Route Origin Authorization

$ rpki-client -vvf rpki.xindi.eu/repo/XINDI/0/3138352e3137332e31392e302f32342d3234203d3e203438313132.roa
File:                     3138352e3137332e31392e302f32342d3234203d3e203438313132.roa (raw, json)
Hash identifier:          4+6WUN2SKu51kb86R+HM2wBw/6/0VFlofz6tYICBJ2U=
Subject key identifier:   A5:16:E8:6C:4E:E0:B5:D3:EC:38:B4:83:52:F3:D0:65:90:6F:F6:02
Certificate issuer:       /CN=60183287eb08ece0c65fa49a3f45621c612ddbd1
Certificate serial:       754448C06576BA6E627D988B3A67922403D679A5
Authority key identifier: 60:18:32:87:EB:08:EC:E0:C6:5F:A4:9A:3F:45:62:1C:61:2D:DB:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer
Subject info access:      rsync://rpki.xindi.eu/repo/XINDI/0/3138352e3137332e31392e302f32342d3234203d3e203438313132.roa
Signing time:             Wed 30 Jul 2025 12:37:50 +0000
ROA not before:           Wed 30 Jul 2025 12:32:50 +0000
ROA not after:            Wed 29 Jul 2026 12:37:50 +0000
asID:                     48112
IP address blocks:        185.173.19.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.crl
                          rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 31 Jul 2025 12:59:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            75:44:48:c0:65:76:ba:6e:62:7d:98:8b:3a:67:92:24:03:d6:79:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60183287eb08ece0c65fa49a3f45621c612ddbd1
        Validity
            Not Before: Jul 30 12:32:50 2025 GMT
            Not After : Jul 29 12:37:50 2026 GMT
        Subject: CN=A516E86C4EE0B5D3EC38B48352F3D065906FF602
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:5a:e8:c2:4c:fc:9c:94:69:52:78:27:7e:26:
                    b3:ef:29:6a:c1:f1:fe:be:52:91:6d:ff:bf:77:18:
                    00:08:6d:95:2a:a4:c3:5e:22:95:c9:39:27:71:55:
                    f8:1d:34:9c:bc:83:8b:d9:a5:08:f4:ee:0d:51:6c:
                    72:b3:f7:b5:96:af:b4:75:65:91:9f:65:12:51:69:
                    59:88:ca:06:2c:a1:85:26:be:6a:1d:84:5f:81:3d:
                    34:2f:63:f5:26:57:c0:fe:c3:28:d2:dc:6a:cd:86:
                    a3:2d:d6:36:83:da:15:aa:dd:2b:2e:5b:9a:3a:b7:
                    37:62:f7:62:6d:f2:07:78:28:7a:53:4c:8a:0e:e2:
                    c2:9e:3d:df:74:ba:8b:62:24:f1:bb:c9:df:36:4e:
                    ab:03:14:44:c7:31:ac:ee:f8:4e:b2:e3:be:67:d9:
                    2e:e2:d4:fd:f1:ec:f5:bf:57:86:64:18:98:ff:8a:
                    0f:52:b7:4f:88:3e:7b:d9:49:2f:9f:01:fe:f6:b5:
                    ac:1c:ba:ea:77:1b:3d:c7:ce:04:78:46:21:24:8a:
                    fb:4a:80:60:05:91:93:a1:05:a3:d3:2f:d5:76:36:
                    87:5a:98:55:9e:a4:a3:88:79:fb:3e:37:84:ab:4a:
                    33:b1:45:7d:72:82:11:55:9e:37:9a:63:87:1f:41:
                    8b:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:16:E8:6C:4E:E0:B5:D3:EC:38:B4:83:52:F3:D0:65:90:6F:F6:02
            X509v3 Authority Key Identifier:
                keyid:60:18:32:87:EB:08:EC:E0:C6:5F:A4:9A:3F:45:62:1C:61:2D:DB:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.xindi.eu/repo/XINDI/0/3138352e3137332e31392e302f32342d3234203d3e203438313132.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.173.19.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:9b:0d:14:f2:b0:ba:17:7f:ab:0b:40:b4:4c:5b:c8:cc:51:
         86:fe:c4:0f:f4:fb:5f:d5:f1:a4:f8:5d:db:aa:c4:ad:df:c9:
         79:23:b0:62:54:f5:07:6f:47:ef:9e:20:b8:79:6a:68:ac:00:
         c1:32:53:94:e1:ca:70:0a:26:cb:05:5c:e6:40:6d:a6:b9:c6:
         24:a7:9b:84:b8:ac:9c:c6:0e:76:2e:f1:17:c5:1a:d5:21:1a:
         1c:d4:2b:dc:2d:1e:2b:7e:d5:45:6c:43:f4:2a:9e:29:62:29:
         a3:74:7b:46:71:61:53:87:dd:fc:bd:79:fd:5a:71:10:09:6e:
         0e:f9:04:5a:da:15:70:84:a4:af:fa:97:57:dc:64:53:c7:c3:
         10:89:23:23:95:56:22:e0:9f:53:86:30:7e:c5:1b:e6:a5:4b:
         67:ad:86:78:7d:4d:73:e3:9e:b6:8d:c0:95:48:28:fd:19:8f:
         93:18:0d:f4:4a:4e:96:e7:00:27:68:dd:47:a9:ec:63:cd:01:
         70:c0:ed:aa:b5:9b:d3:a2:20:de:a8:da:79:46:c9:82:e4:aa:
         31:cc:bc:28:0e:1c:5d:99:d6:75:73:92:ba:48:b7:ab:da:45:
         ef:54:00:dc:67:16:b9:e1:36:92:59:a3:cc:2c:21:e4:0c:be:
         3b:19:17:0e
-----BEGIN CERTIFICATE-----
MIIEyDCCA7CgAwIBAgIUdURIwGV2um5ifZiLOmeSJAPWeaUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjAxODMyODdlYjA4ZWNlMGM2NWZhNDlhM2Y0NTYyMWM2
MTJkZGJkMTAeFw0yNTA3MzAxMjMyNTBaFw0yNjA3MjkxMjM3NTBaMDMxMTAvBgNV
BAMTKEE1MTZFODZDNEVFMEI1RDNFQzM4QjQ4MzUyRjNEMDY1OTA2RkY2MDIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCoWujCTPyclGlSeCd+JrPvKWrB
8f6+UpFt/793GAAIbZUqpMNeIpXJOSdxVfgdNJy8g4vZpQj07g1RbHKz97WWr7R1
ZZGfZRJRaVmIygYsoYUmvmodhF+BPTQvY/UmV8D+wyjS3GrNhqMt1jaD2hWq3Ssu
W5o6tzdi92Jt8gd4KHpTTIoO4sKePd90uotiJPG7yd82TqsDFETHMazu+E6y475n
2S7i1P3x7PW/V4ZkGJj/ig9St0+IPnvZSS+fAf72tawcuup3Gz3HzgR4RiEkivtK
gGAFkZOhBaPTL9V2NodamFWepKOIefs+N4SrSjOxRX1yghFVnjeaY4cfQYvNAgMB
AAGjggHSMIIBzjAdBgNVHQ4EFgQUpRbobE7gtdPsOLSDUvPQZZBv9gIwHwYDVR0j
BBgwFoAUYBgyh+sI7ODGX6SaP0ViHGEt29EwDgYDVR0PAQH/BAQDAgeAMGAGA1Ud
HwRZMFcwVaBToFGGT3JzeW5jOi8vcnBraS54aW5kaS5ldS9yZXBvL1hJTkRJLzAv
NjAxODMyODdFQjA4RUNFMEM2NUZBNDlBM0Y0NTYyMUM2MTJEREJEMS5jcmwwZAYI
KwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQv
cmVwb3NpdG9yeS9ERUZBVUxUL1lCZ3loLXNJN09ER1g2U2FQMFZpSEdFdDI5RS5j
ZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jwa2kueGlu
ZGkuZXUvcmVwby9YSU5ESS8wLzMxMzgzNTJlMzEzNzMzMmUzMTM5MmUzMDJmMzIz
NDJkMzIzNDIwM2QzZTIwMzQzODMxMzEzMi5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALmtEzANBgkqhkiG
9w0BAQsFAAOCAQEAZZsNFPKwuhd/qwtAtExbyMxRhv7ED/T7X9XxpPhd26rErd/J
eSOwYlT1B29H754guHlqaKwAwTJTlOHKcAomywVc5kBtprnGJKebhLisnMYOdi7x
F8Ua1SEaHNQr3C0eK37VRWxD9CqeKWIpo3R7RnFhU4fd/L15/VpxEAluDvkEWtoV
cISkr/qXV9xkU8fDEIkjI5VWIuCfU4YwfsUb5qVLZ62GeH1Nc+Oeto3AlUgo/RmP
kxgN9EpOlucAJ2jdR6nsY80BcMDtqrWb06Ig3qjaeUbJguSqMcy8KA4cXZnWdXOS
uki3q9pF71QA3GcWueE2klmjzCwh5Ay+OxkXDg==
-----END CERTIFICATE-----