Route Origin Authorization

$ rpki-client -vvf rpki.xindi.eu/repo/XINDI/0/326130623a326630323a3a2f33312d3331203d3e203438313132.roa
File:                     326130623a326630323a3a2f33312d3331203d3e203438313132.roa (raw, json)
Hash identifier:          kPNbprDfP7R3YI814to1qpd5BgqC3H3j2fliaY8aGTA=
Subject key identifier:   82:F5:91:9B:71:48:18:BF:16:13:2A:F1:91:B7:A4:19:D1:4A:33:EA
Certificate issuer:       /CN=60183287eb08ece0c65fa49a3f45621c612ddbd1
Certificate serial:       4D39B505A0628033DC3A2A00B58465A57E91E1B6
Authority key identifier: 60:18:32:87:EB:08:EC:E0:C6:5F:A4:9A:3F:45:62:1C:61:2D:DB:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer
Subject info access:      rsync://rpki.xindi.eu/repo/XINDI/0/326130623a326630323a3a2f33312d3331203d3e203438313132.roa
Signing time:             Thu 06 Mar 2025 19:37:54 +0000
ROA not before:           Thu 06 Mar 2025 19:32:54 +0000
ROA not after:            Thu 05 Mar 2026 19:37:54 +0000
asID:                     48112
IP address blocks:        2a0b:2f02::/31 maxlen: 31
Validation:               OK
Signature path:           rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.crl
                          rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 01:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:39:b5:05:a0:62:80:33:dc:3a:2a:00:b5:84:65:a5:7e:91:e1:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60183287eb08ece0c65fa49a3f45621c612ddbd1
        Validity
            Not Before: Mar  6 19:32:54 2025 GMT
            Not After : Mar  5 19:37:54 2026 GMT
        Subject: CN=82F5919B714818BF16132AF191B7A419D14A33EA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:70:25:97:0c:cf:78:95:01:8e:35:a4:cc:57:
                    27:51:d9:f9:7a:ad:ef:e0:f9:0c:75:1c:ad:30:1f:
                    d0:e0:ea:a3:5f:7f:0c:0b:85:96:cf:a5:6d:5b:c5:
                    1e:d6:2f:8b:e8:64:41:57:a7:7d:a4:a0:1e:f8:3f:
                    bd:1e:c8:21:3d:be:1e:37:c6:56:86:9a:9d:b2:62:
                    b5:61:6c:1e:9e:bc:f6:80:c8:0e:06:97:e2:4a:d6:
                    34:15:03:f6:db:30:38:3f:e3:01:7a:ed:3e:df:cc:
                    15:b9:16:ad:1a:5a:25:dc:57:2a:aa:6e:b5:99:75:
                    b1:88:e9:37:e1:2a:5e:d9:1c:22:48:98:4f:f5:02:
                    52:23:44:72:45:7f:0d:6c:fe:a5:65:00:24:96:12:
                    18:13:fe:0f:99:e3:19:29:9c:f7:6c:27:fd:23:19:
                    fc:ee:20:ac:08:e2:a9:19:31:1a:5f:38:b5:58:c5:
                    73:6e:ba:48:43:b7:8f:ee:82:8e:22:3d:79:ec:74:
                    67:c8:72:ce:37:70:73:78:d8:5d:2d:be:cf:41:d9:
                    9f:81:e4:b7:4e:24:09:d9:60:05:27:f5:25:39:30:
                    07:4a:78:57:5c:04:25:89:cf:04:9e:b0:98:b1:2b:
                    cc:f4:07:b6:37:d8:07:91:40:ff:0e:a1:16:9e:05:
                    b4:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:F5:91:9B:71:48:18:BF:16:13:2A:F1:91:B7:A4:19:D1:4A:33:EA
            X509v3 Authority Key Identifier:
                keyid:60:18:32:87:EB:08:EC:E0:C6:5F:A4:9A:3F:45:62:1C:61:2D:DB:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.xindi.eu/repo/XINDI/0/326130623a326630323a3a2f33312d3331203d3e203438313132.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:2f02::/31

    Signature Algorithm: sha256WithRSAEncryption
         40:61:c7:05:d2:0e:61:7b:8d:ab:6d:b9:b9:2b:98:91:fb:be:
         79:f5:04:d0:de:f4:dc:e7:c8:d1:7c:1f:97:e6:60:7f:66:15:
         62:c0:a5:7c:61:32:58:c7:0f:6c:54:cf:a4:02:4d:70:2c:81:
         4c:f5:7a:45:d9:0e:e3:9f:5b:db:25:67:5d:45:69:42:4c:42:
         8c:18:5d:c0:a9:aa:94:47:8e:15:9c:b1:a6:57:bb:f0:fb:73:
         bb:f4:bf:f6:96:7e:ce:2a:6b:43:97:aa:0a:48:5e:cb:19:1c:
         36:df:68:6b:27:b7:04:ba:6d:c1:ed:f3:6a:59:41:10:fd:ff:
         c1:d0:c1:9b:1f:4e:c0:17:a2:8b:8e:e5:71:ac:5e:3b:ad:19:
         31:ef:2e:56:c7:99:61:95:57:0c:b3:d9:41:47:d6:87:e4:b9:
         0c:8a:0a:be:9f:b0:6a:97:2d:7b:b9:39:32:1c:ea:3a:e9:c8:
         0c:a4:93:95:bb:66:b1:53:4d:96:20:c2:95:57:3a:3f:a7:fc:
         1f:fa:74:12:2c:c0:94:7c:4e:ad:87:54:df:3b:41:d3:e0:fe:
         1c:b9:c4:85:4d:5a:d8:b5:a2:06:2e:d2:a8:e7:17:21:ee:44:
         94:0e:88:6c:1b:5f:07:9f:37:f8:ae:b4:93:4b:15:9a:01:78:
         b9:c8:61:3c
-----BEGIN CERTIFICATE-----
MIIExzCCA6+gAwIBAgIUTTm1BaBigDPcOioAtYRlpX6R4bYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjAxODMyODdlYjA4ZWNlMGM2NWZhNDlhM2Y0NTYyMWM2
MTJkZGJkMTAeFw0yNTAzMDYxOTMyNTRaFw0yNjAzMDUxOTM3NTRaMDMxMTAvBgNV
BAMTKDgyRjU5MTlCNzE0ODE4QkYxNjEzMkFGMTkxQjdBNDE5RDE0QTMzRUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHcCWXDM94lQGONaTMVydR2fl6
re/g+Qx1HK0wH9Dg6qNffwwLhZbPpW1bxR7WL4voZEFXp32koB74P70eyCE9vh43
xlaGmp2yYrVhbB6evPaAyA4Gl+JK1jQVA/bbMDg/4wF67T7fzBW5Fq0aWiXcVyqq
brWZdbGI6TfhKl7ZHCJImE/1AlIjRHJFfw1s/qVlACSWEhgT/g+Z4xkpnPdsJ/0j
GfzuIKwI4qkZMRpfOLVYxXNuukhDt4/ugo4iPXnsdGfIcs43cHN42F0tvs9B2Z+B
5LdOJAnZYAUn9SU5MAdKeFdcBCWJzwSesJixK8z0B7Y32AeRQP8OoRaeBbT5AgMB
AAGjggHRMIIBzTAdBgNVHQ4EFgQUgvWRm3FIGL8WEyrxkbekGdFKM+owHwYDVR0j
BBgwFoAUYBgyh+sI7ODGX6SaP0ViHGEt29EwDgYDVR0PAQH/BAQDAgeAMGAGA1Ud
HwRZMFcwVaBToFGGT3JzeW5jOi8vcnBraS54aW5kaS5ldS9yZXBvL1hJTkRJLzAv
NjAxODMyODdFQjA4RUNFMEM2NUZBNDlBM0Y0NTYyMUM2MTJEREJEMS5jcmwwZAYI
KwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQv
cmVwb3NpdG9yeS9ERUZBVUxUL1lCZ3loLXNJN09ER1g2U2FQMFZpSEdFdDI5RS5j
ZXIwdwYIKwYBBQUHAQsEazBpMGcGCCsGAQUFBzALhltyc3luYzovL3Jwa2kueGlu
ZGkuZXUvcmVwby9YSU5ESS8wLzMyNjEzMDYyM2EzMjY2MzAzMjNhM2EyZjMzMzEy
ZDMzMzEyMDNkM2UyMDM0MzgzMTMxMzIucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYB
BQUHDgIwIAYIKwYBBQUHAQcBAf8EETAPMA0EAgACMAcDBQEqCy8CMA0GCSqGSIb3
DQEBCwUAA4IBAQBAYccF0g5he42rbbm5K5iR+7559QTQ3vTc58jRfB+X5mB/ZhVi
wKV8YTJYxw9sVM+kAk1wLIFM9XpF2Q7jn1vbJWddRWlCTEKMGF3AqaqUR44VnLGm
V7vw+3O79L/2ln7OKmtDl6oKSF7LGRw232hrJ7cEum3B7fNqWUEQ/f/B0MGbH07A
F6KLjuVxrF47rRkx7y5Wx5lhlVcMs9lBR9aH5LkMigq+n7Bqly17uTkyHOo66cgM
pJOVu2axU02WIMKVVzo/p/wf+nQSLMCUfE6th1TfO0HT4P4cucSFTVrYtaIGLtKo
5xch7kSUDohsG18Hnzf4rrSTSxWaAXi5yGE8
-----END CERTIFICATE-----