Route Origin Authorization

$ rpki-client -vvf rpki.xindi.eu/repo/XINDI/0/3138352e3137332e31362e302f32342d3234203d3e203438313132.roa
File:                     3138352e3137332e31362e302f32342d3234203d3e203438313132.roa (raw, json)
Hash identifier:          DQneeMPd5oFhChh8uQbR61jkBU9sRRyT6wxOs9FDi1s=
Subject key identifier:   67:AB:3B:8F:B1:FD:9E:7F:5B:CB:92:20:46:12:1D:8C:51:3D:12:A6
Certificate issuer:       /CN=60183287eb08ece0c65fa49a3f45621c612ddbd1
Certificate serial:       5840C808290047239D00863040721A43B2E6BC30
Authority key identifier: 60:18:32:87:EB:08:EC:E0:C6:5F:A4:9A:3F:45:62:1C:61:2D:DB:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer
Subject info access:      rsync://rpki.xindi.eu/repo/XINDI/0/3138352e3137332e31362e302f32342d3234203d3e203438313132.roa
Signing time:             Wed 27 Sep 2023 11:50:57 +0000
ROA not before:           Wed 27 Sep 2023 11:45:57 +0000
ROA not after:            Wed 25 Sep 2024 11:50:57 +0000
asID:                     48112
IP address blocks:        185.173.16.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.crl
                          rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:40:c8:08:29:00:47:23:9d:00:86:30:40:72:1a:43:b2:e6:bc:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60183287eb08ece0c65fa49a3f45621c612ddbd1
        Validity
            Not Before: Sep 27 11:45:57 2023 GMT
            Not After : Sep 25 11:50:57 2024 GMT
        Subject: CN=67AB3B8FB1FD9E7F5BCB922046121D8C513D12A6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:3c:1f:64:d3:e5:bc:23:ef:76:eb:7b:93:9c:
                    04:86:44:5c:6b:47:a7:a5:b5:98:27:b1:5f:fa:42:
                    f6:31:6b:a0:68:47:8b:eb:51:5c:66:e2:92:56:d1:
                    c3:a6:1d:21:ee:87:52:5f:5b:63:6d:43:df:ab:7f:
                    83:67:d8:ce:7b:de:0f:08:bc:5e:f7:92:ca:7c:96:
                    93:c6:ed:b4:98:7e:22:a2:8b:49:32:8a:12:39:40:
                    f0:0c:11:48:74:4f:f0:75:e1:64:da:33:61:0e:64:
                    06:cd:82:16:bd:10:00:ba:f8:03:e4:b8:f9:bf:42:
                    a4:dc:ec:41:f4:ba:8f:ba:dc:33:16:fa:14:c7:70:
                    34:52:e3:42:56:bc:7c:e9:51:4e:6c:19:b3:45:0d:
                    2c:27:8d:65:15:36:92:63:e3:ff:12:38:76:98:91:
                    22:df:e6:50:48:4b:60:4d:a4:30:63:db:f1:4d:d7:
                    3e:5a:a2:d0:d9:22:06:ea:bd:36:b3:8c:68:34:29:
                    9a:49:07:32:aa:0c:de:8d:e3:fd:c9:d3:b3:c2:15:
                    a1:de:c3:2c:4d:78:8f:ee:f6:e6:1d:c2:34:69:e6:
                    cd:c3:36:bb:46:d1:3a:89:d1:8d:ec:8e:4a:41:23:
                    47:81:2a:92:c9:af:ba:4b:b7:4b:f6:4a:bd:66:b9:
                    2f:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:AB:3B:8F:B1:FD:9E:7F:5B:CB:92:20:46:12:1D:8C:51:3D:12:A6
            X509v3 Authority Key Identifier:
