Route Origin Authorization

$ rpki-client -vvf rpki.xindi.eu/repo/XINDI/0/3138352e3137332e31372e302f32342d3234203d3e203438313132.roa
File:                     3138352e3137332e31372e302f32342d3234203d3e203438313132.roa (raw, json)
Hash identifier:          vTLdA1RUelryYTN2UgjGCNXATOBrRDvTHGrG2KRmKTs=
Subject key identifier:   75:E8:C3:21:8B:13:EB:96:AF:B2:44:A7:00:0B:E7:07:AE:40:E6:37
Certificate issuer:       /CN=60183287eb08ece0c65fa49a3f45621c612ddbd1
Certificate serial:       41C84A2C46B55644D8882BA37CFFB0DB186D1661
Authority key identifier: 60:18:32:87:EB:08:EC:E0:C6:5F:A4:9A:3F:45:62:1C:61:2D:DB:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer
Subject info access:      rsync://rpki.xindi.eu/repo/XINDI/0/3138352e3137332e31372e302f32342d3234203d3e203438313132.roa
Signing time:             Wed 28 Aug 2024 12:01:17 +0000
ROA not before:           Wed 28 Aug 2024 11:56:17 +0000
ROA not after:            Wed 27 Aug 2025 12:01:17 +0000
asID:                     48112
IP address blocks:        185.173.17.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.crl
                          rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 04 Dec 2024 21:56:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:c8:4a:2c:46:b5:56:44:d8:88:2b:a3:7c:ff:b0:db:18:6d:16:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60183287eb08ece0c65fa49a3f45621c612ddbd1
        Validity
            Not Before: Aug 28 11:56:17 2024 GMT
            Not After : Aug 27 12:01:17 2025 GMT
        Subject: CN=75E8C3218B13EB96AFB244A7000BE707AE40E637
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:71:5c:22:a8:b3:d6:2e:39:1f:52:0d:73:db:
                    be:00:28:d5:9f:1f:72:8f:d4:73:20:66:da:c8:30:
                    27:85:dd:64:7b:17:5f:63:3d:8e:d4:04:df:b7:3a:
                    cf:01:58:27:b4:1d:55:5d:48:8c:86:83:6e:70:d4:
                    a1:b2:8d:39:fc:37:94:7e:ab:2b:a0:93:36:df:d5:
                    3b:75:0e:1a:22:6d:56:c6:43:a6:6f:52:b1:94:f0:
                    ba:30:3a:c4:9a:50:c4:15:1d:36:d2:cb:52:2d:d5:
                    75:44:b7:e6:9e:60:8a:f4:91:2a:f0:b4:66:00:d3:
                    db:f3:ad:97:4e:03:b0:a9:b4:ce:a7:9d:1e:e7:95:
                    3d:5b:01:3f:b4:33:6b:09:7e:d1:5e:84:9b:56:25:
                    40:24:c4:ae:0b:18:4e:d0:44:3b:ee:2e:f0:24:31:
                    b3:64:2a:90:af:25:7d:82:aa:58:7f:e3:82:96:2e:
                    a6:94:6c:81:ba:f8:d9:dc:c1:9b:a4:a9:38:2b:a9:
                    12:31:d9:d7:24:d9:b2:18:02:41:07:af:98:f8:76:
                    6d:cd:d9:b6:5e:f8:de:45:e7:7a:5c:24:a7:19:02:
                    2d:59:59:88:b5:66:36:24:05:0b:c6:f4:0f:1b:1b:
                    70:57:6e:a2:9c:84:72:d7:45:c5:00:74:93:3a:9a:
                    40:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:E8:C3:21:8B:13:EB:96:AF:B2:44:A7:00:0B:E7:07:AE:40:E6:37
            X509v3 Authority Key Identifier:
                keyid:60:18:32:87:EB:08:EC:E0:C6:5F:A4:9A:3F:45:62:1C:61:2D:DB:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.xindi.eu/repo/XINDI/0/3138352e3137332e31372e302f32342d3234203d3e203438313132.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.173.17.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d7:78:f6:db:13:3b:c4:0c:70:a5:03:14:b3:2a:ca:32:bc:63:
         c0:3b:cd:a8:23:1e:78:b4:38:24:35:94:b6:bf:78:cc:3c:e8:
         8f:c3:33:d0:b6:63:c7:07:c7:74:0f:62:5f:92:0a:d2:b3:ab:
         a3:21:50:ff:1b:d1:90:62:51:22:ad:85:6e:49:55:25:48:91:
         d6:9f:69:55:70:05:62:01:43:e8:a3:19:50:3f:38:60:05:31:
         0c:13:f1:a3:1b:c3:3f:f1:27:fe:6e:de:a0:66:99:5b:e6:1d:
         09:70:47:19:4a:02:da:cb:72:ca:89:90:65:f9:69:51:e7:4a:
         83:9e:92:25:e8:8f:99:e2:ae:31:00:eb:d7:af:c1:87:57:86:
         b6:db:8d:24:5d:de:21:a6:b0:e7:bd:22:d9:aa:47:c1:a9:58:
         9d:fc:8e:63:5e:8b:7d:f2:7d:e8:5d:9e:cf:c8:db:8c:81:b5:
         95:a2:5b:3c:da:28:0d:e9:bb:2e:bc:da:9a:01:cc:f3:98:13:
         f0:83:bb:52:25:c9:28:f6:ff:31:72:d9:ad:e0:c3:88:5b:7a:
         4b:16:48:9b:fe:f0:fc:f3:4c:5d:7a:81:b2:64:bd:38:a0:38:
         4f:dd:9a:4a:37:ca:50:b8:a2:0b:19:2d:3a:2b:75:92:7f:8e:
         d0:aa:eb:21
-----BEGIN CERTIFICATE-----
MIIEyDCCA7CgAwIBAgIUQchKLEa1VkTYiCujfP+w2xhtFmEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjAxODMyODdlYjA4ZWNlMGM2NWZhNDlhM2Y0NTYyMWM2
MTJkZGJkMTAeFw0yNDA4MjgxMTU2MTdaFw0yNTA4MjcxMjAxMTdaMDMxMTAvBgNV
BAMTKDc1RThDMzIxOEIxM0VCOTZBRkIyNDRBNzAwMEJFNzA3QUU0MEU2MzcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5cVwiqLPWLjkfUg1z274AKNWf
H3KP1HMgZtrIMCeF3WR7F19jPY7UBN+3Os8BWCe0HVVdSIyGg25w1KGyjTn8N5R+
qyugkzbf1Tt1DhoibVbGQ6ZvUrGU8LowOsSaUMQVHTbSy1It1XVEt+aeYIr0kSrw
tGYA09vzrZdOA7CptM6nnR7nlT1bAT+0M2sJftFehJtWJUAkxK4LGE7QRDvuLvAk
MbNkKpCvJX2Cqlh/44KWLqaUbIG6+NncwZukqTgrqRIx2dck2bIYAkEHr5j4dm3N
2bZe+N5F53pcJKcZAi1ZWYi1ZjYkBQvG9A8bG3BXbqKchHLXRcUAdJM6mkCNAgMB
AAGjggHSMIIBzjAdBgNVHQ4EFgQUdejDIYsT65avskSnAAvnB65A5jcwHwYDVR0j
BBgwFoAUYBgyh+sI7ODGX6SaP0ViHGEt29EwDgYDVR0PAQH/BAQDAgeAMGAGA1Ud
HwRZMFcwVaBToFGGT3JzeW5jOi8vcnBraS54aW5kaS5ldS9yZXBvL1hJTkRJLzAv
NjAxODMyODdFQjA4RUNFMEM2NUZBNDlBM0Y0NTYyMUM2MTJEREJEMS5jcmwwZAYI
KwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQv
cmVwb3NpdG9yeS9ERUZBVUxUL1lCZ3loLXNJN09ER1g2U2FQMFZpSEdFdDI5RS5j
ZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jwa2kueGlu
ZGkuZXUvcmVwby9YSU5ESS8wLzMxMzgzNTJlMzEzNzMzMmUzMTM3MmUzMDJmMzIz
NDJkMzIzNDIwM2QzZTIwMzQzODMxMzEzMi5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALmtETANBgkqhkiG
9w0BAQsFAAOCAQEA13j22xM7xAxwpQMUsyrKMrxjwDvNqCMeeLQ4JDWUtr94zDzo
j8Mz0LZjxwfHdA9iX5IK0rOroyFQ/xvRkGJRIq2FbklVJUiR1p9pVXAFYgFD6KMZ
UD84YAUxDBPxoxvDP/En/m7eoGaZW+YdCXBHGUoC2styyomQZflpUedKg56SJeiP
meKuMQDr16/Bh1eGttuNJF3eIaaw570i2apHwalYnfyOY16LffJ96F2ez8jbjIG1
laJbPNooDem7LrzamgHM85gT8IO7UiXJKPb/MXLZreDDiFt6SxZIm/7w/PNMXXqB
smS9OKA4T92aSjfKULiiCxktOit1kn+O0KrrIQ==
-----END CERTIFICATE-----