Route Origin Authorization

$ rpki-client -vvf rpki.xindi.eu/repo/XINDI/0/326130623a326630373a3a2f33322d3332203d3e203438313132.roa
File:                     326130623a326630373a3a2f33322d3332203d3e203438313132.roa (raw, json)
Hash identifier:          OZROTfVzOMELBiCwDmyAcEVZZhDAo+UD5eSklXATVaw=
Subject key identifier:   80:64:DB:89:A4:1B:E0:C0:DB:0C:B3:F5:D7:0D:DA:B7:BB:42:A6:0B
Certificate issuer:       /CN=60183287eb08ece0c65fa49a3f45621c612ddbd1
Certificate serial:       29E6B11CA55851F6483FA40F81608B3CAE95DADF
Authority key identifier: 60:18:32:87:EB:08:EC:E0:C6:5F:A4:9A:3F:45:62:1C:61:2D:DB:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer
Subject info access:      rsync://rpki.xindi.eu/repo/XINDI/0/326130623a326630373a3a2f33322d3332203d3e203438313132.roa
Signing time:             Thu 06 Mar 2025 19:37:53 +0000
ROA not before:           Thu 06 Mar 2025 19:32:53 +0000
ROA not after:            Thu 05 Mar 2026 19:37:53 +0000
asID:                     48112
IP address blocks:        2a0b:2f07::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.crl
                          rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:07:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            29:e6:b1:1c:a5:58:51:f6:48:3f:a4:0f:81:60:8b:3c:ae:95:da:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60183287eb08ece0c65fa49a3f45621c612ddbd1
        Validity
            Not Before: Mar  6 19:32:53 2025 GMT
            Not After : Mar  5 19:37:53 2026 GMT
        Subject: CN=8064DB89A41BE0C0DB0CB3F5D70DDAB7BB42A60B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:14:0f:82:5c:d8:1b:c7:63:60:70:a1:5d:28:
                    c6:71:40:a8:b6:76:3d:b6:2b:f6:6c:ad:74:e7:e8:
                    22:3b:fc:44:d4:6d:eb:9f:b2:d8:17:da:66:9c:87:
                    26:82:71:3c:56:59:d9:db:62:65:05:b4:7c:ff:23:
                    55:79:d3:af:9f:80:2e:62:a8:dd:d3:e6:96:97:7d:
                    49:d0:7d:5f:ab:32:c1:b3:38:46:af:66:cf:f4:ea:
                    54:a5:38:af:d5:35:c1:57:ba:58:c9:b1:e1:2b:af:
                    48:a1:4d:f8:8c:65:96:55:c0:48:65:09:d6:89:70:
                    69:a3:78:3e:a2:e0:03:67:53:0e:27:cc:94:f8:ed:
                    f2:21:15:76:b9:5e:1b:c1:64:b0:48:b4:e2:ca:5d:
                    cd:eb:70:bd:6b:4e:56:9e:4d:cb:89:ca:79:cc:e7:
                    a7:53:42:c8:72:5b:82:54:83:d7:fc:83:e1:b5:3f:
                    48:de:4f:00:3c:0d:af:76:4a:ed:45:76:1f:68:b4:
                    84:75:64:c9:08:6d:ec:ae:45:7f:44:2b:7a:6b:db:
                    5f:59:30:5b:63:e4:d3:7d:78:d7:42:75:4a:25:7c:
                    9e:78:17:03:02:72:a6:22:93:a0:a4:f2:fb:0f:53:
                    48:95:8b:dc:3b:6e:40:08:50:59:b7:02:14:be:8e:
                    97:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:64:DB:89:A4:1B:E0:C0:DB:0C:B3:F5:D7:0D:DA:B7:BB:42:A6:0B
            X509v3 Authority Key Identifier:
                keyid:60:18:32:87:EB:08:EC:E0:C6:5F:A4:9A:3F:45:62:1C:61:2D:DB:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.xindi.eu/repo/XINDI/0/326130623a326630373a3a2f33322d3332203d3e203438313132.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:2f07::/32

    Signature Algorithm: sha256WithRSAEncryption
         05:fa:a5:bf:aa:7c:fa:80:71:55:40:96:15:02:90:bf:ac:60:
         8d:ef:db:a5:7d:62:c7:2b:3c:8e:5e:08:bf:d9:a3:d1:77:39:
         9e:5f:5d:4e:d2:0f:06:94:67:b9:f7:cc:76:b9:80:23:c5:65:
         29:7b:7f:14:2a:11:45:f9:06:bf:e9:cc:d9:9d:e6:2c:09:72:
         a6:c0:db:2b:d3:6c:46:aa:6e:fe:a3:3b:6d:95:eb:a2:11:a8:
         57:b7:af:45:c7:e4:fd:78:cb:db:eb:10:de:4d:4a:30:be:dc:
         76:8a:fb:02:62:22:d6:b5:c8:70:2f:22:87:12:28:29:ef:c5:
         5c:34:56:16:62:cd:58:03:f9:a8:ea:75:e1:52:0e:9b:60:6a:
         54:63:51:35:1d:1c:81:31:a3:83:ea:eb:ff:e8:b3:b7:da:95:
         74:5a:3d:50:91:22:54:4d:ff:73:fc:c9:71:54:d2:ee:35:f1:
         b8:bf:df:9d:e5:19:c6:26:72:92:97:90:e4:23:a6:89:83:a9:
         53:f9:a9:29:0b:89:93:7a:1f:69:5d:67:fa:eb:06:86:f6:50:
         85:6a:82:e1:98:ce:1e:27:3a:ce:6d:1d:c1:05:4f:22:95:6b:
         12:1f:11:59:c0:18:b9:9d:3e:f2:ea:9d:04:eb:85:82:f3:cf:
         8d:2c:9d:5c
-----BEGIN CERTIFICATE-----
MIIExzCCA6+gAwIBAgIUKeaxHKVYUfZIP6QPgWCLPK6V2t8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjAxODMyODdlYjA4ZWNlMGM2NWZhNDlhM2Y0NTYyMWM2
MTJkZGJkMTAeFw0yNTAzMDYxOTMyNTNaFw0yNjAzMDUxOTM3NTNaMDMxMTAvBgNV
BAMTKDgwNjREQjg5QTQxQkUwQzBEQjBDQjNGNUQ3MEREQUI3QkI0MkE2MEIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLFA+CXNgbx2NgcKFdKMZxQKi2
dj22K/ZsrXTn6CI7/ETUbeufstgX2machyaCcTxWWdnbYmUFtHz/I1V506+fgC5i
qN3T5paXfUnQfV+rMsGzOEavZs/06lSlOK/VNcFXuljJseErr0ihTfiMZZZVwEhl
CdaJcGmjeD6i4ANnUw4nzJT47fIhFXa5XhvBZLBItOLKXc3rcL1rTlaeTcuJynnM
56dTQshyW4JUg9f8g+G1P0jeTwA8Da92Su1Fdh9otIR1ZMkIbeyuRX9EK3pr219Z
MFtj5NN9eNdCdUolfJ54FwMCcqYik6Ck8vsPU0iVi9w7bkAIUFm3AhS+jpdFAgMB
AAGjggHRMIIBzTAdBgNVHQ4EFgQUgGTbiaQb4MDbDLP11w3at7tCpgswHwYDVR0j
BBgwFoAUYBgyh+sI7ODGX6SaP0ViHGEt29EwDgYDVR0PAQH/BAQDAgeAMGAGA1Ud
HwRZMFcwVaBToFGGT3JzeW5jOi8vcnBraS54aW5kaS5ldS9yZXBvL1hJTkRJLzAv
NjAxODMyODdFQjA4RUNFMEM2NUZBNDlBM0Y0NTYyMUM2MTJEREJEMS5jcmwwZAYI
KwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQv
cmVwb3NpdG9yeS9ERUZBVUxUL1lCZ3loLXNJN09ER1g2U2FQMFZpSEdFdDI5RS5j
ZXIwdwYIKwYBBQUHAQsEazBpMGcGCCsGAQUFBzALhltyc3luYzovL3Jwa2kueGlu
ZGkuZXUvcmVwby9YSU5ESS8wLzMyNjEzMDYyM2EzMjY2MzAzNzNhM2EyZjMzMzIy
ZDMzMzIyMDNkM2UyMDM0MzgzMTMxMzIucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYB
BQUHDgIwIAYIKwYBBQUHAQcBAf8EETAPMA0EAgACMAcDBQAqCy8HMA0GCSqGSIb3
DQEBCwUAA4IBAQAF+qW/qnz6gHFVQJYVApC/rGCN79ulfWLHKzyOXgi/2aPRdzme
X11O0g8GlGe598x2uYAjxWUpe38UKhFF+Qa/6czZneYsCXKmwNsr02xGqm7+oztt
leuiEahXt69Fx+T9eMvb6xDeTUowvtx2ivsCYiLWtchwLyKHEigp78VcNFYWYs1Y
A/mo6nXhUg6bYGpUY1E1HRyBMaOD6uv/6LO32pV0Wj1QkSJUTf9z/MlxVNLuNfG4
v9+d5RnGJnKSl5DkI6aJg6lT+akpC4mTeh9pXWf66waG9lCFaoLhmM4eJzrObR3B
BU8ilWsSHxFZwBi5nT7y6p0E64WC88+NLJ1c
-----END CERTIFICATE-----