Route Origin Authorization

$ rpki-client -vvf rpki.xindi.eu/repo/XINDI/0/3138352e3137332e31392e302f32342d3234203d3e203438313132.roa
File:                     3138352e3137332e31392e302f32342d3234203d3e203438313132.roa (raw, json)
Hash identifier:          Fi8mrgBlGmLbMe/Uc7UqzOPxq2VG+JWCzQ5ojH9+9NU=
Subject key identifier:   51:78:94:2F:8F:86:BA:47:69:00:6B:D6:ED:6A:60:D7:42:4D:75:F0
Certificate issuer:       /CN=60183287eb08ece0c65fa49a3f45621c612ddbd1
Certificate serial:       141818ABDDE4F0EB4C7AF96589055442DB3F146E
Authority key identifier: 60:18:32:87:EB:08:EC:E0:C6:5F:A4:9A:3F:45:62:1C:61:2D:DB:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer
Subject info access:      rsync://rpki.xindi.eu/repo/XINDI/0/3138352e3137332e31392e302f32342d3234203d3e203438313132.roa
Signing time:             Wed 27 Sep 2023 11:50:58 +0000
ROA not before:           Wed 27 Sep 2023 11:45:58 +0000
ROA not after:            Wed 25 Sep 2024 11:50:58 +0000
asID:                     48112
IP address blocks:        185.173.19.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.crl
                          rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            14:18:18:ab:dd:e4:f0:eb:4c:7a:f9:65:89:05:54:42:db:3f:14:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60183287eb08ece0c65fa49a3f45621c612ddbd1
        Validity
            Not Before: Sep 27 11:45:58 2023 GMT
            Not After : Sep 25 11:50:58 2024 GMT
        Subject: CN=5178942F8F86BA4769006BD6ED6A60D7424D75F0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:69:82:d0:53:97:ad:e5:33:cd:26:ef:5d:d1:
                    67:d6:d6:1c:5c:8d:a9:29:6f:14:ff:00:9e:19:27:
                    fa:b2:b4:1f:47:30:2a:e1:16:c2:53:a9:dc:df:bd:
                    b4:b7:f2:21:25:a2:36:c3:59:f7:ef:8c:16:7b:9e:
                    59:e4:64:a0:f4:de:be:b5:d7:d5:e2:7b:71:4d:50:
                    2a:f5:4a:6e:5c:e5:81:28:3c:40:78:2c:83:eb:34:
                    8e:0e:61:7b:4a:aa:cf:e2:3c:fd:76:74:6c:dc:d2:
                    cf:50:a1:97:79:ff:ba:8c:21:1e:61:bb:f7:26:9c:
                    a9:ed:f1:06:81:25:0e:7d:8a:c0:b7:bd:32:7e:ab:
                    1d:3d:67:69:f7:64:6f:43:5d:83:56:b9:7b:dd:47:
                    54:89:c6:16:35:30:80:8a:dc:23:f2:e7:dd:81:02:
                    f8:19:e9:45:a1:52:2e:58:75:7a:7c:43:60:e9:50:
                    77:af:75:0a:28:17:e1:9d:19:25:48:9b:d3:5b:76:
                    6a:27:1d:b2:49:6e:22:1f:59:2d:91:58:d8:af:02:
                    0f:31:41:4f:95:c3:1c:94:31:4b:e5:1e:08:72:94:
                    a1:2a:45:18:d0:76:6b:ab:0e:eb:07:02:c1:33:58:
                    b2:75:04:52:72:96:0d:90:fb:13:d4:a2:48:68:e4:
                    ea:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:78:94:2F:8F:86:BA:47:69:00:6B:D6:ED:6A:60:D7:42:4D:75:F0
            X509v3 Authority Key Identifier:
                keyid:60:18:32:87:EB:08:EC:E0:C6:5F:A4:9A:3F:45:62:1C:61:2D:DB:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.xindi.eu/repo/XINDI/0/3138352e3137332e31392e302f32342d3234203d3e203438313132.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.173.19.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:94:56:a8:45:26:1d:48:49:a2:c4:2f:60:84:fa:16:d6:50:
         ec:a2:5a:76:0b:16:48:bb:08:4a:be:54:4c:58:6f:21:10:f3:
         3e:b0:88:c2:98:b5:7b:ec:60:18:b5:58:39:c8:37:f7:bf:86:
         c7:97:e8:9c:74:9a:59:cb:4e:4c:02:a1:25:cf:d5:4a:74:b2:
         9b:a4:74:5a:2f:ce:5c:d7:b0:f5:d1:18:41:a5:fc:8c:70:f1:
         38:e2:6d:8a:61:cc:75:3e:80:de:87:a3:8b:32:15:b8:da:ce:
         db:ae:6b:e5:3b:f7:e5:27:35:9d:6d:0f:83:da:37:29:62:25:
         26:35:ff:9f:d6:0d:76:8b:93:e1:22:3a:0f:a8:03:b6:5c:77:
         ef:7a:77:3d:e3:6b:5b:57:1d:85:a0:f8:89:30:a6:df:1e:d2:
         f6:91:f9:b4:54:92:7c:88:65:3b:fc:da:84:29:ea:40:31:d9:
         d6:c7:d4:65:03:4e:ef:6e:bb:85:c4:19:37:6f:80:ef:e2:3b:
         8a:b4:a3:1f:b2:90:1a:1d:bd:82:c0:e4:27:6c:70:7e:b6:d7:
         02:23:64:ac:31:2c:88:21:56:56:9c:4e:83:3e:c4:36:23:ac:
         0b:d6:79:d2:af:0b:e8:dd:2d:63:48:d5:c2:ac:87:4c:76:a1:
         15:0b:8f:24
-----BEGIN CERTIFICATE-----
MIIEyDCCA7CgAwIBAgIUFBgYq93k8OtMevlliQVUQts/FG4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjAxODMyODdlYjA4ZWNlMGM2NWZhNDlhM2Y0NTYyMWM2
MTJkZGJkMTAeFw0yMzA5MjcxMTQ1NThaFw0yNDA5MjUxMTUwNThaMDMxMTAvBgNV
BAMTKDUxNzg5NDJGOEY4NkJBNDc2OTAwNkJENkVENkE2MEQ3NDI0RDc1RjAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDgaYLQU5et5TPNJu9d0WfW1hxc
jakpbxT/AJ4ZJ/qytB9HMCrhFsJTqdzfvbS38iElojbDWffvjBZ7nlnkZKD03r61
19Xie3FNUCr1Sm5c5YEoPEB4LIPrNI4OYXtKqs/iPP12dGzc0s9QoZd5/7qMIR5h
u/cmnKnt8QaBJQ59isC3vTJ+qx09Z2n3ZG9DXYNWuXvdR1SJxhY1MICK3CPy592B
AvgZ6UWhUi5YdXp8Q2DpUHevdQooF+GdGSVIm9NbdmonHbJJbiIfWS2RWNivAg8x
QU+VwxyUMUvlHghylKEqRRjQdmurDusHAsEzWLJ1BFJylg2Q+xPUokho5OoLAgMB
AAGjggHSMIIBzjAdBgNVHQ4EFgQUUXiUL4+GukdpAGvW7Wpg10JNdfAwHwYDVR0j
BBgwFoAUYBgyh+sI7ODGX6SaP0ViHGEt29EwDgYDVR0PAQH/BAQDAgeAMGAGA1Ud
HwRZMFcwVaBToFGGT3JzeW5jOi8vcnBraS54aW5kaS5ldS9yZXBvL1hJTkRJLzAv
NjAxODMyODdFQjA4RUNFMEM2NUZBNDlBM0Y0NTYyMUM2MTJEREJEMS5jcmwwZAYI
KwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQv
cmVwb3NpdG9yeS9ERUZBVUxUL1lCZ3loLXNJN09ER1g2U2FQMFZpSEdFdDI5RS5j
ZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jwa2kueGlu
ZGkuZXUvcmVwby9YSU5ESS8wLzMxMzgzNTJlMzEzNzMzMmUzMTM5MmUzMDJmMzIz
NDJkMzIzNDIwM2QzZTIwMzQzODMxMzEzMi5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALmtEzANBgkqhkiG
9w0BAQsFAAOCAQEAe5RWqEUmHUhJosQvYIT6FtZQ7KJadgsWSLsISr5UTFhvIRDz
PrCIwpi1e+xgGLVYOcg397+Gx5fonHSaWctOTAKhJc/VSnSym6R0Wi/OXNew9dEY
QaX8jHDxOOJtimHMdT6A3oejizIVuNrO265r5Tv35Sc1nW0Pg9o3KWIlJjX/n9YN
douT4SI6D6gDtlx373p3PeNrW1cdhaD4iTCm3x7S9pH5tFSSfIhlO/zahCnqQDHZ
1sfUZQNO7267hcQZN2+A7+I7irSjH7KQGh29gsDkJ2xwfrbXAiNkrDEsiCFWVpxO
gz7ENiOsC9Z50q8L6N0tY0jVwqyHTHahFQuPJA==
-----END CERTIFICATE-----