Route Origin Authorization

$ rpki-client -vvf rpki.xindi.eu/repo/XINDI/0/3138352e3137332e31372e302f32342d3234203d3e203438313132.roa
File:                     3138352e3137332e31372e302f32342d3234203d3e203438313132.roa (raw, json)
Hash identifier:          CtiPz6CUCXKWfbEzkiYi71s06kNUXkv0DRRMPScVg8s=
Subject key identifier:   ED:6A:3D:CE:0D:C1:80:50:C6:79:55:16:76:65:23:0B:8E:46:83:B8
Certificate issuer:       /CN=60183287eb08ece0c65fa49a3f45621c612ddbd1
Certificate serial:       1D4F82160D90779C4ABCE3AAEFA5598F05A7DE17
Authority key identifier: 60:18:32:87:EB:08:EC:E0:C6:5F:A4:9A:3F:45:62:1C:61:2D:DB:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer
Subject info access:      rsync://rpki.xindi.eu/repo/XINDI/0/3138352e3137332e31372e302f32342d3234203d3e203438313132.roa
Signing time:             Wed 30 Jul 2025 12:37:49 +0000
ROA not before:           Wed 30 Jul 2025 12:32:49 +0000
ROA not after:            Wed 29 Jul 2026 12:37:49 +0000
asID:                     48112
IP address blocks:        185.173.17.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.crl
                          rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 31 Jul 2025 12:59:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:4f:82:16:0d:90:77:9c:4a:bc:e3:aa:ef:a5:59:8f:05:a7:de:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60183287eb08ece0c65fa49a3f45621c612ddbd1
        Validity
            Not Before: Jul 30 12:32:49 2025 GMT
            Not After : Jul 29 12:37:49 2026 GMT
        Subject: CN=ED6A3DCE0DC18050C67955167665230B8E4683B8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:19:9e:f6:8f:64:2e:3f:65:d6:54:6f:fa:8a:
                    4c:8b:15:1b:f6:cc:0f:24:03:fa:1b:b2:db:e6:03:
                    a5:2d:8c:7c:3c:f8:2a:5b:56:f1:2a:ce:45:e4:6d:
                    15:3f:07:4e:89:ce:6c:59:57:e4:99:1f:18:16:0d:
                    8d:86:76:ca:3e:e9:fa:27:11:28:e4:65:0b:84:27:
                    b2:3c:f0:48:0f:70:6d:11:aa:ad:a9:21:36:e3:67:
                    2a:8b:ce:dc:0b:21:39:42:26:3a:d4:90:ab:66:e1:
                    73:f7:8a:12:5e:92:fa:19:d7:ca:7b:77:d6:f1:72:
                    78:86:7a:6b:81:72:18:a5:f6:a8:d9:ac:cb:53:d8:
                    80:10:c9:7b:00:8b:0b:42:36:a4:84:7a:16:19:35:
                    e3:31:3b:19:ce:5f:54:08:30:95:be:73:f9:74:6e:
                    34:48:da:14:3e:f1:97:20:03:25:f7:ce:2a:00:60:
                    1e:f2:ec:05:0d:be:fb:83:59:29:81:34:43:8b:7c:
                    4b:04:d3:bb:8e:c4:c0:d0:b4:c2:3f:44:e6:11:5c:
                    90:4d:a6:83:27:98:d4:db:e2:54:5f:b2:88:6c:2b:
                    66:5e:dd:9d:95:41:1d:46:7a:8a:cb:03:12:0a:98:
                    ef:76:c4:41:aa:0b:d8:70:50:45:e6:e4:23:6d:9c:
                    31:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:6A:3D:CE:0D:C1:80:50:C6:79:55:16:76:65:23:0B:8E:46:83:B8
            X509v3 Authority Key Identifier:
