Route Origin Authorization

$ rpki-client -vvf rpki.xindi.eu/repo/XINDI/0/3138352e3137332e31362e302f32342d3234203d3e203438313132.roa
File:                     3138352e3137332e31362e302f32342d3234203d3e203438313132.roa (raw, json)
Hash identifier:          TnP6eE1t/zMtuUMEl9bQLKU4fgP5RunUklgeQzdLufg=
Subject key identifier:   8A:80:C8:13:19:42:7D:2E:06:84:49:8B:8E:ED:CD:19:FF:65:52:57
Certificate issuer:       /CN=60183287eb08ece0c65fa49a3f45621c612ddbd1
Certificate serial:       02A0A6455F6EE148B0D9A14174CD0629BF046C87
Authority key identifier: 60:18:32:87:EB:08:EC:E0:C6:5F:A4:9A:3F:45:62:1C:61:2D:DB:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer
Subject info access:      rsync://rpki.xindi.eu/repo/XINDI/0/3138352e3137332e31362e302f32342d3234203d3e203438313132.roa
Signing time:             Wed 28 Aug 2024 12:01:14 +0000
ROA not before:           Wed 28 Aug 2024 11:56:14 +0000
ROA not after:            Wed 27 Aug 2025 12:01:14 +0000
asID:                     48112
IP address blocks:        185.173.16.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.crl
                          rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 04 Dec 2024 21:56:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:a0:a6:45:5f:6e:e1:48:b0:d9:a1:41:74:cd:06:29:bf:04:6c:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60183287eb08ece0c65fa49a3f45621c612ddbd1
        Validity
            Not Before: Aug 28 11:56:14 2024 GMT
            Not After : Aug 27 12:01:14 2025 GMT
        Subject: CN=8A80C81319427D2E0684498B8EEDCD19FF655257
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:d6:b4:de:b2:69:1f:da:92:83:a5:05:f8:c5:
                    f4:c4:73:01:11:1d:b0:c4:c5:92:4c:41:d5:98:54:
                    f5:d1:7b:dc:7f:e0:04:96:6e:63:90:56:63:30:2e:
                    58:2b:24:dd:ca:7f:72:71:3f:8c:03:4d:d4:88:d6:
                    82:2e:d6:ae:68:ad:82:4a:db:5a:73:de:ea:6f:f8:
                    86:1a:32:93:c1:13:4f:48:15:de:4e:1e:bb:db:51:
                    eb:89:14:3b:d2:bf:6b:91:e0:a2:0d:11:71:e2:cd:
                    8f:4c:b0:5a:84:69:09:06:ba:3d:10:9e:69:6c:4c:
                    da:d7:20:28:cc:38:17:b5:14:4e:4e:18:49:e9:34:
                    98:a8:1d:5f:15:62:bc:9d:6a:d0:6d:97:f5:39:b5:
                    9f:83:5a:18:ca:e2:22:7c:bf:09:70:3b:86:f0:f5:
                    9b:c9:a0:f4:4c:4c:8e:e4:88:18:1f:05:6e:4a:fd:
                    18:6d:22:0a:39:56:2d:99:52:61:22:38:9c:0e:1d:
                    f2:d3:c3:a8:75:31:88:38:8d:6f:8e:da:4a:2d:8b:
                    9d:a1:ca:b2:3e:55:80:6e:59:26:58:7f:a3:c4:c5:
                    c8:aa:60:6e:32:51:92:17:2b:11:81:f6:c5:6c:98:
                    1d:86:66:e4:99:0a:2e:74:3d:5b:1b:07:ba:16:c3:
                    f7:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:80:C8:13:19:42:7D:2E:06:84:49:8B:8E:ED:CD:19:FF:65:52:57
            X509v3 Authority Key Identifier:
                keyid:60:18:32:87:EB:08:EC:E0:C6:5F:A4:9A:3F:45:62:1C:61:2D:DB:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.xindi.eu/repo/XINDI/0/3138352e3137332e31362e302f32342d3234203d3e203438313132.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.173.16.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:4d:f7:12:37:7e:56:ca:a2:f1:ff:ce:af:7e:1a:4c:ff:a8:
         62:0e:c3:8d:13:2e:8f:9d:2a:da:19:7c:8f:11:3c:a7:e2:0d:
         4e:f1:40:c1:f0:86:6c:91:bf:62:fd:e7:de:10:c5:6c:1a:b2:
         f4:78:2f:af:de:04:e9:ed:21:c6:47:2f:da:cf:17:16:d8:97:
         62:9c:04:57:2a:5d:5b:65:df:cc:28:fe:71:7a:b5:3f:ec:9d:
         a0:c5:cf:e2:ed:a0:78:65:3b:7e:55:8e:71:b1:15:3c:74:22:
         c6:03:7b:de:a4:b1:c4:3f:e0:51:f0:eb:0d:87:85:5a:33:b1:
         15:4d:94:dd:dd:66:9e:0f:8c:64:e1:f6:9a:2c:44:ec:cb:77:
         29:8d:80:11:95:6d:81:47:b7:0d:e4:41:6c:53:a1:e1:31:5b:
         dc:24:10:19:50:67:e5:53:ed:e5:12:1c:92:b0:a0:bc:3d:81:
         19:20:70:85:f6:2a:c6:e3:5e:90:02:21:1d:8a:7f:71:cd:00:
         0a:71:41:c6:75:83:fd:77:be:ed:f0:9d:12:39:05:36:bb:43:
         36:0e:f0:c3:ae:5a:2e:57:d5:fd:dd:6a:a8:c6:f3:57:2f:ff:
         ab:ed:ce:c1:c0:3f:75:ae:28:69:9f:1f:26:74:f0:93:2c:ed:
         33:03:a2:ac
-----BEGIN CERTIFICATE-----
MIIEyDCCA7CgAwIBAgIUAqCmRV9u4Uiw2aFBdM0GKb8EbIcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjAxODMyODdlYjA4ZWNlMGM2NWZhNDlhM2Y0NTYyMWM2
MTJkZGJkMTAeFw0yNDA4MjgxMTU2MTRaFw0yNTA4MjcxMjAxMTRaMDMxMTAvBgNV
BAMTKDhBODBDODEzMTk0MjdEMkUwNjg0NDk4QjhFRURDRDE5RkY2NTUyNTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCe1rTesmkf2pKDpQX4xfTEcwER
HbDExZJMQdWYVPXRe9x/4ASWbmOQVmMwLlgrJN3Kf3JxP4wDTdSI1oIu1q5orYJK
21pz3upv+IYaMpPBE09IFd5OHrvbUeuJFDvSv2uR4KINEXHizY9MsFqEaQkGuj0Q
nmlsTNrXICjMOBe1FE5OGEnpNJioHV8VYrydatBtl/U5tZ+DWhjK4iJ8vwlwO4bw
9ZvJoPRMTI7kiBgfBW5K/RhtIgo5Vi2ZUmEiOJwOHfLTw6h1MYg4jW+O2koti52h
yrI+VYBuWSZYf6PExciqYG4yUZIXKxGB9sVsmB2GZuSZCi50PVsbB7oWw/ftAgMB
AAGjggHSMIIBzjAdBgNVHQ4EFgQUioDIExlCfS4GhEmLju3NGf9lUlcwHwYDVR0j
BBgwFoAUYBgyh+sI7ODGX6SaP0ViHGEt29EwDgYDVR0PAQH/BAQDAgeAMGAGA1Ud
HwRZMFcwVaBToFGGT3JzeW5jOi8vcnBraS54aW5kaS5ldS9yZXBvL1hJTkRJLzAv
NjAxODMyODdFQjA4RUNFMEM2NUZBNDlBM0Y0NTYyMUM2MTJEREJEMS5jcmwwZAYI
KwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQv
cmVwb3NpdG9yeS9ERUZBVUxUL1lCZ3loLXNJN09ER1g2U2FQMFZpSEdFdDI5RS5j
ZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jwa2kueGlu
ZGkuZXUvcmVwby9YSU5ESS8wLzMxMzgzNTJlMzEzNzMzMmUzMTM2MmUzMDJmMzIz
NDJkMzIzNDIwM2QzZTIwMzQzODMxMzEzMi5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALmtEDANBgkqhkiG
9w0BAQsFAAOCAQEAqE33Ejd+Vsqi8f/Or34aTP+oYg7DjRMuj50q2hl8jxE8p+IN
TvFAwfCGbJG/Yv3n3hDFbBqy9Hgvr94E6e0hxkcv2s8XFtiXYpwEVypdW2XfzCj+
cXq1P+ydoMXP4u2geGU7flWOcbEVPHQixgN73qSxxD/gUfDrDYeFWjOxFU2U3d1m
ng+MZOH2mixE7Mt3KY2AEZVtgUe3DeRBbFOh4TFb3CQQGVBn5VPt5RIckrCgvD2B
GSBwhfYqxuNekAIhHYp/cc0ACnFBxnWD/Xe+7fCdEjkFNrtDNg7ww65aLlfV/d1q
qMbzVy//q+3OwcA/da4oaZ8fJnTwkyztMwOirA==
-----END CERTIFICATE-----