Route Origin Authorization

$ rpki-client -vvf rpki.xindi.eu/repo/XINDI/0/3138352e3137332e31392e302f32342d3234203d3e203438313132.roa
File:                     3138352e3137332e31392e302f32342d3234203d3e203438313132.roa (raw, json)
Hash identifier:          cG8qee8BRQIYLCyibaAX1PHDmMwKpglwXEp4OsS7dN8=
Subject key identifier:   A9:F8:96:64:82:89:C3:28:EF:EB:F6:B7:22:AC:08:36:BD:E7:99:C4
Certificate issuer:       /CN=60183287eb08ece0c65fa49a3f45621c612ddbd1
Certificate serial:       5C983A5565D91A0B8AFDBE1C34809C22A6F30C9C
Authority key identifier: 60:18:32:87:EB:08:EC:E0:C6:5F:A4:9A:3F:45:62:1C:61:2D:DB:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer
Subject info access:      rsync://rpki.xindi.eu/repo/XINDI/0/3138352e3137332e31392e302f32342d3234203d3e203438313132.roa
Signing time:             Wed 28 Aug 2024 12:01:15 +0000
ROA not before:           Wed 28 Aug 2024 11:56:15 +0000
ROA not after:            Wed 27 Aug 2025 12:01:15 +0000
asID:                     48112
IP address blocks:        185.173.19.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.crl
                          rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 04 Dec 2024 21:56:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:98:3a:55:65:d9:1a:0b:8a:fd:be:1c:34:80:9c:22:a6:f3:0c:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60183287eb08ece0c65fa49a3f45621c612ddbd1
        Validity
            Not Before: Aug 28 11:56:15 2024 GMT
            Not After : Aug 27 12:01:15 2025 GMT
        Subject: CN=A9F896648289C328EFEBF6B722AC0836BDE799C4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:2f:e0:9e:ef:5a:30:bf:c8:84:90:e5:4a:41:
                    a1:88:a8:b9:05:e9:6e:c0:56:0e:99:ee:39:2c:f7:
                    a4:9c:9e:a5:cc:71:92:c7:94:8e:d6:bd:fd:0b:1e:
                    40:9a:9d:07:18:a0:e4:40:69:c5:8b:74:4f:2d:23:
                    4c:cf:2d:0e:c2:e1:9c:87:f6:1a:34:8d:86:20:4e:
                    dd:e0:19:0d:e8:6d:20:1e:4f:0d:28:ae:13:59:cc:
                    90:2e:a7:45:05:93:9a:0f:3e:e8:45:8e:8c:16:a6:
                    5a:98:ba:d7:e2:2d:4d:8a:d4:5a:03:9c:f1:36:e9:
                    21:41:25:80:8a:e7:76:4f:03:fb:49:e4:34:a9:47:
                    cf:13:ae:83:7f:a5:50:c0:3e:18:7d:ea:1a:34:bc:
                    33:64:e4:b2:2c:74:e0:df:86:28:40:5b:dd:5e:b6:
                    81:e1:8a:fa:79:24:c4:8b:08:1f:8d:8a:81:ff:0c:
                    04:8a:c0:05:85:e6:ba:94:f9:fa:1b:bc:e7:6a:d6:
                    a0:ca:c8:54:f0:16:a0:99:f2:bd:fe:50:3b:d7:c6:
                    d8:93:29:45:86:5e:54:ad:37:e7:0f:58:d7:2b:ca:
                    4d:8c:5f:e0:46:09:c5:4c:a2:e7:44:b7:cd:53:b7:
                    e8:f8:c1:b0:64:4f:05:5e:d5:8e:9b:25:2d:b5:08:
                    b0:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:F8:96:64:82:89:C3:28:EF:EB:F6:B7:22:AC:08:36:BD:E7:99:C4
            X509v3 Authority Key Identifier:
                keyid:60:18:32:87:EB:08:EC:E0:C6:5F:A4:9A:3F:45:62:1C:61:2D:DB:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.xindi.eu/repo/XINDI/0/3138352e3137332e31392e302f32342d3234203d3e203438313132.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.173.19.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:9c:54:a4:0d:18:be:7f:b8:87:31:3b:97:d6:88:13:a9:40:
         e1:9c:d3:0e:ce:d8:af:bf:de:eb:4d:9c:a4:f3:8b:1c:14:eb:
         44:2a:f8:39:0c:6b:ab:6b:0f:47:21:1a:0f:c4:e7:15:1f:e9:
         88:5a:44:8a:a1:85:d8:17:29:fb:0b:2a:23:ce:8a:7f:80:96:
         82:b5:c5:dc:9d:67:78:c0:1e:8c:e8:46:4e:c2:4e:04:05:4c:
         0f:23:06:a7:f0:32:73:a2:15:70:ae:1b:1c:96:3d:2c:c0:92:
         b3:b3:c9:7d:3d:da:c4:05:38:50:46:51:07:52:f5:de:82:1b:
         dd:ef:32:56:13:85:cf:36:b5:39:93:ee:55:92:22:37:01:aa:
         a1:86:7c:e8:da:dc:2a:e4:ae:d6:13:ad:3c:0a:b4:4d:e3:f1:
         f4:56:6d:93:41:a6:f2:2b:66:ff:55:0f:ef:0b:0e:5f:31:c9:
         12:0d:c6:bd:cf:9d:12:0b:a6:01:6c:de:4c:ba:21:31:6a:d1:
         07:e5:7e:88:57:22:31:16:e7:a6:46:c3:69:78:db:ce:0c:2f:
         d1:96:96:d8:93:a1:5b:78:39:58:b4:cd:64:16:6a:c4:e9:04:
         bd:d4:18:cf:9c:b2:66:78:22:71:13:75:2e:04:bc:d7:0e:0b:
         74:ff:2f:2e
-----BEGIN CERTIFICATE-----
MIIEyDCCA7CgAwIBAgIUXJg6VWXZGguK/b4cNICcIqbzDJwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjAxODMyODdlYjA4ZWNlMGM2NWZhNDlhM2Y0NTYyMWM2
MTJkZGJkMTAeFw0yNDA4MjgxMTU2MTVaFw0yNTA4MjcxMjAxMTVaMDMxMTAvBgNV
BAMTKEE5Rjg5NjY0ODI4OUMzMjhFRkVCRjZCNzIyQUMwODM2QkRFNzk5QzQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAL+Ce71owv8iEkOVKQaGIqLkF
6W7AVg6Z7jks96ScnqXMcZLHlI7Wvf0LHkCanQcYoORAacWLdE8tI0zPLQ7C4ZyH
9ho0jYYgTt3gGQ3obSAeTw0orhNZzJAup0UFk5oPPuhFjowWplqYutfiLU2K1FoD
nPE26SFBJYCK53ZPA/tJ5DSpR88TroN/pVDAPhh96ho0vDNk5LIsdODfhihAW91e
toHhivp5JMSLCB+NioH/DASKwAWF5rqU+fobvOdq1qDKyFTwFqCZ8r3+UDvXxtiT
KUWGXlStN+cPWNcryk2MX+BGCcVMoudEt81Tt+j4wbBkTwVe1Y6bJS21CLCjAgMB
AAGjggHSMIIBzjAdBgNVHQ4EFgQUqfiWZIKJwyjv6/a3IqwINr3nmcQwHwYDVR0j
BBgwFoAUYBgyh+sI7ODGX6SaP0ViHGEt29EwDgYDVR0PAQH/BAQDAgeAMGAGA1Ud
HwRZMFcwVaBToFGGT3JzeW5jOi8vcnBraS54aW5kaS5ldS9yZXBvL1hJTkRJLzAv
NjAxODMyODdFQjA4RUNFMEM2NUZBNDlBM0Y0NTYyMUM2MTJEREJEMS5jcmwwZAYI
KwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQv
cmVwb3NpdG9yeS9ERUZBVUxUL1lCZ3loLXNJN09ER1g2U2FQMFZpSEdFdDI5RS5j
ZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jwa2kueGlu
ZGkuZXUvcmVwby9YSU5ESS8wLzMxMzgzNTJlMzEzNzMzMmUzMTM5MmUzMDJmMzIz
NDJkMzIzNDIwM2QzZTIwMzQzODMxMzEzMi5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALmtEzANBgkqhkiG
9w0BAQsFAAOCAQEAUpxUpA0Yvn+4hzE7l9aIE6lA4ZzTDs7Yr7/e602cpPOLHBTr
RCr4OQxrq2sPRyEaD8TnFR/piFpEiqGF2Bcp+wsqI86Kf4CWgrXF3J1neMAejOhG
TsJOBAVMDyMGp/Ayc6IVcK4bHJY9LMCSs7PJfT3axAU4UEZRB1L13oIb3e8yVhOF
zza1OZPuVZIiNwGqoYZ86NrcKuSu1hOtPAq0TePx9FZtk0Gm8itm/1UP7wsOXzHJ
Eg3Gvc+dEgumAWzeTLohMWrRB+V+iFciMRbnpkbDaXjbzgwv0ZaW2JOhW3g5WLTN
ZBZqxOkEvdQYz5yyZngicRN1LgS81w4LdP8vLg==
-----END CERTIFICATE-----