Route Origin Authorization

$ rpki-client -vvf rpki.xindi.eu/repo/XINDI/0/326130623a326630303a3a2f32392d3239203d3e203438313132.roa
File:                     326130623a326630303a3a2f32392d3239203d3e203438313132.roa (raw, json)
Hash identifier:          0cVqXd59CwqALw3qbS5YNebkDpgYSuAym/UKzDeLPJo=
Subject key identifier:   D6:17:14:E0:A4:CB:60:40:88:F9:EB:D8:15:DC:2F:D2:CA:7C:C5:D4
Certificate issuer:       /CN=60183287eb08ece0c65fa49a3f45621c612ddbd1
Certificate serial:       42DBE150D5592D8604A91AB951E75B655E77B561
Authority key identifier: 60:18:32:87:EB:08:EC:E0:C6:5F:A4:9A:3F:45:62:1C:61:2D:DB:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer
Subject info access:      rsync://rpki.xindi.eu/repo/XINDI/0/326130623a326630303a3a2f32392d3239203d3e203438313132.roa
Signing time:             Wed 30 Jul 2025 12:37:45 +0000
ROA not before:           Wed 30 Jul 2025 12:32:45 +0000
ROA not after:            Wed 29 Jul 2026 12:37:45 +0000
asID:                     48112
IP address blocks:        2a0b:2f00::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.crl
                          rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 31 Jul 2025 12:59:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            42:db:e1:50:d5:59:2d:86:04:a9:1a:b9:51:e7:5b:65:5e:77:b5:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60183287eb08ece0c65fa49a3f45621c612ddbd1
        Validity
            Not Before: Jul 30 12:32:45 2025 GMT
            Not After : Jul 29 12:37:45 2026 GMT
        Subject: CN=D61714E0A4CB604088F9EBD815DC2FD2CA7CC5D4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:5c:75:6b:29:bc:51:2d:1f:8f:cc:f2:d8:0e:
                    40:e8:f0:10:bd:f7:cd:cf:75:f4:b5:39:bd:fc:f7:
                    21:2a:53:cb:76:09:b2:eb:c1:39:5b:f4:d1:6a:a1:
                    87:da:f1:f4:35:f5:cb:4e:43:a6:c6:79:57:58:20:
                    a7:0a:3f:d4:13:57:65:19:f8:d5:da:49:78:ed:20:
                    10:8e:f7:0f:6e:a2:05:7d:6b:28:0c:8a:22:31:fe:
                    c7:6f:9e:b4:eb:5f:46:3e:b1:59:96:fb:19:77:0b:
                    61:51:3a:85:67:b4:e4:06:42:39:62:b2:f3:02:16:
                    ba:2d:bb:e4:55:00:20:56:24:25:a0:67:46:82:0a:
                    94:bd:d3:1a:1d:c1:86:85:22:b8:af:2f:e0:f9:d4:
                    40:9d:72:6a:ad:3a:3d:9c:f1:0f:8d:ec:66:7b:de:
                    6d:02:6c:fd:9b:4c:1d:03:1f:43:2b:a0:4e:bd:c6:
                    e8:5e:91:8d:88:12:a6:81:7a:5d:f4:39:99:42:7d:
                    14:c8:89:b8:86:7e:9c:81:9b:1f:91:bf:e0:fc:a9:
                    d8:9e:ef:69:09:fc:1a:a2:f0:7f:7a:1b:6c:8b:66:
                    02:c3:09:2e:ab:d3:c0:aa:bb:48:4e:be:d9:04:f1:
                    09:f6:0e:2e:4b:6a:3c:50:62:31:c3:b4:7b:6b:d4:
                    73:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:17:14:E0:A4:CB:60:40:88:F9:EB:D8:15:DC:2F:D2:CA:7C:C5:D4
            X509v3 Authority Key Identifier:
                keyid:60:18:32:87:EB:08:EC:E0:C6:5F:A4:9A:3F:45:62:1C:61:2D:DB:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.xindi.eu/repo/XINDI/0/326130623a326630303a3a2f32392d3239203d3e203438313132.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:2f00::/29

    Signature Algorithm: sha256WithRSAEncryption
         68:14:f6:24:10:e6:c8:fe:c2:a0:4c:a3:c3:51:80:c7:09:e5:
         7c:f0:7b:a6:9b:41:28:1a:a6:e1:c1:ce:69:86:1e:52:17:66:
         e6:a8:00:d2:34:9d:33:df:a1:ad:48:aa:6f:4c:00:18:2b:bb:
         af:f4:f4:c6:6b:15:22:fe:e6:f6:5f:1b:c1:ec:54:fe:4a:36:
         7f:72:33:9a:f8:60:3b:3a:d9:d7:69:09:0a:38:bb:75:4f:aa:
         f5:ee:5e:ba:85:5f:9a:a4:e4:c0:85:ec:f0:e9:3c:c6:d5:33:
         d0:84:ce:aa:d3:03:96:38:57:b9:22:51:e7:22:2b:8e:78:92:
         b5:32:ac:7b:12:1a:72:9d:33:df:99:f3:63:cf:c2:8f:d6:26:
         9d:90:e8:8d:fd:06:2a:70:00:55:11:d6:3b:73:b9:44:39:d1:
         bf:33:86:ee:9c:79:5f:9b:c2:24:7b:c6:80:f5:4d:a0:e3:9f:
         fa:c6:75:ec:aa:fb:10:8a:f2:25:3f:54:f4:7f:69:92:85:8e:
         6f:c4:4e:63:5d:49:17:7e:0b:d9:22:57:7c:7c:7b:e9:f8:43:
         34:24:ce:8e:aa:41:c9:34:a2:18:6a:31:4a:50:44:37:c7:fe:
         24:20:05:bc:bc:e4:b9:d6:22:85:07:1d:7f:0a:d1:d9:b8:08:
         be:bb:cf:c0
-----BEGIN CERTIFICATE-----
MIIExzCCA6+gAwIBAgIUQtvhUNVZLYYEqRq5UedbZV53tWEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjAxODMyODdlYjA4ZWNlMGM2NWZhNDlhM2Y0NTYyMWM2
MTJkZGJkMTAeFw0yNTA3MzAxMjMyNDVaFw0yNjA3MjkxMjM3NDVaMDMxMTAvBgNV
BAMTKEQ2MTcxNEUwQTRDQjYwNDA4OEY5RUJEODE1REMyRkQyQ0E3Q0M1RDQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxXHVrKbxRLR+PzPLYDkDo8BC9
983PdfS1Ob389yEqU8t2CbLrwTlb9NFqoYfa8fQ19ctOQ6bGeVdYIKcKP9QTV2UZ
+NXaSXjtIBCO9w9uogV9aygMiiIx/sdvnrTrX0Y+sVmW+xl3C2FROoVntOQGQjli
svMCFrotu+RVACBWJCWgZ0aCCpS90xodwYaFIrivL+D51ECdcmqtOj2c8Q+N7GZ7
3m0CbP2bTB0DH0MroE69xuhekY2IEqaBel30OZlCfRTIibiGfpyBmx+Rv+D8qdie
72kJ/Bqi8H96G2yLZgLDCS6r08Cqu0hOvtkE8Qn2Di5LajxQYjHDtHtr1HMLAgMB
AAGjggHRMIIBzTAdBgNVHQ4EFgQU1hcU4KTLYECI+evYFdwv0sp8xdQwHwYDVR0j
BBgwFoAUYBgyh+sI7ODGX6SaP0ViHGEt29EwDgYDVR0PAQH/BAQDAgeAMGAGA1Ud
HwRZMFcwVaBToFGGT3JzeW5jOi8vcnBraS54aW5kaS5ldS9yZXBvL1hJTkRJLzAv
NjAxODMyODdFQjA4RUNFMEM2NUZBNDlBM0Y0NTYyMUM2MTJEREJEMS5jcmwwZAYI
KwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQv
cmVwb3NpdG9yeS9ERUZBVUxUL1lCZ3loLXNJN09ER1g2U2FQMFZpSEdFdDI5RS5j
ZXIwdwYIKwYBBQUHAQsEazBpMGcGCCsGAQUFBzALhltyc3luYzovL3Jwa2kueGlu
ZGkuZXUvcmVwby9YSU5ESS8wLzMyNjEzMDYyM2EzMjY2MzAzMDNhM2EyZjMyMzky
ZDMyMzkyMDNkM2UyMDM0MzgzMTMxMzIucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYB
BQUHDgIwIAYIKwYBBQUHAQcBAf8EETAPMA0EAgACMAcDBQMqCy8AMA0GCSqGSIb3
DQEBCwUAA4IBAQBoFPYkEObI/sKgTKPDUYDHCeV88Humm0EoGqbhwc5phh5SF2bm
qADSNJ0z36GtSKpvTAAYK7uv9PTGaxUi/ub2XxvB7FT+SjZ/cjOa+GA7OtnXaQkK
OLt1T6r17l66hV+apOTAhezw6TzG1TPQhM6q0wOWOFe5IlHnIiuOeJK1Mqx7Ehpy
nTPfmfNjz8KP1iadkOiN/QYqcABVEdY7c7lEOdG/M4bunHlfm8Ike8aA9U2g45/6
xnXsqvsQivIlP1T0f2mShY5vxE5jXUkXfgvZIld8fHvp+EM0JM6OqkHJNKIYajFK
UEQ3x/4kIAW8vOS51iKFBx1/CtHZuAi+u8/A
-----END CERTIFICATE-----