Route Origin Authorization

$ rpki-client -vvf rpki.xindi.eu/repo/XINDI/0/323030313a3637383a3261633a3a2f34382d3438203d3e20323036373633.roa
File:                     323030313a3637383a3261633a3a2f34382d3438203d3e20323036373633.roa (raw, json)
Hash identifier:          ckxFlkUrwseQ64/bSwyLjoUis4D774a0XcJ8Ix8hzzQ=
Subject key identifier:   4A:AE:98:9F:38:11:D0:53:74:42:9C:68:EF:CB:05:13:25:DB:E3:FF
Certificate issuer:       /CN=60183287eb08ece0c65fa49a3f45621c612ddbd1
Certificate serial:       7E7252BDC38F2E7C8C43DB631F0743A52EBD058F
Authority key identifier: 60:18:32:87:EB:08:EC:E0:C6:5F:A4:9A:3F:45:62:1C:61:2D:DB:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer
Subject info access:      rsync://rpki.xindi.eu/repo/XINDI/0/323030313a3637383a3261633a3a2f34382d3438203d3e20323036373633.roa
Signing time:             Wed 28 Aug 2024 12:01:18 +0000
ROA not before:           Wed 28 Aug 2024 11:56:18 +0000
ROA not after:            Wed 27 Aug 2025 12:01:18 +0000
asID:                     206763
IP address blocks:        2001:678:2ac::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.crl
                          rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 04 Dec 2024 21:56:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7e:72:52:bd:c3:8f:2e:7c:8c:43:db:63:1f:07:43:a5:2e:bd:05:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60183287eb08ece0c65fa49a3f45621c612ddbd1
        Validity
            Not Before: Aug 28 11:56:18 2024 GMT
            Not After : Aug 27 12:01:18 2025 GMT
        Subject: CN=4AAE989F3811D05374429C68EFCB051325DBE3FF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:84:35:55:fb:c8:8c:93:b7:bd:c3:5f:56:97:
                    ba:e4:97:3d:f2:51:e7:94:7e:28:4f:de:a7:2e:c9:
                    a0:fc:11:03:1e:9a:e5:9e:d2:de:c2:6a:c3:90:5c:
                    5c:a9:6b:6d:38:0d:cd:c3:44:8b:8c:72:35:53:e5:
                    e1:0e:58:1b:6f:18:f5:56:59:3e:e7:c9:44:bc:e4:
                    2c:af:3e:30:09:ea:bc:7e:31:e8:31:52:4e:81:67:
                    17:60:c5:e4:ce:03:59:83:fb:78:d9:47:3e:01:b0:
                    e9:9e:e9:8b:77:49:3f:07:20:29:06:8f:ec:f2:db:
                    7d:bb:bd:01:37:f8:e7:41:32:d3:b1:b4:bd:77:f7:
                    8b:d7:ee:6f:7e:ba:c8:a8:1c:b5:eb:69:5d:de:5d:
                    37:b1:b7:3f:55:a6:26:2a:8a:78:41:a0:d6:cd:5d:
                    c5:cc:c4:d5:e2:80:d1:ae:b4:ac:dc:52:ed:1a:b7:
                    8e:5a:e8:47:06:9d:74:df:7a:54:4b:42:12:8b:bb:
                    de:94:f0:3b:8f:ae:ca:60:c6:ed:aa:47:ab:ad:a3:
                    d0:06:70:2e:94:23:e8:11:6c:20:6e:0a:66:04:ca:
                    b3:9d:cc:67:90:87:80:63:c6:15:92:f6:ca:9d:8b:
                    d8:fe:7d:8a:0d:a4:3a:a5:0e:9a:d2:01:d4:1d:4a:
                    49:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:AE:98:9F:38:11:D0:53:74:42:9C:68:EF:CB:05:13:25:DB:E3:FF
            X509v3 Authority Key Identifier:
