Route Origin Authorization

$ rpki-client -vvf rpki.xindi.eu/repo/XINDI/0/3138352e3137332e31382e302f32342d3234203d3e20323036373633.roa
File:                     3138352e3137332e31382e302f32342d3234203d3e20323036373633.roa (raw, json)
Hash identifier:          mJK/QqdXISPbzdErxzz1xNK4WgEo28hgvb5Tl8psM4k=
Subject key identifier:   62:A3:10:B5:11:01:E5:76:1A:8D:50:5E:4B:68:9E:40:9A:A3:1D:FF
Certificate issuer:       /CN=60183287eb08ece0c65fa49a3f45621c612ddbd1
Certificate serial:       17461F38D5D0B7BF3CDC00CE2A3DB26BBD7F09AC
Authority key identifier: 60:18:32:87:EB:08:EC:E0:C6:5F:A4:9A:3F:45:62:1C:61:2D:DB:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer
Subject info access:      rsync://rpki.xindi.eu/repo/XINDI/0/3138352e3137332e31382e302f32342d3234203d3e20323036373633.roa
Signing time:             Wed 27 Sep 2023 11:50:59 +0000
ROA not before:           Wed 27 Sep 2023 11:45:59 +0000
ROA not after:            Wed 25 Sep 2024 11:50:59 +0000
asID:                     206763
IP address blocks:        185.173.18.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.crl
                          rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 01 Jun 2024 16:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:46:1f:38:d5:d0:b7:bf:3c:dc:00:ce:2a:3d:b2:6b:bd:7f:09:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60183287eb08ece0c65fa49a3f45621c612ddbd1
        Validity
            Not Before: Sep 27 11:45:59 2023 GMT
            Not After : Sep 25 11:50:59 2024 GMT
        Subject: CN=62A310B51101E5761A8D505E4B689E409AA31DFF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fc:58:7c:7d:07:89:48:82:c4:1c:22:b6:dd:df:
                    22:a0:2e:14:ec:54:72:cf:42:b9:26:4e:0a:f5:17:
                    cb:74:ca:26:7a:ee:13:f5:7b:08:b8:d5:c8:97:da:
                    2f:f5:8f:dd:35:91:fd:4f:e9:01:2c:cd:3e:ca:26:
                    88:7e:62:e4:f9:ae:f1:1e:2d:c2:5b:49:e3:94:f3:
                    df:76:94:7e:49:c2:0e:21:42:13:8a:ad:f2:52:f4:
                    b7:32:d8:b2:fc:9a:32:4d:d5:f7:29:eb:a1:43:77:
                    ec:94:4c:fa:e0:3f:a9:86:65:aa:ba:39:6b:32:6e:
                    4a:b2:1b:ff:62:c4:c6:8c:9a:a0:8d:8d:b3:a5:83:
                    5c:98:52:c0:9e:d4:a2:62:f0:a6:42:82:11:a2:ff:
                    b8:62:92:ff:53:d6:56:32:f5:79:0d:56:ed:c8:b3:
                    2a:20:cc:95:60:d5:56:80:30:e2:18:de:28:bc:a2:
                    14:49:2f:2e:1d:74:0e:11:1a:68:dc:67:9a:6b:a5:
                    e9:0c:2c:54:0f:6e:8f:93:79:9a:e8:e0:bb:b0:f5:
                    aa:16:6a:4d:c6:8e:d1:7d:84:70:54:f8:2d:ca:3c:
                    4f:be:dc:78:75:86:27:4d:10:25:06:1f:3e:bb:a7:
                    2c:32:20:cd:99:d1:ca:02:11:93:0d:b3:9b:be:ac:
                    d1:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:A3:10:B5:11:01:E5:76:1A:8D:50:5E:4B:68:9E:40:9A:A3:1D:FF
            X509v3 Authority Key Identifier:
                keyid:60:18:32:87:EB:08:EC:E0:C6:5F:A4:9A:3F:45:62:1C:61:2D:DB:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.xindi.eu/repo/XINDI/0/3138352e3137332e31382e302f32342d3234203d3e20323036373633.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.173.18.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:2f:63:66:55:19:d4:b5:1d:72:c9:9f:c8:d3:21:9a:ec:f8:
         9a:16:9c:7a:da:9c:6d:57:1f:b9:a7:9b:c2:da:86:cd:30:1d:
         1d:85:dd:52:ed:2b:56:b4:86:28:08:c4:26:78:38:40:2f:a2:
         2b:76:ea:ef:7c:dc:c9:fe:2e:f3:15:64:08:0b:77:ec:94:68:
         45:4e:c8:62:16:e9:a6:9f:a6:d1:53:89:2f:4b:f6:c2:c6:ca:
         d9:9d:d1:18:db:6c:00:89:36:d5:c8:6d:49:2a:b7:ed:8b:c7:
         64:6d:16:80:3a:98:77:07:fe:30:1a:53:ab:47:20:52:26:70:
         14:a6:4e:3a:9a:f7:ce:38:26:78:05:b1:bf:37:d7:21:97:f0:
         f3:40:99:78:7e:2d:56:08:a2:1d:5d:f7:ce:2f:98:a7:bd:2d:
         12:38:d5:ba:8d:6f:a3:10:09:27:c0:32:72:3d:52:87:96:41:
         3b:a3:6c:4b:2e:aa:65:7a:d8:7a:51:66:62:ab:ee:20:14:29:
         f4:4d:92:86:d1:c1:db:b9:c3:52:eb:d2:9e:e7:e3:e5:91:90:
         34:c3:22:de:d7:5b:b9:34:b2:3d:cf:40:7b:03:53:e5:cd:24:
         1a:70:60:ea:d8:a2:c5:03:6e:ca:b9:9b:5e:19:6b:85:e3:3c:
         c2:fe:79:83
-----BEGIN CERTIFICATE-----
MIIEyjCCA7KgAwIBAgIUF0YfONXQt7883ADOKj2ya71/CawwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjAxODMyODdlYjA4ZWNlMGM2NWZhNDlhM2Y0NTYyMWM2
MTJkZGJkMTAeFw0yMzA5MjcxMTQ1NTlaFw0yNDA5MjUxMTUwNTlaMDMxMTAvBgNV
BAMTKDYyQTMxMEI1MTEwMUU1NzYxQThENTA1RTRCNjg5RTQwOUFBMzFERkYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD8WHx9B4lIgsQcIrbd3yKgLhTs
VHLPQrkmTgr1F8t0yiZ67hP1ewi41ciX2i/1j901kf1P6QEszT7KJoh+YuT5rvEe
LcJbSeOU8992lH5Jwg4hQhOKrfJS9Lcy2LL8mjJN1fcp66FDd+yUTPrgP6mGZaq6
OWsybkqyG/9ixMaMmqCNjbOlg1yYUsCe1KJi8KZCghGi/7hikv9T1lYy9XkNVu3I
syogzJVg1VaAMOIY3ii8ohRJLy4ddA4RGmjcZ5prpekMLFQPbo+TeZro4Luw9aoW
ak3GjtF9hHBU+C3KPE++3Hh1hidNECUGHz67pywyIM2Z0coCEZMNs5u+rNETAgMB
AAGjggHUMIIB0DAdBgNVHQ4EFgQUYqMQtREB5XYajVBeS2ieQJqjHf8wHwYDVR0j
BBgwFoAUYBgyh+sI7ODGX6SaP0ViHGEt29EwDgYDVR0PAQH/BAQDAgeAMGAGA1Ud
HwRZMFcwVaBToFGGT3JzeW5jOi8vcnBraS54aW5kaS5ldS9yZXBvL1hJTkRJLzAv
NjAxODMyODdFQjA4RUNFMEM2NUZBNDlBM0Y0NTYyMUM2MTJEREJEMS5jcmwwZAYI
KwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQv
cmVwb3NpdG9yeS9ERUZBVUxUL1lCZ3loLXNJN09ER1g2U2FQMFZpSEdFdDI5RS5j
ZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jwa2kueGlu
ZGkuZXUvcmVwby9YSU5ESS8wLzMxMzgzNTJlMzEzNzMzMmUzMTM4MmUzMDJmMzIz
NDJkMzIzNDIwM2QzZTIwMzIzMDM2MzczNjMzLnJvYTAYBgNVHSABAf8EDjAMMAoG
CCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAua0SMA0GCSqG
SIb3DQEBCwUAA4IBAQAkL2NmVRnUtR1yyZ/I0yGa7PiaFpx62pxtVx+5p5vC2obN
MB0dhd1S7StWtIYoCMQmeDhAL6IrdurvfNzJ/i7zFWQIC3fslGhFTshiFummn6bR
U4kvS/bCxsrZndEY22wAiTbVyG1JKrfti8dkbRaAOph3B/4wGlOrRyBSJnAUpk46
mvfOOCZ4BbG/N9chl/DzQJl4fi1WCKIdXffOL5invS0SONW6jW+jEAknwDJyPVKH
lkE7o2xLLqpleth6UWZiq+4gFCn0TZKG0cHbucNS69Ke5+PlkZA0wyLe11u5NLI9
z0B7A1PlzSQacGDq2KLFA27KuZteGWuF4zzC/nmD
-----END CERTIFICATE-----