Route Origin Authorization

$ rpki-client -vvf rpki.xindi.eu/repo/XINDI/0/323030313a3637383a3261633a3a2f34382d3438203d3e20323036373633.roa
File:                     323030313a3637383a3261633a3a2f34382d3438203d3e20323036373633.roa (raw, json)
Hash identifier:          mk9Ipjr7pTrTx0aXJXGELxjxImqFK44VSw7pctQQ9wU=
Subject key identifier:   8F:47:BD:4E:48:28:3D:93:B1:54:DD:86:B1:4E:BB:F4:1B:1A:A3:4F
Certificate issuer:       /CN=60183287eb08ece0c65fa49a3f45621c612ddbd1
Certificate serial:       65A01B3EB54A4A0E2CA024E6A22C1F8BEC3F3C1A
Authority key identifier: 60:18:32:87:EB:08:EC:E0:C6:5F:A4:9A:3F:45:62:1C:61:2D:DB:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer
Subject info access:      rsync://rpki.xindi.eu/repo/XINDI/0/323030313a3637383a3261633a3a2f34382d3438203d3e20323036373633.roa
Signing time:             Wed 30 Jul 2025 12:37:50 +0000
ROA not before:           Wed 30 Jul 2025 12:32:50 +0000
ROA not after:            Wed 29 Jul 2026 12:37:50 +0000
asID:                     206763
IP address blocks:        2001:678:2ac::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.crl
                          rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 31 Jul 2025 12:59:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:a0:1b:3e:b5:4a:4a:0e:2c:a0:24:e6:a2:2c:1f:8b:ec:3f:3c:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60183287eb08ece0c65fa49a3f45621c612ddbd1
        Validity
            Not Before: Jul 30 12:32:50 2025 GMT
            Not After : Jul 29 12:37:50 2026 GMT
        Subject: CN=8F47BD4E48283D93B154DD86B14EBBF41B1AA34F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:90:65:f8:db:57:06:b2:9b:38:8b:80:9a:5a:
                    63:c1:66:0c:5b:15:59:08:37:9f:6d:bb:26:0d:f6:
                    86:79:4b:26:59:eb:d8:b4:90:bf:82:e5:72:4a:16:
                    f1:d9:04:48:65:cf:0a:c3:a7:38:06:2c:31:d7:0e:
                    53:b5:3e:59:c0:bf:29:2f:ac:75:2a:fa:d3:fd:5d:
                    fc:c1:04:32:fa:78:09:d5:ff:cc:d5:7b:ce:ed:be:
                    7c:d7:01:0e:88:7b:cb:a3:f6:5f:f5:e3:ae:d3:0c:
                    eb:64:b2:84:04:f7:a8:8a:4d:b2:0f:d9:c2:75:60:
                    c2:db:ee:f4:90:86:7e:f8:8e:cc:d3:61:da:36:35:
                    17:a0:2b:b4:ba:b3:19:67:a0:34:b8:a5:ee:12:67:
                    b7:9d:28:3a:99:3c:45:51:7a:ed:71:29:05:24:65:
                    4d:da:44:67:67:f9:4c:96:81:6c:0d:25:4a:39:0c:
                    b7:23:ac:a7:ca:40:99:b6:b9:df:3e:3f:e4:55:13:
                    0e:65:1e:37:3a:4a:af:e9:ef:e7:63:61:dc:48:75:
                    ff:40:2c:68:b2:79:19:bc:3a:f5:07:bc:21:a0:ad:
                    ed:09:1b:ce:fb:03:3e:40:78:3a:7f:21:05:9c:a2:
                    35:79:46:40:d2:de:ef:89:d7:7a:1a:98:45:8c:7e:
                    9a:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:47:BD:4E:48:28:3D:93:B1:54:DD:86:B1:4E:BB:F4:1B:1A:A3:4F
            X509v3 Authority Key Identifier:
                keyid:60:18:32:87:EB:08:EC:E0:C6:5F:A4:9A:3F:45:62:1C:61:2D:DB:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.xindi.eu/repo/XINDI/0/323030313a3637383a3261633a3a2f34382d3438203d3e20323036373633.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:2ac::/48

    Signature Algorithm: sha256WithRSAEncryption
         84:de:d3:5f:7d:4a:9b:47:04:d0:48:42:ac:3a:e4:e2:93:b6:
         3d:47:29:60:cf:7e:cb:3a:13:3c:c7:84:18:7f:03:29:5a:3a:
         16:50:a2:c1:73:c1:3e:1b:a6:6b:f4:13:15:db:16:e2:59:7d:
         1d:0f:bb:c7:c4:c0:dc:55:8b:c6:7f:1b:10:47:db:ad:86:f6:
         84:b6:36:21:b5:17:46:a7:ff:45:fc:35:16:49:86:17:fe:91:
         38:0b:d6:d0:77:70:d9:26:6c:bb:e0:a1:19:f0:cf:ff:21:ea:
         b9:0b:c2:45:ac:c7:43:69:20:3d:bd:a8:21:ba:71:c8:69:c4:
         43:65:ed:26:ff:91:2f:d3:fe:da:9e:7e:b2:10:b2:0d:3a:56:
         bd:9b:48:ae:3d:4d:9c:c5:dd:a1:d9:81:e7:c5:19:66:0d:6f:
         d9:58:1d:82:5e:8b:61:80:cc:6e:56:39:96:91:7f:73:91:70:
         bf:a1:46:bc:2b:c2:68:15:9d:f2:7b:cb:0c:e1:1e:c3:58:0b:
         92:2e:13:d0:d3:e6:83:34:1d:35:17:cc:1b:8f:2b:06:07:89:
         15:aa:33:ff:fb:3a:07:8b:1f:4e:c0:ae:60:28:ff:3b:70:ab:
         f0:0b:cd:fc:94:65:64:bc:07:1b:1e:9d:87:bb:3f:5f:20:2f:
         d0:ac:86:1f
-----BEGIN CERTIFICATE-----
MIIE0TCCA7mgAwIBAgIUZaAbPrVKSg4soCTmoiwfi+w/PBowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjAxODMyODdlYjA4ZWNlMGM2NWZhNDlhM2Y0NTYyMWM2
MTJkZGJkMTAeFw0yNTA3MzAxMjMyNTBaFw0yNjA3MjkxMjM3NTBaMDMxMTAvBgNV
BAMTKDhGNDdCRDRFNDgyODNEOTNCMTU0REQ4NkIxNEVCQkY0MUIxQUEzNEYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8kGX421cGsps4i4CaWmPBZgxb
FVkIN59tuyYN9oZ5SyZZ69i0kL+C5XJKFvHZBEhlzwrDpzgGLDHXDlO1PlnAvykv
rHUq+tP9XfzBBDL6eAnV/8zVe87tvnzXAQ6Ie8uj9l/1467TDOtksoQE96iKTbIP
2cJ1YMLb7vSQhn74jszTYdo2NRegK7S6sxlnoDS4pe4SZ7edKDqZPEVReu1xKQUk
ZU3aRGdn+UyWgWwNJUo5DLcjrKfKQJm2ud8+P+RVEw5lHjc6Sq/p7+djYdxIdf9A
LGiyeRm8OvUHvCGgre0JG877Az5AeDp/IQWcojV5RkDS3u+J13oamEWMfpqBAgMB
AAGjggHbMIIB1zAdBgNVHQ4EFgQUj0e9TkgoPZOxVN2GsU679Bsao08wHwYDVR0j
BBgwFoAUYBgyh+sI7ODGX6SaP0ViHGEt29EwDgYDVR0PAQH/BAQDAgeAMGAGA1Ud
HwRZMFcwVaBToFGGT3JzeW5jOi8vcnBraS54aW5kaS5ldS9yZXBvL1hJTkRJLzAv
NjAxODMyODdFQjA4RUNFMEM2NUZBNDlBM0Y0NTYyMUM2MTJEREJEMS5jcmwwZAYI
KwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQv
cmVwb3NpdG9yeS9ERUZBVUxUL1lCZ3loLXNJN09ER1g2U2FQMFZpSEdFdDI5RS5j
ZXIwfwYIKwYBBQUHAQsEczBxMG8GCCsGAQUFBzALhmNyc3luYzovL3Jwa2kueGlu
ZGkuZXUvcmVwby9YSU5ESS8wLzMyMzAzMDMxM2EzNjM3MzgzYTMyNjE2MzNhM2Ey
ZjM0MzgyZDM0MzgyMDNkM2UyMDMyMzAzNjM3MzYzMy5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACABBngC
rDANBgkqhkiG9w0BAQsFAAOCAQEAhN7TX31Km0cE0EhCrDrk4pO2PUcpYM9+yzoT
PMeEGH8DKVo6FlCiwXPBPhuma/QTFdsW4ll9HQ+7x8TA3FWLxn8bEEfbrYb2hLY2
IbUXRqf/Rfw1FkmGF/6ROAvW0Hdw2SZsu+ChGfDP/yHquQvCRazHQ2kgPb2oIbpx
yGnEQ2XtJv+RL9P+2p5+shCyDTpWvZtIrj1NnMXdodmB58UZZg1v2Vgdgl6LYYDM
blY5lpF/c5Fwv6FGvCvCaBWd8nvLDOEew1gLki4T0NPmgzQdNRfMG48rBgeJFaoz
//s6B4sfTsCuYCj/O3Cr8AvN/JRlZLwHGx6dh7s/XyAv0KyGHw==
-----END CERTIFICATE-----