                keyid:60:18:32:87:EB:08:EC:E0:C6:5F:A4:9A:3F:45:62:1C:61:2D:DB:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.xindi.eu/repo/XINDI/0/323030313a3637383a3261633a3a2f34382d3438203d3e20323036373633.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:2ac::/48

    Signature Algorithm: sha256WithRSAEncryption
         37:fb:23:ea:c5:97:06:90:a7:18:cc:6e:99:6e:cf:3c:c1:cc:
         ee:a6:c9:e6:d3:27:be:f6:8d:36:30:d3:d0:fc:0b:d9:77:5a:
         55:40:7d:8d:9c:0f:18:f9:49:a2:58:32:c8:2c:30:c7:60:19:
         11:68:64:83:50:3b:13:57:63:b8:8a:4f:c5:35:ba:ee:9f:17:
         4d:fc:2d:94:86:87:fc:26:24:95:62:25:ed:46:5a:e4:a3:8e:
         8d:98:50:ae:bf:22:87:58:cd:ae:0c:c6:50:01:46:9d:ae:20:
         33:08:dc:87:0b:65:2a:05:45:90:d5:7d:57:86:2e:f8:2f:b2:
         32:bc:45:f7:90:ae:da:f1:c9:98:5a:d4:06:90:27:5a:8a:28:
         74:60:1b:e7:19:51:c9:ac:88:5d:4e:7c:b7:b0:d0:21:c8:0a:
         a8:ca:98:a0:bc:0c:e7:5c:c2:2e:cb:c6:7e:25:f6:48:b9:53:
         9f:2e:5e:56:21:2a:e5:07:07:68:44:b3:74:20:e6:7c:a4:4d:
         c3:16:f7:44:7a:b8:35:34:b5:cd:a5:72:27:49:2d:36:34:7a:
         95:c6:8d:22:b7:05:9e:7e:38:aa:c6:e3:54:7c:7f:2f:60:32:
         43:55:c5:1f:78:d1:23:05:14:99:80:2c:6a:5b:73:b8:eb:15:
         92:dd:f6:73
-----BEGIN CERTIFICATE-----
MIIE0TCCA7mgAwIBAgIUfnJSvcOPLnyMQ9tjHwdDpS69BY8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjAxODMyODdlYjA4ZWNlMGM2NWZhNDlhM2Y0NTYyMWM2
MTJkZGJkMTAeFw0yNDA4MjgxMTU2MThaFw0yNTA4MjcxMjAxMThaMDMxMTAvBgNV
BAMTKDRBQUU5ODlGMzgxMUQwNTM3NDQyOUM2OEVGQ0IwNTEzMjVEQkUzRkYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqhDVV+8iMk7e9w19Wl7rklz3y
UeeUfihP3qcuyaD8EQMemuWe0t7CasOQXFypa204Dc3DRIuMcjVT5eEOWBtvGPVW
WT7nyUS85CyvPjAJ6rx+MegxUk6BZxdgxeTOA1mD+3jZRz4BsOme6Yt3ST8HICkG
j+zy2327vQE3+OdBMtOxtL1394vX7m9+usioHLXraV3eXTextz9VpiYqinhBoNbN
XcXMxNXigNGutKzcUu0at45a6EcGnXTfelRLQhKLu96U8DuPrspgxu2qR6uto9AG
cC6UI+gRbCBuCmYEyrOdzGeQh4BjxhWS9sqdi9j+fYoNpDqlDprSAdQdSknVAgMB
AAGjggHbMIIB1zAdBgNVHQ4EFgQUSq6YnzgR0FN0Qpxo78sFEyXb4/8wHwYDVR0j
BBgwFoAUYBgyh+sI7ODGX6SaP0ViHGEt29EwDgYDVR0PAQH/BAQDAgeAMGAGA1Ud
HwRZMFcwVaBToFGGT3JzeW5jOi8vcnBraS54aW5kaS5ldS9yZXBvL1hJTkRJLzAv
NjAxODMyODdFQjA4RUNFMEM2NUZBNDlBM0Y0NTYyMUM2MTJEREJEMS5jcmwwZAYI
KwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQv
cmVwb3NpdG9yeS9ERUZBVUxUL1lCZ3loLXNJN09ER1g2U2FQMFZpSEdFdDI5RS5j
ZXIwfwYIKwYBBQUHAQsEczBxMG8GCCsGAQUFBzALhmNyc3luYzovL3Jwa2kueGlu
ZGkuZXUvcmVwby9YSU5ESS8wLzMyMzAzMDMxM2EzNjM3MzgzYTMyNjE2MzNhM2Ey
ZjM0MzgyZDM0MzgyMDNkM2UyMDMyMzAzNjM3MzYzMy5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACABBngC
rDANBgkqhkiG9w0BAQsFAAOCAQEAN/sj6sWXBpCnGMxumW7PPMHM7qbJ5tMnvvaN
NjDT0PwL2XdaVUB9jZwPGPlJolgyyCwwx2AZEWhkg1A7E1djuIpPxTW67p8XTfwt
lIaH/CYklWIl7UZa5KOOjZhQrr8ih1jNrgzGUAFGna4gMwjchwtlKgVFkNV9V4Yu
+C+yMrxF95Cu2vHJmFrUBpAnWooodGAb5xlRyayIXU58t7DQIcgKqMqYoLwM51zC
LsvGfiX2SLlTny5eViEq5QcHaESzdCDmfKRNwxb3RHq4NTS1zaVyJ0ktNjR6lcaN
IrcFnn44qsbjVHx/L2AyQ1XFH3jRIwUUmYAsaltzuOsVkt32cw==
-----END CERTIFICATE-----