Route Origin Authorization

$ rpki-client -vvf rpki.xindi.eu/repo/XINDI/0/326130623a326630373a3a2f33322d3332203d3e203438313132.roa
File:                     326130623a326630373a3a2f33322d3332203d3e203438313132.roa (raw, json)
Hash identifier:          3XPueBZ87ULt/WZrES3a2EeFBc4pN4mD3KOkiT+5Bho=
Subject key identifier:   B4:8D:1A:6D:D4:BE:71:BD:8E:A7:6E:28:6F:69:0A:B6:8B:D9:86:5B
Certificate issuer:       /CN=60183287eb08ece0c65fa49a3f45621c612ddbd1
Certificate serial:       68C54D4EB0C4BB46FBBBF5609846020B9DC2FB84
Authority key identifier: 60:18:32:87:EB:08:EC:E0:C6:5F:A4:9A:3F:45:62:1C:61:2D:DB:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer
Subject info access:      rsync://rpki.xindi.eu/repo/XINDI/0/326130623a326630373a3a2f33322d3332203d3e203438313132.roa
Signing time:             Thu 04 Apr 2024 19:18:36 +0000
ROA not before:           Thu 04 Apr 2024 19:13:36 +0000
ROA not after:            Thu 03 Apr 2025 19:18:36 +0000
asID:                     48112
IP address blocks:        2a0b:2f07::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.crl
                          rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Jun 2024 22:52:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:c5:4d:4e:b0:c4:bb:46:fb:bb:f5:60:98:46:02:0b:9d:c2:fb:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60183287eb08ece0c65fa49a3f45621c612ddbd1
        Validity
            Not Before: Apr  4 19:13:36 2024 GMT
            Not After : Apr  3 19:18:36 2025 GMT
        Subject: CN=B48D1A6DD4BE71BD8EA76E286F690AB68BD9865B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:38:29:8b:03:ac:3b:01:27:06:cb:78:f5:22:
                    8a:82:b8:77:50:1f:05:3c:ab:51:39:cd:45:8e:f1:
                    0d:15:79:0b:a1:98:81:80:a5:8f:28:a7:14:d8:3b:
                    47:04:57:4f:e2:b8:82:db:e5:1e:53:97:a8:c2:c5:
                    b7:ec:ef:24:1f:d8:ed:53:0b:00:5f:27:d1:6f:4c:
                    3d:61:c5:5c:34:67:44:2f:9a:9e:33:f8:a1:d0:24:
                    e3:c9:65:94:05:fd:bd:15:ad:e8:04:67:ee:ca:69:
                    2a:24:3b:af:f8:02:ce:7a:7a:ac:ab:36:bf:e2:26:
                    dc:5d:7f:79:f3:a9:59:69:3c:5f:d5:74:7c:39:b2:
                    cf:b3:cc:7d:51:70:21:a4:b9:86:ea:13:42:60:c7:
                    79:15:1b:6b:73:1d:b8:b2:da:f3:59:40:bb:8e:8a:
                    e8:d9:cf:44:99:11:b0:96:0b:ca:28:86:74:b1:03:
                    15:4e:d6:05:fc:b6:dc:1c:b3:4c:18:30:85:fa:6f:
                    74:20:72:5e:00:19:c2:6b:14:9f:c7:65:d8:c9:c4:
                    9a:7d:c5:76:af:2a:dc:f7:4f:68:58:cb:12:0a:db:
                    64:34:7f:bc:de:c1:dd:a7:96:01:b8:a5:be:58:0a:
                    ee:dc:7a:26:e4:d6:80:39:df:15:a1:93:00:b2:0c:
                    e0:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:8D:1A:6D:D4:BE:71:BD:8E:A7:6E:28:6F:69:0A:B6:8B:D9:86:5B
            X509v3 Authority Key Identifier:
                keyid:60:18:32:87:EB:08:EC:E0:C6:5F:A4:9A:3F:45:62:1C:61:2D:DB:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.xindi.eu/repo/XINDI/0/326130623a326630373a3a2f33322d3332203d3e203438313132.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:2f07::/32

    Signature Algorithm: sha256WithRSAEncryption
         67:23:f4:12:cd:6b:dc:ba:d4:61:42:18:d2:6d:18:7b:21:37:
         83:63:ff:81:7f:c2:a0:bf:a1:b7:76:b3:a0:ab:69:14:66:2f:
         1e:62:57:a0:9d:cc:f2:a5:c2:60:c6:a8:95:a5:db:e2:74:fd:
         24:fa:a3:21:be:a6:e3:07:49:a0:8d:23:2e:c9:03:90:9d:46:
         1d:9e:28:59:c5:57:e7:99:d9:b7:03:99:de:f3:15:25:46:0d:
         8e:df:41:3a:83:b6:fd:d0:1d:38:ea:86:59:52:c8:9e:cf:da:
         7d:a0:1c:92:88:44:30:10:57:76:59:ed:9d:1b:d7:5f:e0:70:
         75:47:ed:c0:44:58:41:0b:c9:85:11:0d:bc:eb:ec:66:23:b4:
         50:93:9d:64:89:52:13:a0:cb:fc:51:c5:c6:1e:c5:b9:6e:2a:
         6e:5a:e0:f9:17:7a:81:dd:03:4b:c6:68:3d:b0:bc:c9:55:e9:
         de:1b:83:be:b5:d8:b5:95:e3:6f:b1:8f:4b:5d:47:bc:f5:fd:
         4a:a6:f7:fb:be:a6:e1:1c:99:1f:15:9c:06:ff:6c:1a:15:e9:
         6d:92:25:83:5e:38:b9:8c:16:d6:71:06:02:4d:2c:4b:69:97:
         32:d1:58:85:b4:25:e2:03:a7:e0:f0:e8:25:4f:c7:e4:54:64:
         c5:45:70:5c
-----BEGIN CERTIFICATE-----
MIIExzCCA6+gAwIBAgIUaMVNTrDEu0b7u/VgmEYCC53C+4QwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjAxODMyODdlYjA4ZWNlMGM2NWZhNDlhM2Y0NTYyMWM2
MTJkZGJkMTAeFw0yNDA0MDQxOTEzMzZaFw0yNTA0MDMxOTE4MzZaMDMxMTAvBgNV
BAMTKEI0OEQxQTZERDRCRTcxQkQ4RUE3NkUyODZGNjkwQUI2OEJEOTg2NUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzOCmLA6w7AScGy3j1IoqCuHdQ
HwU8q1E5zUWO8Q0VeQuhmIGApY8opxTYO0cEV0/iuILb5R5Tl6jCxbfs7yQf2O1T
CwBfJ9FvTD1hxVw0Z0Qvmp4z+KHQJOPJZZQF/b0VregEZ+7KaSokO6/4As56eqyr
Nr/iJtxdf3nzqVlpPF/VdHw5ss+zzH1RcCGkuYbqE0Jgx3kVG2tzHbiy2vNZQLuO
iujZz0SZEbCWC8oohnSxAxVO1gX8ttwcs0wYMIX6b3Qgcl4AGcJrFJ/HZdjJxJp9
xXavKtz3T2hYyxIK22Q0f7zewd2nlgG4pb5YCu7ceibk1oA53xWhkwCyDODpAgMB
AAGjggHRMIIBzTAdBgNVHQ4EFgQUtI0abdS+cb2Op24ob2kKtovZhlswHwYDVR0j
BBgwFoAUYBgyh+sI7ODGX6SaP0ViHGEt29EwDgYDVR0PAQH/BAQDAgeAMGAGA1Ud
HwRZMFcwVaBToFGGT3JzeW5jOi8vcnBraS54aW5kaS5ldS9yZXBvL1hJTkRJLzAv
NjAxODMyODdFQjA4RUNFMEM2NUZBNDlBM0Y0NTYyMUM2MTJEREJEMS5jcmwwZAYI
KwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQv
cmVwb3NpdG9yeS9ERUZBVUxUL1lCZ3loLXNJN09ER1g2U2FQMFZpSEdFdDI5RS5j
ZXIwdwYIKwYBBQUHAQsEazBpMGcGCCsGAQUFBzALhltyc3luYzovL3Jwa2kueGlu
ZGkuZXUvcmVwby9YSU5ESS8wLzMyNjEzMDYyM2EzMjY2MzAzNzNhM2EyZjMzMzIy
ZDMzMzIyMDNkM2UyMDM0MzgzMTMxMzIucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYB
BQUHDgIwIAYIKwYBBQUHAQcBAf8EETAPMA0EAgACMAcDBQAqCy8HMA0GCSqGSIb3
DQEBCwUAA4IBAQBnI/QSzWvcutRhQhjSbRh7ITeDY/+Bf8Kgv6G3drOgq2kUZi8e
YlegnczypcJgxqiVpdvidP0k+qMhvqbjB0mgjSMuyQOQnUYdnihZxVfnmdm3A5ne
8xUlRg2O30E6g7b90B046oZZUsiez9p9oBySiEQwEFd2We2dG9df4HB1R+3ARFhB
C8mFEQ286+xmI7RQk51kiVIToMv8UcXGHsW5bipuWuD5F3qB3QNLxmg9sLzJVene
G4O+tdi1leNvsY9LXUe89f1Kpvf7vqbhHJkfFZwG/2waFeltkiWDXji5jBbWcQYC
TSxLaZcy0ViFtCXiA6fg8OglT8fkVGTFRXBc
-----END CERTIFICATE-----