Route Origin Authorization

$ rpki-client -vvf rpki.xindi.eu/repo/XINDI/0/3138352e3137332e31362e302f32342d3234203d3e203438313132.roa
File:                     3138352e3137332e31362e302f32342d3234203d3e203438313132.roa (raw, json)
Hash identifier:          ia3vjM4b5cys9EVCLKguhpIzXlPcQ7UtGYgOx/b1EZg=
Subject key identifier:   65:F0:9C:D6:06:45:A6:C8:B7:C4:CA:09:1D:AC:E4:29:95:84:94:AE
Certificate issuer:       /CN=60183287eb08ece0c65fa49a3f45621c612ddbd1
Certificate serial:       4B2DBE8D52E8E298C2B6140E359F493C0D7AAFD8
Authority key identifier: 60:18:32:87:EB:08:EC:E0:C6:5F:A4:9A:3F:45:62:1C:61:2D:DB:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer
Subject info access:      rsync://rpki.xindi.eu/repo/XINDI/0/3138352e3137332e31362e302f32342d3234203d3e203438313132.roa
Signing time:             Wed 30 Jul 2025 12:37:47 +0000
ROA not before:           Wed 30 Jul 2025 12:32:47 +0000
ROA not after:            Wed 29 Jul 2026 12:37:47 +0000
asID:                     48112
IP address blocks:        185.173.16.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.crl
                          rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 31 Jul 2025 12:59:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4b:2d:be:8d:52:e8:e2:98:c2:b6:14:0e:35:9f:49:3c:0d:7a:af:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60183287eb08ece0c65fa49a3f45621c612ddbd1
        Validity
            Not Before: Jul 30 12:32:47 2025 GMT
            Not After : Jul 29 12:37:47 2026 GMT
        Subject: CN=65F09CD60645A6C8B7C4CA091DACE429958494AE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:6d:63:f7:30:df:95:9a:2c:40:76:f9:b7:df:
                    0b:3d:65:95:8c:87:ac:a3:a5:a3:b5:ee:06:ce:ac:
                    6d:b9:b8:a2:0b:d9:e6:dd:af:f7:27:64:d7:9f:df:
                    6b:ae:4c:13:fa:af:c9:f6:ad:8f:34:54:3c:a0:77:
                    f5:33:9c:8b:35:b4:06:8c:6a:84:28:f7:e2:76:a6:
                    5e:ca:f9:53:a7:90:44:14:ea:7d:11:0b:f1:dd:cd:
                    38:2b:d1:70:e0:18:8c:26:b9:3e:fd:58:2a:44:16:
                    39:86:a4:96:ee:27:7d:73:54:7d:89:bb:a8:7b:a6:
                    c8:3f:85:b0:0a:9c:d7:20:19:92:1a:e5:51:f0:35:
                    17:c7:cd:37:ae:73:49:74:62:d5:e3:c1:4e:cb:e0:
                    a4:a2:84:ac:82:0b:c1:81:b0:c9:d2:6a:25:bd:88:
                    12:9b:7d:60:80:2d:69:c8:21:75:b1:4d:4e:de:4e:
                    1d:4f:04:4d:5a:67:56:62:3c:fc:7b:84:d5:5f:44:
                    51:e0:69:01:3a:75:d6:30:1f:a0:f7:a8:11:d7:58:
                    bf:af:eb:d6:76:9c:b1:dd:51:9b:ae:bc:fd:62:48:
                    e0:32:37:1a:0c:d0:bf:e3:85:fc:b7:83:7e:c5:cd:
                    c9:e6:ad:4c:b5:30:f1:01:07:40:94:11:b2:47:2c:
                    7e:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:F0:9C:D6:06:45:A6:C8:B7:C4:CA:09:1D:AC:E4:29:95:84:94:AE
            X509v3 Authority Key Identifier:
                keyid:60:18:32:87:EB:08:EC:E0:C6:5F:A4:9A:3F:45:62:1C:61:2D:DB:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.xindi.eu/repo/XINDI/0/3138352e3137332e31362e302f32342d3234203d3e203438313132.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.173.16.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:ad:46:93:6f:15:31:d7:ed:d5:6e:a5:2a:9c:38:e6:6e:0e:
         68:5a:bc:f1:85:58:87:5d:7b:8d:cc:8a:27:12:e3:57:3c:98:
         11:ad:f0:42:56:1d:e0:ed:77:9d:be:91:f8:43:4f:c6:57:9d:
         23:e2:a6:b9:a5:ba:3e:0a:74:80:85:03:db:c6:58:eb:76:f7:
         b5:40:0d:4d:02:0b:02:cb:80:f7:ee:6b:bd:7c:8a:41:39:6b:
         cc:b6:46:ff:ba:f5:e6:c6:62:da:42:36:3c:5e:36:50:ec:cd:
         b3:e9:90:c1:59:9a:18:94:92:ce:be:99:57:04:9b:88:a1:a1:
         a0:1e:8e:19:92:bd:87:d5:a5:08:43:5d:9d:44:24:18:43:0e:
         72:6a:c2:6a:ed:26:e7:0d:93:3c:c4:47:01:95:82:bd:60:9d:
         29:7d:da:d1:fa:65:9f:ec:15:68:a5:a9:c4:c3:5d:1f:0e:a4:
         03:6b:e9:c5:3a:4b:e5:e9:62:c3:fa:3b:40:88:ef:8e:63:ca:
         33:4f:48:dd:8f:85:b7:d5:6e:e3:8b:b0:c5:ba:a1:30:07:f0:
         b3:8c:79:22:01:f7:eb:64:72:08:46:85:f3:ba:e0:10:39:e9:
         7e:08:46:02:36:31:61:d7:6f:cd:6f:b0:57:48:de:ca:fa:16:
         78:bd:f7:9f
-----BEGIN CERTIFICATE-----
MIIEyDCCA7CgAwIBAgIUSy2+jVLo4pjCthQONZ9JPA16r9gwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjAxODMyODdlYjA4ZWNlMGM2NWZhNDlhM2Y0NTYyMWM2
MTJkZGJkMTAeFw0yNTA3MzAxMjMyNDdaFw0yNjA3MjkxMjM3NDdaMDMxMTAvBgNV
BAMTKDY1RjA5Q0Q2MDY0NUE2QzhCN0M0Q0EwOTFEQUNFNDI5OTU4NDk0QUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvbWP3MN+VmixAdvm33ws9ZZWM
h6yjpaO17gbOrG25uKIL2ebdr/cnZNef32uuTBP6r8n2rY80VDygd/UznIs1tAaM
aoQo9+J2pl7K+VOnkEQU6n0RC/HdzTgr0XDgGIwmuT79WCpEFjmGpJbuJ31zVH2J
u6h7psg/hbAKnNcgGZIa5VHwNRfHzTeuc0l0YtXjwU7L4KSihKyCC8GBsMnSaiW9
iBKbfWCALWnIIXWxTU7eTh1PBE1aZ1ZiPPx7hNVfRFHgaQE6ddYwH6D3qBHXWL+v
69Z2nLHdUZuuvP1iSOAyNxoM0L/jhfy3g37FzcnmrUy1MPEBB0CUEbJHLH7DAgMB
AAGjggHSMIIBzjAdBgNVHQ4EFgQUZfCc1gZFpsi3xMoJHazkKZWElK4wHwYDVR0j
BBgwFoAUYBgyh+sI7ODGX6SaP0ViHGEt29EwDgYDVR0PAQH/BAQDAgeAMGAGA1Ud
HwRZMFcwVaBToFGGT3JzeW5jOi8vcnBraS54aW5kaS5ldS9yZXBvL1hJTkRJLzAv
NjAxODMyODdFQjA4RUNFMEM2NUZBNDlBM0Y0NTYyMUM2MTJEREJEMS5jcmwwZAYI
KwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQv
cmVwb3NpdG9yeS9ERUZBVUxUL1lCZ3loLXNJN09ER1g2U2FQMFZpSEdFdDI5RS5j
ZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jwa2kueGlu
ZGkuZXUvcmVwby9YSU5ESS8wLzMxMzgzNTJlMzEzNzMzMmUzMTM2MmUzMDJmMzIz
NDJkMzIzNDIwM2QzZTIwMzQzODMxMzEzMi5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALmtEDANBgkqhkiG
9w0BAQsFAAOCAQEASq1Gk28VMdft1W6lKpw45m4OaFq88YVYh117jcyKJxLjVzyY
Ea3wQlYd4O13nb6R+ENPxledI+KmuaW6Pgp0gIUD28ZY63b3tUANTQILAsuA9+5r
vXyKQTlrzLZG/7r15sZi2kI2PF42UOzNs+mQwVmaGJSSzr6ZVwSbiKGhoB6OGZK9
h9WlCENdnUQkGEMOcmrCau0m5w2TPMRHAZWCvWCdKX3a0fpln+wVaKWpxMNdHw6k
A2vpxTpL5eliw/o7QIjvjmPKM09I3Y+Ft9Vu44uwxbqhMAfws4x5IgH362RyCEaF
87rgEDnpfghGAjYxYddvzW+wV0jeyvoWeL33nw==
-----END CERTIFICATE-----