Route Origin Authorization

$ rpki-client -vvf rpki.xindi.eu/repo/XINDI/0/3138352e3137332e31362e302f32322d3232203d3e203438313132.roa
File:                     3138352e3137332e31362e302f32322d3232203d3e203438313132.roa (raw, json)
Hash identifier:          TH9EGF42Lqys5eExf8OaxVfBQlR/lHy3Y9e39NCRih8=
Subject key identifier:   06:19:06:08:04:6A:AB:41:B9:FF:76:A7:AE:9E:6F:A9:4B:4A:D5:FD
Certificate issuer:       /CN=60183287eb08ece0c65fa49a3f45621c612ddbd1
Certificate serial:       01CA95BB377882AE822A966C4BC0092CE828B8AC
Authority key identifier: 60:18:32:87:EB:08:EC:E0:C6:5F:A4:9A:3F:45:62:1C:61:2D:DB:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer
Subject info access:      rsync://rpki.xindi.eu/repo/XINDI/0/3138352e3137332e31362e302f32322d3232203d3e203438313132.roa
Signing time:             Wed 30 Jul 2025 12:37:48 +0000
ROA not before:           Wed 30 Jul 2025 12:32:48 +0000
ROA not after:            Wed 29 Jul 2026 12:37:48 +0000
asID:                     48112
IP address blocks:        185.173.16.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.crl
                          rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 31 Jul 2025 12:59:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:ca:95:bb:37:78:82:ae:82:2a:96:6c:4b:c0:09:2c:e8:28:b8:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60183287eb08ece0c65fa49a3f45621c612ddbd1
        Validity
            Not Before: Jul 30 12:32:48 2025 GMT
            Not After : Jul 29 12:37:48 2026 GMT
        Subject: CN=06190608046AAB41B9FF76A7AE9E6FA94B4AD5FD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:03:25:b2:23:45:06:79:3f:37:1d:c1:cc:c9:
                    61:34:1c:da:be:c6:18:41:0d:0b:8a:06:e3:90:51:
                    c2:91:94:33:8e:02:24:b9:bd:f8:a7:e9:50:93:a2:
                    c1:c9:b1:f9:73:ec:f4:67:0c:d9:fe:1f:26:a7:de:
                    d1:a4:62:e3:28:3d:10:38:05:26:0d:88:59:27:46:
                    f6:25:b2:91:cf:6a:bc:e7:c6:11:5c:90:96:15:dc:
                    a3:eb:d4:ae:26:e3:c7:dc:74:fd:ac:8f:64:6d:05:
                    f5:e0:d7:79:b6:c5:74:7d:4b:90:cc:88:99:69:df:
                    a4:f6:b8:7b:13:17:a7:a3:a0:12:2e:ad:7a:92:ad:
                    9b:0a:b7:0e:a3:ca:8b:7a:83:5e:b1:bb:27:58:22:
                    5f:a1:66:21:c1:1d:cd:c7:44:7c:b5:86:b8:38:fa:
                    64:ab:99:1e:28:5a:0c:b8:58:af:f8:25:84:62:c6:
                    58:11:5a:fb:4f:51:16:65:8b:97:af:59:15:3a:64:
                    4f:83:5a:e7:34:5d:e3:4f:8e:a1:c6:85:4e:92:6a:
                    be:df:b5:af:b5:87:66:73:ef:94:07:2e:1c:16:ab:
                    6a:06:d0:e4:f4:65:b5:87:cc:b8:e7:09:51:4a:bc:
                    01:12:4a:5d:6d:71:38:76:1c:4c:fe:0d:7d:f7:56:
                    67:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:19:06:08:04:6A:AB:41:B9:FF:76:A7:AE:9E:6F:A9:4B:4A:D5:FD
            X509v3 Authority Key Identifier:
                keyid:60:18:32:87:EB:08:EC:E0:C6:5F:A4:9A:3F:45:62:1C:61:2D:DB:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.xindi.eu/repo/XINDI/0/3138352e3137332e31362e302f32322d3232203d3e203438313132.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.173.16.0/22

    Signature Algorithm: sha256WithRSAEncryption
         43:1a:3b:26:f0:55:cc:27:c6:bb:6a:7d:57:8e:d8:82:3f:3d:
         ce:63:38:05:86:e9:63:ea:23:2c:b5:b4:0c:fd:56:21:b8:7b:
         bb:3a:27:81:80:25:7a:fb:ea:8e:d8:7c:0b:69:81:9c:75:2c:
         d4:a6:41:b8:2d:ff:97:4a:07:97:c5:37:69:ff:35:37:3d:c3:
         5f:6c:f5:aa:7e:1a:65:96:e7:86:4b:52:e5:2a:82:5d:ac:e7:
         bc:1c:6b:80:fa:f3:3d:d9:7d:46:b6:01:8b:12:7a:de:19:36:
         0e:33:22:ef:ad:f6:02:66:28:6a:26:f2:3b:30:42:5a:0f:76:
         fc:37:98:8b:69:12:ed:3d:e8:60:d7:a9:0c:54:b3:2a:e4:6b:
         a7:f2:f1:6e:b6:52:99:60:6e:ef:f9:b3:75:64:8a:89:5c:de:
         10:76:f8:9c:f0:28:ea:18:a9:39:39:53:74:e5:65:2c:e4:cb:
         c8:5b:4e:9b:fb:47:1b:48:51:01:22:fb:16:af:cd:7b:f2:8a:
         fc:4a:28:54:6e:63:7c:33:38:81:94:ac:af:df:9e:b9:87:39:
         76:a9:8b:9a:bb:e4:6c:ea:73:a6:88:ea:6c:6c:c2:cf:fd:ef:
         36:b3:af:08:24:1b:25:d0:dc:2a:98:00:6e:76:fa:90:cf:cd:
         40:ee:5d:f8
-----BEGIN CERTIFICATE-----
MIIEyDCCA7CgAwIBAgIUAcqVuzd4gq6CKpZsS8AJLOgouKwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjAxODMyODdlYjA4ZWNlMGM2NWZhNDlhM2Y0NTYyMWM2
MTJkZGJkMTAeFw0yNTA3MzAxMjMyNDhaFw0yNjA3MjkxMjM3NDhaMDMxMTAvBgNV
BAMTKDA2MTkwNjA4MDQ2QUFCNDFCOUZGNzZBN0FFOUU2RkE5NEI0QUQ1RkQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDYAyWyI0UGeT83HcHMyWE0HNq+
xhhBDQuKBuOQUcKRlDOOAiS5vfin6VCTosHJsflz7PRnDNn+Hyan3tGkYuMoPRA4
BSYNiFknRvYlspHParznxhFckJYV3KPr1K4m48fcdP2sj2RtBfXg13m2xXR9S5DM
iJlp36T2uHsTF6ejoBIurXqSrZsKtw6jyot6g16xuydYIl+hZiHBHc3HRHy1hrg4
+mSrmR4oWgy4WK/4JYRixlgRWvtPURZli5evWRU6ZE+DWuc0XeNPjqHGhU6Sar7f
ta+1h2Zz75QHLhwWq2oG0OT0ZbWHzLjnCVFKvAESSl1tcTh2HEz+DX33VmdrAgMB
AAGjggHSMIIBzjAdBgNVHQ4EFgQUBhkGCARqq0G5/3anrp5vqUtK1f0wHwYDVR0j
BBgwFoAUYBgyh+sI7ODGX6SaP0ViHGEt29EwDgYDVR0PAQH/BAQDAgeAMGAGA1Ud
HwRZMFcwVaBToFGGT3JzeW5jOi8vcnBraS54aW5kaS5ldS9yZXBvL1hJTkRJLzAv
NjAxODMyODdFQjA4RUNFMEM2NUZBNDlBM0Y0NTYyMUM2MTJEREJEMS5jcmwwZAYI
KwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQv
cmVwb3NpdG9yeS9ERUZBVUxUL1lCZ3loLXNJN09ER1g2U2FQMFZpSEdFdDI5RS5j
ZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jwa2kueGlu
ZGkuZXUvcmVwby9YSU5ESS8wLzMxMzgzNTJlMzEzNzMzMmUzMTM2MmUzMDJmMzIz
MjJkMzIzMjIwM2QzZTIwMzQzODMxMzEzMi5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEArmtEDANBgkqhkiG
9w0BAQsFAAOCAQEAQxo7JvBVzCfGu2p9V47Ygj89zmM4BYbpY+ojLLW0DP1WIbh7
uzongYAlevvqjth8C2mBnHUs1KZBuC3/l0oHl8U3af81Nz3DX2z1qn4aZZbnhktS
5SqCXaznvBxrgPrzPdl9RrYBixJ63hk2DjMi7632AmYoaibyOzBCWg92/DeYi2kS
7T3oYNepDFSzKuRrp/LxbrZSmWBu7/mzdWSKiVzeEHb4nPAo6hipOTlTdOVlLOTL
yFtOm/tHG0hRASL7Fq/Ne/KK/EooVG5jfDM4gZSsr9+euYc5dqmLmrvkbOpzpojq
bGzCz/3vNrOvCCQbJdDcKpgAbnb6kM/NQO5d+A==
-----END CERTIFICATE-----