Route Origin Authorization

$ rpki-client -vvf rpki.xindi.eu/repo/XINDI/0/326130623a326630303a3a2f32392d3239203d3e203438313132.roa
File:                     326130623a326630303a3a2f32392d3239203d3e203438313132.roa (raw, json)
Hash identifier:          2b+yNr3jQl01GnZ8o7Hu+N955uc/naAXLAtoIcHOBDs=
Subject key identifier:   0C:02:73:1F:B4:88:4A:04:9A:AE:87:E8:87:66:2F:AC:4E:9A:DB:34
Certificate issuer:       /CN=60183287eb08ece0c65fa49a3f45621c612ddbd1
Certificate serial:       1C349173871FC7C3C07846664790B5FC6BD3511B
Authority key identifier: 60:18:32:87:EB:08:EC:E0:C6:5F:A4:9A:3F:45:62:1C:61:2D:DB:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer
Subject info access:      rsync://rpki.xindi.eu/repo/XINDI/0/326130623a326630303a3a2f32392d3239203d3e203438313132.roa
Signing time:             Wed 27 Sep 2023 11:50:58 +0000
ROA not before:           Wed 27 Sep 2023 11:45:58 +0000
ROA not after:            Wed 25 Sep 2024 11:50:58 +0000
asID:                     48112
IP address blocks:        2a0b:2f00::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.crl
                          rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1c:34:91:73:87:1f:c7:c3:c0:78:46:66:47:90:b5:fc:6b:d3:51:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60183287eb08ece0c65fa49a3f45621c612ddbd1
        Validity
            Not Before: Sep 27 11:45:58 2023 GMT
            Not After : Sep 25 11:50:58 2024 GMT
        Subject: CN=0C02731FB4884A049AAE87E887662FAC4E9ADB34
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:5c:71:12:71:76:29:ab:07:0e:ac:a6:f4:fe:
                    f3:2b:ad:df:e1:da:40:1f:ce:39:69:9c:78:c6:d7:
                    59:6d:f4:f9:f6:93:8e:5e:d0:00:cb:7e:72:fa:16:
                    d2:79:d1:6c:c7:34:c6:32:0c:b7:7d:d7:5f:3d:d9:
                    d8:f2:54:b9:19:95:91:90:09:76:f0:a5:e4:cb:87:
                    69:2b:6f:93:c5:30:3f:33:9d:f8:d7:65:78:11:64:
                    7f:c9:ab:5c:71:fe:ee:5f:ba:aa:e3:9c:94:5d:cf:
                    82:e6:df:f5:4f:43:49:52:58:f9:f2:87:ab:1b:d2:
                    f1:15:48:aa:5e:52:22:95:6e:22:84:1e:5e:0c:50:
                    fb:b4:9b:1f:ea:c8:8e:a4:7a:23:32:54:4a:e0:30:
                    d6:9e:aa:f7:3f:49:0f:c5:53:8b:d8:62:5a:88:56:
                    24:be:aa:be:82:1e:df:93:8b:f4:b0:cb:cf:26:17:
                    e0:45:80:56:7e:6d:01:0a:88:ef:03:28:ba:ba:c6:
                    b4:67:83:9b:4f:a3:7c:53:31:b6:91:44:23:91:05:
                    47:23:52:57:97:31:6b:36:e6:55:a9:86:2f:04:ea:
                    1a:56:c1:86:83:a5:c3:6c:30:53:b1:f5:b2:c8:ef:
                    80:06:b9:50:34:f7:9d:10:1e:3e:7c:95:39:47:1a:
                    cc:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:02:73:1F:B4:88:4A:04:9A:AE:87:E8:87:66:2F:AC:4E:9A:DB:34
            X509v3 Authority Key Identifier:
                keyid:60:18:32:87:EB:08:EC:E0:C6:5F:A4:9A:3F:45:62:1C:61:2D:DB:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.xindi.eu/repo/XINDI/0/326130623a326630303a3a2f32392d3239203d3e203438313132.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:2f00::/29

    Signature Algorithm: sha256WithRSAEncryption
         23:0f:b5:31:65:0d:67:df:73:42:da:51:3b:95:54:45:bb:27:
         fc:66:c1:53:b4:d9:c8:65:5c:a7:b6:b2:ef:81:68:61:bc:85:
         6b:b3:28:8b:8e:5d:bd:06:4f:4a:bd:b9:9e:d1:1e:0c:34:37:
         80:67:05:0d:f3:20:4d:93:49:49:c5:66:4e:26:8d:33:d2:c3:
         3d:8f:f1:69:5a:c5:11:8a:75:1b:ea:82:72:95:3a:1d:62:24:
         a6:ac:08:98:f3:f5:0e:39:db:57:05:63:82:c1:04:05:5a:23:
         23:9e:c3:2e:3d:ec:e0:8e:00:af:3e:ca:9b:45:b9:98:d8:cb:
         0e:98:f7:e9:4d:3f:65:ac:7a:74:25:a8:cf:6b:77:fc:b7:d9:
         15:11:e3:1f:8c:d5:66:46:63:d8:f0:0e:48:b2:d9:88:72:69:
         37:41:10:bb:0a:3b:89:9a:95:68:c6:32:97:b9:e0:43:1f:39:
         a7:6a:4e:2b:cf:a7:9e:4b:1c:20:4f:0e:85:a0:d7:38:03:b3:
         03:94:64:1e:c6:1a:86:49:29:25:2a:68:5f:5f:30:fb:bb:55:
         5c:4e:ce:85:5c:15:55:af:b5:d7:2a:64:b9:04:7f:e8:50:34:
         dc:14:49:13:02:87:f6:fe:34:41:6b:ec:67:f4:b7:04:26:11:
         ff:ea:2b:76
-----BEGIN CERTIFICATE-----
MIIExzCCA6+gAwIBAgIUHDSRc4cfx8PAeEZmR5C1/GvTURswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjAxODMyODdlYjA4ZWNlMGM2NWZhNDlhM2Y0NTYyMWM2
MTJkZGJkMTAeFw0yMzA5MjcxMTQ1NThaFw0yNDA5MjUxMTUwNThaMDMxMTAvBgNV
BAMTKDBDMDI3MzFGQjQ4ODRBMDQ5QUFFODdFODg3NjYyRkFDNEU5QURCMzQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDiXHEScXYpqwcOrKb0/vMrrd/h
2kAfzjlpnHjG11lt9Pn2k45e0ADLfnL6FtJ50WzHNMYyDLd911892djyVLkZlZGQ
CXbwpeTLh2krb5PFMD8znfjXZXgRZH/Jq1xx/u5fuqrjnJRdz4Lm3/VPQ0lSWPny
h6sb0vEVSKpeUiKVbiKEHl4MUPu0mx/qyI6keiMyVErgMNaeqvc/SQ/FU4vYYlqI
ViS+qr6CHt+Ti/Swy88mF+BFgFZ+bQEKiO8DKLq6xrRng5tPo3xTMbaRRCORBUcj
UleXMWs25lWphi8E6hpWwYaDpcNsMFOx9bLI74AGuVA0950QHj58lTlHGsxZAgMB
AAGjggHRMIIBzTAdBgNVHQ4EFgQUDAJzH7SISgSarofoh2YvrE6a2zQwHwYDVR0j
BBgwFoAUYBgyh+sI7ODGX6SaP0ViHGEt29EwDgYDVR0PAQH/BAQDAgeAMGAGA1Ud
HwRZMFcwVaBToFGGT3JzeW5jOi8vcnBraS54aW5kaS5ldS9yZXBvL1hJTkRJLzAv
NjAxODMyODdFQjA4RUNFMEM2NUZBNDlBM0Y0NTYyMUM2MTJEREJEMS5jcmwwZAYI
KwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQv
cmVwb3NpdG9yeS9ERUZBVUxUL1lCZ3loLXNJN09ER1g2U2FQMFZpSEdFdDI5RS5j
ZXIwdwYIKwYBBQUHAQsEazBpMGcGCCsGAQUFBzALhltyc3luYzovL3Jwa2kueGlu
ZGkuZXUvcmVwby9YSU5ESS8wLzMyNjEzMDYyM2EzMjY2MzAzMDNhM2EyZjMyMzky
ZDMyMzkyMDNkM2UyMDM0MzgzMTMxMzIucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYB
BQUHDgIwIAYIKwYBBQUHAQcBAf8EETAPMA0EAgACMAcDBQMqCy8AMA0GCSqGSIb3
DQEBCwUAA4IBAQAjD7UxZQ1n33NC2lE7lVRFuyf8ZsFTtNnIZVyntrLvgWhhvIVr
syiLjl29Bk9Kvbme0R4MNDeAZwUN8yBNk0lJxWZOJo0z0sM9j/FpWsURinUb6oJy
lTodYiSmrAiY8/UOOdtXBWOCwQQFWiMjnsMuPezgjgCvPsqbRbmY2MsOmPfpTT9l
rHp0JajPa3f8t9kVEeMfjNVmRmPY8A5IstmIcmk3QRC7CjuJmpVoxjKXueBDHzmn
ak4rz6eeSxwgTw6FoNc4A7MDlGQexhqGSSklKmhfXzD7u1VcTs6FXBVVr7XXKmS5
BH/oUDTcFEkTAof2/jRBa+xn9LcEJhH/6it2
-----END CERTIFICATE-----