                keyid:60:18:32:87:EB:08:EC:E0:C6:5F:A4:9A:3F:45:62:1C:61:2D:DB:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.xindi.eu/repo/XINDI/0/3138352e3137332e31362e302f32342d3234203d3e203438313132.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.173.16.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:8c:fd:09:a2:af:cb:20:6b:9c:48:7c:8d:94:c3:d3:b8:e6:
         30:46:7c:f0:ca:d7:a4:c9:9f:be:85:8e:68:35:43:ab:09:29:
         97:39:c8:20:da:91:07:a4:1d:a5:d9:d1:0d:ff:0c:ac:39:6c:
         03:46:44:d3:3f:ad:5e:64:71:2f:5b:01:92:4e:12:a8:48:17:
         65:7b:a5:1b:ad:f5:68:82:9b:2b:1d:a6:5a:40:ca:b6:1a:a7:
         5b:36:8e:42:29:d3:3d:0d:ee:5c:8f:ce:44:bd:93:f9:c1:19:
         7e:a2:a1:39:38:24:85:1d:0f:5f:d0:f0:5e:99:19:85:d0:03:
         b4:b7:a6:a8:eb:45:2d:71:13:66:84:e8:db:6f:ef:50:a4:b3:
         5c:f8:b0:6b:76:7d:3f:0b:8d:3c:cf:60:4a:2a:af:c7:7e:d8:
         ea:91:31:29:24:3f:a8:9f:e8:62:30:58:c0:87:8e:c7:05:fd:
         86:e9:cc:7f:1c:98:65:f5:02:95:3b:b1:87:b7:f0:83:67:d0:
         59:b7:68:18:86:3c:aa:14:3d:eb:9d:b0:56:4d:57:c2:bb:7c:
         3f:79:c6:09:c0:87:c4:74:cb:e7:a2:21:ec:a0:c5:78:32:90:
         c3:7f:91:bf:13:03:b2:6b:67:1c:43:cc:ef:1a:72:0c:dd:b3:
         ff:43:0e:8d
-----BEGIN CERTIFICATE-----
MIIEyDCCA7CgAwIBAgIUWEDICCkARyOdAIYwQHIaQ7LmvDAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjAxODMyODdlYjA4ZWNlMGM2NWZhNDlhM2Y0NTYyMWM2
MTJkZGJkMTAeFw0yMzA5MjcxMTQ1NTdaFw0yNDA5MjUxMTUwNTdaMDMxMTAvBgNV
BAMTKDY3QUIzQjhGQjFGRDlFN0Y1QkNCOTIyMDQ2MTIxRDhDNTEzRDEyQTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxPB9k0+W8I+9263uTnASGRFxr
R6eltZgnsV/6QvYxa6BoR4vrUVxm4pJW0cOmHSHuh1JfW2NtQ9+rf4Nn2M573g8I
vF73ksp8lpPG7bSYfiKii0kyihI5QPAMEUh0T/B14WTaM2EOZAbNgha9EAC6+APk
uPm/QqTc7EH0uo+63DMW+hTHcDRS40JWvHzpUU5sGbNFDSwnjWUVNpJj4/8SOHaY
kSLf5lBIS2BNpDBj2/FN1z5aotDZIgbqvTazjGg0KZpJBzKqDN6N4/3J07PCFaHe
wyxNeI/u9uYdwjRp5s3DNrtG0TqJ0Y3sjkpBI0eBKpLJr7pLt0v2Sr1muS8lAgMB
AAGjggHSMIIBzjAdBgNVHQ4EFgQUZ6s7j7H9nn9by5IgRhIdjFE9EqYwHwYDVR0j
BBgwFoAUYBgyh+sI7ODGX6SaP0ViHGEt29EwDgYDVR0PAQH/BAQDAgeAMGAGA1Ud
HwRZMFcwVaBToFGGT3JzeW5jOi8vcnBraS54aW5kaS5ldS9yZXBvL1hJTkRJLzAv
NjAxODMyODdFQjA4RUNFMEM2NUZBNDlBM0Y0NTYyMUM2MTJEREJEMS5jcmwwZAYI
KwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQv
cmVwb3NpdG9yeS9ERUZBVUxUL1lCZ3loLXNJN09ER1g2U2FQMFZpSEdFdDI5RS5j
ZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jwa2kueGlu
ZGkuZXUvcmVwby9YSU5ESS8wLzMxMzgzNTJlMzEzNzMzMmUzMTM2MmUzMDJmMzIz
NDJkMzIzNDIwM2QzZTIwMzQzODMxMzEzMi5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALmtEDANBgkqhkiG
9w0BAQsFAAOCAQEAJ4z9CaKvyyBrnEh8jZTD07jmMEZ88MrXpMmfvoWOaDVDqwkp
lznIINqRB6QdpdnRDf8MrDlsA0ZE0z+tXmRxL1sBkk4SqEgXZXulG631aIKbKx2m
WkDKthqnWzaOQinTPQ3uXI/ORL2T+cEZfqKhOTgkhR0PX9DwXpkZhdADtLemqOtF
LXETZoTo22/vUKSzXPiwa3Z9PwuNPM9gSiqvx37Y6pExKSQ/qJ/oYjBYwIeOxwX9
hunMfxyYZfUClTuxh7fwg2fQWbdoGIY8qhQ9652wVk1Xwrt8P3nGCcCHxHTL56Ih
7KDFeDKQw3+RvxMDsmtnHEPM7xpyDN2z/0MOjQ==
-----END CERTIFICATE-----