Route Origin Authorization

$ rpki-client -vvf rpki.xindi.eu/repo/XINDI/0/326130623a326630323a3a2f33312d3331203d3e203438313132.roa
File:                     326130623a326630323a3a2f33312d3331203d3e203438313132.roa (raw, json)
Hash identifier:          du5BDdFZZJI6ojNhu2Zo7u1xzFS0PlvPf4p6thbswFs=
Subject key identifier:   1F:70:3B:4E:84:C5:E5:E9:B0:4C:69:4C:81:38:87:5A:0F:26:F5:79
Certificate issuer:       /CN=60183287eb08ece0c65fa49a3f45621c612ddbd1
Certificate serial:       104FFD6121414A0269D89902D33834800DD2C2BB
Authority key identifier: 60:18:32:87:EB:08:EC:E0:C6:5F:A4:9A:3F:45:62:1C:61:2D:DB:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer
Subject info access:      rsync://rpki.xindi.eu/repo/XINDI/0/326130623a326630323a3a2f33312d3331203d3e203438313132.roa
Signing time:             Thu 04 Apr 2024 18:56:31 +0000
ROA not before:           Thu 04 Apr 2024 18:51:31 +0000
ROA not after:            Thu 03 Apr 2025 18:56:31 +0000
asID:                     48112
IP address blocks:        2a0b:2f02::/31 maxlen: 31

Validation:               OK
Signature path:           rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.crl
                          rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:4f:fd:61:21:41:4a:02:69:d8:99:02:d3:38:34:80:0d:d2:c2:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60183287eb08ece0c65fa49a3f45621c612ddbd1
        Validity
            Not Before: Apr  4 18:51:31 2024 GMT
            Not After : Apr  3 18:56:31 2025 GMT
        Subject: CN=1F703B4E84C5E5E9B04C694C8138875A0F26F579
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:b3:3f:64:d1:9c:7c:29:de:ef:b3:b8:b8:d4:
                    42:d1:40:7c:18:99:ce:a1:53:e8:aa:60:00:44:5f:
                    d0:06:50:7c:86:88:91:af:60:2d:d1:35:c5:4f:32:
                    77:35:29:95:15:0d:7b:3c:84:0e:76:b2:86:c6:75:
                    fb:51:bb:86:c0:10:0a:45:76:2b:c7:9c:39:50:e3:
                    86:0e:03:96:a4:a1:46:43:f1:0e:ee:6b:db:ae:7b:
                    bb:84:1b:10:4a:ec:90:1a:b8:60:28:f0:92:78:f1:
                    09:1f:d9:64:a6:aa:ea:70:4d:9f:d9:ff:87:7b:68:
                    35:e4:a9:fc:7a:fe:e4:08:52:d3:d4:e0:75:41:b8:
                    36:6d:b9:9d:44:ed:15:8e:88:3c:21:2d:0a:09:e4:
                    e9:d1:37:2e:00:98:0c:ad:ac:e0:61:23:a1:2f:ed:
                    d1:cb:45:02:ee:8e:73:aa:0a:f3:ed:0c:af:4e:ca:
                    f8:0e:a5:a8:f5:2e:b3:4e:28:4b:f8:06:cd:e6:53:
                    46:13:97:bb:16:04:48:94:87:bb:4f:2c:dd:82:cd:
                    02:10:37:be:cf:64:10:b8:ff:83:1f:b9:2b:ad:67:
                    95:7b:c0:ed:f9:a8:82:b1:db:f6:e3:47:e9:1f:69:
                    ab:15:e5:53:2e:64:37:46:91:36:dd:4b:4e:71:24:
                    db:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:70:3B:4E:84:C5:E5:E9:B0:4C:69:4C:81:38:87:5A:0F:26:F5:79
            X509v3 Authority Key Identifier:
                keyid:60:18:32:87:EB:08:EC:E0:C6:5F:A4:9A:3F:45:62:1C:61:2D:DB:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.xindi.eu/repo/XINDI/0/326130623a326630323a3a2f33312d3331203d3e203438313132.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:2f02::/31

