Route Origin Authorization

$ rpki-client -vvf rpki.xindi.eu/repo/XINDI/0/323030313a3637383a3261633a3a2f34382d3438203d3e20323036373633.roa
File:                     323030313a3637383a3261633a3a2f34382d3438203d3e20323036373633.roa (raw, json)
Hash identifier:          QWB3npTQd4hoGuFheiuQtfkK1pm0FBcU5rHpDV29zTg=
Subject key identifier:   C9:CB:12:CB:C8:A4:2B:16:1E:57:B6:47:98:A0:77:74:A9:02:5D:50
Certificate issuer:       /CN=60183287eb08ece0c65fa49a3f45621c612ddbd1
Certificate serial:       358F321FEB06816458F320ED5568FC97A5171541
Authority key identifier: 60:18:32:87:EB:08:EC:E0:C6:5F:A4:9A:3F:45:62:1C:61:2D:DB:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer
Subject info access:      rsync://rpki.xindi.eu/repo/XINDI/0/323030313a3637383a3261633a3a2f34382d3438203d3e20323036373633.roa
Signing time:             Wed 27 Sep 2023 11:50:58 +0000
ROA not before:           Wed 27 Sep 2023 11:45:58 +0000
ROA not after:            Wed 25 Sep 2024 11:50:58 +0000
asID:                     206763
IP address blocks:        2001:678:2ac::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.crl
                          rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:8f:32:1f:eb:06:81:64:58:f3:20:ed:55:68:fc:97:a5:17:15:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60183287eb08ece0c65fa49a3f45621c612ddbd1
        Validity
            Not Before: Sep 27 11:45:58 2023 GMT
            Not After : Sep 25 11:50:58 2024 GMT
        Subject: CN=C9CB12CBC8A42B161E57B64798A07774A9025D50
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:e5:13:ea:0f:94:4e:e6:dd:3f:f6:b6:ef:9a:
                    15:e0:00:81:ce:da:c5:99:7c:34:4c:2e:68:73:39:
                    7e:5c:d5:d8:9b:a8:f2:d6:6e:8e:08:7b:98:29:09:
                    b9:99:a0:04:3a:a9:20:04:48:a1:60:5f:b8:fd:80:
                    18:e5:23:ba:01:75:f1:5a:60:08:be:44:7b:af:ad:
                    a1:4d:18:9a:0b:3a:92:33:13:d6:68:bc:db:b4:07:
                    a8:c0:99:cf:e3:d4:94:8b:d0:c0:32:ce:ee:91:c3:
                    8a:72:ab:6f:cf:eb:3a:aa:36:b4:ab:b3:1d:de:75:
                    9f:3a:f0:8d:d8:20:8e:89:d5:cc:9d:d3:75:42:00:
                    9d:ff:e4:7e:76:17:e2:25:b8:44:de:b6:73:99:45:
                    33:8f:b1:6a:21:54:91:43:e3:2e:57:b4:f8:00:3b:
                    00:d5:88:3c:ff:23:38:8e:b2:0d:c6:98:4f:0c:78:
                    49:6e:18:47:0e:2d:06:63:a5:0c:6a:2e:04:59:e4:
                    86:49:e0:5e:66:57:a1:22:34:f3:c7:5a:70:5a:7f:
                    5c:c3:b9:d3:50:45:b0:98:5d:d6:21:f6:1f:ab:0f:
                    72:bc:75:e5:2d:d8:65:65:e7:c0:3e:9a:46:7e:d5:
                    aa:7a:d4:0b:71:d1:aa:da:1d:19:af:2f:80:a0:cb:
                    f0:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:CB:12:CB:C8:A4:2B:16:1E:57:B6:47:98:A0:77:74:A9:02:5D:50
            X509v3 Authority Key Identifier:
                keyid:60:18:32:87:EB:08:EC:E0:C6:5F:A4:9A:3F:45:62:1C:61:2D:DB:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.xindi.eu/repo/XINDI/0/323030313a3637383a3261633a3a2f34382d3438203d3e20323036373633.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:2ac::/48

    Signature Algorithm: sha256WithRSAEncryption
         18:cf:2d:6f:76:b0:c1:79:00:8a:c5:08:47:e1:aa:3e:31:28:
         21:a1:b0:e8:20:22:a3:61:88:7a:b4:0a:d3:f2:b6:c4:53:d5:
         ea:c7:6c:7a:5e:fa:cb:37:13:7d:23:63:70:b2:57:57:8c:47:
         43:cb:46:41:e5:7c:43:10:fa:e9:23:06:10:ff:20:d0:ac:90:
         53:9f:fc:db:60:e7:31:30:9a:63:e3:df:0b:ef:d7:e1:80:eb:
         bf:6f:4b:fa:1e:2b:a0:f8:23:11:21:cc:2e:f8:1a:55:be:8d:
         c8:ba:fc:bf:78:92:ec:c9:5b:29:9a:e9:af:71:5b:e2:a8:37:
         ae:8c:23:b2:e8:0b:e4:4b:df:5a:bc:9c:ff:de:28:7a:c6:bf:
         4d:9b:eb:a4:9d:9d:c8:79:2a:5d:78:e0:87:0f:e7:c1:af:89:
         fe:24:f1:e3:e5:11:e4:a9:b4:cb:83:ea:c4:32:9d:33:1c:c8:
         6a:df:fa:31:23:be:48:ff:9e:95:c0:5d:37:09:e0:eb:3e:e6:
         b7:bf:30:e8:e9:fa:ce:44:5d:2f:a6:9b:c0:82:70:fb:f5:d0:
         da:5a:44:ec:bd:2d:ae:49:e8:1e:7f:cf:ba:4b:ec:2c:ae:84:
         18:7b:6d:8a:fc:b1:0f:ab:23:a1:11:42:4c:71:6a:94:d5:2b:
         a1:f5:5d:37
-----BEGIN CERTIFICATE-----
MIIE0TCCA7mgAwIBAgIUNY8yH+sGgWRY8yDtVWj8l6UXFUEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjAxODMyODdlYjA4ZWNlMGM2NWZhNDlhM2Y0NTYyMWM2
MTJkZGJkMTAeFw0yMzA5MjcxMTQ1NThaFw0yNDA5MjUxMTUwNThaMDMxMTAvBgNV
BAMTKEM5Q0IxMkNCQzhBNDJCMTYxRTU3QjY0Nzk4QTA3Nzc0QTkwMjVENTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDL5RPqD5RO5t0/9rbvmhXgAIHO
2sWZfDRMLmhzOX5c1dibqPLWbo4Ie5gpCbmZoAQ6qSAESKFgX7j9gBjlI7oBdfFa
YAi+RHuvraFNGJoLOpIzE9ZovNu0B6jAmc/j1JSL0MAyzu6Rw4pyq2/P6zqqNrSr
sx3edZ868I3YII6J1cyd03VCAJ3/5H52F+IluETetnOZRTOPsWohVJFD4y5XtPgA
OwDViDz/IziOsg3GmE8MeEluGEcOLQZjpQxqLgRZ5IZJ4F5mV6EiNPPHWnBaf1zD
udNQRbCYXdYh9h+rD3K8deUt2GVl58A+mkZ+1ap61Atx0araHRmvL4Cgy/CpAgMB
AAGjggHbMIIB1zAdBgNVHQ4EFgQUycsSy8ikKxYeV7ZHmKB3dKkCXVAwHwYDVR0j
BBgwFoAUYBgyh+sI7ODGX6SaP0ViHGEt29EwDgYDVR0PAQH/BAQDAgeAMGAGA1Ud
HwRZMFcwVaBToFGGT3JzeW5jOi8vcnBraS54aW5kaS5ldS9yZXBvL1hJTkRJLzAv
NjAxODMyODdFQjA4RUNFMEM2NUZBNDlBM0Y0NTYyMUM2MTJEREJEMS5jcmwwZAYI
KwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQv
cmVwb3NpdG9yeS9ERUZBVUxUL1lCZ3loLXNJN09ER1g2U2FQMFZpSEdFdDI5RS5j
ZXIwfwYIKwYBBQUHAQsEczBxMG8GCCsGAQUFBzALhmNyc3luYzovL3Jwa2kueGlu
ZGkuZXUvcmVwby9YSU5ESS8wLzMyMzAzMDMxM2EzNjM3MzgzYTMyNjE2MzNhM2Ey
ZjM0MzgyZDM0MzgyMDNkM2UyMDMyMzAzNjM3MzYzMy5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACABBngC
rDANBgkqhkiG9w0BAQsFAAOCAQEAGM8tb3awwXkAisUIR+GqPjEoIaGw6CAio2GI
erQK0/K2xFPV6sdsel76yzcTfSNjcLJXV4xHQ8tGQeV8QxD66SMGEP8g0KyQU5/8
22DnMTCaY+PfC+/X4YDrv29L+h4roPgjESHMLvgaVb6NyLr8v3iS7MlbKZrpr3Fb
4qg3rowjsugL5EvfWryc/94oesa/TZvrpJ2dyHkqXXjghw/nwa+J/iTx4+UR5Km0
y4PqxDKdMxzIat/6MSO+SP+elcBdNwng6z7mt78w6On6zkRdL6abwIJw+/XQ2lpE
7L0trknoHn/PukvsLK6EGHttivyxD6sjoRFCTHFqlNUrofVdNw==
-----END CERTIFICATE-----