sI7ODGX6SaP0ViHGEt29EwDgYDVR0PAQH/BAQDAgeAMGAGA1Ud
HwRZMFcwVaBToFGGT3JzeW5jOi8vcnBraS54aW5kaS5ldS9yZXBvL1hJTkRJLzAv
NjAxODMyODdFQjA4RUNFMEM2NUZBNDlBM0Y0NTYyMUM2MTJEREJEMS5jcmwwZAYI
KwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQv
cmVwb3NpdG9yeS9ERUZBVUxUL1lCZ3loLXNJN09ER1g2U2FQMFZpSEdFdDI5RS5j
ZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jwa2kueGlu
ZGkuZXUvcmVwby9YSU5ESS8wLzMxMzgzNTJlMzEzNzMzMmUzMTM2MmUzMDJmMzIz
MjJkMzIzMjIwM2QzZTIwMzQzODMxMzEzMi5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEArmtEDANBgkqhkiG
9w0BAQsFAAOCAQEAXhDkXDYXrRNvk3qbTIUTHb0+I4jXAYQY1OS4tpI4gC+Mngzh
Mgn5QQwMyM4M+tuMvLRjtfz4fVOXCtAi61/hsAl15SGhvWD7M0R1gc8HlyIzaEuN
n1rjNDfwLmJG2pEtJywYywLveLF1iYWc778ir1VAxI2zQ8r1ps0wsW1614gJpUaa
71e8AAtyNUbbdHUJi+orscklsml32F/FiwLIh8myk9NMmTNtC8B2A792r0/P8rOV
EkGd9jqTBnAK3EnsBrKVfrOCo2AQ7C9RvK5APNGBZfIz6rtaoiHrl+O4nXHIu7Qx
UzCMCqj3RscgRNU12ACIYoelo/4VWW1z+71Bug==
-----END CERTIFICATE-----