Route Origin Authorization

$ rpki-client -vvf rpki.xindi.eu/repo/XINDI/0/326130623a326630343a3a2f33312d3331203d3e203438313132.roa
File:                     326130623a326630343a3a2f33312d3331203d3e203438313132.roa (raw, json)
Hash identifier:          QIqWkj5VvKF7jTZ6xlPBpF4MVG4UANJEg8WKZyVJJQE=
Subject key identifier:   BE:59:AB:3E:FD:D1:D7:DE:34:B6:26:AE:64:F4:40:2E:31:F8:F1:6F
Certificate issuer:       /CN=60183287eb08ece0c65fa49a3f45621c612ddbd1
Certificate serial:       1A4719DD24512216D9BC04CE473A5E82C764338E
Authority key identifier: 60:18:32:87:EB:08:EC:E0:C6:5F:A4:9A:3F:45:62:1C:61:2D:DB:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer
Subject info access:      rsync://rpki.xindi.eu/repo/XINDI/0/326130623a326630343a3a2f33312d3331203d3e203438313132.roa
Signing time:             Thu 06 Mar 2025 19:37:53 +0000
ROA not before:           Thu 06 Mar 2025 19:32:53 +0000
ROA not after:            Thu 05 Mar 2026 19:37:53 +0000
asID:                     48112
IP address blocks:        2a0b:2f04::/31 maxlen: 31
Validation:               OK
Signature path:           rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.crl
                          rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 09:29:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:47:19:dd:24:51:22:16:d9:bc:04:ce:47:3a:5e:82:c7:64:33:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60183287eb08ece0c65fa49a3f45621c612ddbd1
        Validity
            Not Before: Mar  6 19:32:53 2025 GMT
            Not After : Mar  5 19:37:53 2026 GMT
        Subject: CN=BE59AB3EFDD1D7DE34B626AE64F4402E31F8F16F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:0e:a5:1d:ab:16:f8:8c:9e:33:88:5e:7d:cc:
                    67:89:df:bb:84:16:60:3d:6f:49:af:42:ca:f7:a4:
                    75:6a:2c:fc:f2:9b:49:72:3c:af:bb:b5:1b:46:32:
                    2b:e1:2f:f6:55:6c:f9:ca:c8:45:cb:55:8f:f0:83:
                    e1:66:95:06:56:e8:e6:01:95:1a:be:76:b5:f7:5c:
                    d8:f3:2a:48:d5:7c:d6:43:69:d2:78:a1:78:76:04:
                    9d:42:17:20:6c:71:28:3a:e8:ca:74:34:0e:bb:56:
                    d2:ef:cc:fd:d9:e9:66:76:07:31:fd:0e:0c:50:e5:
                    21:7b:32:61:9f:7f:15:69:03:3d:d3:ac:1e:67:36:
                    e5:fd:0e:00:55:67:de:9d:57:f4:ab:4e:85:bc:46:
                    b1:c7:87:5b:3c:7b:6b:65:34:66:e0:14:67:07:a9:
                    da:04:d5:81:43:0a:0f:61:32:39:10:54:85:48:fe:
                    cf:79:e1:5e:ad:80:6f:3e:37:a4:8f:62:c4:db:21:
                    00:6e:f5:d1:88:62:12:36:0d:2b:cb:00:d8:69:e6:
                    ef:f0:7c:e7:37:1d:de:a7:40:35:6e:77:e6:03:bc:
                    5b:57:44:4d:e9:bc:11:ee:87:0b:77:14:47:e3:18:
                    7f:b4:d7:2d:f9:7e:50:50:51:f0:3e:85:db:a7:11:
                    28:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:59:AB:3E:FD:D1:D7:DE:34:B6:26:AE:64:F4:40:2E:31:F8:F1:6F
            X509v3 Authority Key Identifier:
                keyid:60:18:32:87:EB:08:EC:E0:C6:5F:A4:9A:3F:45:62:1C:61:2D:DB:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.xindi.eu/repo/XINDI/0/326130623a326630343a3a2f33312d3331203d3e203438313132.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:2f04::/31

    Signature Algorithm: sha256WithRSAEncryption
         16:7f:1c:41:20:cb:f1:2d:7a:1e:4d:3f:f6:54:78:4a:dc:4f:
         c1:82:9f:96:2a:7d:03:ba:70:84:40:a3:68:c8:87:ec:ec:f8:
         e5:de:96:ed:82:24:0d:1a:a8:f1:cf:41:ef:2c:83:3c:c0:71:
         32:39:d2:4b:e4:39:71:9f:c8:24:ac:68:5d:a2:f1:ed:57:65:
         b6:0e:03:f7:dd:2d:7c:5d:c9:af:b4:00:8e:81:75:db:ef:6b:
         b8:b4:c1:a8:48:7c:c6:93:14:75:f1:b2:10:1b:0a:07:9a:cb:
         16:c9:fe:6a:01:d9:ca:1a:73:bb:9c:84:0f:da:bc:d3:ee:4c:
         2a:9e:c9:17:8c:3c:72:91:5d:15:6c:bc:e4:e6:e4:68:1f:88:
         04:b4:5d:70:3e:c5:05:40:cb:17:66:26:cb:e2:ce:01:0c:8a:
         11:54:34:0f:21:d9:ed:4d:82:f7:3d:66:00:8d:9c:ff:83:2f:
         96:6c:d9:da:1e:bb:ca:6d:47:bd:35:9e:58:8e:8a:72:37:c2:
         02:26:5f:01:d2:74:33:0c:0a:ea:57:32:55:49:e1:ac:88:1d:
         79:51:c5:91:9c:04:58:eb:bb:4a:ce:56:ab:3a:e3:d2:98:6b:
         54:f3:d5:74:69:56:b9:38:5c:61:79:a5:18:79:e6:71:ea:f4:
         02:64:61:2d
-----BEGIN CERTIFICATE-----
MIIExzCCA6+gAwIBAgIUGkcZ3SRRIhbZvATORzpegsdkM44wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjAxODMyODdlYjA4ZWNlMGM2NWZhNDlhM2Y0NTYyMWM2
MTJkZGJkMTAeFw0yNTAzMDYxOTMyNTNaFw0yNjAzMDUxOTM3NTNaMDMxMTAvBgNV
BAMTKEJFNTlBQjNFRkREMUQ3REUzNEI2MjZBRTY0RjQ0MDJFMzFGOEYxNkYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvDqUdqxb4jJ4ziF59zGeJ37uE
FmA9b0mvQsr3pHVqLPzym0lyPK+7tRtGMivhL/ZVbPnKyEXLVY/wg+FmlQZW6OYB
lRq+drX3XNjzKkjVfNZDadJ4oXh2BJ1CFyBscSg66Mp0NA67VtLvzP3Z6WZ2BzH9
DgxQ5SF7MmGffxVpAz3TrB5nNuX9DgBVZ96dV/SrToW8RrHHh1s8e2tlNGbgFGcH
qdoE1YFDCg9hMjkQVIVI/s954V6tgG8+N6SPYsTbIQBu9dGIYhI2DSvLANhp5u/w
fOc3Hd6nQDVud+YDvFtXRE3pvBHuhwt3FEfjGH+01y35flBQUfA+hdunESitAgMB
AAGjggHRMIIBzTAdBgNVHQ4EFgQUvlmrPv3R1940tiauZPRALjH48W8wHwYDVR0j
BBgwFoAUYBgyh+sI7ODGX6SaP0ViHGEt29EwDgYDVR0PAQH/BAQDAgeAMGAGA1Ud
HwRZMFcwVaBToFGGT3JzeW5jOi8vcnBraS54aW5kaS5ldS9yZXBvL1hJTkRJLzAv
NjAxODMyODdFQjA4RUNFMEM2NUZBNDlBM0Y0NTYyMUM2MTJEREJEMS5jcmwwZAYI
KwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQv
cmVwb3NpdG9yeS9ERUZBVUxUL1lCZ3loLXNJN09ER1g2U2FQMFZpSEdFdDI5RS5j
ZXIwdwYIKwYBBQUHAQsEazBpMGcGCCsGAQUFBzALhltyc3luYzovL3Jwa2kueGlu
ZGkuZXUvcmVwby9YSU5ESS8wLzMyNjEzMDYyM2EzMjY2MzAzNDNhM2EyZjMzMzEy
ZDMzMzEyMDNkM2UyMDM0MzgzMTMxMzIucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYB
BQUHDgIwIAYIKwYBBQUHAQcBAf8EETAPMA0EAgACMAcDBQEqCy8EMA0GCSqGSIb3
DQEBCwUAA4IBAQAWfxxBIMvxLXoeTT/2VHhK3E/Bgp+WKn0DunCEQKNoyIfs7Pjl
3pbtgiQNGqjxz0HvLIM8wHEyOdJL5Dlxn8gkrGhdovHtV2W2DgP33S18XcmvtACO
gXXb72u4tMGoSHzGkxR18bIQGwoHmssWyf5qAdnKGnO7nIQP2rzT7kwqnskXjDxy
kV0VbLzk5uRoH4gEtF1wPsUFQMsXZibL4s4BDIoRVDQPIdntTYL3PWYAjZz/gy+W
bNnaHrvKbUe9NZ5YjopyN8ICJl8B0nQzDArqVzJVSeGsiB15UcWRnARY67tKzlar
OuPSmGtU89V0aVa5OFxheaUYeeZx6vQCZGEt
-----END CERTIFICATE-----