    Signature Algorithm: sha256WithRSAEncryption
         1e:ca:17:7e:89:b3:3d:8b:25:91:f4:0f:c4:9d:90:fc:6f:d2:
         26:61:d8:a0:19:e2:e5:49:90:c3:db:d7:f8:2c:d7:3b:85:f7:
         c4:5c:e9:c7:cf:17:0d:2b:d8:6e:6d:92:0f:f1:16:73:91:d3:
         7b:a1:aa:13:7e:b3:df:0e:a0:85:3d:2d:41:a5:30:86:7c:03:
         5d:b8:0a:30:66:31:47:58:5b:14:59:b9:14:47:66:db:d8:2f:
         9e:f2:25:83:ba:e8:b3:7c:35:30:03:77:19:0e:f4:e2:da:e3:
         71:4d:e6:fa:fd:f2:7a:91:07:18:0e:c8:8e:97:7e:39:c7:6c:
         4a:46:4f:ca:b0:e4:0f:21:db:f9:91:bb:c5:df:4a:39:b2:c1:
         96:d8:fd:69:03:dd:b9:d9:6e:e8:6d:46:5e:ff:3c:35:27:0d:
         b9:15:3c:4a:f0:b6:a2:92:fc:47:d4:02:b6:85:a0:d3:62:c9:
         6b:b0:f3:6c:95:44:97:7b:e0:b5:48:d7:45:de:aa:36:c6:c0:
         bf:a5:7d:27:e3:78:e6:2b:ec:cf:85:00:41:1a:c0:df:81:9a:
         0e:20:92:9e:ab:17:65:18:63:55:90:fd:e2:32:61:ff:36:c3:
         4d:e3:2c:c7:e9:db:ea:f9:00:db:76:65:e9:04:47:c9:49:86:
         08:50:ee:10
-----BEGIN CERTIFICATE-----
MIIExzCCA6+gAwIBAgIUEE/9YSFBSgJp2JkC0zg0gA3SwrswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjAxODMyODdlYjA4ZWNlMGM2NWZhNDlhM2Y0NTYyMWM2
MTJkZGJkMTAeFw0yNDA0MDQxODUxMzFaFw0yNTA0MDMxODU2MzFaMDMxMTAvBgNV
BAMTKDFGNzAzQjRFODRDNUU1RTlCMDRDNjk0QzgxMzg4NzVBMEYyNkY1NzkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVsz9k0Zx8Kd7vs7i41ELRQHwY
mc6hU+iqYABEX9AGUHyGiJGvYC3RNcVPMnc1KZUVDXs8hA52sobGdftRu4bAEApF
divHnDlQ44YOA5akoUZD8Q7ua9uue7uEGxBK7JAauGAo8JJ48Qkf2WSmqupwTZ/Z
/4d7aDXkqfx6/uQIUtPU4HVBuDZtuZ1E7RWOiDwhLQoJ5OnRNy4AmAytrOBhI6Ev
7dHLRQLujnOqCvPtDK9OyvgOpaj1LrNOKEv4Bs3mU0YTl7sWBEiUh7tPLN2CzQIQ
N77PZBC4/4MfuSutZ5V7wO35qIKx2/bjR+kfaasV5VMuZDdGkTbdS05xJNv9AgMB
AAGjggHRMIIBzTAdBgNVHQ4EFgQUH3A7ToTF5emwTGlMgTiHWg8m9XkwHwYDVR0j
BBgwFoAUYBgyh+sI7ODGX6SaP0ViHGEt29EwDgYDVR0PAQH/BAQDAgeAMGAGA1Ud
HwRZMFcwVaBToFGGT3JzeW5jOi8vcnBraS54aW5kaS5ldS9yZXBvL1hJTkRJLzAv
NjAxODMyODdFQjA4RUNFMEM2NUZBNDlBM0Y0NTYyMUM2MTJEREJEMS5jcmwwZAYI
KwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQv
cmVwb3NpdG9yeS9ERUZBVUxUL1lCZ3loLXNJN09ER1g2U2FQMFZpSEdFdDI5RS5j
ZXIwdwYIKwYBBQUHAQsEazBpMGcGCCsGAQUFBzALhltyc3luYzovL3Jwa2kueGlu
ZGkuZXUvcmVwby9YSU5ESS8wLzMyNjEzMDYyM2EzMjY2MzAzMjNhM2EyZjMzMzEy
ZDMzMzEyMDNkM2UyMDM0MzgzMTMxMzIucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYB
BQUHDgIwIAYIKwYBBQUHAQcBAf8EETAPMA0EAgACMAcDBQEqCy8CMA0GCSqGSIb3
DQEBCwUAA4IBAQAeyhd+ibM9iyWR9A/EnZD8b9ImYdigGeLlSZDD29f4LNc7hffE
XOnHzxcNK9hubZIP8RZzkdN7oaoTfrPfDqCFPS1BpTCGfANduAowZjFHWFsUWbkU
R2bb2C+e8iWDuuizfDUwA3cZDvTi2uNxTeb6/fJ6kQcYDsiOl345x2xKRk/KsOQP
Idv5kbvF30o5ssGW2P1pA9252W7obUZe/zw1Jw25FTxK8LaikvxH1AK2haDTYslr
sPNslUSXe+C1SNdF3qo2xsC/pX0n43jmK+zPhQBBGsDfgZoOIJKeqxdlGGNVkP3i
MmH/NsNN4yzH6dvq+QDbdmXpBEfJSYYIUO4Q
-----END CERTIFICATE-----