                keyid:60:18:32:87:EB:08:EC:E0:C6:5F:A4:9A:3F:45:62:1C:61:2D:DB:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.xindi.eu/repo/XINDI/0/3138352e3137332e31372e302f32342d3234203d3e203438313132.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.173.17.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:23:11:88:12:89:32:ec:d0:eb:53:46:77:e9:dc:97:70:78:
         35:ea:3a:00:ca:c0:b2:e7:23:ed:6d:62:03:ad:79:5f:16:7a:
         d9:2f:7c:9d:88:ec:af:05:50:c2:16:a7:e5:bb:cb:a8:94:a5:
         61:61:ec:5b:95:54:5e:0c:e5:46:f2:21:00:3a:51:0e:98:34:
         56:da:2e:44:08:49:48:7f:26:89:c6:de:14:1d:08:d0:01:db:
         14:ed:f6:dc:59:43:03:cd:ce:db:d0:cc:41:4f:34:79:38:4c:
         ad:10:8a:d1:d6:b0:3c:c0:0b:b2:e7:3f:e4:48:93:cb:69:e4:
         de:95:3e:ac:e1:2d:86:09:be:15:5f:1f:de:96:09:eb:01:83:
         73:fa:27:de:97:e2:01:db:b8:24:f6:cb:a8:5e:d4:9d:2c:a4:
         34:e5:50:b9:92:45:16:08:fc:2f:e1:32:ed:48:85:cd:94:f0:
         11:ff:9a:42:73:25:53:e6:56:53:0b:57:73:2d:4e:46:80:4f:
         d5:63:e5:55:6d:f4:0d:31:68:f7:c5:b0:50:90:cb:35:9b:98:
         0e:a3:3e:0f:84:03:62:a6:43:19:fd:24:6b:87:46:07:17:73:
         67:9b:16:75:9f:84:fb:62:d2:6c:68:6b:dd:48:ab:e0:9c:70:
         31:ff:28:93
-----BEGIN CERTIFICATE-----
MIIEyDCCA7CgAwIBAgIUHU+CFg2Qd5xKvOOq76VZjwWn3hcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjAxODMyODdlYjA4ZWNlMGM2NWZhNDlhM2Y0NTYyMWM2
MTJkZGJkMTAeFw0yNTA3MzAxMjMyNDlaFw0yNjA3MjkxMjM3NDlaMDMxMTAvBgNV
BAMTKEVENkEzRENFMERDMTgwNTBDNjc5NTUxNjc2NjUyMzBCOEU0NjgzQjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtGZ72j2QuP2XWVG/6ikyLFRv2
zA8kA/obstvmA6UtjHw8+CpbVvEqzkXkbRU/B06JzmxZV+SZHxgWDY2Gdso+6fon
ESjkZQuEJ7I88EgPcG0Rqq2pITbjZyqLztwLITlCJjrUkKtm4XP3ihJekvoZ18p7
d9bxcniGemuBchil9qjZrMtT2IAQyXsAiwtCNqSEehYZNeMxOxnOX1QIMJW+c/l0
bjRI2hQ+8ZcgAyX3zioAYB7y7AUNvvuDWSmBNEOLfEsE07uOxMDQtMI/ROYRXJBN
poMnmNTb4lRfsohsK2Ze3Z2VQR1GeorLAxIKmO92xEGqC9hwUEXm5CNtnDE5AgMB
AAGjggHSMIIBzjAdBgNVHQ4EFgQU7Wo9zg3BgFDGeVUWdmUjC45Gg7gwHwYDVR0j
BBgwFoAUYBgyh+sI7ODGX6SaP0ViHGEt29EwDgYDVR0PAQH/BAQDAgeAMGAGA1Ud
HwRZMFcwVaBToFGGT3JzeW5jOi8vcnBraS54aW5kaS5ldS9yZXBvL1hJTkRJLzAv
NjAxODMyODdFQjA4RUNFMEM2NUZBNDlBM0Y0NTYyMUM2MTJEREJEMS5jcmwwZAYI
KwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQv
cmVwb3NpdG9yeS9ERUZBVUxUL1lCZ3loLXNJN09ER1g2U2FQMFZpSEdFdDI5RS5j
ZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jwa2kueGlu
ZGkuZXUvcmVwby9YSU5ESS8wLzMxMzgzNTJlMzEzNzMzMmUzMTM3MmUzMDJmMzIz
NDJkMzIzNDIwM2QzZTIwMzQzODMxMzEzMi5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALmtETANBgkqhkiG
9w0BAQsFAAOCAQEAdiMRiBKJMuzQ61NGd+ncl3B4Neo6AMrAsucj7W1iA615XxZ6
2S98nYjsrwVQwhan5bvLqJSlYWHsW5VUXgzlRvIhADpRDpg0VtouRAhJSH8micbe
FB0I0AHbFO323FlDA83O29DMQU80eThMrRCK0dawPMALsuc/5EiTy2nk3pU+rOEt
hgm+FV8f3pYJ6wGDc/on3pfiAdu4JPbLqF7UnSykNOVQuZJFFgj8L+Ey7UiFzZTw
Ef+aQnMlU+ZWUwtXcy1ORoBP1WPlVW30DTFo98WwUJDLNZuYDqM+D4QDYqZDGf0k
a4dGBxdzZ5sWdZ+E+2LSbGhr3Uir4JxwMf8okw==
-----END CERTIFICATE-----