Route Origin Authorization

$ rpki-client -vvf rpki.xindi.eu/repo/XINDI/0/3138352e3137332e31382e302f32342d3234203d3e20323036373633.roa
File:                     3138352e3137332e31382e302f32342d3234203d3e20323036373633.roa (raw, json)
Hash identifier:          bhEiMDErw40zzP0ipPQP54ExOjq7BzUmLJ9N639t3Ro=
Subject key identifier:   33:F8:A5:54:2F:08:C8:4E:40:43:16:50:4A:0B:5E:27:50:96:B9:3C
Certificate issuer:       /CN=60183287eb08ece0c65fa49a3f45621c612ddbd1
Certificate serial:       7D193220338C6102A0F80C1F007C30C652A4F8F0
Authority key identifier: 60:18:32:87:EB:08:EC:E0:C6:5F:A4:9A:3F:45:62:1C:61:2D:DB:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer
Subject info access:      rsync://rpki.xindi.eu/repo/XINDI/0/3138352e3137332e31382e302f32342d3234203d3e20323036373633.roa
Signing time:             Wed 30 Jul 2025 12:37:45 +0000
ROA not before:           Wed 30 Jul 2025 12:32:45 +0000
ROA not after:            Wed 29 Jul 2026 12:37:45 +0000
asID:                     206763
IP address blocks:        185.173.18.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.crl
                          rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 31 Jul 2025 12:59:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:19:32:20:33:8c:61:02:a0:f8:0c:1f:00:7c:30:c6:52:a4:f8:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60183287eb08ece0c65fa49a3f45621c612ddbd1
        Validity
            Not Before: Jul 30 12:32:45 2025 GMT
            Not After : Jul 29 12:37:45 2026 GMT
        Subject: CN=33F8A5542F08C84E404316504A0B5E275096B93C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:b1:60:95:9f:c7:fa:e6:ad:88:88:a8:68:5b:
                    03:d0:26:f9:4e:04:07:a8:6d:4f:45:c1:7f:41:9b:
                    c6:16:e7:f1:b9:c7:70:24:20:21:1c:ce:4c:f6:19:
                    db:81:62:0c:49:91:89:69:f9:31:1e:48:2c:bf:54:
                    6e:7f:72:1e:8f:c9:94:fa:bb:32:ae:9c:c8:cf:49:
                    bf:cd:85:ab:52:25:7b:bf:c8:9b:6b:a3:ca:ac:1c:
                    ac:ad:57:e8:54:97:e8:a6:20:71:d1:71:bb:f4:84:
                    55:a7:ca:d7:de:44:00:88:0a:d4:f3:70:19:a4:eb:
                    16:de:34:93:29:6d:1b:8e:b3:15:af:be:50:05:b8:
                    73:06:c4:b8:c0:a3:9d:c3:45:dd:93:2b:d7:79:7b:
                    bc:7a:b9:4f:66:b4:2c:64:e4:04:a1:17:0b:7c:5d:
                    60:0f:06:b3:d7:4f:63:a7:c5:1f:c6:55:a3:16:71:
                    cf:50:93:0c:47:14:8b:97:b3:72:d0:4c:fe:ef:69:
                    c1:64:0e:5f:b1:02:9d:cc:7f:ab:5d:b7:a7:c9:95:
                    82:7f:57:1b:fd:1a:0c:cf:c3:21:1c:80:c4:e2:fc:
                    d2:3f:3e:20:e2:f8:7c:05:2c:2d:a1:8e:03:ec:5f:
                    ad:2c:a1:f1:52:71:73:bf:0a:6f:c6:fe:86:e5:35:
                    2a:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:F8:A5:54:2F:08:C8:4E:40:43:16:50:4A:0B:5E:27:50:96:B9:3C
            X509v3 Authority Key Identifier:
                keyid:60:18:32:87:EB:08:EC:E0:C6:5F:A4:9A:3F:45:62:1C:61:2D:DB:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.xindi.eu/repo/XINDI/0/3138352e3137332e31382e302f32342d3234203d3e20323036373633.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.173.18.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:d1:57:fe:1b:d1:b9:73:b7:7f:0a:27:75:c8:b0:1d:8a:9b:
         83:85:df:cd:df:0b:4c:dd:4b:e0:78:b5:e5:dd:d6:c6:a5:af:
         5e:3c:d5:6e:af:2e:68:18:7f:de:94:fc:83:87:f7:c2:38:c3:
         63:fc:84:4d:3a:9d:ca:06:78:32:3f:5e:cc:0e:78:79:3d:88:
         f6:8c:eb:79:98:10:b0:5f:79:b5:8e:e4:22:68:3e:7f:b6:82:
         ff:1b:15:87:47:2a:60:1d:da:4a:fa:03:2a:1e:f5:14:08:ab:
         2e:cb:5a:40:86:1f:3d:2d:7f:e7:90:5e:01:5b:82:69:2c:53:
         f1:15:48:9e:f7:c0:34:79:d6:31:eb:db:69:14:c8:38:16:ea:
         f2:60:d3:36:80:ae:47:81:99:91:2f:81:f0:82:5a:e4:77:90:
         4b:fa:9b:2f:21:03:d8:4a:8b:49:be:fe:7d:26:7e:5b:02:a4:
         b1:f9:34:84:4e:44:10:64:40:7d:30:2d:a6:0c:bf:08:c4:3a:
         8b:08:ec:88:60:90:d9:9d:a8:4b:11:9e:4c:18:66:03:4a:57:
         05:e8:3e:d1:02:ef:fb:fd:59:45:90:0c:f2:fa:f2:8b:55:a0:
         39:62:bf:9e:8b:c6:78:5b:44:e6:9e:5f:e1:b0:6a:d0:a3:2c:
         7d:03:61:71
-----BEGIN CERTIFICATE-----
MIIEyjCCA7KgAwIBAgIUfRkyIDOMYQKg+AwfAHwwxlKk+PAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjAxODMyODdlYjA4ZWNlMGM2NWZhNDlhM2Y0NTYyMWM2
MTJkZGJkMTAeFw0yNTA3MzAxMjMyNDVaFw0yNjA3MjkxMjM3NDVaMDMxMTAvBgNV
BAMTKDMzRjhBNTU0MkYwOEM4NEU0MDQzMTY1MDRBMEI1RTI3NTA5NkI5M0MwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCsWCVn8f65q2IiKhoWwPQJvlO
BAeobU9FwX9Bm8YW5/G5x3AkICEczkz2GduBYgxJkYlp+TEeSCy/VG5/ch6PyZT6
uzKunMjPSb/NhatSJXu/yJtro8qsHKytV+hUl+imIHHRcbv0hFWnytfeRACICtTz
cBmk6xbeNJMpbRuOsxWvvlAFuHMGxLjAo53DRd2TK9d5e7x6uU9mtCxk5AShFwt8
XWAPBrPXT2OnxR/GVaMWcc9QkwxHFIuXs3LQTP7vacFkDl+xAp3Mf6tdt6fJlYJ/
Vxv9GgzPwyEcgMTi/NI/PiDi+HwFLC2hjgPsX60sofFScXO/Cm/G/oblNSqZAgMB
AAGjggHUMIIB0DAdBgNVHQ4EFgQUM/ilVC8IyE5AQxZQSgteJ1CWuTwwHwYDVR0j
BBgwFoAUYBgyh+sI7ODGX6SaP0ViHGEt29EwDgYDVR0PAQH/BAQDAgeAMGAGA1Ud
HwRZMFcwVaBToFGGT3JzeW5jOi8vcnBraS54aW5kaS5ldS9yZXBvL1hJTkRJLzAv
NjAxODMyODdFQjA4RUNFMEM2NUZBNDlBM0Y0NTYyMUM2MTJEREJEMS5jcmwwZAYI
KwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQv
cmVwb3NpdG9yeS9ERUZBVUxUL1lCZ3loLXNJN09ER1g2U2FQMFZpSEdFdDI5RS5j
ZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jwa2kueGlu
ZGkuZXUvcmVwby9YSU5ESS8wLzMxMzgzNTJlMzEzNzMzMmUzMTM4MmUzMDJmMzIz
NDJkMzIzNDIwM2QzZTIwMzIzMDM2MzczNjMzLnJvYTAYBgNVHSABAf8EDjAMMAoG
CCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAua0SMA0GCSqG
SIb3DQEBCwUAA4IBAQBw0Vf+G9G5c7d/Cid1yLAdipuDhd/N3wtM3UvgeLXl3dbG
pa9ePNVury5oGH/elPyDh/fCOMNj/IRNOp3KBngyP17MDnh5PYj2jOt5mBCwX3m1
juQiaD5/toL/GxWHRypgHdpK+gMqHvUUCKsuy1pAhh89LX/nkF4BW4JpLFPxFUie
98A0edYx69tpFMg4FuryYNM2gK5HgZmRL4Hwglrkd5BL+psvIQPYSotJvv59Jn5b
AqSx+TSETkQQZEB9MC2mDL8IxDqLCOyIYJDZnahLEZ5MGGYDSlcF6D7RAu/7/VlF
kAzy+vKLVaA5Yr+ei8Z4W0Tmnl/hsGrQoyx9A2Fx
-----END CERTIFICATE-----