Route Origin Authorization

$ rpki-client -vvf rpki.xindi.eu/repo/XINDI/0/326130623a326630303a3a2f32392d3239203d3e203438313132.roa
File:                     326130623a326630303a3a2f32392d3239203d3e203438313132.roa (raw, json)
Hash identifier:          6cZk2iLRKJZ69rak5PT6lStxMVt+r2zAJHGB1jXAUvU=
Subject key identifier:   AD:40:10:B0:AA:6E:B7:F4:9A:29:5B:82:A1:C9:E2:96:25:BD:3C:6F
Certificate issuer:       /CN=60183287eb08ece0c65fa49a3f45621c612ddbd1
Certificate serial:       16325AAD295D128FF4DAE0B2BA6ABCA5FAF3B004
Authority key identifier: 60:18:32:87:EB:08:EC:E0:C6:5F:A4:9A:3F:45:62:1C:61:2D:DB:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer
Subject info access:      rsync://rpki.xindi.eu/repo/XINDI/0/326130623a326630303a3a2f32392d3239203d3e203438313132.roa
Signing time:             Wed 28 Aug 2024 12:01:16 +0000
ROA not before:           Wed 28 Aug 2024 11:56:16 +0000
ROA not after:            Wed 27 Aug 2025 12:01:16 +0000
asID:                     48112
IP address blocks:        2a0b:2f00::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.crl
                          rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 04 Dec 2024 21:56:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            16:32:5a:ad:29:5d:12:8f:f4:da:e0:b2:ba:6a:bc:a5:fa:f3:b0:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60183287eb08ece0c65fa49a3f45621c612ddbd1
        Validity
            Not Before: Aug 28 11:56:16 2024 GMT
            Not After : Aug 27 12:01:16 2025 GMT
        Subject: CN=AD4010B0AA6EB7F49A295B82A1C9E29625BD3C6F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:96:98:d1:11:7d:16:59:72:ec:80:40:95:30:
                    b9:81:b3:be:c7:a9:eb:82:25:7d:17:6e:de:86:c0:
                    03:a1:16:c5:d2:99:46:04:c2:bc:38:c4:e5:19:04:
                    d8:df:dc:d3:ff:a6:98:bd:59:26:63:41:65:77:30:
                    86:69:84:6b:b9:98:f9:3c:55:c5:3f:92:99:22:40:
                    87:6b:cb:f7:3d:d8:7a:d9:c7:63:b3:ae:93:eb:1d:
                    f6:e3:13:80:71:b7:0f:c8:7f:10:b6:cf:0d:68:0e:
                    b2:84:fd:69:49:1a:42:84:e6:e6:1d:38:10:3b:ba:
                    6e:c9:07:b8:91:ed:c6:a2:b0:87:25:d8:c1:23:80:
                    8e:fc:c9:6a:51:ae:1a:81:61:0d:c4:8c:7b:2c:42:
                    65:ce:73:24:5c:47:e5:90:de:ec:f1:6a:d8:b4:1b:
                    d5:76:5f:a4:d4:da:24:ce:e8:27:bd:41:a1:64:69:
                    49:65:ee:89:43:0a:3c:fe:3a:40:76:3c:c1:7d:7f:
                    68:95:8a:a0:28:c0:55:a8:fb:bc:45:e0:2c:9e:19:
                    b1:b2:65:54:14:01:b9:6a:b1:5b:f8:be:c3:0c:c3:
                    e1:b3:17:d1:f1:76:ca:89:8d:e5:a1:88:49:2e:d9:
                    5e:56:32:47:68:0e:74:20:6e:5a:a5:5b:96:02:57:
                    71:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:40:10:B0:AA:6E:B7:F4:9A:29:5B:82:A1:C9:E2:96:25:BD:3C:6F
            X509v3 Authority Key Identifier:
                keyid:60:18:32:87:EB:08:EC:E0:C6:5F:A4:9A:3F:45:62:1C:61:2D:DB:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.xindi.eu/repo/XINDI/0/326130623a326630303a3a2f32392d3239203d3e203438313132.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:2f00::/29

    Signature Algorithm: sha256WithRSAEncryption
         98:22:18:c9:02:14:d5:da:de:0c:d3:37:26:a2:0a:ad:e5:4c:
         c5:0b:9d:db:2e:90:9f:47:6d:aa:2f:4b:b3:df:41:ab:df:57:
         a0:79:1e:b4:58:3b:32:f3:fc:1e:4d:43:04:89:ec:33:0b:82:
         14:19:8c:0a:5d:fa:88:ed:fc:b5:f4:21:60:68:ca:f9:e0:34:
         b1:08:90:d4:1d:97:5d:66:d8:9b:b9:cc:49:af:a3:c7:c7:4e:
         2f:69:13:68:1b:16:af:11:cc:db:c4:96:d9:36:b6:c5:64:55:
         a7:fa:c8:a0:eb:00:5f:bc:a8:7d:1b:c9:05:38:56:18:1c:67:
         2f:fd:98:f4:28:f1:a0:c5:ee:36:54:64:2f:e9:03:f9:69:b3:
         0c:39:fe:7b:6a:ff:04:71:a2:17:4b:27:8d:f0:ea:ab:cb:01:
         99:cf:da:44:8e:dd:b0:21:b5:35:8e:7e:1c:1c:6a:1a:18:54:
         dc:4b:0b:0d:96:4a:57:c7:61:47:e1:57:57:3c:0f:fa:28:87:
         84:ac:8f:06:1e:d0:8a:b2:a2:33:34:26:43:0c:91:7c:87:41:
         23:f2:e9:81:20:09:39:44:6e:11:dc:fe:3d:9b:73:b6:b4:94:
         e0:78:7d:96:4f:d6:16:57:e3:e4:ad:94:b6:7b:f8:b1:7e:8f:
         36:9c:96:9d
-----BEGIN CERTIFICATE-----
MIIExzCCA6+gAwIBAgIUFjJarSldEo/02uCyumq8pfrzsAQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjAxODMyODdlYjA4ZWNlMGM2NWZhNDlhM2Y0NTYyMWM2
MTJkZGJkMTAeFw0yNDA4MjgxMTU2MTZaFw0yNTA4MjcxMjAxMTZaMDMxMTAvBgNV
BAMTKEFENDAxMEIwQUE2RUI3RjQ5QTI5NUI4MkExQzlFMjk2MjVCRDNDNkYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4lpjREX0WWXLsgECVMLmBs77H
qeuCJX0Xbt6GwAOhFsXSmUYEwrw4xOUZBNjf3NP/ppi9WSZjQWV3MIZphGu5mPk8
VcU/kpkiQIdry/c92HrZx2OzrpPrHfbjE4Bxtw/IfxC2zw1oDrKE/WlJGkKE5uYd
OBA7um7JB7iR7caisIcl2MEjgI78yWpRrhqBYQ3EjHssQmXOcyRcR+WQ3uzxati0
G9V2X6TU2iTO6Ce9QaFkaUll7olDCjz+OkB2PMF9f2iViqAowFWo+7xF4CyeGbGy
ZVQUAblqsVv4vsMMw+GzF9HxdsqJjeWhiEku2V5WMkdoDnQgblqlW5YCV3H9AgMB
AAGjggHRMIIBzTAdBgNVHQ4EFgQUrUAQsKput/SaKVuCocniliW9PG8wHwYDVR0j
BBgwFoAUYBgyh+sI7ODGX6SaP0ViHGEt29EwDgYDVR0PAQH/BAQDAgeAMGAGA1Ud
HwRZMFcwVaBToFGGT3JzeW5jOi8vcnBraS54aW5kaS5ldS9yZXBvL1hJTkRJLzAv
NjAxODMyODdFQjA4RUNFMEM2NUZBNDlBM0Y0NTYyMUM2MTJEREJEMS5jcmwwZAYI
KwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQv
cmVwb3NpdG9yeS9ERUZBVUxUL1lCZ3loLXNJN09ER1g2U2FQMFZpSEdFdDI5RS5j
ZXIwdwYIKwYBBQUHAQsEazBpMGcGCCsGAQUFBzALhltyc3luYzovL3Jwa2kueGlu
ZGkuZXUvcmVwby9YSU5ESS8wLzMyNjEzMDYyM2EzMjY2MzAzMDNhM2EyZjMyMzky
ZDMyMzkyMDNkM2UyMDM0MzgzMTMxMzIucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYB
BQUHDgIwIAYIKwYBBQUHAQcBAf8EETAPMA0EAgACMAcDBQMqCy8AMA0GCSqGSIb3
DQEBCwUAA4IBAQCYIhjJAhTV2t4M0zcmogqt5UzFC53bLpCfR22qL0uz30Gr31eg
eR60WDsy8/weTUMEiewzC4IUGYwKXfqI7fy19CFgaMr54DSxCJDUHZddZtibucxJ
r6PHx04vaRNoGxavEczbxJbZNrbFZFWn+sig6wBfvKh9G8kFOFYYHGcv/Zj0KPGg
xe42VGQv6QP5abMMOf57av8EcaIXSyeN8OqrywGZz9pEjt2wIbU1jn4cHGoaGFTc
SwsNlkpXx2FH4VdXPA/6KIeErI8GHtCKsqIzNCZDDJF8h0Ej8umBIAk5RG4R3P49
m3O2tJTgeH2WT9YWV+PkrZS2e/ixfo82nJad
-----END CERTIFICATE-----